PDA

View Full Version : Trojan.Rootkit.H in C:\WINDOWS\SYSTEM32\MSDIRECTX.SYS


ukb008
21st May 2005, 03:56
Hi

My antivirus program is

1. constantly finding the strain of Trojan.Rootkit.H in my SYSTEM32\MSDIRECTX.SYS, and

2. my Adblock for Firefox isn't there any more.

All this started happening after I have installed and uninstalled RadLight Pro media player, and it installed an Ad-ware called 'SaveNow' (alas, with my permission). I don't know, of course, that these are related, and they very well may be just a coincidence.

My antivirus (QuickHeal (http://www.quickheal.com)) keeps on deleting the file, and informing me of this, to which I have to keep on clicking OK to pat it on the head. About 1 pat per 26 seconds.

Do tell me how I can get rid of this nuisance.

Regards.

Winamp_Hater
21st May 2005, 12:42
A friend got it also. He had got Kaspersky Anti-Virus Personal.
I've turned off system restore and scanned with Kaspersky. It deleted it and it never came back.
PS. I do not recommend Kaspersky. It's too heavy!

ukb008
22nd May 2005, 02:30
This (http://fileforum.betanews.com/detail/RadLight/990052223/1) page gives some reviews about RadLight Player that will curdle your blood. They say it uninstalls resident anti-spyware programs, Adblocks, and installs other program(s) without the user's knowledge.

Regards.

Winamp_Hater
22nd May 2005, 14:41
Well, try to remove it, or reinstall windows :( . And install RealPlayer 10.5 - a great player (I use it for 2 years!)! And if you need to display subs, try the gabest VobSub filter.

bond
22nd May 2005, 15:08
afaik realplayer also installs adware

Winamp_Hater
22nd May 2005, 15:55
Originally posted by bond
afaik realplayer also installs adware
No, it doesn't! Only an icon for free games on the desktop, but you can remove it from the setup

ukb008
23rd May 2005, 02:26
We digress a little here; I think one of the best players is the VideoLAN Player as discussed here (http://forum.doom9.org/showthread.php?s=&threadid=94518) and here (http://forum.doom9.org/showthread.php?s=&threadid=94765).

Reinstalling windows will probably not solve this problem; I may need to format. Before that, what I did was to disable the notification of action taken in my antivirus software's settings. Now there's no window popping up (once in 26 seconds) informing me of the Trojan's discovery and destruction; it must now be going on in the background.

There is a program that is constantly generating the Trojan file in the MSDIRECTX.SYS. I searched the Registry, but couldn't find a suspicious entry; ...but then I don't know the name of the culprit I am looking for. For all I know, SaveNow may have put an .exe called DoIt.exe programmed to generate a Trojan when there's no Trojan, and how will you find it?

I've put it up to my antivirus team; will report what they say.

Regards.

Sirber
23rd May 2005, 16:50
IMHO, nothing can beat MPC.

RealPlayer doesn't play MKV files (even with realvideo inside) and is not much stable.

VideoLAN can't play Quicktime or RealVideo files. MPlayer does a better job on that matter.