vdoubxd.dll - Trojan? Virus?

  • Thread starter Thread starter BJ Safdie
  • Start date Start date
B

BJ Safdie

On my Win2K Server machine I found an entry in my registry
at:
HK_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run and RunOnce

which reads:

Key:
vdoubxd

Value:
rundll32 C:\WINNT\system32:vdoubxd.dll,Init 1

I "Googled" vdoubxd and came up with nothing.
Symantec Security Response came up with nothing.
The McAfee site had nothing.

If I delete the registry entries, they come back. There
is no vdoubxd.dll in my C:\WINNT\system32 directory.
Also, I am unfamiliar with the ...system32:vdoubxd.dll...
use of a colon. I also looked for the possibility of file
in WINNT named system32:vdoubxd.dll.

Anyone know what the heck this thing is and how (if it is
a bad thing) to get rid of it?

Any Help Appreciated,
BJ Safdie
 
BJ said:
On my Win2K Server machine I found an entry in my registry
at:
HK_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
Run and RunOnce

which reads:

Key:
vdoubxd

Value:
rundll32 C:\WINNT\system32:vdoubxd.dll,Init 1

I "Googled" vdoubxd and came up with nothing.
Symantec Security Response came up with nothing.
The McAfee site had nothing.

If I delete the registry entries, they come back. There
is no vdoubxd.dll in my C:\WINNT\system32 directory.
Also, I am unfamiliar with the ...system32:vdoubxd.dll...
use of a colon. I also looked for the possibility of file
in WINNT named system32:vdoubxd.dll.

Anyone know what the heck this thing is and how (if it is
a bad thing) to get rid of it?

Any Help Appreciated,
BJ Safdie
Click to expand...


Probably the Coreflood trojan. It's stored in an "Alternate Data Stream"
(ADS). See http://www.sophos.com/virusinfo/analyses/trojcoreflooc.html
for a description, download
http://www.sophos.com/support/cleaners/corfcgui.com to get rid of it.

Your system may have been further compromised. You should do a thorough
investigation. Rebuilding from scratch should be seriously considered.
 
Back
Top