Poster
Tue Sep 30 14:22:25 PDT 2008
nass wrote:
>
> "Poster Matt" wrote:
>
>> Hi,
>>
>> The file on my Win XP Pro SP2 PC called dmserver.dll - located here
>> c:\Windows\system32\dmserver.dll - has a virus according to my anti-virus
>> software and confirmed by virusscan.jotti.org where 5 of the AV checkers
>> showed a positive.
>>
>> I've no idea how to restore a clean version of dmserver.dll can someone tell
>> me how please?
>>
>> Extra important info.: Today I installed a new SATA hard disk and a SATA II
>> controller card for it. After installation I pointed the XP 'found new
>> hardware wizard' to the controller card's CD for the drivers, all seemed
>> fine until I went to Control Panel -> Computer Management -> Storage -> Disk
>> Management to format the new drive. It was when I tried to access Disk
>> Management that I first got the 'Virus Threat Detected' which meant I could
>> not load the Logical Disk Manager Service, which is the file dmserver.dll,
>> to format the hard disk.
>>
>> Could this just be coincidence? An anti-virus scan of the controller card's
>> drivers CD resulted in 'no threats found'.
>>
>> Please advise, I'm stuck. :(
>>
>> Thanks and regards, etc..
>
>
> Well, to be safe try to rename the Dll to something like dmserver.dll.old
> and Reboot your machine, does anything complain?
>
> What Jotti scanner showed or reported?
> What the properties of the DLL shows and compare on the real Disk Manager
> Service file, what you r findings on this comes out?
> Bes t if you scanned from other vendors to make sure the file not infected
> or the virus itself hooked itself in "%SystemRoot%\".
>
> Run a thorough scan by doing the following steps:
> 1... First, try to clean up your caches, Internet files and delete cookies
> by doing this:
> Click Start >> Control Panel >> Double click Network and Internet
> Connections >> Double click Internet Options.
> On the IE properties windows you will see these Tabs:
> General | Security | Privacy | Content | Connections | Programs |
> Advanced
> Under General Tab clear your History, Internet Files and Cookies.
> Then click on Advanced tab and scroll down to under the Browsing Option:
> [&] Browsing
> [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box.
> Then click on Programs Tab and click Manage Add-Ons and Disable all non
> Verified Add-Ons (You should Renable them later one-by-one and see the
> culprit and update it or remove it.
> How to manage Add-Ons:
>
http://support.microsoft.com/kb/883256
> Scan for malware from here:
> SuperAntispyware - Free
>
http://www.superantispyware.com/superantispywarefreevspro.html
>
http://www.malwarebytes.org/rr-update/rr-free-setup.exe
>
http://onecare.live.com/site/en-gb/default.htm?s_cid=sah
>
> Run a scan from here on-line:
>
http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym
>
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
> Download Avast Cleaner (offline scanner) from here:
>
http://www.avast.com/eng/avast-virus-cleaner.html
>
> Run disk clean up on your Drive.
> You can download this tool o run clean up:
>
http://www.ccleaner.com/download/builds/downloading-slim
>
> You can download this tool "AutoRuns for Windows"
>
http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx
> And remove the entry from here:
>
> Locate this key:
> HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = look in
> the right pane/window and remove the entry for it
> "c:\Windows\system32\dmserver.dll".
> HTH,
> nass
> ---
>
http://www.nasstec.co.uk
>
Thanks for the advise everyone.
I've managed to get a clean copy using the Microsoft utility:
SFC /SCANNOW
Cheers.