Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

unable to remove trojans

  • Filter
  • Time
  • Show
Clear All
new posts

  • unable to remove trojans


    A Windows XP system is infected with troj_rootkit.h virus. The trend anti virus detects the virus and removes msdirectx.sys. But the virus file recreated itself. Upon googlig I came to know that msdirectx is installed as service. Hence i removed the msdirectx service from the registry,(hkey/system/current_controlset/service/msdirectx) But the problem is that the registry entry itself is recreated (When i Press f5 - refresh or reboot) and the service is installed again.

    Pls help me out.


  • #2
    Have you tried turning off System Restore, boot into Safe Mode, remove the pesky critter. Reboot and see what happens.
    1 1 was a racehorse.
    2 2 was 1 2.
    1 1 1 1 race 1 day,
    2 2 1 1 2


    • #3
      We had this same virus a while back.

      Youwill need to uninstall the hidden device for msdirectx before you will get rid of it.

      Instruction on ow to get rid of

      1. Remove from the network connection. Start the computer in Safe Mode.

      2. Do a file search on all drives for these files - msdirectx.sys and sdkcore.exe and sdkcor3.exe. Delete all of these files if found. Empty the Recycle Bin after deleting the files.

      3. Open the registry editor (Start>Run> Regedit) and search for any mentions of the above 2 filenames (use Edit>Find). Delete any keys in the registry which mention these files. You should ensure that you do the search from the top of the registry a few times so that you get all of them - sdkcore.exe may appear in the registry 10 or more times.

      If you get an error message that the entry can't be deleted thatís ok. It would be best to get Siva to help with this to ensure only the virus entries are deleted from the registry.

      4. Open the Device Manager (right-click My Computer, select Properties, then Hardware, then click Device Manager). From the View menu select Show Hidden Devices. Look for the Non-Plug and Play Drivers entry and expand it. If in the list you see an entry called msdirectx.sys, right-click on it and select Uninstall. Click Ok to uninstall it.

      When the above steps have been completed, reboot the PC and logon normally. A quick way to check if the virus has been removed is to try opening Task Manager. If it opens (and stays open!!) then the virus should be gone.

      Step 4 is particularly important - if you don't do this there is a chance the computer may be re-infected.