PDA

View Full Version : BMd3877471 will not go away



newarcher
2008-03-10, 15:01
Help,

I have the following spybot/teatimer notification:
Located: HK_LM:Run, BMd3877471
command: Rundll32.exe "C:\WINDOWS\system32\btoyfsdb.dll",s
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Over the weekend, I kept getting the pop up from spybot regarding this error. I ran spybot, avg, avg spywire, and adaware and found two different trojans during scans. I ran the scans in both safe mode and regular mode.

Just when I think that I got rid of this monster, it adds itself back to the startup entries (even though I click deny change during the pop up above). Each time I go to safe mode and delete the DLL, it comes back with a different name but the BMD3877471 is always the same entry.

The three trojans/viruses I found were over the weekend:
Trojan horse generic9.BHWU
Trojan Obfuscated mu
virtumonde.dll

Thanks,
New

newarcher
2008-03-10, 15:29
p.s. I will try to post my logs later in the day. I am at work right now.

New

tashi
2008-03-12, 06:54
Hello,

p.s. I will try to post my logs later in the day. I am at work right now.

New

I see you have a topic at GTG http://www.geekstogo.com/forum/New-here-literally-figuratively-D-help-t190585.html

newarcher
2008-03-12, 13:54
I do tashi, and I think that I got rid of the virus.

I think the difference was when I went in and deleted the previous restore points through the disk cleanup---that and when I disconnected the machine from the internet while running the scans.

I posted here because I couldn't find any information using the particular DLL and registry entry so I thought that I perhaps had a virus that was new. Plus, Spybot was the only product...except for superantispyware that detected it.

Case closed, I THINK....I HOPE....I PRAY! :D

New