PDA

View Full Version : xpdx.sys detected-"fix" causes reboot


scomage
2008-06-10, 18:36
Hello,
I am running XP Pro SP2. My system was rebooting with a bugcheck every few days. I had scanned it with Spybot 1.4 and McAfee and found nothing. I recently updated to Spybot 1.5.2 and the scan found xpdx.sys. When I tried to fix it, the system rebooted. I haven't tried safe mode yet, but reading some other forums, I'm not sure that will work. I was hoping for information in this forum, but I didn't see any. Does anyone have any more info on this bug?
md usa spybot fan
2008-06-10, 19:32
scomage:

The file xpdx.sys can be associated with various Trojans. It may help if you posted the actual detection that you received. To do that:
Run another scan.
When the scan completes, right click on the results list, select "Copy results to clipboard".
Then paste (Ctrl+V) those results to a new post in this thread.
scomage
2008-06-11, 22:24
Here is the file before clicking fix:


--- Search result list ---
Win32.Tiny.abk: [SBI $B157D529] System file (File, nothing done)
F:\WINDOWS\system32\xpdx.sys


--- Spybot - Search & Destroy version: 1.5.2 (build: 20080128) ---

2008-01-28 blindman.exe (1.0.0.7)
2008-01-28 SDDelFile.exe (1.0.2.4)
2008-01-28 SDMain.exe (1.0.0.5)
2007-10-07 SDShred.exe (1.0.1.2)
2008-01-28 SDUpdate.exe (1.0.8.8)
2008-01-28 SDWinSec.exe (1.0.0.11)
2008-01-28 SpybotSD.exe (1.5.2.20)
2008-01-28 TeaTimer.exe (1.5.2.16)
2007-08-09 unins000.exe (51.41.0.0)
2008-06-09 unins001.exe (51.49.0.0)
2008-01-28 Update.exe (1.4.0.6)
2008-01-28 advcheck.dll (1.5.4.5)
2007-04-02 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2007-11-17 DelZip179.dll (1.79.7.4)
2008-01-28 SDFiles.dll (1.5.1.19)
2008-01-28 SDHelper.dll (1.5.0.11)
2008-01-28 Tools.dll (2.1.3.3)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2008-06-03 Includes\Adware.sbi (*)
2008-06-03 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-06-03 Includes\Dialer.sbi (*)
2008-06-03 Includes\DialerC.sbi (*)
2008-06-03 Includes\HeavyDuty.sbi (*)
2008-06-04 Includes\Hijackers.sbi (*)
2008-06-03 Includes\HijackersC.sbi (*)
2008-06-03 Includes\Keyloggers.sbi (*)
2008-06-03 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-06-03 Includes\Malware.sbi (*)
2008-06-03 Includes\MalwareC.sbi (*)
2008-06-03 Includes\PUPS.sbi (*)
2008-06-03 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-03 Includes\Security.sbi (*)
2008-06-03 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-06-03 Includes\Spyware.sbi (*)
2008-06-03 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-06-03 Includes\Trojans.sbi (*)
2008-06-03 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
/ .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
/ MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
/ Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
/ Windows / SP1: Microsoft National Language Support Downlevel APIs
/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
/ Windows Media Player 11: Security Update for Windows Media Player 11 (KB936782)
/ Windows Media Player 11: Hotfix for Windows Media Player 11 (KB939683)
/ Windows Media Player 6.4: Security Update for Windows Media Player 6.4 (KB925398)
/ Windows Media Player 9: Security Update for Windows Media Player 9 (KB917734)
/ Windows Presentation Foundation: This Hotfix is for Microsoft .NET Framework 3.0. \n
If you later install a more recent service pack, this Hotfix will be uninstalled automatically. \n
For more information, visit http://support.microsoft.com/kb/932471
/ Windows XP: Security Update for Windows XP (KB923689)
/ Windows XP: Security Update for Windows XP (KB941569)
/ Windows XP / SP0: Security Update for Windows Internet Explorer 7 (KB942615)
/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
/ Windows XP / SP2: Windows XP Service Pack 2
/ Windows XP / SP3: Windows XP Hotfix - KB873339
/ Windows XP / SP3: Windows XP Hotfix - KB885835
/ Windows XP / SP3: Windows XP Hotfix - KB885836
/ Windows XP / SP3: Windows XP Hotfix - KB886185
/ Windows XP / SP3: Windows XP Hotfix - KB887472
/ Windows XP / SP3: Windows XP Hotfix - KB888302
/ Windows XP / SP3: Security Update for Windows XP (KB890046)
/ Windows XP / SP3: Windows XP Hotfix - KB890859
/ Windows XP / SP3: Windows XP Hotfix - KB891781
/ Windows XP / SP3: Security Update for Windows XP (KB893756)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Update for Windows XP (KB894391)
/ Windows XP / SP3: Hotfix for Windows XP (KB896344)
/ Windows XP / SP3: Security Update for Windows XP (KB896358)
/ Windows XP / SP3: Security Update for Windows XP (KB896423)
/ Windows XP / SP3: Security Update for Windows XP (KB896428)
/ Windows XP / SP3: Update for Windows XP (KB898461)
/ Windows XP / SP3: Security Update for Windows XP (KB899587)
/ Windows XP / SP3: Security Update for Windows XP (KB899591)
/ Windows XP / SP3: Update for Windows XP (KB900485)
/ Windows XP / SP3: Security Update for Windows XP (KB900725)
/ Windows XP / SP3: Security Update for Windows XP (KB901017)
/ Windows XP / SP3: Security Update for Windows XP (KB901214)
/ Windows XP / SP3: Security Update for Windows XP (KB902400)
/ Windows XP / SP3: Security Update for Windows XP (KB904706)
/ Windows XP / SP3: Update for Windows XP (KB904942)
/ Windows XP / SP3: Security Update for Windows XP (KB905414)
/ Windows XP / SP3: Security Update for Windows XP (KB905749)
/ Windows XP / SP3: Security Update for Windows XP (KB908519)
/ Windows XP / SP3: Update for Windows XP (KB908531)
/ Windows XP / SP3: Update for Windows XP (KB910437)
/ Windows XP / SP3: Update for Windows XP (KB911280)
/ Windows XP / SP3: Security Update for Windows XP (KB911562)
/ Windows XP / SP3: Security Update for Windows XP (KB911927)
/ Windows XP / SP3: Security Update for Windows XP (KB913580)
/ Windows XP / SP3: Security Update for Windows XP (KB914388)
/ Windows XP / SP3: Security Update for Windows XP (KB914389)
/ Windows XP / SP3: Hotfix for Windows XP (KB914440)
/ Windows XP / SP3: Hotfix for Windows XP (KB915865)
/ Windows XP / SP3: Update for Windows XP (KB916595)
/ Windows XP / SP3: Security Update for Windows XP (KB917344)
/ Windows XP / SP3: Security Update for Windows XP (KB917953)
/ Windows XP / SP3: Security Update for Windows XP (KB918118)
/ Windows XP / SP3: Security Update for Windows XP (KB918439)
/ Windows XP / SP3: Security Update for Windows XP (KB919007)
/ Windows XP / SP3: Security Update for Windows XP (KB920213)
/ Windows XP / SP3: Update for Windows XP (KB920342)
/ Windows XP / SP3: Security Update for Windows XP (KB920670)
/ Windows XP / SP3: Security Update for Windows XP (KB920683)
/ Windows XP / SP3: Security Update for Windows XP (KB920685)
/ Windows XP / SP3: Update for Windows XP (KB920872)
/ Windows XP / SP3: Security Update for Windows XP (KB921503)
/ Windows XP / SP3: Update for Windows XP (KB922582)
/ Windows XP / SP3: Security Update for Windows XP (KB922819)
/ Windows XP / SP3: Security Update for Windows XP (KB923191)
/ Windows XP / SP3: Security Update for Windows XP (KB923414)
/ Windows XP / SP3: Security Update for Windows XP (KB923980)
/ Windows XP / SP3: Security Update for Windows XP (KB924191)
/ Windows XP / SP3: Security Update for Windows XP (KB924270)
/ Windows XP / SP3: Security Update for Windows XP (KB924496)
/ Windows XP / SP3: Security Update for Windows XP (KB924667)
/ Windows XP / SP3: Update for Windows XP (KB925720)
/ Windows XP / SP3: Update for Windows XP (KB925876)
/ Windows XP / SP3: Security Update for Windows XP (KB925902)
/ Windows XP / SP3: Hotfix for Windows XP (KB926239)
/ Windows XP / SP3: Security Update for Windows XP (KB926255)
/ Windows XP / SP3: Security Update for Windows XP (KB926436)
/ Windows XP / SP3: Security Update for Windows XP (KB927779)
/ Windows XP / SP3: Security Update for Windows XP (KB927802)
/ Windows XP / SP3: Update for Windows XP (KB927891)
/ Windows XP / SP3: Security Update for Windows XP (KB928255)
/ Windows XP / SP3: Security Update for Windows XP (KB928843)
/ Windows XP / SP3: Security Update for Windows XP (KB929123)
/ Windows XP / SP3: Security Update for Windows XP (KB929969)
/ Windows XP / SP3: Security Update for Windows XP (KB930178)
/ Windows XP / SP3: Update for Windows XP (KB930916)
/ Windows XP / SP3: Security Update for Windows XP (KB931261)
/ Windows XP / SP3: Security Update for Windows XP (KB931784)
/ Windows XP / SP3: Update for Windows XP (KB931836)
/ Windows XP / SP3: Security Update for Windows XP (KB932168)
/ Windows XP / SP3: Update for Windows XP (KB933360)
/ Windows XP / SP3: Security Update for Windows XP (KB933566)
/ Windows XP / SP3: Security Update for Windows XP (KB933729)
/ Windows XP / SP3: Security Update for Windows XP (KB935839)
/ Windows XP / SP3: Security Update for Windows XP (KB935840)
/ Windows XP / SP3: Security Update for Windows XP (KB936021)
/ Windows XP / SP3: Security Update for Windows XP (KB937894)
/ Windows XP / SP3: Security Update for Windows XP (KB938127)
/ Windows XP / SP3: Update for Windows XP (KB938828)
/ Windows XP / SP3: Security Update for Windows XP (KB938829)
/ Windows XP / SP3: Security Update for Windows XP (KB939653)
/ Windows XP / SP3: Security Update for Windows XP (KB941202)
/ Windows XP / SP3: Security Update for Windows XP (KB941568)
/ Windows XP / SP3: Security Update for Windows XP (KB941644)
/ Windows XP / SP3: Security Update for Windows XP (KB942615)
/ Windows XP / SP3: Update for Windows XP (KB942763)
/ Windows XP / SP3: Update for Windows XP (KB942840)
/ Windows XP / SP3: Security Update for Windows XP (KB943460)
/ Windows XP / SP3: Security Update for Windows XP (KB943485)
/ Windows XP / SP3: Security Update for Windows XP (KB944653)
/ XML Paper Specification Shared Components Pack 1.0: XML Paper Specification Shared Components Pack 1.0


--- Startup entries list ---
Located: HK_LM:Run, mcagent_exe
command: F:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
file: F:\Program Files\McAfee.com\Agent\mcagent.exe
size: 582992
MD5: 9405B452064BFA6A0F78E2F177A988A4

Located: HK_LM:Run, SiteAdvisor
command: "F:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
file: F:\Program Files\SiteAdvisor\6261\SiteAdv.exe
size: 35992
MD5: 6A4C65612DB8B61C21A86308EFDE3536

Located: HK_LM:Run, Acronis Scheduler2 Service (DISABLED)
command: "F:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
file: F:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
size: 90112
MD5: 9F562956D4EF883EAC1BD7E811957D3C

Located: HK_LM:Run, Acronis*True*Image Monitor (DISABLED)
command: "F:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe"
file: F:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
size: 423342
MD5: 01FFE4886C52BEE757AC8688CD054E8F

Located: HK_LM:Run, Adobe Reader Speed Launcher (DISABLED)
command: "F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
file: F:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
size: 39792
MD5: 8B9145D229D4E89D15ACB820D4A3A90F

Located: HK_LM:Run, BkupTray (DISABLED)
command: "F:\Program Files\NewTech Infosystems\BkupTray.exe"
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, CanonMyPrinter (DISABLED)
command: F:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
file: F:\Program Files\Canon\MyPrinter\BJMyPrt.exe
size: 1197648
MD5: B3540F5D4D772B87062E06B971951BD8

Located: HK_LM:Run, eFax 4.3 (DISABLED)
command: "F:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe" /R
file: F:\Program Files\eFax Messenger 4.3\J2GDllCmd.exe
size: 116224
MD5: 55C9DD19EDC545BC44FD32BC80B12831

Located: HK_LM:Run, KernelFaultCheck (DISABLED)
command: %systemroot%\system32\dumprep 0 -k
file: F:\WINDOWS\system32\dumprep.exe
size: 10752
MD5: 13922EB54890C77005268882629A31FE

Located: HK_LM:Run, NeroFilterCheck (DISABLED)
command: F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
file: F:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
size: 153136
MD5: 8112D0DACAE746290FC87B3A980FA719

Located: HK_LM:Run, NovaBackup 7 Tray Control (DISABLED)
command: "F:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe"
file: F:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe
size: 417792
MD5: 7699397E1C9541AED765C315FFB63B63

Located: HK_LM:Run, NTI Open File Manager (DISABLED)
command: "F:\Program Files\NTI Open File Manager\fileAccessManager.exe"
file: F:\Program Files\NTI Open File Manager\fileAccessManager.exe
size: 812304
MD5: AE33DC887EA5820ED51D2B827F9CA05A

Located: HK_LM:Run, Picasa Media Detector (DISABLED)
command: F:\Program Files\Picasa2\PicasaMediaDetector.exe
file: F:\Program Files\Picasa2\PicasaMediaDetector.exe
size: 443968
MD5: 03463803AE9386EB095FFFD8DD26B85B

Located: HK_LM:Run, PinnacleDriverCheck (DISABLED)
command: F:\WINDOWS\system32\\PSDrvCheck.exe
file: F:\WINDOWS\system32\\PSDrvCheck.exe
size: 406016
MD5: 39D31D333C39CAA9A13B738804B43284

Located: HK_LM:Run, QuickTime Task (DISABLED)
command: "F:\Program Files\QuickTime\qttask.exe" -atboottime
file: F:\Program Files\QuickTime\qttask.exe
size: 98304
MD5: 76A3A30B58405C2C6D833895253A51A9

Located: HK_LM:Run, RemoteControl (DISABLED)
command: "F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
file: F:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
size: 32768
MD5: 1EEA64D8599B5B7BD8721498E4019CF0

Located: HK_LM:Run, Smapp (DISABLED)
command: F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
file: F:\Program Files\Analog Devices\SoundMAX\SMTray.exe
size: 143360
MD5: 2D765E811B6FFEA9F91D4425E34B8461

Located: HK_LM:Run, TkBellExe (DISABLED)
command: "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
file: F:\Program Files\Common Files\Real\Update_OB\realsched.exe
size: 185632
MD5: 59F017B88EA635E374247946B7AB7BF4

Located: HK_LM:Run, VTTimer (DISABLED)
command: VTTimer.exe
file: F:\WINDOWS\system32\VTTimer.exe
size: 36864
MD5: F6E960D1B2EF9CEF7876743E864F12AE

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-484763869-1202660629-839522115-1003...
command: F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 2097488
MD5: A9A5DB6AC3721BE698B996913693D73F

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} (DISABLED)
where: S-1-5-21-484763869-1202660629-839522115-1003...
command: "F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
file: F:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
size: 153136
MD5: 59D9856CD1420E2AF778821B7E1B81D0

Located: HK_CU:Run, ctfmon.exe (DISABLED)
where: S-1-5-21-484763869-1202660629-839522115-1003...
command: F:\WINDOWS\system32\ctfmon.exe
file: F:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 24232996A38C0B0CF151C2140AE29FC8

Located: HK_CU:Run, Handy Backup (DISABLED)
where: S-1-5-21-484763869-1202660629-839522115-1003...
command: F:\Program Files\Novosoft\Handy Backup\hbagent.exe -logon
file: F:\Program Files\Novosoft\Handy Backup\hbagent.exe
size: 3066968
MD5: 194F82B3F81E0B129CD994EC8120145B

Located: HK_CU:Run, MSMSGS (DISABLED)
where: S-1-5-21-484763869-1202660629-839522115-1003...
command: "F:\Program Files\Messenger\msmsgs.exe" /background
file: F:\Program Files\Messenger\msmsgs.exe
size: 1694208
MD5: 74E6E96C6F0E2ECA4EDBB7F7A468F259

Located: HK_CU:Run, PowerBar (DISABLED)
where: S-1-5-21-484763869-1202660629-839522115-1003...
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, Skype (DISABLED)
where: S-1-5-21-484763869-1202660629-839522115-1003...
command: "F:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, swg (DISABLED)
where: S-1-5-21-484763869-1202660629-839522115-1003...
command: F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
file: F:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
size: 68856
MD5: E616A6A6E91B0A86F2F6217CDE835FFE

Located: HK_CU:Run, tunebite.exe (DISABLED)
where: S-1-5-21-484763869-1202660629-839522115-1003...
command: F:\Program Files\Tunebite\tunebite.exe -tray
file: F:\Program Files\Tunebite\tunebite.exe
size: 2846720
MD5: 8DE30F640FFC260FA08DFA9735A0C430

Located: Startup (common), eFax 4.3.lnk (DISABLED)
where: F:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: F:\Program Files\eFax Messenger 4.3\J2GTray.exe
file: F:\Program Files\eFax Messenger 4.3\J2GTray.exe
size: 629248
MD5: 5468E1F70EE015E3EBDE3760F2FABCFE

Located: Startup (common), Google Updater.lnk (DISABLED)
where: F:\Documents and Settings\All Users\Start Menu\Programs\Startup...
command: F:\Program Files\Google\Google Updater\GoogleUpdater.exe
file: F:\Program Files\Google\Google Updater\GoogleUpdater.exe
size: 125624
MD5: 785478C1E612CDC7D2117A14C2304EBF

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
file: WgaLogon.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!
Terminator
2008-06-11, 23:23
See HERE (http://forums.spybot.info/showthread.php?t=22916&highlight=Win32.Tiny.abk) for more information on Win32.Tiny.abk.

Please note that XP Service Pack 3 is now avaliable and it is advisable that you install it once your current problem is sorted.
scomage
2008-06-12, 00:10
There is a lot of information at that link, but there is no information how to remove it. I already know it is a root kit with hidden files. I have tried to delete it in safe mode, but I get a message the file does not exist even though I can see it in explorer. Please just point me to any available information to remove it. I came to this forum instead of doing a general search because I trust Spybot, but if you don't have a solution let me know.
Terminator
2008-06-12, 10:42
One of the people in the link I gave you only managed to rid his system of this pest by formating his Hard Drive:sad: which should ONLY be done if all else fails.

I'm afraid I have no other advice to offer you:sad:.
md usa spybot fan
2008-06-12, 14:12
scomage:

I suggest you consider posting in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance) ( http://forums.spybot.info/showthread.php?t=288).
After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal (http://forums.spybot.info/forumdisplay.php?f=22) forum, making sure to post the logs produced from the above instructions.