[HELP] system infected by nmdfgds0.dll

[Davidboon]

Avast detected a few viruses on my computer named nmdfgds0.dll.
Even after removal it reappears at startup.

As the Consequences: computer is slowed down,its impossible to launch the applications a few times, operation of hard drives in new windows, can not display hidden files ... So thank you to anyone for helping me out.

This is shown by avast

File name : D:\WINDOWS\SYSTEM32\nmdfgds0.dll
Type : Rootkit: hidden process

Here is malwarebytes log

Malwarebytes' Anti-Malware 1.34
Database version: 1888
Windows 5.1.2600 Service Pack 3

3/25/2009 12:04:19 PM
mbam-log-2009-03-25 (12-04-19).txt

Scan type: Quick Scan
Objects scanned: 58940
Time elapsed: 4 minute(s), 15 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
D:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> Delete on reboot.

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run\cdoosoft (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\Advanced\Folder\Hidden\SHOWALL \CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
D:\WINDOWS\system32\olhrwef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
D:\WINDOWS\system32\nmdfgds0.dll (Spyware.OnLineGames) -> Delete on reboot.


i am using avast professional edition 4.8 and i have also tried malwarebytes anti malware to remove this rookit but none of them are unable to remove it permanently.

[himadri_sm]

use ESET Undll...you can download it from the ESET website..just select the infected dll file & it will delete it.

[Davidboon]

@sekhar thanks for your help , i'll give it a try.

[Disc_Junkie]

You can also try Noob Killer. Download it. You can do a 8-X Kill which will clear all the malware or you can it delete the file yourself. It has got many options. Try it.

[mrintech]

Go for a full scan with the following softwares:

* http://www.superantispyware.com/download.html
* http://www.emsisoft.com/en/software/free/

Also make sure that they are updated to latest definition files and go for Full System Scan.

Else

You can always try Online Scanning. Here's the list of best Online Scanners: http://mrintech.com/5-best-online-vi...rs-you-can-use

[phuchungbhutia]

There's a bat file which can remove such files . . try searching it . . its kinza removal bat file . . Small and quite useful . . And u can edit it to use it for more usefulness and no installation hassle either . .

[Davidboon]

thanx phuchung , mrintech , disc_junkie for ur solutions .

and puchung can u name the exact file ?

[rhitwick]

Here's ur full data on dat virus.
http://www.threatexpert.com/files/nmdfgds0.dll.html

B/W try Malwarebytes Antimalware

[himadri_sm]

@Davidboon: do tell us what you used to get rid of the infection.

[Davidboon]

At last i got rid of the virus but still i have to open all my partitions using the explore option instead of double click . only my system partition is accessible with double click .

i just did a boot scan of all the partitions using avast and deleted all suspicious files .
and use malwarebytes too.

[ico]

Quote:

Originally Posted by Davidboon

At last i got rid of the virus but still i have to open all my partitions using the explore option instead of double click . only my system partition is accessible with double click .

Enable 'Show hidden files and folders' and also the 'protected system files' from the Folder Options........go to each Disk drive and delete the file 'autorun.inf' manually. And Restart.