A preliminary search of the internet seems to indicate that vdnt32.sys is part of the HAXDOOR Trojan horse program that opens a backdoor on a compromised system and allows unauthorized access to a remote attacker. It also attempts to steal passwords.
There are apparently several "varieties" of this trojan... so I can't say specifically which particular "strain" you may have... but you can try to research the matter further as follows:
Hopefully, with this as a starting point, you may be able to determine which version you have, and then, try to search for an automatic removal tool (if one exists).
A database search at a-squared found that their scanner removes Haxdoor, and variations A-G., I, L. and Q.. You can download the a-squared Trojan scanner from the link in my signature below. There are both a free and a pay-for version.
Ok Im trying to start my computer too and its not starting up either!!!!! so it loads up windows xp home logo then when i go to log onto an account (anyaccount) it just goes a blue screen, what says somthing about a missing or currupt file..... and how I should check my memory..... So did all that..... i checked my memory, used my OS reinstall disk to check my computer, did that chkdsk /d then chkdsk /p trick and went to the bios and set everything to the "like new" settings, went into msconfig and guess what..... I STILL CANT GET INTO ANY ACCOUNT......
I think there error message also reads something like error stop: 0x0000008e (more numbers in here ending with 0x000000) oh and sometimes it says PAGE_FAULT_IN_NONPAGED_AREA
My computer is a DELL Dimension 2400. Ive chatted with a few diffrent dell support specialists... and they all havent been able to help me AT ALL. so they've been urging me to call a pay to fix it phone number and i want to give the free message community a stab at it..... Im writting this message at 5:30 in the morning... ive been up ALL NIGHT trying to fix this..... 8 nights in a row..... I STILL CANT LOG onto ANY account... except the addminstrator in safe mode that still works. anywasys.... any advice would make my day.
Mr. X
ps. dont think im a cheap skate, OK, I AM!! but I dont even have a phone, and im like 3 months late on my rent, have like 4 unpaid parking tickets.... i cant afford to pay for fixing this computer i just got a year ago!!
First off, you always get better results if you start your own thread rather than posting into someone else's. It's simply reduces confusion all the way around.
You don't say in your post if you have Internet access or your posting from someone else's computer. If you do not have Internet access, please post back to this thread and we will go from there. If you have Internet access, please run the following online Trojan scans:
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
1. Select all available drives. 2. Check(tick) "Auto Clean". 3. Click "Scan
".
Once again, post back the full path and filename filename
of any files that cannot be cleaned or deleted.
From my signature below, download Ad-Aware SE Personal and Spybot S&D. Configure them according to the
Ad-Aware Tutorial
and
Spybot S&D Tutorial
. Run them each, in turn, with a reboot in between.
If this does not fix your problem, start a new thread posting the results of the scans as well as any filenames from the above steps. Someone will assist you as quickly as possible.
hey billy thanks for the advice, I do have a computer next door, so I can go back and forth...
gives me an excuse to talk to my nieghbor anyway..... this my computer doesnt go on line, it doesnt even allow me to log onto any account except of when running in safe mode.... My administrator account is working just fine there. anyways if you have any suggestions i would be all ears. (eyes i guess)...
It makes it more difficult if you don't have Internet access, however, I'm currently working with another user who has to run back and forth to post.
It may take a little longer since you can't run the online scans, and would not be able to update Ad-Aware SE Personal and Spybot S&D. So let's do this:
Have your friend download HijackThis from: Here, and save it to a floppy. Then use the floppy to install it onto your computer (it's OK if you have to install it in Safe Mode) by following these instructions:
Create a folder on the root drive, (Usually C:\), called C:\HJT HijackThis will create a backup file to use if a restore is necessary, so please DO NOT run HijackThis from a temporary location or your desktop.
1. Go to "My Computer" (Windows key+e), or by double-clicking on the "My Computer" icon on your desktop. 2. Double click on "C:" 3. Right click and select New ->Folder. Name it HJT.
Unzip HijackThis to its permanent folder.
Launch HijackThis by double-clicking on "HijackThis.exe". Click the "Do a system scan only" button. When scan is finished, click the "Save log" button and save to a convenient location.
A Notepad windowill open with the contents of the scan.
Hit Ctrl+a to select the entire contents. Hit Ctrl+c to copy it. (Save to a floppy in Notepad.) (At your friend's house) go to the Dell HijackThis forum and start a "New Thread" Open the file that you saved to the floppyand repeat the first two steps . Hit Ctrl+v to paste contents of log into the message body.
Someone will analyze your log in get back to you as quickly as possible.:smileyhappy:
George a.k.a. SpotCheckBilly
Message Edited by SpotCheckBilly on 05-21-2005 01:41 PM
ky331
3 Apprentice
•
15.6K Posts
0
March 20th, 2005 22:00
A preliminary search of the internet seems to indicate that vdnt32.sys is part of the HAXDOOR Trojan horse program that opens a backdoor on a compromised system and allows unauthorized access to a remote attacker. It also attempts to steal passwords.
There are apparently several "varieties" of this trojan... so I can't say specifically which particular "strain" you may have... but you can try to research the matter further as follows:
Haxdoor.C
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.haxdoor.c.html
Haxdoor.O
http://www.sophos.com/virusinfo/analyses/trojhaxdooro.html
Hopefully, with this as a starting point, you may be able to determine which version you have, and then, try to search for an automatic removal tool (if one exists).
SpotCheckBilly
932 Posts
0
March 20th, 2005 22:00
A database search at a-squared found that their scanner removes Haxdoor, and variations A-G., I, L. and Q.. You can download the a-squared Trojan scanner from the link in my signature below. There are both a free and a pay-for version.
Good luck:smileyhappy:
George a.k.a. SpotCheckBilly
PS I believe they also offer a free online scan.
ky331
3 Apprentice
•
15.6K Posts
0
March 20th, 2005 23:00
Mr. X
7 Posts
0
May 20th, 2005 11:00
SpotCheckBilly
932 Posts
0
May 20th, 2005 21:00
First off, you always get better results if you start your own thread rather than posting into someone else's. It's simply reduces confusion all the way around.
You don't say in your post if you have Internet access or your posting from someone else's computer. If you do not have Internet access, please post back to this thread and we will go from there. If you have Internet access, please run the following online Trojan scans:
Sygate Trojan Scan
and
Trojan Scan .
Please write down the full path and filename of anything they are unable to fix/delete.
Next, go to www.trendmicro.com , and then:
1. Click "Free Online Scan".
2. Click "Scan now, it's free".
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
1. Select all available drives.
2. Check(tick) "Auto Clean".
3. Click "Scan ".
Once again, post back the full path and filename filename of any files that cannot be cleaned or deleted.
From my signature below, download Ad-Aware SE Personal and Spybot S&D. Configure them according to the Ad-Aware Tutorial and Spybot S&D Tutorial . Run them each, in turn, with a reboot in between.
If this does not fix your problem, start a new thread posting the results of the scans as well as any filenames from the above steps. Someone will assist you as quickly as possible.
George a.k.a. SpotCheckBilly:smileyhappy:
Mr. X
7 Posts
0
May 21st, 2005 05:00
SpotCheckBilly
932 Posts
0
May 21st, 2005 19:00
Hello Mr. X,
It makes it more difficult if you don't have Internet access, however, I'm currently working with another user who has to run back and forth to post.
It may take a little longer since you can't run the online scans, and would not be able to update Ad-Aware SE Personal and Spybot S&D. So let's do this:
Have your friend download HijackThis from: Here, and save it to a floppy. Then use the floppy to install it onto your computer (it's OK if you have to install it in Safe Mode) by following these instructions:
Create a folder on the root drive, (Usually C:\), called C:\HJT HijackThis will create a backup file to use if a restore is necessary, so please DO NOT run HijackThis from a temporary location or your desktop.
1. Go to "My Computer" (Windows key+e), or by double-clicking on the "My Computer" icon on your desktop.
2. Double click on "C:"
3. Right click and select New ->Folder. Name it HJT.
Unzip HijackThis to its permanent folder.
Launch HijackThis by double-clicking on "HijackThis.exe".
Click the "Do a system scan only" button.
When scan is finished, click the "Save log" button and save to a convenient location.
A Notepad windowill open with the contents of the scan.
Hit Ctrl+a to select the entire contents.
Hit Ctrl+c to copy it. (Save to a floppy in Notepad.)
(At your friend's house) go to the Dell HijackThis forum and start a "New Thread"
Open the file that you saved to the floppyand repeat the first two steps .
Hit Ctrl+v to paste contents of log into the message body.
Someone will analyze your log in get back to you as quickly as possible.:smileyhappy:
George a.k.a. SpotCheckBilly
Message Edited by SpotCheckBilly on 05-21-2005 01:41 PM