Hello all, I just though that I might let you know about the infection with the “Haxdoor” trojan that I’ve managed to solve with help of Filemon, Autoruns, but especially Regmon (i.e. with it I noticed the ID of a non-visible process) programs from Sysinternals …
This were the two Avast’s Event Viewer events:
AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of D:\WINDOWS\system32\ydsvgd.dll failed, 00000005.
AAVM - scanning warning: x_AavmCheckFileDirectEx [UNI]: D:\WINDOWS\system32\ydsvgd.dll (D:\WINDOWS\system32\ydsvgd.dll) returning error, 00000005.
I anyone wants to, please see the “/Fixed: HELP: My computer was probably infected and now I am afraid to reboot” thread: http://episteme.arstechnica.com/eve/forums/a/tpc/f/99609816/m/464002950831 that I opened on Ars Technica (or alternatively the one at CastleCops similarly titled “/Fixed: My PC probably infected; now I am afraid to reboot”) and in which I described the solution (and varous interesting techniques I used) to this infection in great details, of course, with graphical screenshots added …
satyr