Trojan yvsvga.dll

Viruses and worms
1

My friend asked me to help with her computer problem. PC became extremely slow. It was apparently infected by trojan yvsvga.dll that was in windows\system32 directory. Her AOL “security suit” based on McAfee was able to detect it but couldn’t remove it. XP prevented any atempts to delete it. BTW Avast 4.7 didn’t detect it :frowning:
Reading some posting on Trend Micro (it was able to find it too) web site I learned that this is a backdoor trojan, that possibly helped to install some other malware. My question is:
Is there a way to check for those program? I ran Ewido, Avast, AOL security and they didn’t find anything else.

2

Why don’t you try on-line scanners?

http://www.virustotal.com/flash/index_en.html
http://www.kaspersky.com/virusscanner
http://www.mwti.net/antivirus/mwav.asp or http://www.security-ops.tk
http://housecall.trendmicro.com/
http://www.bitdefender.com/scan/index.html
http://support.f-secure.com/enu/home/ols.shtml

3

Thank you very much Tech.

I ran TrendMicro in safe mode and It found another problem tibs.vb I think we are up and running now. At least computer is now responding.

BTW, I had hard time starting other online scans you recommended. Couple didn’t work, other complained about ActiveX permissions. I checked them in browser options and ActiveX related staff was enabled. I guess it may be subject for a different post.

4

Hi PLD,

For the trojan see here:
http://www.sophos.com/security/analyses/trojhaxdoorcp.html
The other is a trojan downloader.

Iformation on the various haxdoor variants, very informing:
http://users.telenet.be/marcvn/spyware/1541877.htm

All variants can be removed using this tool from here:
hxxp://users.telenet.be/marcvn/tools/haxfix.exe

haxfix is a safe tool:
r.Web (R) daemon for Linux v4.33 (4.33.0.09211)
Copyright © Igor Daniloff, 1992-2005

Last update time: 2006-08-02,11:43:24

File size: 402.5K

haxfix.exe packed by BINARYRES

haxfix.exe - archive INNO SETUP

haxfix.exe/data001 packed by UPX

haxfix.exe/data001 - OK
haxfix.exe/data002 - OK
haxfix.exe/data003 - OK
haxfix.exe/data004 - OK
haxfix.exe - OK

HOW TO USE HAXFIX.EXE?

Download haxfix.exe.
Put it onto your desktop.
Close all other programs, and close all open windows.
Double click haxfix.exe to start installation.
Put a tag where it says “Create a desktop icon”.
Click on “Next” and follow instructions given on screen.
If the installation is finished, take care that “Launch HaxFix” is tagged.
Click on “Finish”.
A red dosscreen opens up with the following menu to choose from:

  1. Make logfile
  2. Run auto fix
  3. Run manual fix
    E. Exit Haxfix

polonus