Stubborn Trojan

Hello,

I'm having problems ridding myself of some files I suspect might be due to a trojan.

Operating System:

Windows Vista Home Premium
HP Pavilion dv9700 Notebook
Intel Core 2 Duo T7250 @2.0 GHz
3070 MB RAM
32-bit system

Symptoms:

1). I have some files that insist on being shared files despite having Network File and Folder Sharing set to "Not Shared". I found these by clicking "Show me all the files and folders I am sharing" in the Network and Sharing Center within the Windows Vista control panel.

Suspect regenerating files:

C:\Users\tigergerms\AppData\Roaming\nvModes.dat
C:\Users\tigergerms\AppData\Roaming\nvModes.001
C:\Users\tigergerms\AppData\Local\Virtual Store\Program Files\Common Files\Adobe PCD
C:\Users\tigergerms\AppData\Local\Virtual Store\Program Files\Common Files\Adobe\cache
C:\Users\tigergerms\AppData\Local\Virtual Store\Program Files\Common Files\Macrovision Shared\fnp_registrations.xml

I've tried deleting these files & folders but they come back after a few reboots. I think they reappear after I run a program or do some action but have not been able to identify what actions are causing the files to regenerate.

2). After allowing the nvModes.dat and nvModes.001 files to exist (ie. not deleting them and restarting computer a few times), my wireless Internet connection begins to fail. The SSID reverts back to manufacturer settings. The error identified by Windows in the Network and Sharing Center when trying to connect to my wireless router is: "There may be a problem with your Domain Name Server (DNS) configuration. Windows found a problem that cannot be repaired automatically. Contact your Internet service provider or network administrator."

I have been able to re-configure the router back to the settings I had before these anomalies started appearing.

3). Internet Explorer button adds itself to the Quick Launch menu bar.

I use Mozilla for most web browsing. I suspect the nvmodes.dat & nvmodes.001 files appear after signing into MSN Messenger but have not been able to confirm.



I've tried using anti-virus applications (Malware Bytes and PC Tools Spyware Doctor) but they have not caught/identified any problem files, even when run in safe mode. I've also tried re-installing Windows Vista but the same files reappear in the same place after a few restarts. I'm out of ideas.

How does one go about trying to identify trojans and back-door hijacks?

Any help would be appreciated. Thanks.

You could try uploading those files at Jotti for analysis.

Thanks Budapest. However, all 20 scans found nothing.

bump

I think they reappear after I run a program or do some action but have not been able to identify what actions are causing the files to regenerate.

Then try to identify the program that is creating them.

These files do no appear to be malicious and your jotti scan seems to confirm that. I am seeing a lot of users having the same files in various logs where they posted for assistance in regards to other issues. What I find in common is that all of them are using Nvidia graphics/drivers. What I have noticed in some of these logs, those files have the same date/timestamp as nvapps.xml and nvudisp.exe which are Nvidia related.

Some files are necessary for a program to perform properly and are recreated if they are deleted.