Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Possible W32.amend.a@mm / Backdoor ?

  • This topic is locked This topic is locked
3 replies to this topic

#1 spacekitten


  • Members
  • 21 posts
  • Gender:Female
  • Location:State of denial
  • Local time:10:35 PM

Posted 25 August 2007 - 01:05 PM

(I have not run scans in safe mode yet, perhaps I will do that immediately after posting, however, I have scanned HP notebook so many times in the last 4 days, I feel I am chasing ghosts.)

First, I noticed a change in the Task Manager, all the tabs that appear at the top of the TM box are gone. (Admin account only)
Now, I have severe hanging with most programs. Some that used to open in seconds now take 10 minutes.

I have run Norton, Spybot, Ad-AwareSE, ccCleaner, Spyware Doctor, and RegRun security suite. (all updated daily)
The only program that seems to detect any wrong-doing in my notebook is RegRun, all others claim everything is running perfect, minus a tracking cookie here or there.

RegRun5 tells me on reboot that I have 3 infected files, 16 questionable files, and 2 warnings.
The 3 flagged files are :

1. Kernel Auto Boot in Drivers; Windows\System32\Drivers\MCHINJDRV.SYS
2. Registry Run in Auto Start Apps; "Windows\System32\msconfig.exe"/auto
3. In memory - Running Process; Windows\System32\wininit.exe

I spent 2 hours and $100 with a remote access Symantec tech, (in both normal and safe modes) and the only advice he could give me was backup my files, and restore pc to factory stats. (which I did) I do not think it helped a smidge, as the notebook seems even slower now. (it was purchased only a month ago from HP site)

I use Vista Home, Symantec firewall, and run my spyware and AV programs daily on reboot.
What I understand of W32.Amend.A@mm is it is a replicating worm that will dump itself into file after file after file, which makes sense as my Spydog (part of RegRun Suite) gives me a list of 'changes' made to files and they are all seemingly good files that have something added to them which makes them poisin.

I hope this was not too much information.
Kindest Regards~

BC AdBot (Login to Remove)


#2 buddy215


  • Moderator
  • 13,323 posts
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:35 PM

Posted 25 August 2007 - 02:10 PM

Post a Hijack This log in the Hijack This forum by following the directions in the link below. DO NOT post the log in this forum.

Good luck to you.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 spacekitten

  • Topic Starter

  • Members
  • 21 posts
  • Gender:Female
  • Location:State of denial
  • Local time:10:35 PM

Posted 25 August 2007 - 04:53 PM

Thank you buddy215, I will do that.

#4 quietman7


    Bleepin' Janitor

  • Global Moderator
  • 51,769 posts
  • Gender:Male
  • Location:Virginia, USA
  • Local time:11:35 PM

Posted 26 August 2007 - 02:02 PM

Your log is posted here.

After posting a log you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a HJT Team member, nor should you continue to ask for help elsewhere. Doing so can result in system changes which may not show it the log you already posted. Further, any modifications you make may cause confusion for the member assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

To avoid confusing, I am closing this topic until you are cleared by the HJT Team. If you still need assistance after your log has been reviewed and you have been cleared, please PM me or another moderator and we will re-open this topic.

Thanks for your cooperation and good luck with your log.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users