Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Pwdump.


  • Please log in to reply
5 replies to this topic

#1 Webman

Webman

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:48 AM

Posted 22 January 2008 - 01:57 PM

Hi, my computer is infected with Pwdump and LSADump, I've deleted the value names in the registry and my anti-virus still pciks it up, and my anti-virus can't remove it. Are there any removal tools i can download?

Thanx

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:48 AM

Posted 22 January 2008 - 02:46 PM

Run your scan from Safe Mode again. then run a scan with SUPERAntiSpyware
Download ,install and Update then reboot into safe mode and scan, delete all items found.

How to start Windows in Safe Mode
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Webman

Webman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:48 AM

Posted 22 January 2008 - 09:04 PM

I downloaded Super Anti-Spyware, ran a scan in safe mode, and it didn't detect pwdump, but my anti-virus still sees it.

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,289 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:10:48 AM

Posted 22 January 2008 - 09:18 PM

Did your anti-virus provide a specific file name associated with this malware threat and if so, where is it located (full file path) at on your system?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,082 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:48 AM

Posted 22 January 2008 - 09:20 PM

Does your AV say where it is?
It may be in system restore. Disable and scan again. Remember to re-enaable after your done.
FOR XP
DISABLE
Click Start >Right-click My Computer>click Properties
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives. If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
Click Apply>When you see the confirmation message, click Yes > Click OK.

ENABLE

Same as above but check Apply where you checked Turn off
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Webman

Webman
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:09:48 AM

Posted 23 January 2008 - 06:51 AM

No, I disabled system restore before. The file names are:

samdump.dll

pwservice.exe

pwservice.exe3

The above files can't be found in the registry, not anywhere. I deleted them. I have no idea why it's still there. not a trace of the files left




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users