Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

gaopdxserv.sys problem


  • Please log in to reply
4 replies to this topic

#1 djurwin

djurwin

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 31 March 2009 - 07:06 AM

Hello, and congratulations on an excellent forum. It has been very useful so far.

I have had a problem that I noticed at the end of last week with the replacement of ads on firefox and ie7. In trying to find out the problem I discovered that I have a gaopdxserv.sys issue after running GMER and Malwarebytes. I believe this to be a win32.adware type trojan. I struggled for a long time to get GMER and MBAM to run along with spybot S&D and I have yet to get superantispyware to run successfully.

Through a combination of GMER and Malwarebytes (I have logs for these) I have managed to disable the malware. However I would prefer to get completely rid of the infection. I use Sophos antivirus (it is a work pc), firewall is on the LAN server, and I also run Comodo firewall for protection at home. I wonder if the error I have made is not have anti-malware or anti-virus software running while I use my wireless connection at home. However I do not have any issues with my home pc (comodo and AVG). I am aware that our work network has had several issues with logon times and freezes but no-one has been brave enough to admit there is a problem.

Can anyone help me please?

BC AdBot (Login to Remove)

 


#2 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:54 PM

Posted 31 March 2009 - 07:52 AM

Hello and welcome to Bleepin

You have an advanced and state of the art backdoor trojan/rootkit inside your work lan, braveness has nothing to do with it.

Who handles your IT work?

One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

Someone may be able to clean this machine but we can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.
Chewy

No. Try not. Do... or do not. There is no try.

#3 djurwin

djurwin
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 31 March 2009 - 08:46 AM

DaChew, many thanks for your prompt but despair inducing message. This laptop is only months old.

I need to flag this across to the other senior team members so can you indicate how you know this to be such a serious infection from the sketchy information I have given? There was some concern that the business had been hit with the Conficker worm around 23March, is this a possibility? Do you know what I am likely to have contracted? I can send scans if helpful, could this indicate if I should get this reformatted or it will clean?

regards, David

#4 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:54 PM

Posted 31 March 2009 - 08:57 AM

The gaopdxserv.sys was a dead giveaway.

http://www.prevx.com/filenames/X1689243953...XSERV2ESYS.html

I will admit MBAM has made great progress with these infections in the last few weeks

Newer variants have been blocking MBAM totally
Chewy

No. Try not. Do... or do not. There is no try.

#5 DaChew

DaChew

    Visiting Alien


  • Members
  • 10,317 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:millenium falcon and rockytop
  • Local time:09:54 PM

Posted 31 March 2009 - 09:20 AM

Conflicker variant C has gotten even nastier

https://forums2.symantec.com/t5/blogs/bloga.../article-id/252

Google has not found the link between these 2 infections tho?
Chewy

No. Try not. Do... or do not. There is no try.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users