SCC2002

Hey, guys. ^^ Do u know any video player software which does good multi-channel sound downmix to stereo? Btw, is there any video player that plays video or DVD in nice graphics, as well as good downmixing? Besides, I'm using Cyberlink PowerDVD 8 currently. & regarding the output mode in the audio options, there're 4 options. Stereo, Dobly Surround Compatible Downmix, Dolby Virtual Speaker, Truetheater Surround. Wat I'm not sure is does every of these options downmixing? Which one is the best option? Hope that u guys can help to point out. Thx. ^^

Hi. ^^ I'm using Netlimiter 2 Pro currently. Everything seems working well except the Grant feature. Grant is a feature that takes bandwidth from other processes to the specified process, in case of the specified process requires & there's not enough bandwidth. However, I dun see the Grant works. So, hope that someone can help me out & making it works. Ur help will be greatly appreciated. Thx a lot. ^^

Is there anyone who can help me out? Plz~

Hi. ^^ I'm using Netlimiter 2 Pro currently. Everything seems working well except the Grant feature. Grant is a feature that takes bandwidth from other processes to the specified process, in case of the specified process requires & there's not enough bandwidth. However, I dun see the Grant works. So, hope that anyone can help me out & making it works. Ur help will be greatly appreciated. Thx a lot. ^^

Hi, I'm encountering a powerful malware. So needs help to remove this malware. Hope u guys can help me out. My Windows XP SP2 is infected by this malware, Trojan-Downloader.Dadobra.CP, as labeled by Spyware Doctor. There're a few programs that will tend to hang easily, especially when they're running simultaneously. These programs're BitComet 0.96, Windows Live Messenger 8.1 & Mozilla Firefox. After hanged, the programs can't be killed. Restart is not possible as well. Although the Windows will closes all other programs, but will not start restarting the pc. Besides, my NVidia overclocking utility, D.O.T.(Dynamic Over-Clocking Technology) seems to be infected, or maybe is rundll32.exe that gets infected, bcoz whenever I enable or disable my D.O.T. feature, my Spyware Doctor will block rundll32.exe's attempt to write the registry: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURR ENTVERSION\RUN, WinSys="C:\WINDOWS\System32\WinSys.exe". Maybe is rundll32.exe gets infected instead of the D.O.T.. Another symptom is that my Windows will appears to locked after my programs hang. The 'Unlock Computer' window will appears when I try to log off or switch user. However, unlock the computer using other user accounts in my pc can't works, but unlocking using the logged on user account works. I've tried wiped my system partition & reinstalled my Windows, but my fresh Windows experiencing this same prob within 12 hours! So, I'm suspecting that the malware is exists in my other partitions. Wipe my other partitions as well? But I've a lot of data in my other partition, so backing up the data might backing up the malware as well? Or is my speculation wrong? Above symptoms're juz for reference for any possible solution. So, if anyone knows solution to this prob, plz let me know. Anyway, I'm expecting extensive removal instruction to this Trojan-Downloader.Dadobra.CP. Any help is greatly appreciated. Hope to hear from u guys soon. Thx in advance! ^^

I've tried wiped my system partition, & reinstalled my Windows. However, the same prob appears again within 12 hours in my fresh Windows! I'm thinking that the malware is still exists in my other partitions. Wipe my other partitions? But I've a lot of data in them. So, backing up the data means backing up the malware as well? I need more extensive solution to this Trojan-Downloader.Dadobra.CP. I need to manually remove it. So, plz tell me if u do know. Btw, I'd like to open a new topic, specifically on this malware, to get more focused answers.

Looks like no one replying me... Is there anyone? Since there's no help, I'd try to reformat now. However, I do still like to know how to detect the cause of pc hanging & high CPU usage. cluberti, do u know how?

Thx, cluberti. ^^ Anyone, if know how to deal wif this Trojan-Downloader.Dadobra.CP, plz let me know.

Another symptom of the malware in my pc, which most likely to be the Trojan-Downloader.Dadobra.CP. It'll try to access to www.ftjcfx.com & btfans.3322.org.

Hey, the lost file association wif .exe files has been fixed! Found a nice article from here. http://filext.com/faq/broken_exe_association.php So, I've tried out Kelsenellenelvian's solution. Not working as well. There're no such files & processes running.

I know that reformat will be much faster, but like wat u've said, I do want to take this as an exercise & method to deal wif such serious & not-obvious prob, which turned out to be a powerful trojan. & most important, I want to know how to detect the cause of pc hanging & high CPU usage. For the way u're using, it might be a lil too hard for me, as I dunno anything'bout C++ & further on. So, are there any more easier way? Well... I've endure the down time for so long, a lil longer doesn't mean much. Haha. But of coz hope that it can solved asap. Hope that u're willing to help me. My main prob now is lost file association of Windows wif .exe files.

Same happens in safe mode.

Thx for ur advice, Kelsenellenelvian. ^^ But I can't run anything now, opening the programs will appears this msg: 'This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.' So, the priority is to fix this prob 1st.

Btw, do u've any recommendation how to remove the trojan, after fixing the prob I'm having now?

I've a new prob arises. I tried Spybot S&D to test out its detection capability. It doesn't prove much use, anyway, but after I finish the scan using it, & clean several tracking cookies, & all the programs cannot be opened now! Any .exe, .bat, & maybe more files can't be opened! An error msg will appears when I open any such files. 'This file does not have a program associated with it for performing this action. Create an association in the Folder Options control panel.' I can't restore my Windows using System Restore, neither repair my Windows XP. Can't even Run... regedit or chkdsk things... Wat can I do now?

I see. Juz a question, the abandoned mutex should be caused by the trojan, right? Could it be abandoned bcoz it's partially removed? So, the best move now is to remove the trojan 1st? Btw, may I know how to analyze the dump files? Do I need any technical knowledge? Is there any tutorial on internet?

Hmm... I know. But I encountered same prob twice, so thinking of hot to prevent it & troubleshoot it. So, u think this trojan is the culprit as well? Btw, are u able to find the source of creating this prob? Those settings are not intended to be so initially, right?

cluberti, try to look on the Trojan-Downloader.Dadobra.CP matter also. I think it's related to this prob. Btw, how u want me to remove the PCTools driver? This is the Spyware Doctor driver. I think removing it means uninstalling the whole program, right? & for the Acronis, can I juz prevent the processes from running? By stopping the processes from running only, is it capable to make it not affecting the system at all? Do u found anything that cause this prob? Juz the PCTools, NVidia driver & the Acronis? Is there anything that makes these things causing prob? They shouldn't be causing prob at 1st, even more that they're causing the prob at the same time, right?

I think I found something. Some trojan exists in my pc. & can't be removed even by Spyware Doctor & SpySweeper. I came across to a GPU overclocking utility installed on my pc, installed together wif my NVidia 7600GT driver, & simply enable & disable the D.O.T (Dynamic Over-Clocking Technology) feature, then a registry change is blocked by my Spyware Doctor. The registry path found is HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN, WinSys="C:\WINDOWS\System32\WinSys.exe" & the threat name found is Trojan-Downloader.Dadobra.CP. I tried to remove this trojan manually. However, I can't find this WinSys.exe in my System32 folder even after disabled the 'Hide protected operating system files'. Btw, I dunno how to find the registry path wif the coma at the middle. Wat's the coma means? How to find that? It's weird that the Spyware Doctor capable to detect & block the registry change & the source of this threat, but is unable to detect this threat in its scan & remove it. Why? Anyway, I think this Trojan-Downloader.Dadobra.CP is the culprit behind all the prob. But I dunno how to remove it. No clear guide on internet as well.

Oh. Soree for the urge. =p Didn't know that. Hehe. Juz felt waited for a lil long... Anyway, I've uploaded the files. They're in .rar format, due to their large size. Fine wif u guys, right? Here's the list of the memory dump files. http://hosted.filefront.com/SCC2002/ The Hang_Mode__Date_01-19-200M.rar is BitComet.exe, which is BitComet 0.94. It also linked by http://files.filefront.com/Hang+Mode+Date+...;/fileinfo.html The Hang_Mode__Date_01-20-200M.rar is Msnmsgr.exe, which is Windows Live Messenger 8.1. Also linked by http://files.filefront.com/Hang+Mode+Date+...;/fileinfo.html & the MEMORY.rar is the system dump. Is also linked by http://files.filefront.com/MEMORYrar/;9473796;/fileinfo.html Plz bear in mind that u might not immediately starting to dl once u click on the Download button. It might try a few times before it starts to download, juz leave it there for a while, & it'll starts eventually, won't be too long. So,I'll leave the analysis to u. ^^

Erm... cluberti? Are u still there? Can u continue to look on my prob? Or is there anyone else, who can give me some advice?

Yeah, true, but it still quite large for an attachment in forum. Zip file will do, right? It's around 21MB. The forum's attachment limit is 200KB only. Wat should I do then?

But all of them together will be very large in size, especially the .dmp file. It is 61.3MB!

Wat do u mean by whole box? & wat msg indicates the end of creating the memory dump? A warning appears when after I entered the command in command prompt. It says 'WARNING! An '_NT_SYMBOL_PATH' environment variable is not set. Please check the application event log or the ADPlus-report.txt for more details.' & following by 'Attaching the debugger to: BITCOMET.EXE <Process ID: 2624>. Is the dump creating process completed? Btw, about the files created, do I need to upload all 5 files? & for the text file, do I need to copy & paste into this topic?

Oh, okay. I'll try to. Oh, in addition to the things I've said, the Windows will hang more often if BitComet is opened, & even much often, almost immediately, after I opened Windows Live Messenger together wif BitComet. At last, both will hang anyway. Btw, cluberti. Can u help me to edit my topic name? Has a lil mistake. It should be 'Cause is unknown.' Thx. ^^ Should I create dumps for the applications or the whole system? Since might be the whole system compromised.