PDA

View Full Version : Exploit.ADODB.Stream.DM



Mateo1981
28-04-2007, 12:55 PM
I have this virus/malware and bitdefender doesn't remove it (but it quarantines it and copies it for some reason) and counterspy cant detect it, i've tried removing it with the cmd and drdelete but it wont remove, I've tried deleting all the temporary files i could find on my computer to no avail and there isn't any info on google about it that i could find.

anyone had any experience with this before?

radium
28-04-2007, 01:48 PM
Microsoft Windows Malicious Software Removal Tool Should remove it for you.

Have you got the latest MS updates. If not, get them.

pheonix
28-04-2007, 01:51 PM
It appears to be caused by malware using known exploits. Earlier versions refer to the lowering of the security level within Internet explorer to allow the re-introduction of trojans. Try doing scans in safemode to stop Windows protecting some malware files.
Maybe have a look at the security levels of IE , or maybe try another browser such as Opera or Firefox.
Another thing to keep in mind, is that it may be detecting it within a restore point (if using XP) , where it should remain locked up as well. To make sure, make another system restore point, then go into System tools and after opening "Disk cleanup" , go to More Options and use the Cleanup button down the bottom to clear out all restore points except the one you just made.

Mateo1981
28-04-2007, 08:58 PM
I have the latest MS updates and im using firefox that triggers bitdefender to quarantine Exploit.ADODB.Stream.DM when i first open it. I Ran MWMSRT and counterspy in safe mode and they detected some other cookie potential prob but not this one. I couldn't get bitdefender to run in safemode. And i removed all restorepoints except the latest one that i made and that changed nothing.

any ideas?

Speedy Gonzales
28-04-2007, 09:23 PM
Get trojan remover in my sig below. Run it update it then click on scan.

See if it can find and remove it. Then select the 3rd to 7th option under the utilities menu.

Then get ccleaner (http://www.ccleaner.com) install, run it, then click on run ccleaner. Close browser/s first.

Mateo1981
29-04-2007, 02:06 PM
Trojan remover found something else and removed it, but after running TR and CCleaner like you posted the problem is still there.

Speedy Gonzales
29-04-2007, 07:27 PM
If u have XP, disable system restore.

Boot into safe mode, show all files (under tools / folder options / view tab in my computer) / untick hide protected operating system files.

Right mouse /properties on the system volume information folder.

Click on the security tab / advanced button then add button. Where the cursor is type in the name of Admin (it shows at the top of the start menu).

Then click on check names. Once the name comes up click on OK,OK,OK. To get out the properties of this folder, then open the system volume information folder.

Delete everything in it (if theres anything in it). Then reboot. Then turn system restore back on.

If u have more than 1 hard drive, do the above on the system volume information folder as well. Delete whats in this folder.

Mateo1981
01-05-2007, 12:28 AM
It wont let me open or delete the system volume information folder, it says: c:\system volume information is not accessible.
access is denied.

Speedy Gonzales
01-05-2007, 08:30 AM
And did u add yourself to the folder as Admin??

You have to do this first before you'll get access to it.

Mateo1981
01-05-2007, 07:08 PM
Done, sorry i added myself as admin but didn't assign permissions, what next?

Speedy Gonzales
01-05-2007, 07:53 PM
Go into the system volume information folder.

Whatever is in there, delete it.

Then reboot.

If theres more than 1 partition on your pc, go into each partition /same folder, and add yourself as admin, then delete everything in it.

This is with system restore off. Turn system restore back on after u do the above.

Mateo1981
02-05-2007, 06:30 PM
Done, i only have one partition and hard drive.


And i have another problem now playing video files no matter what player i use my computer will play for about a minute then pause the whole computer for another minute or two, then will come back to life and play another minute then pause again over and over.

Speedy Gonzales
02-05-2007, 06:34 PM
Done, i only have one partition and hard drive.

Good! So, is it dead?


And i have another problem now playing video files no matter what player i use my computer will play for about a minute then pause the whole computer for another minute or two, then will come back to life and play another minute then pause again over and over.

And you're using what program/s? And with what video file? Any video file?

Umm do you know what the brand / model of the mobo is on this PC??

I know some mobos (or a mobo), that did the same thing.

Mateo1981
02-05-2007, 08:04 PM
Its not dead, Bitdefender still picks it up.

The problem with video files is solved, I just reinstalled and updated vlc player. It was also taking its time opening programs but that was fixed when i reinstalled it.

Speedy Gonzales
02-05-2007, 08:11 PM
Did u delete the temp files??

Turn system restore off again, open IE and delete the temp IE files too, if u havent yet as well.

Is your windows up too date?

And is this (http://www.microsoft.com/technet/security/Bulletin/MS06-014.mspx)

Installed?

This maybe what it exploits.

Get Ewido (http://www.ewido.com) or NOD32 and do another scan.

Speedy Gonzales
02-05-2007, 09:09 PM
I would get something like Avast Home, or AVG Free, if u want something free.

Something else besides Bitdefender.

Mateo1981
03-05-2007, 11:27 AM
Did u delete the temp files??
Turn system restore off again, open IE and delete the temp IE files too, if u havent yet as well.
You know I'm using firefox and thats where the malware is in:
(C:\Documents and Settings\Matia\Local Settings\Application Data\Mozilla\Firefox\Profiles\4x07w7lp.default\Cac he)
In safe mode i deleted all the temp files I could find using CCleaner, ATF cleaner, HiJackThis and even internet options and firefox properties.

Bitdefender doesn't detect the malware anymore but the file is still there (C:\Documents and Settings\Matia\Local Settings\Application Data\Mozilla\Firefox\Profiles\4x07w7lp.default\Cac he).




Is your windows up too date?

Its on automatic update.


And is this

Installed?

Just installed it and ran windows online update check which installed the latest IE but everything else was updated.


I would get something like Avast Home, or AVG Free, if u want something free.

Other antivirus programs don't even detect this malware. Other then running bitdefender i also use trendmicro housecall.

Mateo1981
04-05-2007, 08:55 PM
I guess that means my problem is solved thanks to everyone that helped out (especially speedy).

Speedy Gonzales
04-05-2007, 09:27 PM
Errr but is BD or anything else still picking it up or not??

Mateo1981
04-05-2007, 11:08 PM
nothing is picking it up anymore but i can still see the file that was infected or causing the problem, so i'm not really sure.

Speedy Gonzales
05-05-2007, 06:49 AM
Hmm ok, try the trial (not free version) of A-squared (http://www.emsisoft.com/en/software/download/)

Its looks like its got most of those adodb.stream variants in it.

Just to make sure.

Mateo1981
05-05-2007, 02:26 PM
It detected a couple low risk cookies but nothing else.

Speedy Gonzales
05-05-2007, 02:34 PM
Sounds like its ok then.

I would say that wld have picked it up.

Mateo1981
05-05-2007, 04:17 PM
thanks for your help dude!