Results 1 to 7 of 7

Thread: ddcyx.dll

  1. #1
    Member
    Join Date
    Jan 2008
    Location
    gilbert az
    Posts
    4
    Points
    0

    Default ddcyx.dll

    I ran Hijackthis and am getting a ddcyx.dll file running and it won't delete. How can I get rid of it?

    Not sure how to post a log since I'm new to the program, but it appears that's the only issue.

    F:\Windows\System32\ddcyx.dll

    I can't delete it manually either since it is being used by Windows...any ideas?

  2. #2
    Member
    Join Date
    Jan 2008
    Location
    gilbert az
    Posts
    4
    Points
    0

    Default

    Here you go, Figured it out

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 4:45:51 AM, on 1/16/2008
    Platform: Windows XP (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\csrss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\wltrysvc.exe
    F:\WINDOWS\System32\bcmwltry.exe
    F:\WINDOWS\system32\LEXBCES.EXE
    F:\WINDOWS\system32\spoolsv.exe
    F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    F:\Program Files\Prevx1\PXAgent.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\System32\wdfmgr.exe
    F:\WINDOWS\wanmpsvc.exe
    F:\WINDOWS\explorer.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\Documents and Settings\octavio\Desktop\HiJackThis_v2.exe

    O2 - BHO: (no name) - {3A08A1CE-5210-4B6A-9A52-77F1F2C65105} - F:\WINDOWS\System32\ddcyx.dll
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [gcasServ] "F:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] F:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
    O4 - HKLM\..\Run: [REGSHAVE] F:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [LexPPS.exe] F:\WINDOWS\System32\lexpps.exe
    O4 - HKCU\..\Run: [AIM] F:\PROGRA~1\AIM\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
    O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - F:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
    O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - F:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Prevx Agent (PREVXAgent) - Prevx - F:\Program Files\Prevx1\PXAgent.exe
    O23 - Service: UStorage Server Service - OTi - F:\WINDOWS\system32\UStorSrv.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe
    O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - F:\WINDOWS\System32\wltrysvc.exe

    --
    End of file - 2539 bytes

  3. #3
    Member
    Join Date
    Dec 2002
    Posts
    12,000
    Points
    1191

    Default

    Not sure how to post a log since I'm new to the program, but it appears that's the only issue
    Well, if you are not familiar with program, did you heed the warning, about "fixing" things UNLESS you know what your are doing?
    HJT logs, as you have probably figured out, show both good and bad entries.

    Log looks very short, which leads me to believe that you have been "working" on it. Not a good idea.

    Next thing, is you are using an outdated version of HJT program.

    The really big problem is why don't have at least Service Pack 1 installed, for XP and IE ? Anymore no real sense of us helping with problems with out with at least having SP1a installed. With out it, you will always have problems.

    But back the question - I have no clue what this file is:

    O2 - BHO: (no name) - {3A08A1CE-5210-4B6A-9A52-77F1F2C65105} - F:\WINDOWS\System32\ddcyx.dll

    Sure does looks like malware, to me.

    If you what us to help you with the problems your are having, we will need to start over.

    Basic solution, if a file can't be deleted because it is use/running, is to try to delete it whilst in the safe mode.

    BHO help/add to other programs, so it is very likely that there are other problems, many of which are not fixable by using just the HJT program.

    Let us know how you want to proceed.

    BG

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    It's a vundo trojan, & that entry in hijackthis is just the tip of the iceberg ...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  5. #5
    Member
    Join Date
    Jan 2008
    Location
    gilbert az
    Posts
    4
    Points
    0

    Default

    I understand, I have not deleted anything. I ran an anti virus, it indicated ddcyx.dll was bad, tried removing it manually and won't delete. Ran HJT and still won't delete.

    I can try safe mode, but it is as if the file has attached itself to Windows and is running whenever the computer is one, which is why it won't delete?

    I will try to delete it in safe mode

    I do not have service pack 1 installed. Where can I download it?

  6. #6
    Member
    Join Date
    Jan 2008
    Location
    gilbert az
    Posts
    4
    Points
    0

    Default

    Quote Originally Posted by steamwiz
    It's a vundo trojan, & that entry in hijackthis is just the tip of the iceberg ...

    steam
    I ran Symantec, the trojan vundo reomoval, scanned computer and came up with nothing

  7. #7
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    You probably have some or all of these ... & potentially hundreds more ...

    C:\WINDOWS\system32\xycdd.bak1
    C:\WINDOWS\system32\xycdd.bak2
    C:\WINDOWS\system32\xycdd.ini
    C:\WINDOWS\system32\xycdd.ini2
    C:\WINDOWS\system32\xycdd.tmp

    Apart from NO service packs, what Anti-virus are you using ?

    Go here to download SP1a

    http://www.download.com/Windows-XP-S...l?tag=lst-0-19

    After it's installed come back here & post a new hijackthis log ...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -