Archived from groups: microsoft.public.win98.gen_discussion (
More info?)
Start up in Safe Mode.
Open either MyComputer or Explorer.
On the Menu bar click View > Folder Options > View tab.
Make sure you have a check next to " Show hidden files and folders" and "
Display contents of the System folder.
Make sure you have no check next to "Hide extensions for....".
Navigate to C:\Windows.
Scroll to find DVPD.DLL and rename the extension to .bad.
If it is not allowed reboot and start up to the DOS command prompt.
At the prompt type each line and press Enter after each:
cd
c:\windows
attrib -s -h -r dvpd.dll
ren dvpd.dll dvpd.bad
Press ctrl+alt+del to reboot.
If you do not get the detected Trojan on boot and you have no problems with
any legit apps after a few days, delete dvpd.bad from C:\Windows.
--
Brian A.
Conflicts start where information lacks.
http://www.dts-l.org/goodpost.htm
"eric" <eric@discussions.microsoft.com> wrote in message
news:24F236F6-5E82-4C32-BD4E-605F51E4C133@microsoft.com...
> Sorry about the incomplete info. This website is slow and not easy to use.
> Evertime I have to resize all the frames and it takes ages. Don't know if
> other people have problems posting on here.
>
> Ok. Tried your suggestions...did not work ..I deleted from DOS SERVICE.EXE
> and removed r_server
>
>
> The Netda appears in HKEY_LOCAL_MACHINE\software\microsoft\windows\current
> version\run
>
> WHen I reboot as I mentioned in a previous thread I get a Trojan detected
> PSW.DUMARIN.Z in WINDOWS\DVPD.DLL I then select Heal in the AVG guard.
> RUnning AVG detects the virus but cannot remove it. Not sure if the two
> are
> linked.
>
> When ctrl+alt+del there is no service.exe entry
>
> "Alan Edwards" wrote:
>
>> Sorry, r_server is in:
>> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
>>
>> Stop Service.exe being used. Try looking in Cttl+Alt+Del to see if the
>> name appears and End Task on it or boot to DOS and delete it.
>> You don't have to search for it. You already knew where it was.
>>
>> Where in the Registry does Netda appear?
>> Please supply the path as requested and answer all questions or I can
>> do nothing to help you.
>>
>> ....Alan
>>
>> --
>> Alan Edwards, MS MVP W95/98 Systems
>>
http://dts-l.org/index.html
>>
>>
>> In microsoft.public.win98.gen_discussion, "eric"
>> <eric@discussions.microsoft.com> wrote:
>>
>> >I get rid of the load32...Netda entry in the registry. There is no
>> >r_server
>> >entry in the registry of the path below.
>> >When I reboot the Netda reappears in the registry. If I do a search for
>> >SERVICE.exe it finds the file in WINDOWS/SYSTEM....it says I can't
>> >delete it
>> >as its in use. Forgive me but I am not technically au fait with Windows
>> >and
>> >its registers etc....
>> >
>> >Any further suggestion ?
>> >
>> >"Alan Edwards" wrote:
>> >
>> >> I asked you more questions than you answered.
>> >> Please answer them all.
>> >>
>> >> Get rid of SERVICE.EXE and the Registry entry for it (r_server).
>> >> That can only be a virus or parasite and I am surprised that AVG does
>> >> not pick it up.
>> >> The Registry entry will be under
>> >> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
>> >> The file is in your System folder.
>> >>
>> >> I don't see any entry for NETDA. You said it reappeared but where?
>> >>
>> >> ....Alan
>> >>
>> >> --
>> >> Alan Edwards, MS MVP W95/98 Systems
>> >>
http://dts-l.org/index.html
>> >>
>> >>
>> >> In microsoft.public.win98.gen_discussion, "eric"
>> >> <eric@discussions.microsoft.com> wrote:
>> >>
>> >> >NETDC and NETDA don't appear when I do Ctrl+Alt+Del.......
>> >> >I ran the two MS* programs as per your mail and I see nothing
>> >> >untoward
>> >> >though I don't really know what I am doing. Here is the cut and paste
>> >> >for the
>> >> >second one
>> >> >
>> >> >Office Startup Startup Group "C:\Program Files\Microsoft
>> >> >Office\Office\OSA.EXE" -b
>> >> >Microsoft Find Fast Startup Group "C:\Program Files\Microsoft
>> >> >Office\Office\FINDFAST.EXE"
>> >> >WinZip Quick Pick Startup Group "C:\Program
>> >> >Files\WinZip\WZQKPICK.EXE"
>> >> >SpySweeper Registry (Per-User Run) "C:\Program Files\Webroot\Spy
>> >> >Sweeper\SPYSWEEPER.EXE" /0
>> >> >Yahoo! Pager Registry (Per-User Run) C:\Program
>> >> >Files\Yahoo!\Messenger\ypager.exe -quiet
>> >> >STManager Registry (Per-User Run) "C:\Program Files\SpeedTouch\Dr
>> >> >SpeedTouch\drst.exe" -b
>> >> >ScanRegistry Registry (Machine Run) C:\WINDOWS\scanregw.exe /autorun
>> >> >TaskMonitor Registry (Machine Run) C:\WINDOWS\taskmon.exe
>> >> >SystemTray Registry (Machine Run) SysTray.Exe
>> >> >EnsoniqMixer Registry (Machine Run) starter.exe
>> >> >ATIGART Registry (Machine Run) c:\ati\gart\atigart.exe
>> >> >AtiPTA Registry (Machine Run) Atiptaaa.exe
>> >> >LoadPowerProfile Registry (Machine Run) Rundll32.exe
>> >> >powrprof.dll,LoadCurrentPwrScheme
>> >> >MMTray Registry (Machine Run) C:\Program Files\MUSICMATCH\MUSICMATCH
>> >> >Jukebox\mm_tray.exe
>> >> >AVG_CC Registry (Machine Run) C:\PROGRA~1\GRISOFT\AVG6\avgcc32.exe
>> >> >/STARTUP
>> >> >TkBellExe Registry (Machine Run) "C:\Program Files\Common
>> >> >Files\Real\Update_OB\realsched.exe" -osboot
>> >> >SpeedTouch USB Diagnostics Registry (Machine Run) "C:\Program
>> >> >Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
>> >> >LoadPowerProfile Registry (Machine Service) Rundll32.exe
>> >> >powrprof.dll,LoadCurrentPwrScheme
>> >> >SchedulingAgent Registry (Machine Service) mstask.exe
>> >> >Avgserv9.exe Registry (Machine Service)
>> >> >C:\PROGRA~1\GRISOFT\AVG6\Avgserv9.exe
>> >> >r_server Registry (Machine Service) C:\WINDOWS\SYSTEM\SERVICE.EXE
>> >> >/service
>> >> >
>> >> >
>> >> >
>> >> >"Alan Edwards" wrote:
>> >> >
>> >> >> Did you first stop both NETDC and NETDA running with Ctrl+Alt+Del?
>> >> >> If not, one will probably recreate the Registry entries again.
>> >> >>
>> >> >> Did you also remove the entry in the Registry for NETDC?
>> >> >>
>> >> >> Does AVG have a web page with any information of this version of
>> >> >> Dumarin? (I can't find any but I am not familiar with Grisoft)
>> >> >>
>> >> >> Did you check Startup for any reference that may be similar to the
>> >> >> ones at the url I gave you?
>> >> >> Check in Msconfig for any oddities.
>> >> >> (Start-Run-MSCONFIG-Startup tab)
>> >> >> If you cannot see anything in Msconfig then:
>> >> >>
>> >> >> Start-Run-msinfo32
>> >> >> Click the + beside Software Environment to expand.
>> >> >> Click Startup Programs
>> >> >> Ctrl+A to Select All, Ctrl+C to Copy.
>> >> >> Paste that information in your message.
>> >> >>
>> >> >> ....Alan
>> >> >>
>> >> >> --
>> >> >> Alan Edwards, MS MVP W95/98 Systems
>> >> >>
http://dts-l.org/index.html
>> >> >>
>> >> >> In microsoft.public.win98.gen_discussion, "eric"
>> >> >> <eric@discussions.microsoft.com> wrote:
>> >> >>
>> >> >> >Hi
>> >> >> >
>> >> >> >Its an error message, file not found..i followed the link In Alans
>> >> >> >reply and
>> >> >> >deleted Netda entry in registry, rebooted but this appears again.
>> >> >> >Also on
>> >> >> >booting AVG (free version) detects PSW.Dumarin.Z trojan in
>> >> >> >WINDOWS\DVPD.DLL...i select Heal but this also keeps reappearing.
>> >> >> >
>> >> >> >Any advice how to remove the 2 problems ?
>> >> >> >
>> >> >> >"Don Phillipson" wrote:
>> >> >> >
>> >> >> >> "eric" <eric@discussions.microsoft.com> wrote in message
>> >> >> >> news:AA4D0EDA-3BFB-419C-A4BF-EDD2FFFC6D5E@microsoft.com...
>> >> >> >>
>> >> >> >> > When booting W98 a dialog box appears with Netdc file missing
>> >> >> >> > error.
>> >> >> >> > Can anyone tell me where I can download the missing file or
>> >> >> >> > how to repair
>> >> >> >> > this fault ?
>> >> >> >>
>> >> >> >> 1. Is the fault that Win98 fails to boot or is this an
>> >> >> >> error message (file not found) that seems to be
>> >> >> >> nonfunctional?
>> >> >> >> 2. Are you on a network? If not, you may not
>> >> >> >> need this file. If you are, ask the network chief.
>> >> >> >>
>> >> >> >> --
>> >> >> >> Don Phillipson
>> >> >> >> Carlsbad Springs
>> >> >> >> (Ottawa, Canada)
>> >> >> >>
>> >> >> >>
>> >> >> >>
>> >> >>
>> >> >>
>> >>
>> >>
>>
>>
3902554-B69A-4EE9-9EC8-C1F97E14CC62@microsoft.com...
Facebook
Twitter
Instagram