Guest Poster Matt Posted September 29, 2008 Posted September 29, 2008 Hi, The file on my Win XP Pro SP2 PC called dmserver.dll - located here c:\Windows\system32\dmserver.dll - has a virus according to my anti-virus software and confirmed by virusscan.jotti.org where 5 of the AV checkers showed a positive. I've no idea how to restore a clean version of dmserver.dll can someone tell me how please? Extra important info.: Today I installed a new SATA hard disk and a SATA II controller card for it. After installation I pointed the XP 'found new hardware wizard' to the controller card's CD for the drivers, all seemed fine until I went to Control Panel -> Computer Management -> Storage -> Disk Management to format the new drive. It was when I tried to access Disk Management that I first got the 'Virus Threat Detected' which meant I could not load the Logical Disk Manager Service, which is the file dmserver.dll, to format the hard disk. Could this just be coincidence? An anti-virus scan of the controller card's drivers CD resulted in 'no threats found'. Please advise, I'm stuck. style_emoticons/ Thanks and regards, etc.. Quote
Guest Richard Urban Posted September 30, 2008 Posted September 30, 2008 That file IS the virus - or part thereof. Why would you want to replace it? http://www.auditmypc.com/process/dmserver.asp -- Richard Urban Microsoft MVP Windows Desktop Experience "Poster Matt" <postermatt@no_spam_for_me.org> wrote in message news:n1cEk.64464$E41.46742@text.news.virginmedia.com...<span style="color:blue"> > Hi, > > The file on my Win XP Pro SP2 PC called dmserver.dll - located here > c:Windowssystem32dmserver.dll - has a virus according to my anti-virus > software and confirmed by virusscan.jotti.org where 5 of the AV checkers > showed a positive. > > I've no idea how to restore a clean version of dmserver.dll can someone > tell me how please? > > Extra important info.: Today I installed a new SATA hard disk and a SATA > II controller card for it. After installation I pointed the XP 'found new > hardware wizard' to the controller card's CD for the drivers, all seemed > fine until I went to Control Panel -> Computer Management -> Storage -> > Disk Management to format the new drive. It was when I tried to access > Disk Management that I first got the 'Virus Threat Detected' which meant I > could not load the Logical Disk Manager Service, which is the file > dmserver.dll, to format the hard disk. > > Could this just be coincidence? An anti-virus scan of the controller > card's drivers CD resulted in 'no threats found'. > > Please advise, I'm stuck. style_emoticons/ > > Thanks and regards, etc.. </span> Quote
Guest David H. Lipman Posted September 30, 2008 Posted September 30, 2008 From: "Poster Matt" <postermatt@no_spam_for_me.org> | Hi, | The file on my Win XP Pro SP2 PC called dmserver.dll - located here | c:\Windows\system32\dmserver.dll - has a virus according to my anti-virus | software and confirmed by virusscan.jotti.org where 5 of the AV checkers | showed a positive. | I've no idea how to restore a clean version of dmserver.dll can someone tell | me how please? | Extra important info.: Today I installed a new SATA hard disk and a SATA II | controller card for it. After installation I pointed the XP 'found new | hardware wizard' to the controller card's CD for the drivers, all seemed | fine until I went to Control Panel -> Computer Management -> Storage -> Disk | Management to format the new drive. It was when I tried to access Disk | Management that I first got the 'Virus Threat Detected' which meant I could | not load the Logical Disk Manager Service, which is the file dmserver.dll, | to format the hard disk. | Could this just be coincidence? An anti-virus scan of the controller card's | drivers CD resulted in 'no threats found'. | Please advise, I'm stuck. style_emoticons/ | Thanks and regards, etc.. Chances are it is NOT a virus but a trojan. You said you scanned it at Jotti. OK... what where the detections at Jotti ? If is is a pure trojan, it can't be cleaned. The DLL itself is malicious. If it is a trojanized DLL then it may be able to be cleaned. If is is really infected with a virus then is may be able to be cleaned. The informationyou obtained at Jotti, but did not post, may provide the needed information. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest N. Miller Posted September 30, 2008 Posted September 30, 2008 On Mon, 29 Sep 2008 21:46:59 GMT, Poster Matt wrote: <span style="color:blue"> > The file on my Win XP Pro SP2 PC called dmserver.dll - located here > c:Windowssystem32dmserver.dll - has a virus according to my anti-virus > software and confirmed by virusscan.jotti.org where 5 of the AV checkers > showed a positive. > > I've no idea how to restore a clean version of dmserver.dll can someone tell > me how please? > > Extra important info.: Today I installed a new SATA hard disk and a SATA II > controller card for it. After installation I pointed the XP 'found new > hardware wizard' to the controller card's CD for the drivers, all seemed > fine until I went to Control Panel -> Computer Management -> Storage -> Disk > Management to format the new drive. It was when I tried to access Disk > Management that I first got the 'Virus Threat Detected' which meant I could > not load the Logical Disk Manager Service, which is the file dmserver.dll, > to format the hard disk. > > Could this just be coincidence? An anti-virus scan of the controller card's > drivers CD resulted in 'no threats found'. > > Please advise, I'm stuck. style_emoticons/</span> It seems that 'dmserver.dll' is a component of the "Darkmoon" Trojan Horse program. I suspect that, rather than repair it, you need to remove it. http://www.auditmypc.com/process/dmserver.asp You may want to do more research to figure out the best way to proceed. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum Quote
Guest nass Posted September 30, 2008 Posted September 30, 2008 "Poster Matt" wrote: <span style="color:blue"> > Hi, > > The file on my Win XP Pro SP2 PC called dmserver.dll - located here > c:Windowssystem32dmserver.dll - has a virus according to my anti-virus > software and confirmed by virusscan.jotti.org where 5 of the AV checkers > showed a positive. > > I've no idea how to restore a clean version of dmserver.dll can someone tell > me how please? > > Extra important info.: Today I installed a new SATA hard disk and a SATA II > controller card for it. After installation I pointed the XP 'found new > hardware wizard' to the controller card's CD for the drivers, all seemed > fine until I went to Control Panel -> Computer Management -> Storage -> Disk > Management to format the new drive. It was when I tried to access Disk > Management that I first got the 'Virus Threat Detected' which meant I could > not load the Logical Disk Manager Service, which is the file dmserver.dll, > to format the hard disk. > > Could this just be coincidence? An anti-virus scan of the controller card's > drivers CD resulted in 'no threats found'. > > Please advise, I'm stuck. style_emoticons/ > > Thanks and regards, etc..</span> Well, to be safe try to rename the Dll to something like dmserver.dll.old and Reboot your machine, does anything complain? What Jotti scanner showed or reported? What the properties of the DLL shows and compare on the real Disk Manager Service file, what you r findings on this comes out? Bes t if you scanned from other vendors to make sure the file not infected or the virus itself hooked itself in "%SystemRoot%\". Run a thorough scan by doing the following steps: 1... First, try to clean up your caches, Internet files and delete cookies by doing this: Click Start >> Control Panel >> Double click Network and Internet Connections >> Double click Internet Options. On the IE properties windows you will see these Tabs: General | Security | Privacy | Content | Connections | Programs | Advanced Under General Tab clear your History, Internet Files and Cookies. Then click on Advanced tab and scroll down to under the Browsing Option: [&] Browsing [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. Then click on Programs Tab and click Manage Add-Ons and Disable all non Verified Add-Ons (You should Renable them later one-by-one and see the culprit and update it or remove it. How to manage Add-Ons: http://support.microsoft.com/kb/883256 Scan for malware from here: SuperAntispyware - Free http://www.superantispyware.com/superantis...efreevspro.html http://www.malwarebytes.org/rr-update/rr-free-setup.exe http://onecare.live.com/site/en-gb/default.htm?s_cid=sah Run a scan from here on-line: http://security.symantec.com/sscv6/default...id=ie&venid=sym http://www3.ca.com/securityadvisor/virusinfo/scan.aspx Download Avast Cleaner (offline scanner) from here: http://www.avast.com/eng/avast-virus-cleaner.html Run disk clean up on your Drive. You can download this tool o run clean up: http://www.ccleaner.com/download/builds/downloading-slim You can download this tool "AutoRuns for Windows" http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx And remove the entry from here: Locate this key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run = look in the right pane/window and remove the entry for it "c:\Windows\system32\dmserver.dll". HTH, nass --- http://www.nasstec.co.uk Quote
Guest Poster Matt Posted September 30, 2008 Posted September 30, 2008 Richard Urban wrote:<span style="color:blue"> > That file IS the virus - or part thereof. Why would you want to replace it? > > http://www.auditmypc.com/process/dmserver.asp > </span> If you read my post you will see that dmserver.dll handles the Windows Logical Disk Manager Service and since I need to format a new disk I need a non-infected version of dmserver.dll. Quote
Guest Poster Matt Posted September 30, 2008 Posted September 30, 2008 nass wrote:<span style="color:blue"> > > "Poster Matt" wrote: > <span style="color:green"> >> Hi, >> >> The file on my Win XP Pro SP2 PC called dmserver.dll - located here >> c:Windowssystem32dmserver.dll - has a virus according to my anti-virus >> software and confirmed by virusscan.jotti.org where 5 of the AV checkers >> showed a positive. >> >> I've no idea how to restore a clean version of dmserver.dll can someone tell >> me how please? >> >> Extra important info.: Today I installed a new SATA hard disk and a SATA II >> controller card for it. After installation I pointed the XP 'found new >> hardware wizard' to the controller card's CD for the drivers, all seemed >> fine until I went to Control Panel -> Computer Management -> Storage -> Disk >> Management to format the new drive. It was when I tried to access Disk >> Management that I first got the 'Virus Threat Detected' which meant I could >> not load the Logical Disk Manager Service, which is the file dmserver.dll, >> to format the hard disk. >> >> Could this just be coincidence? An anti-virus scan of the controller card's >> drivers CD resulted in 'no threats found'. >> >> Please advise, I'm stuck. style_emoticons/ >> >> Thanks and regards, etc..</span> > > > Well, to be safe try to rename the Dll to something like dmserver.dll.old > and Reboot your machine, does anything complain? > > What Jotti scanner showed or reported? > What the properties of the DLL shows and compare on the real Disk Manager > Service file, what you r findings on this comes out? > Bes t if you scanned from other vendors to make sure the file not infected > or the virus itself hooked itself in "%SystemRoot%". > > Run a thorough scan by doing the following steps: > 1... First, try to clean up your caches, Internet files and delete cookies > by doing this: > Click Start >> Control Panel >> Double click Network and Internet > Connections >> Double click Internet Options. > On the IE properties windows you will see these Tabs: > General | Security | Privacy | Content | Connections | Programs | > Advanced > Under General Tab clear your History, Internet Files and Cookies. > Then click on Advanced tab and scroll down to under the Browsing Option: > [&] Browsing > [ ] Enable Third-Party browser extensions (Req Rest) uncheck this box. > Then click on Programs Tab and click Manage Add-Ons and Disable all non > Verified Add-Ons (You should Renable them later one-by-one and see the > culprit and update it or remove it. > How to manage Add-Ons: > http://support.microsoft.com/kb/883256 > Scan for malware from here: > SuperAntispyware - Free > http://www.superantispyware.com/superantis...efreevspro.html > http://www.malwarebytes.org/rr-update/rr-free-setup.exe > http://onecare.live.com/site/en-gb/default.htm?s_cid=sah > > Run a scan from here on-line: > http://security.symantec.com/sscv6/default...id=ie&venid=sym > http://www3.ca.com/securityadvisor/virusinfo/scan.aspx > Download Avast Cleaner (offline scanner) from here: > http://www.avast.com/eng/avast-virus-cleaner.html > > Run disk clean up on your Drive. > You can download this tool o run clean up: > http://www.ccleaner.com/download/builds/downloading-slim > > You can download this tool "AutoRuns for Windows" > http://technet.microsoft.com/en-us/sysinte...s/bb963902.aspx > And remove the entry from here: > > Locate this key: > HKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun = look in > the right pane/window and remove the entry for it > "c:Windowssystem32dmserver.dll". > HTH, > nass > --- > http://www.nasstec.co.uk > </span> Thanks for the advise everyone. I've managed to get a clean copy using the Microsoft utility: SFC /SCANNOW Cheers. Quote
Guest David H. Lipman Posted September 30, 2008 Posted September 30, 2008 From: "Poster Matt" <postermatt@no_spam_for_me.org> | Richard Urban wrote:<span style="color:blue"><span style="color:green"> >> That file IS the virus - or part thereof. Why would you want to replace it?</span></span> <span style="color:blue"><span style="color:green"> >> http://www.auditmypc.com/process/dmserver.asp</span></span> | If you read my post you will see that dmserver.dll handles the Windows | Logical Disk Manager Service and since I need to format a new disk I need a | non-infected version of dmserver.dll. And if you read my post there was specific information requested that you left out. -- Dave http://www.claymania.com/removal-trojan-adware.html Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp Quote
Guest Richard Urban Posted October 1, 2008 Posted October 1, 2008 That file is NOT part of a Vista install. Again, why would you want to reload this problem file? -- Richard Urban Microsoft MVP Windows Desktop Experience "Poster Matt" <postermatt@no_spam_for_me.org> wrote in message news:IJwEk.64900$E41.7653@text.news.virginmedia.com...<span style="color:blue"> > Richard Urban wrote:<span style="color:green"> >> That file IS the virus - or part thereof. Why would you want to replace >> it? >> >> http://www.auditmypc.com/process/dmserver.asp >></span> > > If you read my post you will see that dmserver.dll handles the Windows > Logical Disk Manager Service and since I need to format a new disk I need > a non-infected version of dmserver.dll. </span> Quote
Guest Richard Urban Posted October 1, 2008 Posted October 1, 2008 Sorry. I just reread your original post and see that you are using WinXP. Is the file in the system 32 folder? Is the file size 23,552 bytes? Is the file dated 4/14/2008? If so, it is likely clean! -- Richard Urban Microsoft MVP Windows Desktop Experience "Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message news:uBiv2V3IJHA.5060@TK2MSFTNGP02.phx.gbl...<span style="color:blue"> > That file is NOT part of a Vista install. > > Again, why would you want to reload this problem file? > > -- > > Richard Urban > Microsoft MVP > Windows Desktop Experience > > > "Poster Matt" <postermatt@no_spam_for_me.org> wrote in message > news:IJwEk.64900$E41.7653@text.news.virginmedia.com...<span style="color:green"> >> Richard Urban wrote:<span style="color:darkred"> >>> That file IS the virus - or part thereof. Why would you want to replace >>> it? >>> >>> http://www.auditmypc.com/process/dmserver.asp >>></span> >> >> If you read my post you will see that dmserver.dll handles the Windows >> Logical Disk Manager Service and since I need to format a new disk I need >> a non-infected version of dmserver.dll.</span> > </span> Quote
Guest kalyan Posted October 1, 2008 Posted October 1, 2008 Hi You have affeted with 32/PcClient.VK@dr.use the F-SECURE rootkit tool to detect .for detais Visit this page. http://www.f-secure.com/v-descs/pcclient_vk.shtml -- Warm Regards Kalyan "Richard Urban" <richardurbanREMOVETHIS@hotmail.com> wrote in message news:u5ikpJpIJHA.2156@TK2MSFTNGP05.phx.gbl...<span style="color:blue"> > That file IS the virus - or part thereof. Why would you want to replace > it? > > http://www.auditmypc.com/process/dmserver.asp > > -- > > Richard Urban > Microsoft MVP > Windows Desktop Experience > > > "Poster Matt" <postermatt@no_spam_for_me.org> wrote in message > news:n1cEk.64464$E41.46742@text.news.virginmedia.com...<span style="color:green"> >> Hi, >> >> The file on my Win XP Pro SP2 PC called dmserver.dll - located here >> c:Windowssystem32dmserver.dll - has a virus according to my anti-virus >> software and confirmed by virusscan.jotti.org where 5 of the AV checkers >> showed a positive. >> >> I've no idea how to restore a clean version of dmserver.dll can someone >> tell me how please? >> >> Extra important info.: Today I installed a new SATA hard disk and a SATA >> II controller card for it. After installation I pointed the XP 'found new >> hardware wizard' to the controller card's CD for the drivers, all seemed >> fine until I went to Control Panel -> Computer Management -> Storage -> >> Disk Management to format the new drive. It was when I tried to access >> Disk Management that I first got the 'Virus Threat Detected' which meant >> I could not load the Logical Disk Manager Service, which is the file >> dmserver.dll, to format the hard disk. >> >> Could this just be coincidence? An anti-virus scan of the controller >> card's drivers CD resulted in 'no threats found'. >> >> Please advise, I'm stuck. style_emoticons/ >> >> Thanks and regards, etc..</span> > </span> Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.