toughy trojan msdirectx just wont go away!

Posted on 2005-04-14
Last Modified: 2010-08-05
client has a fairly new dell with XP/sp2.
using free addition of avg and spybot 1.3/adaware se/hijackthis to keep it clean.
AVG keeps detecting a trojan(dont remember exact name) but file is msdirectx.
cannot open regedit/msconfig etc unless i do the rename. also effecting broadband internet although it works but slow.
I run hijackthis and see entries for bitdefenderx/IPOT...compaq.exe. about 6 entries in all.
i remove them but when i run hijack scan again they reappear.
what else i have done:
booted in safe mode
removed all entries in reg with IPOT/compaq/bitdefenderx/msdirectx
searched hd for all entries above also(i am showing hidden files) and deleted
ran cleanmgr. also restore util is turned off

but when i reboot it all comes back?
searched internet but not much in the way of help is out there.
this is a tough one!
Question by:pdadddino
    LVL 25

    Expert Comment

    Yeah, these things are bitches.
    Boot up into Safe Mode  ->  then try scanning, and then removing this trojan from there (and anything else you find)
    LVL 25

    Expert Comment

    Also, you may want to download and install 'Ad-Aware Personal' from:
    That's a great and FREE scanner!

    Run that and your other scanners in Safe Mode, one at a time.

    Also, do you have a firewall installed (excluding the XP firewall) ? If not, then get one!!!!!

    I recommend:

       ZoneAlarm  ->   (for single machine use)
       Sygate Personal Firewall  ->   (if on a network)


    Author Comment

    i have run avg/spybot/adaware SE all in normal boot mode not in safe mode. did do what i said above in safe mode, but did not help.
    personally i love zone alarm...but cannot use it here. too many prompts for very novice users. their head will start spinning.
    LVL 25

    Accepted Solution

    > i love zone alarm...but cannot use it here. too many prompts for very novice users. their head will start spinning.
    I appreciate this. But don't you think that it's better for them to learn how to use ZoneAlarm (which isn't *toooo* difficult), rather than having to tackle viruses and all sorts of malicious problems all the time? Because that's certainly going to happen without a good firewall.

    Perhaps this will also help convince you (and them) to give in to installing a firewall:

    My little brother was using the internet, he turned his firewall off for less than 5 minutes to play a multiplayer game -- after these five minutes, his computer was acting up. He ran Ad-Aware, and found over 350 "Critical bugs". As opposed to the '0' bugs found shortly before playing online!! He had his XP firewall on, and some AV stuff installed.. but this didn't stop them!

    Anyways, these scans can find most malware, however, sometimes they can't remove them, because the viruses are being used, or something such as another virus just recreates the virus straight after it's removed! It happens! (They work in pairs).

    However, if you boot up into safe mode, then these viruses can't startup, allowing you to successfully remove them with the scans.

    Also, do they have a "System Restore Point" from some time before these problems? If so, then if the scan in Safe Mode doesn't do much (which I doubt will be the case), then try restoring to a previous point.

    LVL 27

    Expert Comment

    Maybe here is a good solution:

    Check this entry:

    WinHelp2002 Mar 31 2005, 06:50 AM

    LVL 1

    Expert Comment

    Hi  pdadddino.

    Try disabling system restore and then booting into safe mode.  Afterwards, run the cleaners all over again (avg, spybot, adaware, HJT, etc.) That might prevent them from coming back after you have supposedly cleaned them.


    LVL 1

    Expert Comment

    >>"also restore util is turned off"
    Oops, I'm guessing that this means that you did turn it off before scanning...sorry.

    Author Comment

    Think i have made some progress on this nasty! Need to monitor for a few more cycles to be sure. PC's is running much better and internet is much faster!
    What i did was:
    - booted in safe mode with networking
    - completed install of ZoneAlarm - this would not startup in normal mode due to virus interference. kept getting vector failures.
    - ran online trendmicro system scan - it detected 4 viruses and fixed
    - updated and ran spybot 1.3 - found 5 bad entries and cleaned
    - update and ran adaware SE - was clean
    - ran HijackThis - deleted 2 entries for compaq.exe. these are the ones that keep coming back.
    - reran HijackThis - no bad entries!
    - rebooted normal
    - ran hijackthis - no bad entries
    - left PC on and ran a scheduled overnight AVG antivirus - it did come up with a few viruses and cleaned up! Some of the same ones. This has me worried a little.
    - ran HijackThis - it was clean

    to do:
    - will leave pc on for a few days except for some restarts
    - ran another AVG virus scan before leaving the house today.
    - have another AVG scheduled run for this afternoon and want to see it clean for few cycles!
    - will check results tonight

    Author Comment

    pc seems to be working fine now!
    if i leave it on for a couple of days, AVG scheduled scan keeps detecting i-worm bofra in one of the users dir "document and setings..."
    i ran another online trendmicro scan in safe mode. It detected 1 virus (dont remember name, but it was in another users doc..and.sett dir). It removed.
    I ran avg in safe mode it was clean...ran trend micro again it was clean. Left PC on overnight. Scan ran at 2am and it found the 1-worm bofra again!
    LVL 25

    Expert Comment

    Make sure that you have a decent firewall installed and configured to prevent this worm spreading, then download Symantecs "Bofra Removal Tool":  (completely free).


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Looking for New Ways to Advertise?

    Engage with tech pros in our community with native advertising, as a Vendor Expert, and more.

    Suggested Solutions

    This is a short article about OS X KeRanger, and what people can do to get rid of it.
    I thought I'd write this up for anyone who has a request to create an anonymous whistle-blower-type submission form created using SharePoint 2010 (this would probably work the same for 2013). It's not 100% fool-proof but it's as close as you can get…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Illustrator's Shape Builder tool will let you combine shapes visually and interactively. This video shows the Mac version, but the tool works the same way in Windows. To follow along with this video, you can draw your own shapes or download the file…

    758 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    13 Experts available now in Live!

    Get 1:1 Help Now