Trojan OD1MID.DLL

Mingo · Jul 4, 2007

Hello,

I did a scan with "MULTI_AV" and 2 trojan were found. One of the infected
files was delete automatically and the otherone "OD1MID.DLL" is still in the
system.

Is this file part of windows system?

Thank you!

Mingo

-----------------Scan report--------------------------

? AVPDOS32 Start 03-07-2007 14:26:43

Version 3.0 build 135
Last update: 03.07.2007, 357107 records.

Command line: /- /E /* /MD /MP /Y /Z- /W+=ScanReport.txt C:\
Profile defdos32.prf (from 27.06.2001 03:00:00)

c:\AV-CLS\MULTI_AV.EXE archive: ZIP

....snip..

c:\WINDOWS\AVP.EXE infected: Trojan-PSW.Win32.Maran.gb
c:\WINDOWS\AVP.EXE deleted: Trojan-PSW.Win32.Maran.gb
c:\WINDOWS\HPQ1280H.BMP archive: Tar
c:\WINDOWS\HPQ1280H.BMP Tar: unknown format.

....Snip...

c:\WINDOWS\SYSTEM32\OD1MID.DLL infected: Trojan-PSW.Win32.Maran.gb
c:\WINDOWS\SYSTEM32\SHARE.EXE packed: ExePack
c:\WINDOWS\SYSTEM32\SHARE.EXE packed: Com2Exe

....snip..

Scan process completed.

Result for all objects:

Sector Objects : 0 Known viruses : 2
Files : 163713 Virus bodies : 2
Folders : 2535 Disinfected : 0
Archives : 10809 Deleted : 1
Packed : 176 Warnings : 0
Suspicious : 0
Scan speed (Kb/sec) : 1609 Corrupted : 0
Scan time : 01:23:06 I/O Errors : 0
--------------------------------------------------------------------------------------------

Maximus the Mad · Jul 4, 2007

On 7/4/2007 3:01 AM, Mingo after much thought,came up with this jewel:
> Hello,
>
> I did a scan with "MULTI_AV" and 2 trojan were found. One of the infected
> files was delete automatically and the otherone "OD1MID.DLL" is still in the
> system.
>
...Snip...
>
> c:\WINDOWS\SYSTEM32\OD1MID.DLL infected: Trojan-PSW.Win32.Maran.gb

...snip..

Try removing with MoveOnBoot.(see removal instructions below)
max
--
My Pages:
Virus Removal Instructions:
http://www.freespaces.com/maxwachtel/removal.html
Keeping Windows Clean:
http://www.freespaces.com/maxwachtel/keepingclean.html
Tools: http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
specifically setup for USENET.Feel free to use it yourself.
Always remember - only download files from Trusted Sites.
"VISTA" is an acronym for the top five Windows problems: Viruses,
Infections, Spyware, Trojans and Adware. -PanHandler
Registered Linux User #393236

Mingo · Jul 4, 2007

Hello Maximus,

I deleted the file OD1MID.DLL

Now i'm unable to surf the net, but I can still browse through my network.
Was this file part of IE6?

Thank you for your help.

Mingo

"Maximus the Mad" <maxwachtel@nomail.afraid.org>
???????:f6gt9m$em2$1@news.albasani.net...
| On 7/4/2007 3:01 AM, Mingo after much thought,came up with this jewel:
| > Hello,
| >
| > I did a scan with "MULTI_AV" and 2 trojan were found. One of the
infected
| > files was delete automatically and the otherone "OD1MID.DLL" is still in
the
| > system.
| >
| ...Snip...
| >
| > c:\WINDOWS\SYSTEM32\OD1MID.DLL infected: Trojan-PSW.Win32.Maran.gb
|
| ...snip..
|
| Try removing with MoveOnBoot.(see removal instructions below)
| max
| --
| My Pages:
| Virus Removal Instructions:
| http://www.freespaces.com/maxwachtel/removal.html
| Keeping Windows Clean:
| http://www.freespaces.com/maxwachtel/keepingclean.html
| Tools: http://www.freespaces.com/maxwachtel/tools.html
| Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
| specifically setup for USENET.Feel free to use it yourself.
| Always remember - only download files from Trusted Sites.
| "VISTA" is an acronym for the top five Windows problems: Viruses,
| Infections, Spyware, Trojans and Adware. -PanHandler
| Registered Linux User #393236

Sharon Franks · Jul 4, 2007

That file damages the Winsock layer of XP. You need to download Winsockfix
and run it.
http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml

--

Sharon Franks
MCC group
Microsoft Certified Solutions Developer (MCSD)
Microsoft Certified Trainer (MCT).

"Mingo" <sly_007_2007_remove_@yahoo.com> wrote in message
news:eP5%23PVqvHHA.2040@TK2MSFTNGP03.phx.gbl...
> Hello Maximus,
>
> I deleted the file OD1MID.DLL
>
> Now i'm unable to surf the net, but I can still browse through my network.
> Was this file part of IE6?
>
> Thank you for your help.
>
> Mingo
>
>
>
> "Maximus the Mad" <maxwachtel@nomail.afraid.org>
> ???????:f6gt9m$em2$1@news.albasani.net...
> | On 7/4/2007 3:01 AM, Mingo after much thought,came up with this jewel:
> | > Hello,
> | >
> | > I did a scan with "MULTI_AV" and 2 trojan were found. One of the
> infected
> | > files was delete automatically and the otherone "OD1MID.DLL" is still
> in
> the
> | > system.
> | >
> | ...Snip...
> | >
> | > c:\WINDOWS\SYSTEM32\OD1MID.DLL infected: Trojan-PSW.Win32.Maran.gb
> |
> | ...snip..
> |
> | Try removing with MoveOnBoot.(see removal instructions below)
> | max
> | --
> | My Pages:
> | Virus Removal Instructions:
> | http://www.freespaces.com/maxwachtel/removal.html
> | Keeping Windows Clean:
> | http://www.freespaces.com/maxwachtel/keepingclean.html
> | Tools: http://www.freespaces.com/maxwachtel/tools.html
> | Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
> | specifically setup for USENET.Feel free to use it yourself.
> | Always remember - only download files from Trusted Sites.
> | "VISTA" is an acronym for the top five Windows problems: Viruses,
> | Infections, Spyware, Trojans and Adware. -PanHandler
> | Registered Linux User #393236
>
>

Peter Foldes · Jul 4, 2007

You need to reload the Winsock which you probably corrupted

http://www.majorgeeks.com/download4372.html

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Mingo" <sly_007_2007_remove_@yahoo.com> wrote in message news:eP5%23PVqvHHA.2040@TK2MSFTNGP03.phx.gbl...
> Hello Maximus,
>
> I deleted the file OD1MID.DLL
>
> Now i'm unable to surf the net, but I can still browse through my network.
> Was this file part of IE6?
>
> Thank you for your help.
>
> Mingo
>
>
>
> "Maximus the Mad" <maxwachtel@nomail.afraid.org>
> ???????:f6gt9m$em2$1@news.albasani.net...
> | On 7/4/2007 3:01 AM, Mingo after much thought,came up with this jewel:
> | > Hello,
> | >
> | > I did a scan with "MULTI_AV" and 2 trojan were found. One of the
> infected
> | > files was delete automatically and the otherone "OD1MID.DLL" is still in
> the
> | > system.
> | >
> | ...Snip...
> | >
> | > c:\WINDOWS\SYSTEM32\OD1MID.DLL infected: Trojan-PSW.Win32.Maran.gb
> |
> | ...snip..
> |
> | Try removing with MoveOnBoot.(see removal instructions below)
> | max
> | --
> | My Pages:
> | Virus Removal Instructions:
> | http://www.freespaces.com/maxwachtel/removal.html
> | Keeping Windows Clean:
> | http://www.freespaces.com/maxwachtel/keepingclean.html
> | Tools: http://www.freespaces.com/maxwachtel/tools.html
> | Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
> | specifically setup for USENET.Feel free to use it yourself.
> | Always remember - only download files from Trusted Sites.
> | "VISTA" is an acronym for the top five Windows problems: Viruses,
> | Infections, Spyware, Trojans and Adware. -PanHandler
> | Registered Linux User #393236
>
>

Mingo · Jul 4, 2007

Thank you very much Peter / Sharon Franks for your kind help. My winsock was
corrupted and now it's fixed.

Regards,

Mingo

"Peter Foldes" <okf22@hotmail.com>
???????:OWGYTxqvHHA.412@TK2MSFTNGP04.phx.gbl...
You need to reload the Winsock which you probably corrupted

http://www.majorgeeks.com/download4372.html

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Mingo" <sly_007_2007_remove_@yahoo.com> wrote in message
news:eP5%23PVqvHHA.2040@TK2MSFTNGP03.phx.gbl...
> Hello Maximus,
>
> I deleted the file OD1MID.DLL
>
> Now i'm unable to surf the net, but I can still browse through my network.
> Was this file part of IE6?
>
> Thank you for your help.
>
> Mingo
>
>
>
> "Maximus the Mad" <maxwachtel@nomail.afraid.org>
> ???????:f6gt9m$em2$1@news.albasani.net...
> | On 7/4/2007 3:01 AM, Mingo after much thought,came up with this jewel:
> | > Hello,
> | >
> | > I did a scan with "MULTI_AV" and 2 trojan were found. One of the
> infected
> | > files was delete automatically and the otherone "OD1MID.DLL" is still
> in
> the
> | > system.
> | >
> | ...Snip...
> | >
> | > c:\WINDOWS\SYSTEM32\OD1MID.DLL infected: Trojan-PSW.Win32.Maran.gb
> |
> | ...snip..
> |
> | Try removing with MoveOnBoot.(see removal instructions below)
> | max
> | --
> | My Pages:
> | Virus Removal Instructions:
> | http://www.freespaces.com/maxwachtel/removal.html
> | Keeping Windows Clean:
> | http://www.freespaces.com/maxwachtel/keepingclean.html
> | Tools: http://www.freespaces.com/maxwachtel/tools.html
> | Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
> | specifically setup for USENET.Feel free to use it yourself.
> | Always remember - only download files from Trusted Sites.
> | "VISTA" is an acronym for the top five Windows problems: Viruses,
> | Infections, Spyware, Trojans and Adware. -PanHandler
> | Registered Linux User #393236
>
>

Peter Foldes · Jul 4, 2007

Whoops. Sorry Sharon I did not see your post when I posted

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"Sharon Franks" <no@spam.me> wrote in message news:%23OLFVkqvHHA.536@TK2MSFTNGP06.phx.gbl...
> That file damages the Winsock layer of XP. You need to download Winsockfix
> and run it.
> http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml
>
>
>
> --
>
> Sharon Franks
> MCC group
> Microsoft Certified Solutions Developer (MCSD)
> Microsoft Certified Trainer (MCT).
>
>
>
> "Mingo" <sly_007_2007_remove_@yahoo.com> wrote in message
> news:eP5%23PVqvHHA.2040@TK2MSFTNGP03.phx.gbl...
>> Hello Maximus,
>>
>> I deleted the file OD1MID.DLL
>>
>> Now i'm unable to surf the net, but I can still browse through my network.
>> Was this file part of IE6?
>>
>> Thank you for your help.
>>
>> Mingo
>>
>>
>>
>> "Maximus the Mad" <maxwachtel@nomail.afraid.org>
>> ???????:f6gt9m$em2$1@news.albasani.net...
>> | On 7/4/2007 3:01 AM, Mingo after much thought,came up with this jewel:
>> | > Hello,
>> | >
>> | > I did a scan with "MULTI_AV" and 2 trojan were found. One of the
>> infected
>> | > files was delete automatically and the otherone "OD1MID.DLL" is still
>> in
>> the
>> | > system.
>> | >
>> | ...Snip...
>> | >
>> | > c:\WINDOWS\SYSTEM32\OD1MID.DLL infected: Trojan-PSW.Win32.Maran.gb
>> |
>> | ...snip..
>> |
>> | Try removing with MoveOnBoot.(see removal instructions below)
>> | max
>> | --
>> | My Pages:
>> | Virus Removal Instructions:
>> | http://www.freespaces.com/maxwachtel/removal.html
>> | Keeping Windows Clean:
>> | http://www.freespaces.com/maxwachtel/keepingclean.html
>> | Tools: http://www.freespaces.com/maxwachtel/tools.html
>> | Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
>> | specifically setup for USENET.Feel free to use it yourself.
>> | Always remember - only download files from Trusted Sites.
>> | "VISTA" is an acronym for the top five Windows problems: Viruses,
>> | Infections, Spyware, Trojans and Adware. -PanHandler
>> | Registered Linux User #393236
>>
>>
>
>

Maximus the Mad · Jul 5, 2007

On 7/4/2007 9:39 PM, Mingo after much thought,came up with this jewel:
> Hello Maximus,
>
> I deleted the file OD1MID.DLL
>
> Now i'm unable to surf the net, but I can still browse through my network.
> Was this file part of IE6?
>
> Thank you for your help.
>
> Mingo

On my page, just below MoveOnBoot, was a link to the winsock fix.

max
--
My Pages:
Virus Removal Instructions:
http://www.freespaces.com/maxwachtel/removal.html
Keeping Windows Clean:
http://www.freespaces.com/maxwachtel/keepingclean.html
Tools: http://www.freespaces.com/maxwachtel/tools.html
Change nomail.afraid.org to gmail.com to reply. nomail.afraid.org is
specifically setup for USENET.Feel free to use it yourself.
Always remember - only download files from Trusted Sites.
"VISTA" is an acronym for the top five Windows problems: Viruses,
Infections, Spyware, Trojans and Adware. -PanHandler
Registered Linux User #393236