infected ddhelp32.exe

12 views
Skip to first unread message

Juan

unread,
Aug 21, 2002, 9:35:41 PM8/21/02
to
I scanned recently my computer and found that the file
ddhelp32.exe (wich I suppose is an essential file) is
infected with the virus Backdoor.Bionet.318 (The kind of
virus that acts like a server and sends info, passwords,
etc. to a specific person), the norton antivirus
recommended me to delete this file, but Im unsure of what
could happen if I do so. Could anyone help me?.
Thanks

Matthew Braverman [MS]

unread,
Aug 22, 2002, 2:00:49 PM8/22/02
to
Juan,

A search of multiple sources (including my own machine) yielded no mention
of a legitimate file, ddhelp32.exe. That being said, I would follow Norton's
recommendation of deleting the file, since it is likely just a stand-alone
trojan rather than a legitimate file infected with a virus. I would also
suggest doing the customary "post-trojan" routine: changing passwords, etc.

Hope this helps.
--
--
Matthew Braverman, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

I've been "encouraged" to share this helpful information from our lawyers.
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2002 Microsoft Corporation. All -rights
reserved.

"Juan" <ju...@hotmail.com> wrote in message
news:60ab01c2497c$399a96c0$a5e62ecf@tkmsftngxa07...

Juan

unread,
Aug 22, 2002, 4:49:26 PM8/22/02
to
>.
>

Thank you very, very much. Your info was of great help to
me.

Talon

unread,
Aug 23, 2002, 4:00:27 PM8/23/02
to
You may have missed Matt. ddhelp.exe (without the 32) is a Microsoft
DirectX helper file for Windows 9x systems. If I remember correctly, there
was a ddhelp32.exe (32 bit) that shipped with some video cards that took
advantage of the larger video memory size on some newer cards. (ATI comes
to mind.) I could be wrong on the "32", but it would fall under normal
naming protocols. Regardless, either way, the file could have been infected
by a virus.

Just a thought, ya might wanna check it out first, and have the drivers
available before you delete the file.

TALON §

"Juan" <ju...@hotmail.com> wrote in message

news:763801c24a1d$67581cd0$a4e62ecf@tkmsftngxa06...

Matthew Braverman [MS]

unread,
Aug 26, 2002, 6:58:49 PM8/26/02
to
Talon,

Thank you for that suggestion. I am aware of the ddhelp.exe file. However, I
have never heard of ddhelp32.exe. As I stated in my original post, a search
for ddhelp32.exe on multiple sources turned up absolutely nothing. For
comparison, a search for ddhelp.exe turned up at least 200 hits. This,
combined with the fact that Bionet.318 is a trojan and not a virus, made me
conclude that it was safe to delete, what is (hopefully was) a backdoor.


--
--
Matthew Braverman, Microsoft

Please do not send email directly to this alias. This is my online account
name for newsgroup participation only.

I've been "encouraged" to share this helpful information from our lawyers.
This posting is provided "AS IS" with no warranties, and confers no rights.
You assume all risk for your use. © 2002 Microsoft Corporation. All -rights
reserved.

"Talon" <ta...@trib.com> wrote in message
news:ak644m$kos$1...@news.tamerica.net...

Talon

unread,
Aug 27, 2002, 5:00:56 PM8/27/02
to
Well Matt, I've now officially spent too much time on this. I have in my
hand right now an OEM Installation disk for an ATI RageIIc card that shipped
with the card to Canada. Guess what file it has on it?

As I appear to have gotten a shadow around here, I figured that I'd look
into it a little bit and see who Matt Braveman was. Quick search revealed a
few pictures and past projects that all seem to fit the same person. Are
you the one wearing the cute little graduation hat?

If you have been assigned as my personal shadow, we might as well get to
know one another, I'd be happy to answer any questions you might happen to
have. . . .

TALON §

"Matthew Braverman [MS]" <matt...@online.microsoft.com> wrote in message
news:eXlwCQVTCHA.1644@tkmsftngp13...

Reply all
Reply to author
Forward
0 new messages