Microsoft KB Archive/319813

= The Backdoor/SubSeven 2.2 Server Virus May Cause an Error Message =

Article ID: 319813

Article Last Modified on 3/14/2005

-

APPLIES TO


 * Microsoft Windows XP Home Edition
 * Microsoft Windows XP Professional

-



This article was previously published under Q319813



SYMPTOMS
You may receive the following error message:

Ddhelper32.exe has encountered a problem and needs to close. We are sorry for the inconvenience.

Note that the file name (Ddhelper32.exe) in this error message may be replaced by any of these file names: Ddhelper.exe, Msrexe.exe, or Winloader.exe.

If you view the data that the error report contains, the following error signature information is listed:

App name      App version   Module name   Module version   Offset

Ddhelper32.exe 0.0.0.0      Various       0.0.0.0          Various

App name      App version   Module name   Module version   Offset

Ddhelper.exe  0.0.0.0       Various       0.0.0.0          Various

App name      App version   Module name   Module version   Offset

Msrexe.exe    0.0.0.0       Various       0.0.0.0          Various

App name      App version   Module name   Module version   Offset

Winloader.exe 0.0.0.0       Various       0.0.0.0          Various



CAUSE
This error message can occur if the Backdoor/SubSeven 2.2 Server virus has infected your computer. This virus is also known by these names:
 * BackDoor-G2
 * BackDoor-G2.svr.gen
 * BackDoor-G22.svr
 * BackDoor.PolyDrop
 * Backdoor.Subseven.22.a (NAV)
 * BackDoor/SubSeven2.2 (CAI)
 * Badman Trojan
 * Serbian Badman Trojan
 * Sub7 v2.x
 * SubSeven v2.0
 * SubSeven v2.1
 * SubSeven v2.1 Gold
 * SubSeven v2.12
 * SubSeven v2.13
 * SubSeven v2.2 Beta
 * Troj_Sub7.22.d (Trend)
 * TROJ_SUB7.MUIE
 * Troj_Sub7.v20 (Trend)
 * TSB Trojan



RESOLUTION
Microsoft does not provide software that can detect or remove computer viruses. If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software. For a list of antivirus software manufacturers, click the following article number to see the article in the Microsoft Knowledge Base:

49500 List of Antivirus Software Vendors

To resolve this issue, install current antivirus software. If you already have antivirus software installed, update the virus signature file so that it detects the infection. You may want to contact the manufacturer of your antivirus software to obtain advice about removing the virus.



MORE INFORMATION
For more information about this virus, visit any of the following third-party Web sites:

http://www.symantec.com/avcenter/venc/data/backdoor.subseven.html

http://vil.nai.com/vil/content/v_10566.htm

http://www.antivirusebook.com/database/backdoorsubsevenvirus.html

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

Keywords: kbprb kbprod2web KB319813

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.