The Backdoor/SubSeven 2.2 Server Virus May Cause an Error Message (319813)


The information in this article applies to:

  • Microsoft Windows XP Home Edition
  • Microsoft Windows XP Professional
This article was previously published under Q319813

SYMPTOMS

You may receive the following error message:
Ddhelper32.exe has encountered a problem and needs to close. We are sorry for the inconvenience.
Note that the file name (Ddhelper32.exe) in this error message may be replaced by any of these file names: Ddhelper.exe, Msrexe.exe, or Winloader.exe.

If you view the data that the error report contains, the following error signature information is listed: 

App name       App version   Module name   Module version   Offset
--------------------------------------------------------------------
Ddhelper32.exe 0.0.0.0       Various       0.0.0.0          Various

App name       App version   Module name   Module version   Offset
--------------------------------------------------------------------
Ddhelper.exe   0.0.0.0       Various       0.0.0.0          Various

App name       App version   Module name   Module version   Offset
--------------------------------------------------------------------
Msrexe.exe     0.0.0.0       Various       0.0.0.0          Various

App name       App version   Module name   Module version   Offset
--------------------------------------------------------------------
Winloader.exe  0.0.0.0       Various       0.0.0.0          Various

CAUSE

This error message can occur if the Backdoor/SubSeven 2.2 Server virus has infected your computer. This virus is also known by these names:
  • BackDoor-G2
  • BackDoor-G2.svr.gen
  • BackDoor-G22.svr
  • BackDoor.PolyDrop
  • Backdoor.Subseven.22.a (NAV)
  • BackDoor/SubSeven2.2 (CAI)
  • Badman Trojan
  • Serbian Badman Trojan
  • Sub7 v2.x
  • SubSeven v2.0
  • SubSeven v2.1
  • SubSeven v2.1 Gold
  • SubSeven v2.12
  • SubSeven v2.13
  • SubSeven v2.2 Beta
  • Troj_Sub7.22.d (Trend)
  • TROJ_SUB7.MUIE
  • Troj_Sub7.v20 (Trend)
  • TSB Trojan

RESOLUTION

Microsoft does not provide software that can detect or remove computer viruses. If you suspect or confirm that your computer is infected with a virus, obtain current antivirus software. For a list of antivirus software manufacturers, click the following article number to see the article in the Microsoft Knowledge Base:

49500 List of Antivirus Software Vendors

To resolve this issue, install current antivirus software. If you already have antivirus software installed, update the virus signature file so that it detects the infection. You may want to contact the manufacturer of your antivirus software to obtain advice about removing the virus.

MORE INFORMATION

For more information about this virus, visit any of the following third-party Web sites:

http://www.symantec.com/avcenter/venc/data/backdoor.subseven.html

http://vil.nai.com/vil/content/v_10566.htm

http://www.antivirusebook.com/database/backdoorsubsevenvirus.html

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
Modification Type:MinorLast Reviewed:3/14/2005
Keywords:kbprb kbProd2Web KB319813
©2004 Microsoft Corporation. All rights reserved.