Recently, I've had problems with my computer suddenly freezing even with barely any programs running, and when I do restart, it says that Windows has No Disk and is asking me to put the XP Install CD in the CD drive in order to fix the problem.

It turns out that I had some sort of "spyware" in my System folder (C:\WINDOWS\system or C:\WINDOWS\system32, I forget) called MSDDM.exe, and in order for me to remove it I had to go on Safe Mode, find the files containing "msddm.exe" and delete it. There were two files, msddm.exe and a prefetch file also containing msddm.exe. (I apologize for not double-checking the correct filename and locations.)


I talked to a friend about my computer problems and he was able to track down the name. How he found out the filename, I don't know, but since the termination of MSDDM.exe and the prefetch my computer's been running the way it was before I acquired the spyware.



I was wondering if anyone else has heard of this, and I would like to know more about its causes and effects, because I'm sure one of my friends will end up having the same problems as I did.



I apologize in advance if I'm posting on the wrong area. I'm new to this.


EDIT:

My friend found out from one of his friends that it is only presumed to be spyware, and that it's just recently been ruining computers. (My friend got it three weeks ago.)

I've run an online check on that thing and it looks like it's indeed malware, codenamed Covert.Sys.Exec.

The symptoms and damage it can do is:
Violates Physical Memory Protection allowing it to take control of yout PC. Opens and scans your email address book . Could use your PC to send mass mail using SMTP protocols. Has a keylogger that can spy on and log keystrokes without your knowldege or permission. Modifies Internet Browser Settings: (HomePage,Search,Toolbar). Deactivates your Windows XP Firewall PC security. Changes file type execution and program maps. Creates multiple copies of the Malicious infection on your PC. Creates registry run keys to ensure it is restarted every time you boot your PC. Installs other malicious programs. Registers Background Service(s). Examines which processes are running on your PC allowing it to explore vulnerabilities in Windows and your antivirus and anti-spyware products. Modifies the HostsFile which could stop your antivirus or anti-spyware protection or put your personal information at risk. Connects with 3rd party computer systems and forwards data via the internet. Modifies vulnerable system files. Modifies The Windows System Restore Area. Hijacks other processes.

Of course, the site I pulled the info off suggests its own spyware removal, which isn't going to help much. Instead, there's a workaround.


Run the system in safe mode.
If you already have it, use Spybot Search&Destroy (http://www.safer-networking.org/en/download/) by going into Mode->Advanced, then under the Tools->System Startup scrolling menu.
Find the offending file and uncheck it. There should be only one instance of it, if not, uncheck them all.
Download and install MoveOnBoot (http://www.gibinsoft.net/gipoutils/fileutil/index.htm), and make it remember the offending file for deletion once you restart. It'll delete the regardless of the system lock on it (because it's, say, already executed).
Restart the PC into regular mode - before the WXP graphical interface boots up, MoveOnBoot will delete the file or at the very least put it somewhere other than the systemdir.
Once in regular WXP (non-safe), check Spybot's Startup section again - if the file isn't checked anymore, it's been safely removed.
If the Spybot's Startup section lists more non-normal entries, take a screenshot and link to it here - from there on we can ID and delete the remaining problematic components.


Hope this helps.