Norton unable to delete Trojan - please help!

Hello all

I'm having a nightmare with a Backdoor Trojan. After having various adware trojans hijack IE for weeks I seem to have got rid of them by using Ad-Aware etc. However, yesterday when Norton Antivirus loaded it detected a virus and said it couldn't delete it. The pop-up window which displays this message will not close. I have followed the detailed instruction on the Symantec website to the letter - including turning off system restore, scanning, starting in safe mode, scanning, checking the registry, scanning, scanning etc. - but to no avail. When I actually scan with NAV it does not find anything wrong. I also cannot see the file the pop-up is referring to. The message on the pop-up is:

"NAV has detected a virus. Object name: C:\WINDOWS\System32\d3dma.dll. Virus name: Backdoor.Trojan. Action taken: Unable to repair this file."

What is this d3dma.dll? And should it have been deleted - because I can't see it either in the System32 folder or the registry...

I also now get a message from NAV when restarting that a virus may be trying to shut down NAV so I should uninstall it and reinstall it again. Should I? I'm running Windows XP Home edition, with SP1a installed and Mozilla as a browser.

I'm tempted just to get my documents off and reformat the hard drive. Would this solve the problem?

Please help - I'm getting desperate!

 

Hi - thanks for that, but I've been through exactly those instructions. I still get the message. Maybe I should try it again..?

 

Have you rebooted your PC into "Safe Mode" and run a scan?

Cheers

 

Hi Blackspear - yes that's the first thing I did, I followed the Symantec instructions. Hmm...

 

Oops - just read in the instructions to start a new thread, so that's what I'll do.

Thanks all.

 

OK, well I followed the instructions given by ronjor - to post the log from HijackThis in a separate thread here - and that thread has now been closed. It would have been helpful if someone had told me that this was not the thing to do before I went to all the trouble.

Any other help anyone can give - that is actually allowed - and I'd be most appreciative. Thanks.

 

Hi kilkerr1,

I don't think anyone could have forwarned you not to post a hijackthis log as the Announcement was only posted at 10:45am this morning.

There is a link in the Announcement Post that will give you a list of spyware removal forums. If you didn't see the link, I'll repost it here: http://a-sap.org/ There are experienced hijackthis staff members there that will be able to look at your hijackthis log and advise you if there is anything that needs to be fixed.

Trend Micro does have a fix tool that you might want to try. If this is the infection I think you have (the hidden dll which is a CWS variant of the about:blank) then this tool may fix it. If not, then you will have to go to one of the other forums at the link I posted, and they will try and help you remove it.

But give this a try first: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.AC

Regards,

snap

 

Hi snap

Many thanks for that. Got a leedle upset as had been struggling for a while with the virus beastie. I also see loads of people have actually posted their log files here and been answered...

Anyway, will follow your suggestions and see where I get.

Cheers!