Norton unable to delete Trojan - please help!

Discussion in 'malware problems & news' started by kilkerr1, Jul 20, 2004.

Thread Status:
Not open for further replies.
  1. kilkerr1

    kilkerr1 Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    7
    Hello all

    I'm having a nightmare with a Backdoor Trojan. After having various adware trojans hijack IE for weeks I seem to have got rid of them by using Ad-Aware etc. However, yesterday when Norton Antivirus loaded it detected a virus and said it couldn't delete it. The pop-up window which displays this message will not close. I have followed the detailed instruction on the Symantec website to the letter - including turning off system restore, scanning, starting in safe mode, scanning, checking the registry, scanning, scanning etc. - but to no avail. When I actually scan with NAV it does not find anything wrong. I also cannot see the file the pop-up is referring to. The message on the pop-up is:

    "NAV has detected a virus. Object name: C:\WINDOWS\System32\d3dma.dll. Virus name: Backdoor.Trojan. Action taken: Unable to repair this file."

    What is this d3dma.dll? And should it have been deleted - because I can't see it either in the System32 folder or the registry...

    I also now get a message from NAV when restarting that a virus may be trying to shut down NAV so I should uninstall it and reinstall it again. Should I? I'm running Windows XP Home edition, with SP1a installed and Mozilla as a browser.

    I'm tempted just to get my documents off and reformat the hard drive. Would this solve the problem?

    Please help - I'm getting desperate!
     
  2. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas


    Symantec info http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan.html
     
  3. kilkerr1

    kilkerr1 Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    7
    Hi - thanks for that, but I've been through exactly those instructions. I still get the message. Maybe I should try it again..?
     
  4. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have you rebooted your PC into "Safe Mode" and run a scan?

    Cheers :D
     
  5. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,794
    Location:
    Texas
  6. kilkerr1

    kilkerr1 Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    7
    Hi Blackspear - yes that's the first thing I did, I followed the Symantec instructions. Hmm...
     
  7. kilkerr1

    kilkerr1 Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    7
    Oops - just read in the instructions to start a new thread, so that's what I'll do.

    Thanks all.
     
    Last edited: Jul 20, 2004
  8. kilkerr1

    kilkerr1 Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    7
    OK, well I followed the instructions given by ronjor - to post the log from HijackThis in a separate thread here - and that thread has now been closed. It would have been helpful if someone had told me that this was not the thing to do before I went to all the trouble. o_O

    Any other help anyone can give - that is actually allowed - and I'd be most appreciative. Thanks. :doubt:
     
  9. snapdragin

    snapdragin Administrator

    Joined:
    Feb 16, 2002
    Posts:
    8,415
    Location:
    Southern Ont., Canada
    Hi kilkerr1,

    I don't think anyone could have forwarned you not to post a hijackthis log as the Announcement was only posted at 10:45am this morning.

    There is a link in the Announcement Post that will give you a list of spyware removal forums. If you didn't see the link, I'll repost it here: http://a-sap.org/ There are experienced hijackthis staff members there that will be able to look at your hijackthis log and advise you if there is anything that needs to be fixed.

    Trend Micro does have a fix tool that you might want to try. If this is the infection I think you have (the hidden dll which is a CWS variant of the about:blank) then this tool may fix it. If not, then you will have to go to one of the other forums at the link I posted, and they will try and help you remove it.

    But give this a try first: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_AGENT.AC

    Regards,

    snap
     
    Last edited: Jul 20, 2004
  10. kilkerr1

    kilkerr1 Registered Member

    Joined:
    Jul 20, 2004
    Posts:
    7
    Hi snap

    Many thanks for that. Got a leedle upset as had been struggling for a while with the virus beastie. I also see loads of people have actually posted their log files here and been answered...

    Anyway, will follow your suggestions and see where I get.

    Cheers!
     
Loading...
Thread Status:
Not open for further replies.