TROJ_AGENT.J virus attached to res.dll file in WINDOWS\SYSTEM32

Hi,
I'm running XP (Home Edition) and somehow I've contracted the TROJ_AGENT.J virus which has attached itself to res.dll file in WINDOWS\SYSTEM32.

The problem I've got is how do I remove res.dll? I'm unable to copy/delete it as it is in use...when I boot up in safe mode the file isn't there. Will it cause problems if I do?

I've followed the instructions from my virus protection vendor without success, and the software can't quarantine the file as it is in use.

Has anybody got any ideas on what to do? All appreciated as I'm stumped.
Thanks

 

visit this page and do exactly what they say.

 

Thanks - but I've already done that as they're my AV software....the key in the regedit keeps returning when I re-boot even though I've switched off system backup in XP...It returns into the registry when the system starts up even thought I've previously deleted it.

Anybody?

 

have you tried the rescue disks? contact their technical support. download Process Explorer from here and enable the DLL mode. checkout which process is using the RES.DLL and try to kill that process. probably you'll be able to unload the RES.DLL manually. try that first before killing that process.

 

Hi Ninjoid

U could follow these instructions,

https://www.wilderssecurity.com/showthread.php?t=15913

then post your HijackThis log in the hijack cleaning forums with a full description of your problem and one of the experts will give u recommendations on any Malware found.


snowbound

 

Thanks for your help..tried all of this and res.dll isn't listed anywhere...I'm lost totally now....

 

Guys, I seem to have it sussed now....thanks to AMRX's suggestion of the process explorer I managed to find that res.dll was indeed a handle...I managed to close it within the process explorer and then somehow with windows explorer I've been able to rename the file, dunno how, to res1.dll...after that my AV s/w took over and quarantined the file for me..so it's now gone from system32 and I'm not getting AV messages regarding it now...!!! great....the regedit for winNT those is still looking to load the res.dll - but it now can't find it, and the bonus is no error messages either...so fingers crossed I think I'm sorted.

Thanks to everyone who offerend an opinion and help
Cheers

 

Thanks for that Process Explorer thingy. I had the exact same problem after updating to a new trend micro pattern update, and it was getting seriously annoying. But thankfully I have been able to kill it off now

So I'll bookmark this forum for whenever I get a security related problem that my PC Cillin can't deal with.

 

well, I say exact. But it was a 'D3D.dll' file causing the problems.

 

glad to hear those. always remember, if you take the malware off your PC memory half the battle is won. if you can't take it off for some reason boot your system with rescue disks or from another clean hard drive. now run a scan and everything will be easily quaratined or cleaned. take care.

 

Thanks a lot. I had the same problem. My infected file was loghnoe.dll Now it is solved.

 

hey im sorry to keep this going but i have the same problem yet mine isnt getting deleted im not sure how to use that process explorer thing somebody please help