944,093 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Stubborn Virus Infected DLL
Ad:
Permalink
May 12th, 2005
-1

Stubborn Virus Infected DLL

Expand Post »
Ridding this computer of viruses and spyware except for this one stubborn dll logm.dll located in the Windows/System32 Folder.

AVG is telling me that the file is infected with the trojan house BackDoor.Agent.

I can not delete, heal or change the permissions to this file even in safe mode. This computer was infected with the about:blank trojan. I have even search for logm.dll using regedit and deleted one entry but still can not delete this file.

I am at a complete loss. My HiJack this file is clean and attached. Any help is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 2:22:16 PM, on 5/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Sierra\Planner\PLNRnote.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Renee Cavanaugh\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: winlogin.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe" start (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
Similar Threads
Reputation Points: 10
Solved Threads: 0
Light Poster
chameleon is offline Offline
27 posts
since Oct 2004
Permalink
May 13th, 2005
0

Re: Stubborn Virus Infected DLL

Get the PocketKillbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed (you may wish to print these instructions).

Run the PocketKillbox and paste C:\WINDOWS\System32\logm.dll in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot.

After you've rebooted, check to make sure the file is gone and let us know the results.
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004
Permalink
May 17th, 2005
0

Re: Stubborn Virus Infected DLL

Its gone, thanks alot!
Reputation Points: 10
Solved Threads: 0
Light Poster
chameleon is offline Offline
27 posts
since Oct 2004
Permalink
May 17th, 2005
0

Re: Stubborn Virus Infected DLL

Glad to hear it; thanks for letting us know
Team Colleague
Reputation Points: 63
Solved Threads: 213
Posting Maven
dlh6213 is offline Offline
2,962 posts
since Jul 2004

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: An Ad-aware problem
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: some IE pages couldn't be opened





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC