-1

Ridding this computer of viruses and spyware except for this one stubborn dll logm.dll located in the Windows/System32 Folder.

AVG is telling me that the file is infected with the trojan house BackDoor.Agent.

I can not delete, heal or change the permissions to this file even in safe mode. This computer was infected with the about:blank trojan. I have even search for logm.dll using regedit and deleted one entry but still can not delete this file.

I am at a complete loss. My HiJack this file is clean and attached. Any help is greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 2:22:16 PM, on 5/12/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Sierra\Planner\PLNRnote.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Renee Cavanaugh\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunOnce: [GrpConv] grpconv.exe -o
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\Sierra\Planner\PLNRnote.exe
O4 - Global Startup: winlogin.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Security Agent (scagent) - Unknown owner - C:\WINDOWS\system32\scagent.exe" start (file missing)
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

2
Contributors
3
Replies
4
Views
12 Years
Discussion Span
Last Post by dlh6213
0

Get the PocketKillbox from here:
http://bleepingcomputer.com/files/spyware/KillBox.zip

Unzip the file to your desktop.

Go offline until this is completed (you may wish to print these instructions).

Run the PocketKillbox and paste C:\WINDOWS\System32\logm.dll in the box and click on Delete on Reboot. Click on the button with the red circle and an X in the middle; you will get a message saying File will be deleted on next reboot, Process and Reboot now?, Click Yes to reboot.

After you've rebooted, check to make sure the file is gone and let us know the results.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.