Member Avatar for linux

I have Norton Anti-Virus, and even in safe mode, it cannot delete a virus we have:

C:\WINDOWS\system32\winrmc32.dll

It doesn't really affect our system, it just pops up a box that says Virus found, but really, Norton should be able to delete it.

-- I also cannot go into the folder and delete winrmc32.dll, as it says "Access is Denied"

  • 3 Contributors
  • 2 Replies
  • 109 Views
  • 20 Hours Discussion Span
  • Latest Post Latest Post by DMR

Recommended Answers

All 2 Replies

Member Avatar for raybay

Noton won't delete it because they don't want the liability of whatever else may be destroyed.
Try the Panda Active Scan which is very good (do a Google search) and go to Grisoft AVG Free and use theres... much better products than Norton / Symantec, in my opinon

Member Avatar for DMR

Noton won't delete it because they don't want the liability of whatever else may be destroyed.

Um... noooo- Norton can't delete it because the dll is already loaded/running, and has protected itself in such a way that Norton can't terminate it, which is what Norton would need to do before it can delete the file. This is why linux gets the "access denied" error as well. Norton is kind of limited in that way.

linux,

You may have other malicious components in addition to the winrmc32.dll file, so, as raybay suggested, it would be a good idea to do a couple of the free online virus/spyware scans, as well as to install and run AVG's free anti-spyware program.
** Please do not install a second anti-virus program if Norton is installed, because two concurrently-running antivirus programs can conflict with each other and cause you problems.

A) Online virus scans:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
Make sure you tick AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/active...n_principal.htm
Make sure you tick Disinfect automatically under Scan Options.

Housecall at TrendMicro
http://housecall60.trendmicro.com/e...orp.asp?id=scan
Make sure you tick Auto Clean.

eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx


B) Our usual preliminary drill:


1. Download the free HijackThis utility. Once downloaded, follow these instructions to install and run the program:

* Create a folder for HJT outside of any Temp/Temporary folders and move the HijackThis.exe file to that folder now. A folder such such as C:\HijackThis or C:\Spyware Tools\HijackThis will do.

* Run HijackThis, but do not have HJT fix anything yet; only have it scan your system! Once the scan is complete, the "Scan" button will turn into an option to "Save log...".

* Save the log in the folder you created for HijackThis; the saved file will be named "hijackthis.log".


2. You will need to close/quit all web browser programs and disconnect from the Internet for some of the following, so you should print out the following instructions or save them into a text file with Notepad.

3. Download ATF-Cleaner and save it to convenient location.


4. Download the free version of AVG Anti-Spyware (formerly ewido). Save the installer file to your desktop or any convenient folder.

* Run the installer, accepting the default options. Run the program once installed, click on the Update icon at the top of the main AVG window, and allow the program to download the most current components.

* Close AVG once the updates have been downloaded.


5. Reboot into Safe Mode (you get to the safe mode boot option by hitting the F8 key as your computer is starting up).

* Double-click ATF-Cleaner.exe to run the program.
- Click the Main menu option.
- Check the Select All box. (Uncheck cookies if you do not want them removed).
- Click the Empty Selected button.

If you use Firefox browser:

- Click the Firefox menu option.
- Check the Select All box. (Uncheck cookies if you do not want them removed).
- Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, click No at the prompt.
- Click Exit on the Main menu to close the program.


* Run AVG Anti-Spyware.

- Click on the "Scanner" icon just to the right of the Update icon. In the Scanner window, click on the "Settings" tab.
- Under "How to act?", click on "Recommended actions" and choose "Delete" from the resulting menu.
- All boxes under "How to scan" and "Possibly unwanted..." should be checked.
- Under "Reports", check "Automatically generate report after every scan".
- Under "What to scan", select "Scan every file".
- Click on the "Scan" tab, and then click on "Complete System Scan" to start scanning. It usually takes at least 40 minutes to complete a full scan.

Once the scan is complete, a window listing all infected objects (if any are found) will be displayed. Below the list of infected objects, make sure the Set all elements to: option is set to Delete and then click the Apply all actions button.

After the malicious items are deleted, you will be given the option to save the scan report; do that. The report is saved as a text file in the C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Reports folder. (The actual filename is a combination of the date and time of the scan.)


6. Reboot the computer normally, open the AVG Anti-Spyware report in Windows Notepad, and Cut-N-Paste the entire contents of that report into a post in this thread; do the same for the HijackThis log. The log contents will tell us a lot about what "nasties" have crept into your system, and once we analyse the logs we can tell you what (if anything) you need to do from there.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.