Hi.

A downloader Torjan has infected a file on my computer named
C:\windows\system32\browsela.dll

This was identified by several virus scanners, including Ewido (which
claimed to have cleaned it but it is still there - yes, system restore is
turned off), Norton (which admits it cannot delete or quarantine the file),
and Kaspersky.

I cannot delete this file EVEN IN SAFE MODE!

Can anyone help out?

Cheers,
Gregory

You can get Microsoft's most current definitions by doing a full scan here,
in safe mode with networking:

http://safety.live.com

I'd be very interested to hear whether this does the job for you.

--

"Frozencanuck" <(E-Mail Removed)> wrote in message
news:58921961-B683-4CA5-9BB0-(E-Mail Removed)...
> Hi.
>
> A downloader Torjan has infected a file on my computer named
> C:\windows\system32\browsela.dll
>
> This was identified by several virus scanners, including Ewido (which
> claimed to have cleaned it but it is still there - yes, system restore is
> turned off), Norton (which admits it cannot delete or quarantine the
> file),
> and Kaspersky.
>
> I cannot delete this file EVEN IN SAFE MODE!
>
> Can anyone help out?
>
> Cheers,
> Gregory

Hello

Strangely enough, despite the file repeatedly saying that it could not be
deleted as it was in use, it simply disappeared from my computer altogether
when I rebooted it in Safe Mode (I guess Ewido worked somehow even though the
file was still in the folder after it was allegedly "cleared"). Sadly, this
means I cannot see whether Safety.Live would have worked or not.

Cheers,
Gregory


"Bill Sanderson" wrote:

> You can get Microsoft's most current definitions by doing a full scan here,
> in safe mode with networking:
>
> http://safety.live.com
>
> I'd be very interested to hear whether this does the job for you.
>
> --
>
> "Frozencanuck" <(E-Mail Removed)> wrote in message
> news:58921961-B683-4CA5-9BB0-(E-Mail Removed)...
> > Hi.
> >
> > A downloader Torjan has infected a file on my computer named
> > C:\windows\system32\browsela.dll
> >
> > This was identified by several virus scanners, including Ewido (which
> > claimed to have cleaned it but it is still there - yes, system restore is
> > turned off), Norton (which admits it cannot delete or quarantine the
> > file),
> > and Kaspersky.
> >
> > I cannot delete this file EVEN IN SAFE MODE!
> >
> > Can anyone help out?
> >
> > Cheers,
> > Gregory
>
>
>

Nothing sad about having that critter gone, I suspect. Safety.live.com is
thorough--I think a scan on my home machine takes 3 hours or so--but I
haven't yet had a chance to use it on a machine with anything of
significance in place.

--

"Frozencanuck" <(E-Mail Removed)> wrote in message
news:3A0F6754-5E54-4016-970E-(E-Mail Removed)...
> Hello
>
> Strangely enough, despite the file repeatedly saying that it could not be
> deleted as it was in use, it simply disappeared from my computer
> altogether
> when I rebooted it in Safe Mode (I guess Ewido worked somehow even though
> the
> file was still in the folder after it was allegedly "cleared"). Sadly,
> this
> means I cannot see whether Safety.Live would have worked or not.
>
> Cheers,
> Gregory
>
>
> "Bill Sanderson" wrote:
>
>> You can get Microsoft's most current definitions by doing a full scan
>> here,
>> in safe mode with networking:
>>
>> http://safety.live.com
>>
>> I'd be very interested to hear whether this does the job for you.
>>
>> --
>>
>> "Frozencanuck" <(E-Mail Removed)> wrote in message
>> news:58921961-B683-4CA5-9BB0-(E-Mail Removed)...
>> > Hi.
>> >
>> > A downloader Torjan has infected a file on my computer named
>> > C:\windows\system32\browsela.dll
>> >
>> > This was identified by several virus scanners, including Ewido (which
>> > claimed to have cleaned it but it is still there - yes, system restore
>> > is
>> > turned off), Norton (which admits it cannot delete or quarantine the
>> > file),
>> > and Kaspersky.
>> >
>> > I cannot delete this file EVEN IN SAFE MODE!
>> >
>> > Can anyone help out?
>> >
>> > Cheers,
>> > Gregory
>>
>>
>>

i had the same malware virus.. go to downloads.com and download the free
version of ewido. it works awesome, got rid of the bug

"Frozencanuck" wrote:

> Hi.
>
> A downloader Torjan has infected a file on my computer named
> C:\windows\system32\browsela.dll
>
> This was identified by several virus scanners, including Ewido (which
> claimed to have cleaned it but it is still there - yes, system restore is
> turned off), Norton (which admits it cannot delete or quarantine the file),
> and Kaspersky.
>
> I cannot delete this file EVEN IN SAFE MODE!
>
> Can anyone help out?
>
> Cheers,
> Gregory

My sister has windows xp and norton is showing that she has a high risk
infection that cannot be deleted. Itis in C:\windows/system32 and avifnsi.dll
Name-Downloader under able to fix or delete. Can anyone tell me what to do?
Thanks so much.
--
Judi


"mark m" wrote:

> i had the same malware virus.. go to downloads.com and download the free
> version of ewido. it works awesome, got rid of the bug
>
> "Frozencanuck" wrote:
>
> > Hi.
> >
> > A downloader Torjan has infected a file on my computer named
> > C:\windows\system32\browsela.dll
> >
> > This was identified by several virus scanners, including Ewido (which
> > claimed to have cleaned it but it is still there - yes, system restore is
> > turned off), Norton (which admits it cannot delete or quarantine the file),
> > and Kaspersky.
> >
> > I cannot delete this file EVEN IN SAFE MODE!
> >
> > Can anyone help out?
> >
> > Cheers,
> > Gregory

She could try running Norton in SAFE mode which is the standard way of
dealing with spyware that can't be removed in the normal startup.

http://service1.symantec.com/SUPPORT...01052409420406

She could also send that dll file to the following online multi-scanners to
see what's detected, if anything:

http://www.virustotal.com/en/indexf.html
http://virusscan.jotti.org/

....and I suppose she should ask Symantec what to do, since they're
detecting the infection (it could even be a false positive):

http://www.symantec.com/techsupp/hom...ice/index.html

--

Regards, Dave


Judi wrote:
> My sister has windows xp and norton is showing that she has a high risk
> infection that cannot be deleted. Itis in C:\windows/system32 and
> avifnsi.dll
> Name-Downloader under able to fix or delete. Can anyone tell me what to
> do?
> Thanks so much.
>
>> i had the same malware virus.. go to downloads.com and download the free
>> version of ewido. it works awesome, got rid of the bug
>>
>> "Frozencanuck" wrote:
>>
>>> Hi.
>>>
>>> A downloader Torjan has infected a file on my computer named
>>> C:\windows\system32\browsela.dll
>>>
>>> This was identified by several virus scanners, including Ewido (which
>>> claimed to have cleaned it but it is still there - yes, system restore
>>> is
>>> turned off), Norton (which admits it cannot delete or quarantine the
>>> file),
>>> and Kaspersky.
>>>
>>> I cannot delete this file EVEN IN SAFE MODE!
>>>
>>> Can anyone help out?
>>>
>>> Cheers,
>>> Gregory

Thanks so much for the info Dave. How do I run Norton in safe mode? Also
today I did another scan and it shows virus on masterboot and master sector.
Thanks for any info
--
Judi


"Dave M" wrote:

> She could try running Norton in SAFE mode which is the standard way of
> dealing with spyware that can't be removed in the normal startup.
>
> http://service1.symantec.com/SUPPORT...01052409420406
>
> She could also send that dll file to the following online multi-scanners to
> see what's detected, if anything:
>
> http://www.virustotal.com/en/indexf.html
> http://virusscan.jotti.org/
>
> ....and I suppose she should ask Symantec what to do, since they're
> detecting the infection (it could even be a false positive):
>
> http://www.symantec.com/techsupp/hom...ice/index.html
>
> --
>
> Regards, Dave
>
>
> Judi wrote:
> > My sister has windows xp and norton is showing that she has a high risk
> > infection that cannot be deleted. Itis in C:\windows/system32 and
> > avifnsi.dll
> > Name-Downloader under able to fix or delete. Can anyone tell me what to
> > do?
> > Thanks so much.
> >
> >> i had the same malware virus.. go to downloads.com and download the free
> >> version of ewido. it works awesome, got rid of the bug
> >>
> >> "Frozencanuck" wrote:
> >>
> >>> Hi.
> >>>
> >>> A downloader Torjan has infected a file on my computer named
> >>> C:\windows\system32\browsela.dll
> >>>
> >>> This was identified by several virus scanners, including Ewido (which
> >>> claimed to have cleaned it but it is still there - yes, system restore
> >>> is
> >>> turned off), Norton (which admits it cannot delete or quarantine the
> >>> file),
> >>> and Kaspersky.
> >>>
> >>> I cannot delete this file EVEN IN SAFE MODE!
> >>>
> >>> Can anyone help out?
> >>>
> >>> Cheers,
> >>> Gregory
>
>
>

I'm a bit confused by your question. You'd get into SAFE by using the
information from Symantec (Norton) in the link I provided below to
service1.symantec.com. Then you'd manually start NAV by clicking the
Norton's Icon on your Desktop and run a full system scan which Norton's
calls "scan my computer". Running in SAFE prevents the startup of normal
system services and applications (and hopefully virus activity), and gives
you a better chance of removal. I'd have thought you would already have
tried this, since it was suggested as one of the things that people had
attempted to use in dealing with this downloader.

The other thing that they talk about in that thread is Ewido Anti-Trojan,
and at least two of the posters report success using Ewido to remove the
problem, so you should try Ewido as well and run a "complete system scan"
with it. You can get Ewido 4.0 here for a fully functioning 30 day trial
that did not (for myself) conflict with either Windows Defender or Norton's
when running all Ewido functions including Real Time Protection:

http://www.ewido.net/en/

--

Regards, Dave


Judi wrote:
> Thanks so much for the info Dave. How do I run Norton in safe mode? Also
> today I did another scan and it shows virus on masterboot and master
> sector.
> Thanks for any info
>
>> She could try running Norton in SAFE mode which is the standard way of
>> dealing with spyware that can't be removed in the normal startup.
>>
>> http://service1.symantec.com/SUPPORT...01052409420406
>>
>> She could also send that dll file to the following online multi-scanners
>> to
>> see what's detected, if anything:
>>
>> http://www.virustotal.com/en/indexf.html
>> http://virusscan.jotti.org/
>>
>> ....and I suppose she should ask Symantec what to do, since they're
>> detecting the infection (it could even be a false positive):
>>
>> http://www.symantec.com/techsupp/hom...ice/index.html
>>
>> --
>>
>> Regards, Dave
>>
>>
>> Judi wrote:
>>> My sister has windows xp and norton is showing that she has a high risk
>>> infection that cannot be deleted. Itis in C:\windows/system32 and
>>> avifnsi.dll
>>> Name-Downloader under able to fix or delete. Can anyone tell me what to
>>> do?
>>> Thanks so much.
>>>
>>>> i had the same malware virus.. go to downloads.com and download the
>>>> free
>>>> version of ewido. it works awesome, got rid of the bug
>>>>
>>>> "Frozencanuck" wrote:
>>>>
>>>>> Hi.
>>>>>
>>>>> A downloader Torjan has infected a file on my computer named
>>>>> C:\windows\system32\browsela.dll
>>>>>
>>>>> This was identified by several virus scanners, including Ewido (which
>>>>> claimed to have cleaned it but it is still there - yes, system
>>>>> restore
>>>>> is
>>>>> turned off), Norton (which admits it cannot delete or quarantine the
>>>>> file),
>>>>> and Kaspersky.
>>>>>
>>>>> I cannot delete this file EVEN IN SAFE MODE!
>>>>>
>>>>> Can anyone help out?
>>>>>
>>>>> Cheers,
>>>>> Gregory