Can't get rid of Trojan horse Backdoor

[BH2]

Hi,
I need some help please. I run AVG virus checker, it has picked up a Trojan
horse in C\WINDOWS\system32\d3dcfo.dll Trojan horse.Backdoor.agent.BA. AVG
has detected the virus, but it will not delete or rename it or isolate it.
I downloaded the AVG cleaner but can't get into the safe mode to run it.
Everytime I open any program the AVG splash screen comes up and tells me
about the virus and where it is.
Would appreciate any help in getting rid of it, it is driving me nuts.
Also because I am infected does this mean that AVG is not very good.
Thanks for any help
Regards
Bob H

 

[pp hammer]

horse in C\WINDOWS\system32\d3dcfo.dll Trojan horse.Backdoor.agent.BA.
AVG

has detected the virus, but it will not delete or rename it or isolate

it.

whats stopping you going to C\WINDOWS\system32 , manually renaming it and
rebooting?

Also because I am infected does this mean that AVG is not very good.>

was avg running when you got infected? do you have it set on real time
scanning/protection or do u just run it now and then to check?

I downloaded the AVG cleaner but can't get into the safe mode to run it.

keep tapping f8 after power on self test screen

 

[David H. Lipman]

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Dowload the Trend Pattern File by obtaining the ZIP file.
For example; lpt246.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *

Dave





| Hi,
| I need some help please. I run AVG virus checker, it has picked up a Trojan
| horse in C\WINDOWS\system32\d3dcfo.dll Trojan horse.Backdoor.agent.BA. AVG
| has detected the virus, but it will not delete or rename it or isolate it.
| I downloaded the AVG cleaner but can't get into the safe mode to run it.
| Everytime I open any program the AVG splash screen comes up and tells me
| about the virus and where it is.
| Would appreciate any help in getting rid of it, it is driving me nuts.
| Also because I am infected does this mean that AVG is not very good.
| Thanks for any help
| Regards
| Bob H
|
|

 

[Heather]

Dave.....change #9 before you drive me nuts!! If you turn off System
Restore on WinME and then turn it back on.....it automatically creates one
Restore Point (having flushed all of the rest......which I why I don't turn
it off, grin).

Heather

 

[BH2]

Dave,
For some reason it won't let me start the computer in the safe mode, I go to
and accept the safe mode, and it loads so many of the drivers, show in text
what it is loading then just stops with a blank screen.
Regards
Bob

 

[David H. Lipman]

Then do it in Normal Mode But... make sure you close out all programs. The more you
shutdown, the greater the chance you will have of detecting and cleaning the PC.

Dave




| Dave,
| For some reason it won't let me start the computer in the safe mode, I go to
| and accept the safe mode, and it loads so many of the drivers, show in text
| what it is loading then just stops with a blank screen.
| Regards
| Bob
|
| | > 1) Download the following three items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend signature files.
| > http://www.trendmicro.com/download/pattern.asp
| >
| > Adaware SE (free personal version v1.05)
| > http://www.lavasoftusa.com/
| >
| > Create a directory.
| > On drive "C:\"
| > (e.g., "c:\New Folder")
| > or the desktop
| > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >
| > Download SYSCLEAN.COM and place it in that directory.
| > Dowload the Trend Pattern File by obtaining the ZIP file.
| > For example; lpt246.zip
| >
| > Extract the contents of the ZIP file and place the contents in the same
| > directory as
| > SYSCLEAN.COM.
| >
| > 2) Update Adaware with the latest definitions.
| > 3) If you are using WinME or WinXP, disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
| > 4) Reboot your PC into Safe Mode
| > 5) Using both the Trend Sysclean utility and Adaware, perform a Full
| > Scan of your
| > platform and clean/delete any infectors/parasites found.
| > (a few cycles may be needed)
| > 6) Restart your PC and perform a "final" Full Scan of your platform
| > using both the
| > Trend Sysclean utility and Adaware
| > 7) If you are using WinME or WinXP,Re-enable System Restore and
| > re-apply any
| > System Restore preferences, (e.g. HD space to use suggested 400 ~
| > 600MB),
| > 8) Reboot your PC.
| > 9) If you are using WinME or WinXP, create a new Restore point
| >
| > * * * Please report back your results * * *
| >
| > Dave
| >
| >
| >
| >
| >
| > | > | Hi,
| > | I need some help please. I run AVG virus checker, it has picked up a
| > Trojan
| > | horse in C\WINDOWS\system32\d3dcfo.dll Trojan horse.Backdoor.agent.BA.
| > AVG
| > | has detected the virus, but it will not delete or rename it or isolate
| > it.
| > | I downloaded the AVG cleaner but can't get into the safe mode to run it.
| > | Everytime I open any program the AVG splash screen comes up and tells me
| > | about the virus and where it is.
| > | Would appreciate any help in getting rid of it, it is driving me nuts.
| > | Also because I am infected does this mean that AVG is not very good.
| > | Thanks for any help
| > | Regards
| > | Bob H
| > |
| > |
| >
| >
|
|