Downloader Virus

[Guest]

Hi.

A downloader Torjan has infected a file on my computer named
C:\windows\system32\browsela.dll

This was identified by several virus scanners, including Ewido (which
claimed to have cleaned it but it is still there - yes, system restore is
turned off), Norton (which admits it cannot delete or quarantine the file),
and Kaspersky.

I cannot delete this file EVEN IN SAFE MODE!

Can anyone help out?

Cheers,
Gregory

 

[Bill Sanderson]

You can get Microsoft's most current definitions by doing a full scan here,
in safe mode with networking:

http://safety.live.com

I'd be very interested to hear whether this does the job for you.

 

[Guest]

Hello

Strangely enough, despite the file repeatedly saying that it could not be
deleted as it was in use, it simply disappeared from my computer altogether
when I rebooted it in Safe Mode (I guess Ewido worked somehow even though the
file was still in the folder after it was allegedly "cleared"). Sadly, this
means I cannot see whether Safety.Live would have worked or not.

Cheers,
Gregory

 

[Bill Sanderson]

Nothing sad about having that critter gone, I suspect. Safety.live.com is
thorough--I think a scan on my home machine takes 3 hours or so--but I
haven't yet had a chance to use it on a machine with anything of
significance in place.

--

 

[Guest]

i had the same malware virus.. go to downloads.com and download the free
version of ewido. it works awesome, got rid of the bug

 

[Guest]

My sister has windows xp and norton is showing that she has a high risk
infection that cannot be deleted. Itis in C:\windows/system32 and avifnsi.dll
Name-Downloader under able to fix or delete. Can anyone tell me what to do?
Thanks so much.

 

[Dave M]

She could try running Norton in SAFE mode which is the standard way of
dealing with spyware that can't be removed in the normal startup.

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406

She could also send that dll file to the following online multi-scanners to
see what's detected, if anything:

http://www.virustotal.com/en/indexf.html
http://virusscan.jotti.org/

....and I suppose she should ask Symantec what to do, since they're
detecting the infection (it could even be a false positive):

http://www.symantec.com/techsupp/home_homeoffice/index.html

 

[Guest]

Thanks so much for the info Dave. How do I run Norton in safe mode? Also
today I did another scan and it shows virus on masterboot and master sector.
Thanks for any info

 

[Dave M]

I'm a bit confused by your question. You'd get into SAFE by using the
information from Symantec (Norton) in the link I provided below to
service1.symantec.com. Then you'd manually start NAV by clicking the
Norton's Icon on your Desktop and run a full system scan which Norton's
calls "scan my computer". Running in SAFE prevents the startup of normal
system services and applications (and hopefully virus activity), and gives
you a better chance of removal. I'd have thought you would already have
tried this, since it was suggested as one of the things that people had
attempted to use in dealing with this downloader.

The other thing that they talk about in that thread is Ewido Anti-Trojan,
and at least two of the posters report success using Ewido to remove the
problem, so you should try Ewido as well and run a "complete system scan"
with it. You can get Ewido 4.0 here for a fully functioning 30 day trial
that did not (for myself) conflict with either Windows Defender or Norton's
when running all Ewido functions including Real Time Protection:

http://www.ewido.net/en/