trojan horse virus. HELP

[curt]

I have the trojan backdoor agent virus and cannot get rid
of it.

It is located in C:\windows\system32\WDMAEB.DLL
I have opened system32 file and tried to delete it with
no success tells me access is denied, disc is full and or
write protected
I have also found it in the registry editor and tried to
delete it from there also with no success.

I am using AVG as my virus scanner.
I also am using XP as my operating system

Please can anyone help as this thing is driving me crazy.

Thanks,
Curt

 

[Guest]

Did AVG notify you of this trojan?

 

[curt]

Yes AVG notified me of this trojan, however it will not
remove it???

 

[Mike]

What is the name of the trojan?

Yes AVG notified me of this trojan, however it will not
remove it???

 

[Guest]

My guess is AVG killed the actual virus, but could not remove the .dll file.
Check to see what virus AVG removed it should be in the Virus Vault. You
can turn OFF System Restore, reboot in safe mode, run AVG again delete the
file or files if finds as trojan/trojan horse. HOWEVER, I AM NO EXPERT.
And I cannot guarantee this is the fix.

Here is link from Symantec with a comprehnsive outline for removing trojans
http://www.symantec.com/avcenter/venc/data/trojan.horse.html#removalinstructions
PLEASE DO NOT ATTEMPT THIS FIX IF YOU HAVE ANY HESITATION.

 

[curt]

the name of the virus is trojan horse backdoor agent BA
tried everything and can't get rid of it.

 

[Mike]

First you will need to disable system restore via the following link.
http://tinyurl.com/movy
2nd-After disabling system restore, Go in Windows Explorer and navigate to"
C:\windows\system32\WDMAEB.DLL
Right click on the file WDMAEB.DLL (The file AVG's is complaining about, and
select "Cut"
Go any where on your desktop and right click>paste
The WDMAEB.dll file should be on your desktop
Right click on the file (while on the desktop) and select Properties>uncheck
the "read only" attribute, then you OK out.
Delete the file

If it will not let you move the file or clear the read only attribute, then
try to re-name the file to WDMAEB.old
Then make sure that it is not read only so you can delete it.

After you delete it, then run AVG again and if cleaned, re-enable system
restore

Try those method(s) and advise back. Sometimes XP won't let you take off the
read only attribute.
NOTE: Don't worry about the reference in the registry!

 

[curt]

Did everything you suggested moved file to desk top
unchecked read only would not let me delete it. also
renamed the file still could not delete it.
keeps telling me access is denied make sure disc is not
full or write protected and that the file is not
currently in use.
I also disabled my system restore
any other suggestions.
thanks

 

[Mike]

Boot into safemode at startup and try to delete the file.
At startup, press F8 (that's the function key at the top of your keyboard,
ot the "f" and "8" keys), to select safe mode (should press aF8 fter you
hear your POST beep)

 

[Guest]

Reboot in Safe Mode

Did everything you suggested moved file to desk top
unchecked read only would not let me delete it. also
renamed the file still could not delete it.
keeps telling me access is denied make sure disc is not
full or write protected and that the file is not
currently in use.
I also disabled my system restore
any other suggestions.
thanks

 

[curt]

Thank you so much for the help. Booting into safe mode
did the trick and I was able to rid my system of this
trojan horse.

Thanks,
Curt

 

[Mike]

Your Welcome. Thanks for posting back with the results

you can safely enable system restore, if you should so desire
I used AVG for ages, then I switched to Avast (http://www.avast.com/). Free
for personal use.

I prefer Avast than AVG.