I'm running NOD32 antivirus software and the other day it came up with 2 [warning] messages about the same file, 'awtqrsRK.dll', located in 'C:\WINDOWS\system32', that there is a threat 'Win32/Adware.Virtmonde application'. It says the file can be deleted, and there is an option to delete it, but doesn't, even after reboot as it suggests... and neither can I when I go to it directly , since NOD32 says it is being used by Explorer.exe and winlogon.exe. It won't allow the message to go away (I'm assuming because of the persistent threat) nor clean the infected file or delete it, so the message consistently pops up and I have to minimize it to do anything. I tried to boot in safe mode and then delete it, but even that didn't work. I went through the registry and searched for 'awtqrsRK' and it occurs 4 times, which I deleted, then rebooted, only to find that they all reappear again once rebooted. I ran AdAware 2007, the NOD32 software, VundoFix 7.0.3, AND Spyware Doctor, all unsuccessfully. Anyone heard of this file before? I looked it up but there were no warnings or instructions on how to safely remove it. Also, the winlogon.exe process in the task manager shows more CPU activity now... and my hard drive activity light blinks like its running something about every second or two. That is NOT normal. UGH... this sucks. Anyone got any suggestions how to remove this threat? Is there a program that can remove virtumonde viruses? Is there a way to boot WinXP in DOS mode or at the command prompt so the Explorer.exe and winlogon.exe process are not using/accessing/locking 'awtqrsRK.dll' and it can be deleted manually? There were a few occasions where it warned of malicious code infiltration but so far I have not noticed anything bad or wierd happening YET... but I want to get trid of this ASAP before it jams up my system! HELP!!! Thanks.
Edited by Orange Blossom, 05 May 2008 - 04:46 PM.
Moved to more appropriate forum. ~ OB