Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Download.Trojan


  • Please log in to reply
3 replies to this topic

#1 angelsenchantment

angelsenchantment

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 12 September 2004 - 10:31 PM

I am at my wits end. I have tried EVERYTHING that I know to do and cannot solve this problem -- well, it might be TWO problems but somehow I think they are related especially since they both appeared at exactly the same time.

Situation One:

I am running Windows XP -- Home Edition -- with Service Pack 1 on a Dell Dimension 2400 with a 2.40 GHz CPU and 512 MB of RAM. I FAITHFULLY run Norton's AV and also have it set for AutoProtect. (My virus definitions are also up to date.) The following "hotfixes" show up in add or remove programs listing -- Windows XP Hotfix - KB817611 and KB824146 and KB828035.

Somehow, I have picked up the Download.Trojan virus. It is located in C:/windows/system32/cfilorux.dll. Norton's CANNOT get rid of it because access to the file is denied, even in Safe mode. (I disabled system restore and ran the scans in regular AND safe mode two different times but that didn't help either. Additionally, I made sure to run the scans using ALL user accounts just in case one had access and the other didn't.)

The dll file itself is NOT read only or hidden. On the advanced properties tab -- it shows that it is NOT ready for archiving but does allow Index Servicing to index the file.


Norton's has the file on it's quarantine list but the file is still visible in Window's Explorer and I still receive the Norton's popup alert that it is there.

I have ALSO tried to remove it with:

Trojan Remover -- doesn't even find it.
Ad-Aware -- locks up the pc if you try to do anything with it.
Omniquad -- doesn't find it
Stinger -- doesn't find it (Yes, I know that is not one of the viruses listed but I read somewhere that Download.Trojan and Netsky -- which Stinger does list -- are one in the same. Besides, I figure it can't hurt to run a scan even if it turns out to be a waste of time.)
Spybot -- found it but can't remove it
HouseCall (Trend) -- found other trojans but not this one

Additionally, I followed the instructions at Symantic and deleted all Internet Histories etc. plus everything else they recomended.



I tried deleting the file manually -- although I know that is risky at best -- but access is denied to me as well. Again, even in safe mode and irrespective of which user account I use.

Question One: How do I get rid of the DARN thing??

Situation Two

Whenever I shut the computer down (only on a complete shutdown -- if I "restart" it works fine) I get the infamous "Blue Screen of Death" which states:



A problem has been detected and windows has been shut down to prevent damage to your computer.

IRQL_NOT_LESS_OR_EQUAL

If this is the first time that you have seen this stop error, restart your computer. If this screen appears again, follow these steps:

Check to make sure any new hardware or software is properly installed. If this is a new installation etc. etc. (I haven't installed ANYTHING lately!!)

If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode (directions for re-booting in safe mode.) (I am not a complete pc newbie -- I've had pc's for years and remember when everything IMPORTANT was done in DOS. LOL But it makes me nervous to mess around with caching or shadowing when I am not a 100% sure of what I am doing.)

Technical Information

***STOP: 0A0000000 0xFFFFFF94, 0x00000002, 0x00000000, 0x804E15EF

Beginning dump of physical memory

Physical memory dump complete

Contact your system administrator or tech support group for further assistance.


Even though it states that Windows has been shut down, this ONLY occurs when I choose to shut down. The PC is not shutting down on its own.

ANY suggestions would be GREATLY appreciated!!

Angel

BC AdBot (Login to Remove)

 


#2 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:58 PM

Posted 12 September 2004 - 11:17 PM

Ok lets tackle the virus first..

Download killbox here:

KillBox


Unzip the folder to your desktop.

Start Killbox.exe

When it is open, enter C:\windows\system32\cfilorux.dll into the field labeled "Full path of file to delete".

Select the Delete on reboot option.

Then press the button that looks like a red circle with a white X in it.

Your computer will reboot and check to see if the file is gone.

#3 angelsenchantment

angelsenchantment
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 13 September 2004 - 12:12 AM

THANK YOU !! THANK YOU !! THANK YOU!! It worked!!! I have been pulling out my hair for HOURS and this took care of it in seconds. THANK YOU!!

Angel

#4 Grinler

Grinler

    Lawrence Abrams


  • Admin
  • 43,541 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:01:58 PM

Posted 13 September 2004 - 02:50 PM

Glad it worked out :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users