Posted 12 September 2004 - 10:31 PM
I am at my wits end. I have tried EVERYTHING that I know to do and cannot solve this problem -- well, it might be TWO problems but somehow I think they are related especially since they both appeared at exactly the same time.
I am running Windows XP -- Home Edition -- with Service Pack 1 on a Dell Dimension 2400 with a 2.40 GHz CPU and 512 MB of RAM. I FAITHFULLY run Norton's AV and also have it set for AutoProtect. (My virus definitions are also up to date.) The following "hotfixes" show up in add or remove programs listing -- Windows XP Hotfix - KB817611 and KB824146 and KB828035.
Somehow, I have picked up the Download.Trojan virus. It is located in C:/windows/system32/cfilorux.dll. Norton's CANNOT get rid of it because access to the file is denied, even in Safe mode. (I disabled system restore and ran the scans in regular AND safe mode two different times but that didn't help either. Additionally, I made sure to run the scans using ALL user accounts just in case one had access and the other didn't.)
The dll file itself is NOT read only or hidden. On the advanced properties tab -- it shows that it is NOT ready for archiving but does allow Index Servicing to index the file.
Norton's has the file on it's quarantine list but the file is still visible in Window's Explorer and I still receive the Norton's popup alert that it is there.
I have ALSO tried to remove it with:
Trojan Remover -- doesn't even find it.
Ad-Aware -- locks up the pc if you try to do anything with it.
Omniquad -- doesn't find it
Stinger -- doesn't find it (Yes, I know that is not one of the viruses listed but I read somewhere that Download.Trojan and Netsky -- which Stinger does list -- are one in the same. Besides, I figure it can't hurt to run a scan even if it turns out to be a waste of time.)
Spybot -- found it but can't remove it
HouseCall (Trend) -- found other trojans but not this one
Additionally, I followed the instructions at Symantic and deleted all Internet Histories etc. plus everything else they recomended.
I tried deleting the file manually -- although I know that is risky at best -- but access is denied to me as well. Again, even in safe mode and irrespective of which user account I use.
Question One: How do I get rid of the DARN thing??
Whenever I shut the computer down (only on a complete shutdown -- if I "restart" it works fine) I get the infamous "Blue Screen of Death" which states:
A problem has been detected and windows has been shut down to prevent damage to your computer.
If this is the first time that you have seen this stop error, restart your computer. If this screen appears again, follow these steps:
Check to make sure any new hardware or software is properly installed. If this is a new installation etc. etc. (I haven't installed ANYTHING lately!!)
If problems continue, disable or remove any newly installed hardware or software. Disable BIOS memory options such as caching or shadowing. If you need to use safe mode (directions for re-booting in safe mode.) (I am not a complete pc newbie -- I've had pc's for years and remember when everything IMPORTANT was done in DOS. LOL But it makes me nervous to mess around with caching or shadowing when I am not a 100% sure of what I am doing.)
***STOP: 0A0000000 0xFFFFFF94, 0x00000002, 0x00000000, 0x804E15EF
Beginning dump of physical memory
Physical memory dump complete
Contact your system administrator or tech support group for further assistance.
Even though it states that Windows has been shut down, this ONLY occurs when I choose to shut down. The PC is not shutting down on its own.
ANY suggestions would be GREATLY appreciated!!