Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windll


  • Please log in to reply
9 replies to this topic

#1 Ashotoftequila

Ashotoftequila

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 15 February 2006 - 03:53 PM

I just installed Norton Internet security 06 and it found windll had full access, what is it? I tried a bit of a search and it came back as a Trojan. I went into the security and blocked it then.... So then I came here after another search, (Nice board by the way!) to ask.
Maybe I am asking in the wrong area? Sorry if I am.

G :thumbsup:

BC AdBot (Login to Remove)

 


#2 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:54 AM

Posted 15 February 2006 - 05:03 PM

It is from a virus, a fairly (un)popular one. Did Norton remove it? Sometimes installing Anti-Virus software on to an infected computer will fail, or at least the program will not update or work correctly, because afterwards is sometimes too late. Let us know, and then we can recommend what course of action you can take from here.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#3 Ashotoftequila

Ashotoftequila
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 15 February 2006 - 07:21 PM

Hello Albert.
Thanks for your prompt response. Norton didnt remove but asked me when I was installing if it was allowed to connect to the internet, I ,of course yes... This was bothering me all day so I decided to check it out and sure enough there it was in the personal firewall under program control, with permit all checked next to it, I then disabled it to see if I could still connect... And here I am! Still connected.
So you say a unpopular virus... Any advice?

G

#4 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:54 AM

Posted 16 February 2006 - 08:41 AM

Assuming that Norton installed properly and has been fully updated, run a full system scan and see if it finds and removes the offender. That is the place to start.

Pretty much each anti-virus company names the same viruses differently. The people at Symantic (the makers of Norton) call this virus W32.Beagle.AQ@mm. If Norton is working properly it should be able to remove it. There is more information on this situation HERE.

Let us know how you came out in the end. We have other options if this is not completely successful.

Edited by Albert Frankenstein, 16 February 2006 - 08:47 AM.

ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#5 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:09:54 AM

Posted 16 February 2006 - 08:55 AM

After you run the Norton scan, delete what it finds and reboot, you should run a variety of other anti-malware aps as well.

If you don't already have these, download, install, update and run them from safe mode. (You should have run the Norton scan using safe mode as well because a malware program that is running can't be properly removed - you will see notices like "cannot be deleted - in use by another application)

Anti-malware freeware (You can run as many of these as you wish. Generally there is no conflict between these and you should always run several)

AdAware SE: http://www.lavasoftusa.com/software/adaware/

Spybot S&D: http://www.safer-networking.org/en/index.html
Be sure to enable “Teatimer” which gives you realtime protection.


Microsoft Windows Defender
http://www.microsoft.com/athome/security/s...re/default.mspx
This also provides realtime protection.

SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html

Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx

A² - Free from http://www.majorgeeks.com/download4281.html . Run it, click Search for Updates, then click Scan.

After you run the aps resident on your computer, run these web based anti-virus - anti-malware scans. You must use Internet Explorer to run these as they require Active X to work:

Web based online Antivirus and anti-malware scans: (these can be run regardless of whatever else you are using. You must use Internet Explorer to run these.)

Kaspersky Anti-Virus Web Scanner
http://www.kaspersky.com/service?chapter=161739400#betatest


Panda Activescan
http://www.pandasoftware.com/activescan/co...n_principal.htm

Trend Micro antivirus and malware scan:
http://housecall-beta.trendmicro.com/en/st...orp.asp?id=scan

Etrust Anti-virus web scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx.

online trojan scans here -
http://scan.sygatetech.com/pretrojanscan.html


Windows Security Trojanscan
http://windowsecurity.com/trojanscan
See instructions for it here:
http://www.windowsecurity.com/trojanscan/trojanscan.asp

#6 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:54 AM

Posted 16 February 2006 - 11:45 AM

You should have run the Norton scan using safe mode as well because a malware program that is running can't be properly removed - you will see notices like "cannot be deleted - in use by another application)

Sorry, Enthusiast is absolutely correct, and I should have mentioned running Norton in safe mode. It is described in the link that I gave you earlier under Removal Instructions, which read in part:

The following instructions pertain to all current and recent Symantec
antivirus products, including the Symantec AntiVirus and Norton AntiVirus product lines.

Disable System Restore (Windows Me/XP).
Update the virus definitions.
Restart the computer in Safe mode or VGA mode.
Run a full system scan and delete all the files detected as W32.Beagle.AQ@mm.
Delete the value that was added to the registry.
Re-enable the SharedAccess service.

Then the article continues to detail each of the steps listed above.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#7 Ashotoftequila

Ashotoftequila
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 16 February 2006 - 02:00 PM

Ok Guys Thanks for the advice.
Here it is, I done all of the above, it took me pert near most of the day to do it as I have to work as well :thumbsup: anyways, I scanned with Norton and found nothing, so I went and checked the reg with regeit and I didnt find anything in files, I done this just to check first. I went online and done a check for trojans, nothing. I then downloaded with intel updater (Norton) and then turned off the sys restore, then went into the safe mode and done a full scan... nutin! So then I said to h*ll with it and deleted the windll file from sys32 in while still in safe mode. Rebooted and here I am, still surfing anyways... What do you think?
:flowers:

G

#8 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:54 AM

Posted 16 February 2006 - 02:09 PM

Perhaps you did it! :thumbsup:

Be sure to turn your system restore back on.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#9 Ashotoftequila

Ashotoftequila
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:09:54 AM

Posted 16 February 2006 - 02:55 PM

Perhaps you did it! :thumbsup:

Be sure to turn your system restore back on.


:flowers: Thanks for your support Albert et al, Hopefully it stays alive.!

#10 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:10:54 AM

Posted 16 February 2006 - 05:59 PM

Thanks for your support Albert et al

You are welcome. Lot's of good folks here at Bleeping Computer.
ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users