Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Winowl32 Dll Trojan Detected Cannot Delete Help

  • Please log in to reply
2 replies to this topic

#1 dreamer609


  • Members
  • 2 posts
  • Local time:11:20 PM

Posted 10 July 2006 - 06:40 AM

Hi I am new to this forum and am searching for an answer to a problem that I have seemed to have picked up. I am hoping someone can help me out. I have visited a lot of sites in search of a way of how to rid myself of this problem. I don't have any errors or pop ups yet, but I have read that this file is often malware and my viruscan (mcaffee) detects this as a trojan backdoor-CVT. it is called winowl32.ddl and is found in my windows/system32 folder. I have tried to run Ewido, autorun and smitfraudfx and mcaffee all in safemode and all have failed to be able to remove or sometimes detect it. Ewido does not even detect is as a virus, but my mcaffee does each time it is accessed. Half of me wonders if this is a virus or not. I do have ad-aware and spybot ( I have been told adaware puts on spyware itself and it detected it at first in mcaffee as the application of "adaware" but now the application area in mcaffee detects as internet explorer ( I believe this may be based on which program opened it last).[font=Times New Roman] I have tried to run in Safemode Autorun to disable the program in the registry but each time I disable and reboot, it appears again. And when I try to delete the file I get an access denied message. I have tried to turn access on but administrator (which I always am) gets full permission but at the same time my name on this computer which is the same gets limited access. I have tried several times to no avail to change this so that I may delete the file. Well, I am at my wits end in trying to figure this out myself and would appreciate some help:) My scans otherwise turn out empty on everything.. it is just this one lone stubborn trojan (if it is one). So I would really appreciate some help on this or some feedback whether this is an actual virus or not and how to get rid of it without having associated errors.

Thanks in advance

BC AdBot (Login to Remove)


#2 tg1911


    Lord Spam Magnet

  • Members
  • 19,274 posts
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:20 PM

Posted 10 July 2006 - 11:01 AM

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.
Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.

Read Preparation Guide for use before posting a HijackThis Log.
Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.

Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 dreamer609

  • Topic Starter

  • Members
  • 2 posts
  • Local time:11:20 PM

Posted 11 July 2006 - 09:35 PM

Thank you for the quick reply and advice but after a long hard slog on the computer an various sites I seem to have figured out how to get rid of it. I mainly used this site if I may post the link so others who had this same problem can figure out how to delete it.


but even after doing all that it was still there but then I used Mcaffee antivirus and magically it was able to delete the undeletable trojan so those programs must have done sonething. But soon after my computer just crashed lol and gave me a blue screen saying it had to shut down and the next time I rebooted my winlogon was saying it had to shut down. I searched around a while before pressing close and was going to make a windows boot disc from BartsPE but I found that somehowh my dvd / cd writer was not showing up in my My computer, but was showing up in my device manager, which I found rather odd and annoying. So I had to search that too before clicking close on winlogon and I found a very good site for those with the same problem or other windows issues.


Then I pressed close and nothing disasterous happened and was ready to make up that BartPE boot up disk to delete and replace my winlogon but somehow miraculously when I rebooted and rebooted other times I no longer got that winlogon shut down error. I scanned my computer and I am now virus and error free, but thank you for your prompt reply.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users