Trojan Virus Removal Problem
 

The laptop has a Trojan virus as Norton keeps displaying an Irremovable window saying its detected one. It cannot remove it or fix it or delete it. It gives the object name as: C:/WINDOWS/system32/req.dll and the Virus Name as Download.Trojan (replace the forward slashes with backslashes as the keyboard cannot do backslashes!!!)

I've followed the link provided, gone into safe mode having turned of System Restore, networking etc. ran Norton scan and the virus was detected, but again removal etc was not possible. I have searched PPRuNe for other threads and tried even the VundoB fix but the virus isn't VundoB. I cannot find anything relating to a name, or am I being thick and the virus is actually called Download.Trojan? I have followed all the Norton webpage recommendations on this but nothing works.

Anyone help please?

[edited to add:]
I\'ve done a search for download.trojan and lo and behold have found a thread from a year ago!! However having done a Hijack This! scan I am now needing someone to please have a look at it for me. I\'ve tried posting it here but PPRuNe won\'t let me saying its got too many smilies/img/vB codes even though I haven\'t added any and don\'t really understand what its on about! So if anyone knows someone I can e-mail that would be great.

Thanks for any help

5mb

Paste the HijackThis log into the PPRuNe reply pane, but check the "Disable Smilies in This Post" checkbox in the options section.

Mike, have done all the Symantec Website reccomendations and not won yet.

Here's my Hijack This log:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.premiership.fantasysports.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\req.dll (file missing)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.3000.1002\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.4000.1001\en-gb\msntb.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=presario&pf=lapt op
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O20 - Winlogon Notify: req - C:\WINDOWS\system32\req.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I have followed Mike Jenvey\'s link to the possible fix, done all it says and have a new Hijack this log below, can someone tell me if it looks any better please? thanks for the help so far.

C:\\WINDOWS\\System32\\smss.exe
C:\\WINDOWS\\system32\\winlogon.exe
C:\\WINDOWS\\system32\\services.exe
C:\\WINDOWS\\system32\\lsass.exe
C:\\WINDOWS\\system32\\svchost.exe
C:\\WINDOWS\\System32\\svchost.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe
C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe
C:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\SPBBCSvc.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe
C:\\WINDOWS\\system32\\spoolsv.exe
C:\\Program Files\\Norton AntiVirus\\navapsvc.exe
C:\\Program Files\\Norton AntiVirus\\IWP\\NPFMntor.exe
C:\\WINDOWS\\system32\\nvsvc32.exe
C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe
C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\SymWSC.exe
C:\\WINDOWS\\Explorer.EXE
C:\\Program Files\\Apoint2K\\Apoint.exe
C:\\WINDOWS\\AGRSMMSG.exe
C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe
C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe
C:\\Program Files\\QuickTime\\qttask.exe
C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe
C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe
C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe
C:\\Program Files\\MSN Apps\\Updater\\01.02.3000.1001\\en-gb\\msnappau.exe
C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe
C:\\Program Files\\iTunes\\iTunesHelper.exe
C:\\Program Files\\Messenger\\msmsgs.exe
C:\\Program Files\\Apoint2K\\Apntex.exe
C:\\Program Files\\iPod\\bin\\iPodService.exe
C:\\WINDOWS\\system32\\wuauclt.exe
C:\\Program Files\\Hijackthis\\HijackThis.exe

R1 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
R0 - HKCU\\Software\\Microsoft\\Internet Explorer\\Main,Start Page = http://uk.premiership.fantasysports.yahoo.com/
R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ario&pf=laptop
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Adobe\\Acrobat 6.0\\Reader\\ActiveX\\AcroIEHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\\Program Files\\MSN Apps\\ST\\01.02.3000.1002\\en-xu\\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\MSN Apps\\MSN Toolbar\\01.02.4000.1001\\en-gb\\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\\Program Files\\Norton AntiVirus\\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\\Program Files\\Norton AntiVirus\\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\\Program Files\\MSN Apps\\MSN Toolbar\\01.02.4000.1001\\en-gb\\msntb.dll
O4 - HKLM\\..\\Run: [Apoint] C:\\Program Files\\Apoint2K\\Apoint.exe
O4 - HKLM\\..\\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\\..\\Run: [NvCplDaemon] RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup
O4 - HKLM\\..\\Run: [nwiz] nwiz.exe /install
O4 - HKLM\\..\\Run: [Cpqset] C:\\Program Files\\HPQ\\Default Settings\\cpqset.exe
O4 - HKLM\\..\\Run: [SunJavaUpdateSched] C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\jusched.exe
O4 - HKLM\\..\\Run: [UpdateManager] "C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe" /r
O4 - HKLM\\..\\Run: [QuickTime Task] "C:\\Program Files\\QuickTime\\qttask.exe" -atboottime
O4 - HKLM\\..\\Run: [ccApp] "C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe"
O4 - HKLM\\..\\Run: [SSC_UserPrompt] C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe
O4 - HKLM\\..\\Run: [eabconfg.cpl] C:\\Program Files\\HPQ\\Quick Launch Buttons\\EabServr.exe /Start
O4 - HKLM\\..\\Run: [Symantec NetDriver Monitor] C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe
O4 - HKLM\\..\\Run: [msnappau] "C:\\Program Files\\MSN Apps\\Updater\\01.02.3000.1001\\en-gb\\msnappau.exe"
O4 - HKLM\\..\\Run: [MessengerPlus3] "C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe"
O4 - HKLM\\..\\Run: [iTunesHelper] C:\\Program Files\\iTunes\\iTunesHelper.exe
O4 - HKCU\\..\\Run: [MessengerPlus3] "C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe" /WinStart
O4 - HKCU\\..\\Run: [MSMSGS] "C:\\Program Files\\Messenger\\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\\Program Files\\Microsoft Office\\Office10\\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\\PROGRA~1\\MICROS~4\\Office10\\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\npjpi142_05.dll
O9 - Extra \'Tools\' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\j2re1.4.2_05\\bin\\npjpi142_05.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\\PROGRA~1\\MICROS~4\\OFFICE11\\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O9 - Extra \'Tools\' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\\Program Files\\Messenger\\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_CA&c=Q105&bd=presario&pf=lapt op
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\ccSetMgr.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\\Program Files\\HPQ\\SHARED\\HPQWMI.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\\Program Files\\iPod\\bin\\iPodService.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\\Program Files\\Norton AntiVirus\\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\\Program Files\\Norton AntiVirus\\IWP\\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\\WINDOWS\\system32\\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\\Program Files\\Norton AntiVirus\\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\\PROGRA~1\\COMMON~1\\SYMANT~1\\SCRIPT~1\\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\SPBBC\\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\SymWSC.exe

Trojan
 

5milesbaby, had a similar problem to you last week and obtained a patch from Dell Gold Customer support if you e mail me [email protected] I can send it on to you.

Cheers for that Sumatra, but having removed it and thought everything was safe forgot to re-enable the Antivirus/Firewall and the chaos, as expected, ensued! Now have a fully clean harddrive, following a full re-installation of XP!! It possibly needed it anyhow........ :}

I had the exact same thing on my Dell. I could not delete that file. I used GiPo@MoveOnBoot. It deletes the file on the next reboot.

Like a lot of people I had the same thing on my laptop. At first I could not delete it and Norton AntiVirus could not get rid of it. I finally managed by finding the file and asking Norton to scan just that file. When it did and confirmed the Trojan it quarantined it straight away. No I don't understand, it just worked.