| 0 |
Subject: Virus Help
Posted by: J
- Leader [10171012] Fri, Apr 28, 2006, 14:03
I got hit with this note from Norton last night and looking for suggestions...(besides seeing how far I can throw it)
Object Name: C:\Windows\system32\twain32.dll
Virus Name: Trojan Horse
Action Take: Unable to repair this file.
Thanks Norton, glad I pay you every year and finally when I need you you're unable to repair this file! Awesome!
Anyways...what can I do? (trying to avoid formatting and reinstalling windows)
|
| 1 | StLCards
Leader
ID: 31010716
Fri, Apr 28, 2006, 14:35
|
If you're using Windows XP I think you should be able to roll the system back to an earlier state before the virus.
I think you can also reinstall the twain32.dll without having to do a full reinstall of windows.
|
| 2 | Balrog
Dude
ID: 02856618
Fri, Apr 28, 2006, 14:47
|
It sounds like a variant of this bad boy: linky
If it is such a beast, reinstalling twain32.dll won't help.
Couldn't find anything on it on symantec's page.
|
| 3 | StLCards
Leader
ID: 31010716
Fri, Apr 28, 2006, 14:50
|
Did Norton successfully quarantine the file?
|
| 4 | Balrog
Dude
ID: 02856618
Fri, Apr 28, 2006, 15:01
|
I just realized, the real windows file is named twain_32.dll (note the underscore). Your infected file is not even a legit Windows file.
|
| 5 | J
Leader
ID: 10171012
Fri, Apr 28, 2006, 15:08
|
so i should just be able to delete it???? Of course, I didn't copy/paste it, I just typed it, so its possible I missed the underscore...
Norton located the file, and told me it was there, but it didn't seem like it did anything with it.
I ran my AVG virus scan in that folder after that and it didn't find anything.
|
| 6 | Balrog
Dude
ID: 02856618
Fri, Apr 28, 2006, 15:13
|
Try scanning just that one file with Norton (Right click filename) It might give more info on what the name of the trojan is. Then you can look it up on Norton's or someone's website and get instructions for manual removal. The problem is, these things usually add keys to your registry that have to be removed as well. Which keys depend on which virus.
|
| 7 | StLCards
Leader
ID: 31010716
Fri, Apr 28, 2006, 15:14
|
open Norton and then look under View/Quarantine and see if there is anything in there.
|
| 8 | J
Leader
ID: 10171012
Fri, Apr 28, 2006, 15:33
|
I think i did that last night...and nothing was there. I'll check again when I get home.
I started going through the removal instructions from Norton and it said Norton 2005 cannot repair files, I needed to upgrade to Norton 2006...and I tried and couldn't download 2006. At which point, I shut the computer off and cried myself to sleep.
I already deleted any keys in my registry that I didn't recognize.
|
| 9 | WiddleAvi
ID: 4356159
Fri, Apr 28, 2006, 15:34
|
J. Try deleting the file in safe mode.
|
| 10 | C.SuperFreak
ID: 413282610
Fri, Apr 28, 2006, 18:06
|
Perform a search to find where the file is located.
then unregister it.
Use the Start Run command and perform the unregister
eg. regsvr32 /u C:\directoryname\subdirectory\twain32.dll
once it's unregistered you should be able to rename it or delete it or move it.
Personally I first rename the file and if that fails I then delete it.
|
| 11 | J
Leader
ID: 049346417
Mon, May 01, 2006, 00:51
|
Thanks for the input guys, I'm all fixed. I bribed an IT friend to take a look and after about 100 virus and spyware scans, I'm back!
|
|
|
|
Post a reply to this message: (But first, how about checking out this sponsor?)
|