Hi,
Have you tried trogan hunter.
See link below.
It works well with avast as I have it installed.
If not then download and install that.
That will get rid of it hopefully.
Mischel Internet Security - Home of TrojanHunter™ - The original …TrojanHunter is the most powerful trojan scanner on the market. … This new version of TrojanHunter makes TrojanHunter the only trojan scanner on the … www.trojanhunter.com/ - 15k - 2 Oct 2005 - Cached - Similar pages
Because it is in a system folder and likely to be in use it is protected by windows, nice windows.
Schedule a boot-time scan from within avast, that way it won’t be in use.
I also suggest you click the link for DropMyRights in my signature. This should give limited user rights and stop files being placed in the system folders and creating registry entries.
Still get errors on that file, but it found another virus (wumeer) in the Program Files\MSupdate directory. Removing this one has restored some functionality. Still don’t know what to do with that System32.dll file. Gonna try booting with DOS floppy disk and see if I can remove that hidden property on the file.
Can you confirm the OS your are using, because I’m making an assumption that it is XP?
Did you schedule a boot-time scan from within avast as I suggested because that should have been able to deal with this?
Have you visited the DropMyRights link in my signature?
More importantly did you take action, because this will help stop future infection making the job in hand a little easier perhaps.
Limewire is NOT recommended to be used by many Experts
on Antispyware forums; it’s better to use the safer &
“cleaner” “Shareaza” from www.shareaza.com . AND if
you want help with a HijackThis log, it is better to seek
assistance from a HijackThis Expert on an Antispyware
forum, who know things beyond what the HijackThis log
shows .
Got the job done. Downloaded that ewido package suggested by FWF. Don’t know how, but it removed the file no problem.
Subsequent scan by Avast confirmed cleanliness.
David, you mentioned to “take steps”. What steps are you talking about? I use Avast in “resident” mode, so my expectations are that it will protect me from crap coming thorugh the Inet pipes.
I doubt that it could be repaired as it isn’t a system file that is infected, rather a malicious file.
This means “access denied” - i.e. the scanning process doesn’t have rights to access the file http://forum.avast.com/index.php?topic=15087.0. Which leads me to believe you didn’t do a boot-time scan as windows won’t be active. As does the log you gave as as far as I’m aware boot-time logging is very limited and repair isn’t an option as the VRDB process isn’t running.
How did you initiate the boot-time scan?
[QUOTE]Note that there is no file “gui.exe”. Only system32.dll files in the Common directory.
[/quote]
That is correct, gui.exe is a file inside the system32.dll file so you won’t find it.
[QUOTE]David, you mentioned to “take steps”. What steps are you talking about? I use Avast in “resident” mode, so my expectations are that it will protect me from crap coming thorugh the Inet pipes.
[/quote]
I can’t see anywere on this page were I mentioned taking steps, indeed a search only finds your mention of it. What are you referring to?
If this is what you are on about “take action” then it means download it and set it up.
[QUOTE]Have you visited the DropMyRights link in my signature?
More importantly did you take action, because this will help stop future infection making the job in hand a little easier perhaps.
[/quote]