Please help!

Hi all,

I did a quick scan yesterday and avast found a infected file…it was C:\Windows\System32\netfvjm.dll. It was infected with Kheagol-G [Trj].

Being a novice user (I later read some threads here on NOT doing this), I deleted the file. Now, all applications are not functioning correctly because they cannot find this file. I’ve tried recovering the file but to no avail. I also read somewhere here that avast deleted files cannot be recovered.

Anyone have any suggestions to my plight?

Thanks so much!

What do you mean by “not functioning correctly”?
I suggest the installation, update and run of MBAM to confirm your computer is clean.

The malware either set itself up as a debugger or a route though userinit or winlogon

Download OTL to your Desktop

[]Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
[
]Under the Custom Scan box paste this in

[b]netsvcs
%SYSTEMDRIVE%*.*
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
adp3132.sys
mv61xx.sys
/md5stop
%systemroot%*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32*.dll /lockedfiles
%systemroot%\Tasks*.job /lockedfiles
%systemroot%\system32\drivers*.sys /lockedfiles
%systemroot%\System32\config*.sav

[/b]

[*]Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

[*]When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.

Thanks for the suggestions, guys…I actually fixed the problem by extracting from my XP cd the file imm32.dll and overwrote the old file. This file apparently stores all the callup dll’s. After doing that, everything is back to normal!

welcome to the forum.

a small tips for next time you getting something from avast send it to the chest instead of delete it. You get more options of dealing with it then raider deleting it.