TROJANO-2454

We woke up this morning to be greeted by the “Win32:TROJANO-2454” virus/Trojan ?

Avast set up for a boot time scan. We started the scan BUT ???

Avast found and deleted the Trojan from some windows.internet.temp directory but it also found that it had infected the C:\Windows\System32\PMNLJ.DLL object.

When Avast tries to repair it we get an 42060 error.

How do we get rid of the Trojan? When we re-boot, Avast says the Trojan is in memory.

Any / all help accepted.
If nothing else, is there a way to safely boot the computer to allow us to backup / recover vital files on the computer. What other options do we have?

Thanks,
John Long
Sandy, Utah USA

Follow the instructions in the malware removal section on this website: http://mrspock.dsmirc.co.uk

Hi Johnhlong,

An internet search reveals nothing about Win32:TROJANO-2454. It was added to avast! definitions recently, but there is nothing from other virus companies about how the virus operates or how to remove it.

A search for pmnlj.dll reveals that it is probably a dll which is injected into multiple processes very early in Windows start up. If so, it may be impossible even for a boot time scan to remove it.

It appears in a HijackThis scan in section 020:

O20 - Winlogon Notify: pmnlj - C:\WINDOWS\system32\pmnlj.dll

http://www.bleepingcomputer.com/forums/tutorial42.html

This type of infection is commonly used by Cool Web Search and Look2Me, so it might be worth checking for these infections first:

http://www.intermute.com/spysubtract/cwshredder_download.html

Download CWShredder.

http://www.pchell.com/support/look2me.shtml

Download the Look2Me removal program.

Run both programs and also Ad-Aware and Spybot Search & Destroy if you haven’t already.

Ad-Aware: http://www.lavasoft.de/
Spybot Search & Destroy: http://www.safer-networking.org/en/download/

If none of this works, you will have to past a HijackThis! log: see the Bleeping Computer link above for details.