My computer has been running very slowly lately, as well as a few other problems.
Yesterday Avast told me that I’ve got trojano-2502 and that the infected file is qomli.dll
I see that someone else has posted on trojano-2502, but my problem seems a bit different;
Avast allows me to delete the file, but it keeps reappearing (about every 20 mins or so). I used Trojan Hunter and that didn’t detect it. MS Antispyware didn’t detect it. I used killbox to delete the file (and make sure it was deleted on reboot) - that didn’t work - the qomli.dll file keeps reappearing.
Unfortunately I’m not at my home pc at the moment, so I can’t recall the exact details, however
-avast virus database was updated yesterday
-it was found at C:\windows\system32\qomli.dll
to resolve the problem I’ve deleted with Avast, used Killbox. I haven’ t yet tried a boot time scan or going into safe mode (only read about that this morning and will try that when I’m at home)
Re-occurring may also result from malware which loads early with Windows- even before a boot time scan- including the dreaded rootkit.
Unfortunately, nothing is coming up on Google re qomli.dll. Of course it could be a random filename.
A boot time scan with avast! is still worth a try.
There are a number of free virus scanners, downloadable and online you could try. I recommend Trend Micro Sysclean, and the Panda and F-Secure online scans. Kaspersky also has an online scanner but it doesn’t remove malware.
I’m wondering if I should “fix checked” that line.
that’s the file that was infected, and thankfully as of yet hasn’t reappeared
Does my hijackthis log look ok?
Logfile of HijackThis v1.99.1
Scan saved at 8:43:25 p.m., on 26/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
No active firewall was found on your system or the firewall you use is unknown to us. If you don´t use a firewall you should download and install one or activate windows xp´s own one.
The AppInit_DLLs registry value contains a list of dlls that will be loaded when user32.dll is loaded. As most Windows executables use the user32.dll, that means that any DLL that is listed in the AppInit_DLLs registry key will be loaded also. This makes it very difficult to remove the DLL as it will be loaded within multiple processes, some of which can not be stopped without causing system instability. The user32.dll file is also used by processes that are automatically started by the system when you log on. This means that the files loaded in the AppInit_DLLs value will be loaded very early in the Windows startup routine allowing the DLL to hide itself or protect itself before we have access to the system.
Effectively you don’t have a firewall as the windows XP firewall (I assume that this is your firewall) doesn’t you full protection for outbound activity, it is however, better than no firewall. Without this outbound protection it’s possible for malware on your system to download more of the same.
You would be better choosing one of the third party freeware firewalls Zone Alarm has a relatively friendly interface if you aren’t familiar with firewalls. There are a number of threads in the forum about avast and firewall/s.