Computer Environment:- XP Home edition, and AVAST Home edition.
AVAST has detected W32:BHO-LA[trj] in two “system files” that seem to be variants of real system file names:-
C:\windows\systems32\Devmgrg.dll and
C:\windows\systems32\Admparser.dll
The full AVAST scan detects them, and the shield detects them when you launch Explorer or Internet Explorer. The computer has been taken offline just in case.
AVAST cannot move the two dlls to chest, or delete them. AVAST cannot delete the objects on the next reboot, either.
They cannot be manually deleted/renamed/moved either. Looking at the dll properties and in security, NO PROFILE on the computer has full rights to the dlls, and NO PROFILE has advanced rights (the individual privileges are greyed-out). Only a profile called CREATOR has full management rights, but that isn’t a real profile on this computer. The genuine Administrator account cannot assign the rights to be able to manage these dlls either.
A Regedit registry scan also shows these registry entry-names with the problem dlls referred-to in the data portion, called:-
bbgjqxpo and
xmzvsfkc
System Restore has been disabled and the PC rebooted in Safe Mode and run AVAST but still unable to zap the Trojan.
Have logged on as the default Administrator in Safe Mode and still cannot assign rights for these dlls or delete them or rename them.
H E L P ! ! !
