Hi,

I used to get in here to ask/search for help. Although I am not an expert, I thought it is good to share sometimes my work with others.
Yesterday ‘Avast!’ (0443-0) found a trojan (Win32:Trojan-gen. {Other}) in “C:\WINDOWS\iDonate.dll” (OS: XP home SP2)
I don’t use to delete or move an infected file without having first enough information on it. This time, I couldn’t find such information after my usual search. So I decided to remove first and manually all its related keys from the registry (not for novice!).

The keys were (10 keys):

============================================================

HKEY_CLASSES_ROOT\CLSID{397D7D63-816E-4ECF-8761-775C932C5CF1}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{397D7D63-816E-4ECF-8761-775C932C5CF1}

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{397D7D63-816E-
4ECF-8761-775C932C5CF1}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{397D7D63-816E-4ECF-8761-775C932C5CF1}

HKEY_USERS\S-1-5-21-1333191943-1157166300-2305813310-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats{397D7D63-816E-4ECF-8761-775C932C5CF1}

HKEY_CLASSES_ROOT\TypeLib{792993D0-6FF5-4EF6-ACBA-97089743B16C}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib{792993D0-6FF5-4EF6-ACBA-87089743B16C}

HKEY_CLASSES_ROOT\Interface{97DEA3CB-DB02-4DCA-A86C-C891DF24E6B1}

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface{97DEA3CB-DB02-4DCA-A86C-C891DF24E6B1}

HKEY_LOCAL_MACHINE\SOFTWARE\iDonate “http://www.amazon.at/”=…

============================================================

I just deleted the above keys from registry at random, in the safe mode and after exporting them first one by one just in case. Some of them were deleted automatically, they were images of others, I guess.

Then I deleted, also in the safe mode, the dll file itself (actually I decrypted it and changed its name).

Till now my XP is running fine, but please let me know if presenting my work here to share it with you is not a good thing to do for some reasons. I am always afraid to help others if I am not asked first. ;D For instance, some of you may remember the saying “Ask, and it shall be given you;” Because, for example, who doesn’t ask you may likely blame you for helping him… as if he/she is inferior to you.

Have a nice day.

Kerim

uhuuuh… what is your “usual search” ? ??? ???

Remember: GOOGLE is your friend

→ Click4Info

==> first hit should be good enough

Your approach was probably ok (though not quite the easiest way to have handled this → see google-link above)) and thanks for the info:
maybe someone actually USING the board-search here will find it useful

**

There IS of course the possibilty to test/scan a suspicious file with other scanners (with avast shield PAUSED):
KAV, RAV, SPYBOT & Ad-Aware come to mind → see link “VirusRemoval” below in my sig

Thank you for your care… whocares

AAAARGH (thats my pirate yell) I have the same thing and have no idea where to start. I sent it to the chest. I was kinda concerned on deleting it. name A0088216.dll, it was in C:/System Volume Imformation_restore. I did a bootime scan, if popped up there as well. I would appreciate any help. By the way my name is Dave and I hope all is well with everyone.