Trojan Desktop Hijack

  cableguy2005 11:24 01 Jul 2005

hi, my friend has norton antivirus and firewall, running xp.
norton says thers two trojandesktophijack viruses on his system and the 'high risk' window stays on screen all the time. we ran norton but it couldnt repair, quarintine or delete the file. cant manual delete it either.

Virus names are

tried the online instructions to remove the virus to no avail.and the actual online scan says thers no viruses, but norton on his system keeps picking it up.
it can send data of what you type into internet pages and so on. seems bad.

can anyone help at all? thanks

  Fruit Bat /\0/\ 11:41 01 Jul 2005

The invading dll loads via the registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

This causes it to attach to every application at startup.

If there is a dll specified, like c:windows\system32\wini.dll, don't bother looking for it in that folder. As long as the intruder is active, it will hide the filename in any folder or directory listing.

YOU MUST DELETE THE REGISTRY KEY! (even if there is no dll listed in it)

However, if you delete it, the intruder will put it back since it is currently running.

1. in regedit, this key is in the Windows "folder" that you see in the left part of the window. Change the name of this folder to "Windows2".

2. Then delete the AppInit_DLLS key.

3. Then change the name of the folder back to "Windows"

Do this in safe mode, but I don't know if that is required.

Run the various anti-hijack programs to clean up whatever they find.

Then reboot and run the anti-hijack programs again to be sure.

  cableguy2005 11:55 01 Jul 2005

thank you. will try that this evening and be back....

  cableguy2005 08:39 04 Jul 2005

done that, the AppInit_DLLS key was deleted.
but norton says the virus is still there in c:windows\system32\wini.dll

  cableguy2005 10:33 04 Jul 2005

does anyone have any advice please?

  Terry Brown 11:14 04 Jul 2005

Have you tried 'Adaware' and 'spybot', both free (use any search engine to find the latest version), these will normally catch the majority of trojans and spyware. I suggest you turn OFF your system restore, while you are doing this as some spyware has been known to hide in the restore folder.

  cableguy2005 12:59 04 Jul 2005

thanks terry. had already ran both adaware and spybot. turned off system restore too.


  VoG II 13:06 04 Jul 2005

Try a² click here

  cableguy2005 13:43 04 Jul 2005

will try. cheers vog

  brambles 18:04 04 Jul 2005

Recommend try this.

Also type Remove spoolsrv32.exe srpcsrv32.dll
in Google & you will see how prevelant this problem is.

It sounds like downloading some latest definitions from Norton is the answer.


  stalion 18:28 04 Jul 2005

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

Add Depth Of Field to a photo using Tilt Shift Blur in Photoshop

iPhone tips & tricks

Comment afficher des fichiers cachés sur Mac ?