Trojan infection

  archie330 13:03 24 Jan 2008
Locked

I have been infected with a virus, it is called -

msxml3a.dll Avenue Media.

It is in file c:\WINDOWS\system32\msxml3a.dll

Please can anyone tell me how to get rid of it.

My antivirus (F Secure) and Spyhunter Security Suite can't touch it.

Thanks

  Sea Urchin 13:42 24 Jan 2008

Try Superantispyware (free version) from here click here Update before running

  pj123 14:02 24 Jan 2008

Very strange!

According to this: click here
this a genuine dll released by Microsoft.

and yet, according to this: click here

it is spyware.

Something wrong somewhere, or am I not reading it right?

Some more info here: click here

Seems to be plenty of differing views on Google about this dll. Some offering download sites and some offering removal software?

  mfletch 14:22 24 Jan 2008

Hi,

Not sure what to make of it myself,
Could be Legit or may not,

Microsoft,
click here

The Microsoft® XML Parser (MSXML 3.0) .cab File Redistribution Package makes it possible to distribute MSXML 3.0 through the Internet. To do this, you need to create a Web page that upon opening references the msxml3.cab file. The msxml3.cab file then downloads the MSXML 3.0 DLLs (msxml3.dll, msxml3a.dll, and msxmldr.dll) to the user's system folder and registers MSXML 3.0 on the user's computer.

I suppose it could be used by a virus/Trojan

mfletch

  mfletch 14:48 24 Jan 2008

Hi,

Do another scan but this time in safe mode,

1/Click Start and then click Turn Off Computer.
2/In the Turn Off Windows dialog box, click Restart, and then click OK.
3/As your computer restarts but before Windows launches, press F8 repeatedly.
4/Use the arrow keys to highlight Safe Mode, and then press ENTER.
5/If you have a dual-boot or multiple-boot system, choose the installation that you need to access using the arrow keys, and then press ENTER.
Note: If Windows launches before you can choose a safe mode, restart your computer and try again

mfletch

  archie330 15:44 24 Jan 2008

Hi guys,
Just logged back on after doing what Sea Urchin suggested but it is still there.
mfletch - I did the scan in safemode.

  mfletch 17:39 24 Jan 2008

Hi,

It maybe a false alarm,

If you have a virus sample that is not detected or it causes a false alarm with F-Secure Virus Protection

click here

mfletch

  archie330 19:18 24 Jan 2008

Hi, I have sent details to F secure as you suggested. I will have to wait for their reply.
Thanks for your advice, so far.

  mfletch 19:25 24 Jan 2008

If you can find the Virus file/folder you could use this site for a second opinion,

click here

mfletch

  archie330 19:39 24 Jan 2008

I wish I could but can't find it. I know its name and where it is (see my first post) but that's all.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

WPA2 hack: How secure is your Wi-Fi?

Add Depth Of Field to a photo using Tilt Shift Blur in Photoshop

iPhone tips & tricks

Comment afficher des fichiers cachés sur Mac ?