|
Posted by Vladimir Scherbina on July 14, 2006, 11:19 am
If you were Registered and logged in, you could reply and use other advanced thread options
tried to do that without success.
To OP: most likely this dll module is injected into system processes, I
would use Far (http://farmanager.com/) to search where this module is
loaded - goto processes tab, alt + f7 and search for occurences of 'autlog'
string. If it will be found in processes let us know where exactly. Another
option is to search for this dll in registry. It can be registered as BHO or
Winlogon notification package. Removing usually helps - but only for cases
when module does not protect itself.
--
Vladimir (Windows SDK MVP)
> BrianNo@gmail.com wrote:
>
>> Hi. I tried your Sysclean software, and I followed the directions, but
>> the software didn't find any infections on my computer. When I
>> restarted my computer on normal mode, NAV said that I still have the
>> "Downloader" virus.
>>
>> Also, that's the only name NAV will give me. All it says is that it's a
>> Trojan Horse virus and that it's called "Downloader".
>>
>> Perhaps there's another way to remove this virus before it wreaks havoc
>> on my computer?
>
> What happens when you try to delete the autlog.dll file? If you get an
> error
> message, what does it say? Are you using a current version of NAV
> (2005/06)
> with updated virus definitions?
>
> Things to try:
>
> 1. Right-click on the file and look on the Version tab if it exists. This
> can help get information about where the file came from, although most
> malware doesn't have it.
>
> 2. If I were working on the machine and was *very* sure the file was
> malware
> (and since I'm not and can't see your computer please take this advice
> with
> that caveat):
>
> a. If the file is in use and can't be deleted or renamed in Safe Mode, I
> would try Safe Mode Command Prompt. Navigate to the file location and try
> deleting it from the command line.
>
> b. If that didn't work, I would boot the system outside of Windows with
> either a Bart's PE or other professional tool and delete the file that
> way.
> You may or may not have the ability to do this; there is no way for me to
> know.
>
> 3. Have you run Ewido as I suggested? I would. Make sure you update it and
> then boot into Safe Mode to scan.
>
> 4. If Ewido doesn't find anything, do as I also suggested and run
> HijackThis
> and post your log to one of the following specialty forums (not here,
> please):
>
> http://www.aumha.org/a/hjttutor.htm - HijackThis tutorial by Merijn
> http://www.bleepingcomputer.com/forums/index.php?showtutorial=42
> http://aumha.net/viewforum.php?f=30
> http://castlecops.com/forum67.html
> http://spywarewarrior.com/viewforum.php?f=5
> http://www.wilderssecurity.com/
> http://forums.tomcoyote.org/
>
> 5. Send the autlog.dll to VirusTotal to see if they can identify it.
> http://www.virustotal.com/flash/index_en.html
>
> 6. Take the machine to a professional computer repair shop (not a big box
> store) where someone skilled in virus/malware removal can look at it.
>
> Malke
> --
> MS-MVP Windows Shell/User
> Elephant Boy Computers
> www.elephantboycomputers.com
> "Don't Panic"
| 
XML site map