$w32\backdoor.aaol$

w32\backdoor.aaol

Secure Home | Search | About

Lost Password?

Microsoft Antivirus Discussions

get this group's latest topics as an RSS feed

add this group's latest topics to your My MSN content

add this group's latest topics to your My Yahoo content

add this group's latest topics to your Google content

Subject

Author

Date

w32\backdoor.aaol

John

01-27-2007

Re: w32\backdoor.aaol

Leythos

01-27-2007

Re: w32\backdoor.aaol

Joh

01-27-2007

Re: w32\backdoor.aaol

B-Man

01-27-2007

Re: w32\backdoor.aaol

David H. Lipman

01-27-2007

RE: w32\backdoor.aaol

Pan

01-28-2007

Posted by =?Utf-8?B?Sm9obg==?= on January 27, 2007, 11:21 am

If you were Registered and logged in, you could reply and use other advanced thread options

My AV detects BACKDOOR.AAOL in c:\windows\system\dasm.dll
I've determined that this is not a necessary windows file, and yet it is
tied into explorer.exe and winlogon.exe; thus, AV cannot delete it - neither
can I delete it. My AV says it will remove it at Restart, but it doesn't. I
could not shut down winlogon.exe thru Task Manager (it's a "critical
process"). I booted using DOS 6.2, but DOS could not access my NTFS c-drive.
I can't seem to find a way to delete the file. Any ideas?
--
John

Posted by Leythos on January 27, 2007, 11:58 am

If you were Registered and logged in, you could reply and use other advanced thread options

jREMOVEcmcf@rocketmail.com says...

> My AV detects BACKDOOR.AAOL in c:\windows\system\dasm.dll

> I've determined that this is not a necessary windows file, and yet it is

> tied into explorer.exe and winlogon.exe; thus, AV cannot delete it - neither

> can I delete it. My AV says it will remove it at Restart, but it doesn't. I

> could not shut down winlogon.exe thru Task Manager (it's a "critical

> process"). I booted using DOS 6.2, but DOS could not access my NTFS c-drive.

> I can't seem to find a way to delete the file. Any ideas?

Try SAFE MODE, and it would help to know WHAT AV you are using.

--

spam999free@rrohio.com
remove 999 in order to email me

Posted by =?Utf-8?B?Sm9obg==?= on January 27, 2007, 12:12 pm

If you were Registered and logged in, you could reply and use other advanced thread options

I've tried Safe Mode, to no avail. I'm using Freedom package (AV, firewall,
antispyware) obtained thru Adelphia cable.
--
John

"Leythos" wrote:

> jREMOVEcmcf@rocketmail.com says...

> > My AV detects BACKDOOR.AAOL in c:\windows\system\dasm.dll

> > I've determined that this is not a necessary windows file, and yet it is

> > tied into explorer.exe and winlogon.exe; thus, AV cannot delete it - neither

> > can I delete it. My AV says it will remove it at Restart, but it doesn't.

> > could not shut down winlogon.exe thru Task Manager (it's a "critical

> > process"). I booted using DOS 6.2, but DOS could not access my NTFS c-drive.

> > I can't seem to find a way to delete the file. Any ideas?

> Try SAFE MODE, and it would help to know WHAT AV you are using.

> --

> spam999free@rrohio.com

> remove 999 in order to email me

Posted by B-Man on January 27, 2007, 1:14 pm

If you were Registered and logged in, you could reply and use other advanced thread options

when you face a problem always look at it from a different perspective

first of all i dont recommend removing a DLL thats attached to a shell of
any kind

try Linux start your system with a Live Boot session of Linux ( make sure
you have a distribution that supports NTFS ) and simply browse to and delte
the file

SLAX ( http://www.slax.org/ ) is an excellent way to do this but remember
after booting before attempting to make changes to your hardrive to unmount
it and remount it as writable ussing the following commandes

#>umount /mnt/<the device name>
#>ntfsmount /dev/<device name> /mnt/<devicename>

in example
#>umount /mnt/hda1
#>ntfsmount /dev/hda1 /mnt/hda1

good luck ,
Brian M

> I've tried Safe Mode, to no avail. I'm using Freedom package (AV,

> firewall,

> antispyware) obtained thru Adelphia cable.

> --

> John

> "Leythos" wrote:

>> jREMOVEcmcf@rocketmail.com says...

>> > My AV detects BACKDOOR.AAOL in c:\windows\system\dasm.dll

>> > I've determined that this is not a necessary windows file, and yet it

>> > is

>> > tied into explorer.exe and winlogon.exe; thus, AV cannot delete it -

>> > neither

>> > can I delete it. My AV says it will remove it at Restart, but it

>> > doesn't. I

>> > could not shut down winlogon.exe thru Task Manager (it's a "critical

>> > process"). I booted using DOS 6.2, but DOS could not access my NTFS

>> > c-drive.

>> > I can't seem to find a way to delete the file. Any ideas?

>> Try SAFE MODE, and it would help to know WHAT AV you are using.

>> --

>> spam999free@rrohio.com

>> remove 999 in order to email me

Posted by David H. Lipman on January 27, 2007, 2:10 pm

If you were Registered and logged in, you could reply and use other advanced thread options

| My AV detects BACKDOOR.AAOL in c:\windows\system\dasm.dll
| I've determined that this is not a necessary windows file, and yet it is
| tied into explorer.exe and winlogon.exe; thus, AV cannot delete it - neither
| can I delete it. My AV says it will remove it at Restart, but it doesn't. I
| could not shut down winlogon.exe thru Task Manager (it's a "critical
| process"). I booted using DOS 6.2, but DOS could not access my NTFS c-drive.
| I can't seem to find a way to delete the file. Any ideas?
| --
| John

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm

* * * Please report back your results * * *

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

The site map in XML format XML site map