w32\backdoor.aaol

w32\backdoor.aaol
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
w32\backdoor.aaol John 01-27-2007
Posted by =?Utf-8?B?UGFuZGFfbWFu?= on January 28, 2007, 3:57 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
My reply is at the bottom of your message :

"John" wrote:

> My AV detects BACKDOOR.AAOL in c:\windows\system\dasm.dll
> I've determined that this is not a necessary windows file, and yet it is
> tied into explorer.exe and winlogon.exe; thus, AV cannot delete it - neither
> can I delete it. My AV says it will remove it at Restart, but it doesn't. I
> could not shut down winlogon.exe thru Task Manager (it's a "critical
> process"). I booted using DOS 6.2, but DOS could not access my NTFS c-drive.
> I can't seem to find a way to delete the file. Any ideas?
> John
>



Hello John .

Download The Avenger
http://swandog46.geekstogo.com/avenger.exe

Start it . Choose "Load Script Manually"
Type the following text (it will betwenn dashes) . Please be precise and
note it is on two lines
--------
Files to delete:
%windir%\system\dasm.dll
-------

Confirm the command with OK . Now , press the traffic light icon .The
computer will need to reboot . After that The Avenger will load the script
which will start before Windows starts so that the malware DLL file will not
be able to load and will effectively be deleted .


So as I mentioed the file should be gone . After that turn System Restore OFF
Right click on My Computer->Properties->System Restore
Check Turn off system restore and Click OK

Check your computer for additional malware using your antivirus software and
Ewido free (http://download.ewido.net/ewido_micro.exe) and enable System
Restore for future usage :-)

NOTE :
After performing the instruction above , your internet connection may not be
working because the malware could damage your Winsock upon removal . To fix
it :

>>> Windows XP SP2 only
Start –> Run
type
cmd
Click OK
Type
netsh winsock reset
Press ENTER . Restart immediately !

>>> Windows XP and XP SP1
Download and run http://www.spychecker.com/program/winsockxpfix.html

Good luck ! Report back your results !

Panda_man
Silver level Contributor


The site map in XML format XML site map

Contact Us | Privacy Policy