Trojan Infection

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

I ran all of the step-by-steps to try to delete a trojan infection, but
nothing has worked so far.

Supposedly the infection is in C:windows\dlm.html

How do I delete this, clean it up, etc.

I've been running circles for hours trying to find the right help area but
have not had any luck

Please help
14 answers Last reply
More about trojan infection
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    srnewman wrote:

    > I ran all of the step-by-steps to try to delete a trojan infection,
    > but nothing has worked so far.
    >
    > Supposedly the infection is in C:windows\dlm.html
    >
    > How do I delete this, clean it up, etc.
    >
    > I've been running circles for hours trying to find the right help area
    > but have not had any luck
    >
    > Please help

    Unfortunately, since you didn't tell us what all of the "step-by-steps"
    you performed, there is no way to guess what you've done and how you've
    done it. Start by running TrendMicro's Sysclean in Safe Mode.

    TrendMicro's Sysclean is an extensive antivirus tool which has the
    advantage of not needing to be installed. It requires two parts - the
    scanning engine and the virus pattern files. Delete all Temporary and
    Temporary Internet Files before running the program. For a more
    automatic method, you can try Dave Lipman's Sysclean_FE from:
    http://www.ik-cs.com/got-a-virus.htm

    1. Create a new folder on your Desktop or the C: drive named something
    useful like "Sysclean".
    2. Go here and download the two parts of the program to that folder:

    http://www.trendmicro.com/download/dcs.asp - Sysclean
    http://www.trendmicro.com/download/pattern.asp - virus pattern files

    The pattern files will be zipped - extract them with your unzipper (like
    WinZip) or if you have XP, you can just open the folder. You need to
    put the extracted files in the Sysclean folder you made.

    3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
    tapping the F8 key as the computer is starting up to get to the proper
    menu.
    4. Go to the Sysclean folder you made and double-click on sysclean.com.
    Start the scan. After the scan is finished, look at the log. You may
    need to make a note of where any viruses were found if they were not
    able to be removed so you can manually delete them.

    After you have scanned with Sysclean, update your full-featured
    antivirus (if you do not have one installed, get one, install it, then
    update it) and do a thorough scan in Safe Mode.

    Malke
    --
    MS MVP - Windows Shell/User
    www.elephantboycomputers.com
    In Memoriam - MVP Alex Nichol
    The world is diminished without him.
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "srnewman" <srnewman@discussions.microsoft.com>

    | I ran all of the step-by-steps to try to delete a trojan infection, but
    | nothing has worked so far.
    |
    | Supposedly the infection is in C:windows\dlm.html
    |
    | How do I delete this, clean it up, etc.
    |
    | I've been running circles for hours trying to find the right help area but
    | have not had any luck
    |
    | Please help

    There are anti virus News Groups specifically for this type of discussion.

    microsoft.public.scripting.virus.discussion
    microsoft.public.security.virus
    alt.comp.virus
    alt.comp.anti-virus


    You don't mention what Trojan. You don't mention what steps were take. You don't mention
    what software.

    Dump the contents of the IE Temporary Internet Folder cache (TIF)

    start --> settings --> control panel --> internet options --> delete files

    1) Download the following three items...

    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend Pattern File.
    http://www.trendmicro.com/download/pattern.asp

    Ad-aware SE (free personal version v1.05)
    http://www.lavasoftusa.com/

    Trend Sysclean Method 1
    ---------------------------------------
    Create a directory.
    On drive "C:\"
    (e.g., "c:\sysclean")

    Download SYSCLEAN.COM and place it in that directory.
    Download the signature files (pattern files) by obtaining the ZIP file.
    For example; lpt530.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    SYSCLEAN.COM.

    Trend Sysclean Method 2
    ---------------------------------------
    The utility SYSCLEAN_FE in "Procedure 1" at the following URL
    http://www.ik-cs.com/got-a-virus.htm automates the download and execution process of the
    Trend Sysclean Package.

    2) Update Ad-aware with the latest definitions.
    3) Disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    5) Using both the Trend Sysclean utility and Ad-aware, perform a Full Scan of your
    platform and clean/delete any infectors/parasites found.
    (a few cycles may be needed)
    6) Restart your PC and perform a "final" Full Scan of your platform using both the
    Trend Sysclean utility and Adaware
    7) Re-enable System Restore and re-apply any System Restore preferences,
    (e.g. HD space to use suggested 400 ~ 600MB),
    8) Reboot your PC.
    9) Create a new Restore point

    * * Please report back your results ! * *


    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi,
    I read your reply with interest - I also think that I may have a similar
    problem.
    I did as you said, created the folder on C/, downloaded the two files from
    Trend and put them in the folder, unzipped the vp files into the same folder,
    restarted in safe mode and clicked on sysclean.com. Result - my screen went
    black for a couple of milliseconds but nothing happened. No scan, no report,
    nothing!!!
    What an I doing wrong? I have WinXP home and was connected to the net when i
    ran the program.
    Thanks in advance for any light that you can shed on my problem.
    Peebs

    "Malke" wrote:

    > srnewman wrote:
    >
    > > I ran all of the step-by-steps to try to delete a trojan infection,
    > > but nothing has worked so far.
    > >
    > > Supposedly the infection is in C:windows\dlm.html
    > >
    > > How do I delete this, clean it up, etc.
    > >
    > > I've been running circles for hours trying to find the right help area
    > > but have not had any luck
    > >
    > > Please help
    >
    > Unfortunately, since you didn't tell us what all of the "step-by-steps"
    > you performed, there is no way to guess what you've done and how you've
    > done it. Start by running TrendMicro's Sysclean in Safe Mode.
    >
    > TrendMicro's Sysclean is an extensive antivirus tool which has the
    > advantage of not needing to be installed. It requires two parts - the
    > scanning engine and the virus pattern files. Delete all Temporary and
    > Temporary Internet Files before running the program. For a more
    > automatic method, you can try Dave Lipman's Sysclean_FE from:
    > http://www.ik-cs.com/got-a-virus.htm
    >
    > 1. Create a new folder on your Desktop or the C: drive named something
    > useful like "Sysclean".
    > 2. Go here and download the two parts of the program to that folder:
    >
    > http://www.trendmicro.com/download/dcs.asp - Sysclean
    > http://www.trendmicro.com/download/pattern.asp - virus pattern files
    >
    > The pattern files will be zipped - extract them with your unzipper (like
    > WinZip) or if you have XP, you can just open the folder. You need to
    > put the extracted files in the Sysclean folder you made.
    >
    > 3. Restart your computer in Safe Mode. Get into Safe Mode by repeatedly
    > tapping the F8 key as the computer is starting up to get to the proper
    > menu.
    > 4. Go to the Sysclean folder you made and double-click on sysclean.com.
    > Start the scan. After the scan is finished, look at the log. You may
    > need to make a note of where any viruses were found if they were not
    > able to be removed so you can manually delete them.
    >
    > After you have scanned with Sysclean, update your full-featured
    > antivirus (if you do not have one installed, get one, install it, then
    > update it) and do a thorough scan in Safe Mode.
    >
    > Malke
    > --
    > MS MVP - Windows Shell/User
    > www.elephantboycomputers.com
    > In Memoriam - MVP Alex Nichol
    > The world is diminished without him.
    >
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Peebs" <Peebs@discussions.microsoft.com>

    | Hi,
    | I read your reply with interest - I also think that I may have a similar
    | problem.
    | I did as you said, created the folder on C/, downloaded the two files from
    | Trend and put them in the folder, unzipped the vp files into the same folder,
    | restarted in safe mode and clicked on sysclean.com. Result - my screen went
    | black for a couple of milliseconds but nothing happened. No scan, no report,
    | nothing!!!
    | What an I doing wrong? I have WinXP home and was connected to the net when i
    | ran the program.
    | Thanks in advance for any light that you can shed on my problem.
    | Peebs

    Peebs:

    Download the Sysclean Front End utility ( SYSCLEAN_FE ) at the following URL, SYSCLEAN_FE
    automates the download and execution process of the Trend Sysclean Package.
    http://www.ik-cs.com/got-a-virus.htm

    Direct URL:
    http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe

    Execute; SYSCLEAN_FE.EXE
    Choose; Unzip
    Choose; Close

    There is a PDF file that will be placed in c:\sysclean to assist you.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    David, many thanks for your quick response.
    I did as you suggested, downloaded sysclean.fe, unzipped it into the
    c:/sysclean folder. I followed the pdf file and executed the sysclean_fe.exe
    from the sysclean folder. Ithen got a box saying something abot downloading
    files and then got a black dos screen with an error message saying something
    like vp files cannot be opened to read. The screen dissapeared very qickly
    and that was that.
    What am I doing wrong???
    Regards,
    Peebs

    "David H. Lipman" wrote:

    > From: "Peebs" <Peebs@discussions.microsoft.com>
    >
    > | Hi,
    > | I read your reply with interest - I also think that I may have a similar
    > | problem.
    > | I did as you said, created the folder on C/, downloaded the two files from
    > | Trend and put them in the folder, unzipped the vp files into the same folder,
    > | restarted in safe mode and clicked on sysclean.com. Result - my screen went
    > | black for a couple of milliseconds but nothing happened. No scan, no report,
    > | nothing!!!
    > | What an I doing wrong? I have WinXP home and was connected to the net when i
    > | ran the program.
    > | Thanks in advance for any light that you can shed on my problem.
    > | Peebs
    >
    > Peebs:
    >
    > Download the Sysclean Front End utility ( SYSCLEAN_FE ) at the following URL, SYSCLEAN_FE
    > automates the download and execution process of the Trend Sysclean Package.
    > http://www.ik-cs.com/got-a-virus.htm
    >
    > Direct URL:
    > http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe
    >
    > Execute; SYSCLEAN_FE.EXE
    > Choose; Unzip
    > Choose; Close
    >
    > There is a PDF file that will be placed in c:\sysclean to assist you.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Peebs" <Peebs@discussions.microsoft.com>

    | David, many thanks for your quick response.
    | I did as you suggested, downloaded sysclean.fe, unzipped it into the
    | c:/sysclean folder. I followed the pdf file and executed the sysclean_fe.exe
    | from the sysclean folder. Ithen got a box saying something abot downloading
    | files and then got a black dos screen with an error message saying something
    | like vp files cannot be opened to read. The screen dissapeared very qickly
    | and that was that.
    | What am I doing wrong???
    | Regards,
    | Peebs


    Peebs:

    Make sure you logon as the ADMINISTRATOR or with an account with administrative rights.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi dave,
    Yep, I am signed on as an administrator. Still can't get passed the error
    message.
    Any further suggestions?
    Many thanks,
    Peebs

    "David H. Lipman" wrote:

    > From: "Peebs" <Peebs@discussions.microsoft.com>
    >
    > | David, many thanks for your quick response.
    > | I did as you suggested, downloaded sysclean.fe, unzipped it into the
    > | c:/sysclean folder. I followed the pdf file and executed the sysclean_fe.exe
    > | from the sysclean folder. Ithen got a box saying something abot downloading
    > | files and then got a black dos screen with an error message saying something
    > | like vp files cannot be opened to read. The screen dissapeared very qickly
    > | and that was that.
    > | What am I doing wrong???
    > | Regards,
    > | Peebs
    >
    >
    > Peebs:
    >
    > Make sure you logon as the ADMINISTRATOR or with an account with administrative rights.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Peebs" <Peebs@discussions.microsoft.com>

    | Hi dave,
    | Yep, I am signed on as an administrator. Still can't get passed the error
    | message.
    | Any further suggestions?
    | Many thanks,
    | Peebs
    |

    Please captture the error message and paste the text in your reply or email me with a screen
    capture of the error message.
    Just remove ~nospam~.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Good morrnig David,
    i ran the prog again in Safe mode.
    I get a screen that says "Downloading Trend Micro System File ............."
    This dissappears in about 5 secs and is replaced bya black DOS type screen
    that says "Sysclean\Pattern.xt not opened for READ, error code[0]".
    This also dissappears after a few seconds - too quick to paste but i ran it
    several times and copied what it said.
    Sorry, but what did you mean when you said "Just remove 'no spam'"?
    Hope this helps.
    Regards,
    Peebs

    "David H. Lipman" wrote:

    > From: "Peebs" <Peebs@discussions.microsoft.com>
    >
    > | Hi dave,
    > | Yep, I am signed on as an administrator. Still can't get passed the error
    > | message.
    > | Any further suggestions?
    > | Many thanks,
    > | Peebs
    > |
    >
    > Please captture the error message and paste the text in your reply or email me with a screen
    > capture of the error message.
    > Just remove ~nospam~.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  10. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Peebs" <Peebs@discussions.microsoft.com>

    | Good morrnig David,
    | i ran the prog again in Safe mode.
    | I get a screen that says "Downloading Trend Micro System File ............."
    | This dissappears in about 5 secs and is replaced bya black DOS type screen
    | that says "Sysclean\Pattern.xt not opened for READ, error code[0]".
    | This also dissappears after a few seconds - too quick to paste but i ran it
    | several times and copied what it said.
    | Sorry, but what did you mean when you said "Just remove 'no spam'"?
    | Hope this helps.
    | Regards,
    | Peebs


    The objective is to perform the download in Normal Mode and run SYSCLEAN.COM in Safe Mode.

    Otherwise you have to choose Safe Mode with Networking.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  11. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi David,
    Tried doing it in normal mode, got exactly the same error message. When i
    tried to close the black dos type screen with the error message it restarted
    my computer!!!
    Any ideas??
    Peter

    "David H. Lipman" wrote:

    > From: "Peebs" <Peebs@discussions.microsoft.com>
    >
    > | Good morrnig David,
    > | i ran the prog again in Safe mode.
    > | I get a screen that says "Downloading Trend Micro System File ............."
    > | This dissappears in about 5 secs and is replaced bya black DOS type screen
    > | that says "Sysclean\Pattern.xt not opened for READ, error code[0]".
    > | This also dissappears after a few seconds - too quick to paste but i ran it
    > | several times and copied what it said.
    > | Sorry, but what did you mean when you said "Just remove 'no spam'"?
    > | Hope this helps.
    > | Regards,
    > | Peebs
    >
    >
    > The objective is to perform the download in Normal Mode and run SYSCLEAN.COM in Safe Mode.
    >
    > Otherwise you have to choose Safe Mode with Networking.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  12. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Peebs" <Peebs@discussions.microsoft.com>

    | Hi David,
    | Tried doing it in normal mode, got exactly the same error message. When i
    | tried to close the black dos type screen with the error message it restarted
    | my computer!!!
    | Any ideas??
    | Peter


    No, it is totally abnormal and could be indicative of greater problems with the computer.

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
  13. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi David,
    Let me give you a bit more background on this situation.
    I have WinXP home and NIS Prof which i keep absolutely up to date. I also
    Have Adaware v6.0 and the new beta version of MS anti spyware which is also
    current.
    Up until 2 months ago I had ADSL but following a move I have to fall back to
    dial up usinf a 3com US Robotics 56k Message Plus modem. I had problems with
    the modem and so bought a PEABIRD v92 usb MODEM which is not digitally signed
    and has been a PITA ever since. It works OK when first initialised but a few
    hours later when asked to connect goes to "Opening Port"and hangs my system.
    Only way out is a complete disconnevt and restart.
    This was the environment that I was using to try the Trend sweep.
    As of today I have reinstalled my old USR modem which seems now to work OK
    and to be much more stable - it seems to connect no matter how long I leave
    it.
    With the USR modem set-up I just tried to re-connect to Trend and still got
    the same error message. Obviously something is still wrong.
    My scans by NAV, AdAware 6.0 and the beta version of MS Spyware all return
    nothing found but my system seems to be slow. I use the Norton Firewall and
    have disabled the WinXP firewall.
    Based on the above do you have any ideas?
    Peebs
    "David H. Lipman" wrote:

    > From: "Peebs" <Peebs@discussions.microsoft.com>
    >
    > | Hi David,
    > | Tried doing it in normal mode, got exactly the same error message. When i
    > | tried to close the black dos type screen with the error message it restarted
    > | my computer!!!
    > | Any ideas??
    > | Peter
    >
    >
    > No, it is totally abnormal and could be indicative of greater problems with the computer.
    >
    > --
    > Dave
    > http://www.claymania.com/removal-trojan-adware.html
    > http://www.ik-cs.com/got-a-virus.htm
    >
    >
    >
  14. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    From: "Peebs" <Peebs@discussions.microsoft.com>

    | Hi David,
    | Let me give you a bit more background on this situation.
    | I have WinXP home and NIS Prof which i keep absolutely up to date. I also
    | Have Adaware v6.0 and the new beta version of MS anti spyware which is also
    | current.
    | Up until 2 months ago I had ADSL but following a move I have to fall back to
    | dial up usinf a 3com US Robotics 56k Message Plus modem. I had problems with
    | the modem and so bought a PEABIRD v92 usb MODEM which is not digitally signed
    | and has been a PITA ever since. It works OK when first initialised but a few
    | hours later when asked to connect goes to "Opening Port"and hangs my system.
    | Only way out is a complete disconnevt and restart.
    | This was the environment that I was using to try the Trend sweep.
    | As of today I have reinstalled my old USR modem which seems now to work OK
    | and to be much more stable - it seems to connect no matter how long I leave
    | it.
    | With the USR modem set-up I just tried to re-connect to Trend and still got
    | the same error message. Obviously something is still wrong.
    | My scans by NAV, AdAware 6.0 and the beta version of MS Spyware all return
    | nothing found but my system seems to be slow. I use the Norton Firewall and
    | have disabled the WinXP firewall.
    | Based on the above do you have any ideas?
    | Peebs

    Ad-aware6 is no longer supported nor updated. It has been superceded by Ad-aware SE v1.05

    Ad-aware SE (free personal version v1.05)
    http://www.lavasoftusa.com/

    --
    Dave
    http://www.claymania.com/removal-trojan-adware.html
    http://www.ik-cs.com/got-a-virus.htm
Ask a new question

Read More

Trojan Windows XP