How to remove a file that's infected?

B

Brian

A file has been identified on my pc as being infected
with a Trojan Horse virus but when I try to locate it, I
can't find it. I only get the warning of the virus being
detected after I start up Internet Explorer and it resets
my home page. File name/location winnt/DNSErr.dll

I have WinXP home and am running Norton Antivirus 2004
but it can't remove the virus.

Any suggestions?
 
B

Brian

Thanks for the info. I can not locate either of the
identified entries in my registry and can't find the file
when searching in Safe mode. Any other suggestions?
 
D

David Candy

Well it seems to be at c:\winnt\dnserr32.dll. Unless you ticked advanced options Search doesn't search this folder.



Type cmd in Start Run

Type
dir /a c:\winnt\dnserr32.dll

which should show it.

Then type

ren c:\winnt\dnserr32.dll c:\winnt\dnserr32.bak

Reboot, type cmd then

del c:\winnt\dnserr32.bak

Windows will happily allow open files to be renamed - when you reboot whatever is starting it will not be able to find it under it's new name.

What does Norton's say the name is.
 
B

Brian

I saw the message again when I logged on today and the
file is located C:\winnt\dnserr.dll

I received another virus message from norton when I went
to delete another virus and have not recieved the virus
alert since. The virus I was deleting was the iedll.exe
file. When I went into the Win Media folder to rename
the file, I encountered the downloader.tooncom virus.
Norton deleted that one for me.

I followed the steps you've identified below and can not
locate the file. I'll keep watching for it and follow
these steps if I encounter this again.

Thanks for your help!
-----Original Message-----
Well it seems to be at c:\winnt\dnserr32.dll. Unless you
Click to expand...
ticked advanced options Search doesn't search this
folder.
Type cmd in Start Run

Type
dir /a c:\winnt\dnserr32.dll

which should show it.

Then type

ren c:\winnt\dnserr32.dll c:\winnt\dnserr32.bak

Reboot, type cmd then

del c:\winnt\dnserr32.bak

Windows will happily allow open files to be renamed -
Click to expand...
when you reboot whatever is starting it will not be able
to find it under it's new name.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Infected files 4
Infected CAB file 1
removing a protected file 3
virus: Trojan Horse Downloader .Istbar.3.AE 2
Infected File - VIRUS 1
Downloader.MSCache files infected - How to cure? 1
Virus Infected..plz help 1
TROJAN HORSE VIRUS INFECTED .EXE FILE 2

Top