Boot into safe mode, find mscdmss.dll, rename it xxx.old and drag xxx.old to your desktop. Reboot into safe mode, right click and drag it into the recycle bin - click Move when prompted (you must drag and drop it - Not right click delete). Then right click on the recycle bin and empty it. That will remove the DLL but you should run NAV again. This Trojan is a monster and you might need to edit the registry to completely remove it. Go here: http://www.sophos.com/virusinfo/analyses/trojagentco.HTML - click Advanced for the information you will need to manually remove the Trojan. Hope this helps.
1. Start the computer at Safe Mode, go to c:\windows\system32.remove the mgo.dll directly. 2. run the Regedit,search the string of mgo.dll and then remove the string.
From adaware forum In case you don't have HijackThis...* Download Trend Micro Hijack This™Doubleclick the HJTInstall.exe to start it.By default it will install HijackThis in the Program Files\Trendmicro folder and create a desktop shortcut.HijackThis will open after install. Press the Scan button below.Then in HijackThis, look if one of the following is present and check it in HijackThis:(the CLSIDs {********-****-****-****-************} may be different in your case, but the filename is always the same)O2 - BHO: BetaDivX - {48BF2BC0-2945-11D8-8CAC-00080FC65465} - C:\WINDOWS\system32\IR9V0_QCX.dllO2 - BHO: BetaDivX - {D99BACC6-6289-4D4F-8BAF-4192016AF547} - C:\Windows\System32\bDivX.dllO2 - BHO: IntelVideoCodec - {33A12BEB-3219-4CA8-99B4-733192704C62} - C:\WINDOWS\system32\IntelVideoDivX.dllO2 - BHO: IntelVideoCodec - {04F7FAC5-F506-4F29-9094-9CB9144B192C} - C:\WINDOWS\system32\IntelVideo.dllO2 - BHO: IntelVideoCodec - {AF36E90A-44CA-4EE3-B578-C07383623217} - C:\Windows\System32\Video32.dllO2 - BHO: RealMedia - {87B570FB-D2CF-4D3C-8E1B-E1E7018BBA95} - C:\WINDOWS\system32\dx50codec.dllO2 - BHO: RealMedia - {0EEDB911-C5FA-486F-8334-57288578C627} - C:\WINDOWS\system32\XunLeiBHO_Now.dllO2 - BHO: 3GP - {5D67E2E7-0C2B-4491-87C4-37F2AC6033D2} - C:\WINDOWS\system32\a3gpcodec.dllO2 - BHO: AlphaDivX - {3B236BEE-8200-421D-919D-CA17D5739D8F} - C:\WINDOWS\system32\aDivX.dllO2 - BHO: Mp3 Video - {D4FD35A3-101C-4FAA-A9CA-E8C9461C3CEF} - C:\WINDOWS\system32\mp3avi.dllO2 - BHO: Mp3 Video - {2B659BB5-3E85-4BC6-BAFC-98FEDFF3AE99} - C:\WINDOWS\system32\VideoMP3.dllO2 - BHO: Video On-line - {741403DD-46A4-4D58-8FA7-427335C3BBF6} - C:\WINDOWS\system32\PowerVideo.dllO2 - BHO: Video DivX 3.12 - {09D72564-27E2-4F12-8AB6-03F83E4567DE} - C:\WINDOWS\system32\sysdivx.dllO2 - BHO: System DivX4 - {2FA3B736-1AC7-454D-8E94-8BA8158BF064} - C:\WINDOWS\system32\sysvideo32.dllO2 - BHO: System DivX4 - {2FA3B736-1AC7-454D-8E94-8BA8158BF064} - C:\WINDOWS\system32\sysvideo32.dllO2 - BHO: Video - {15FEB658-AACC-412E-BC13-D54CFD74A8F6} - C:\WINDOWS\stream32a.dllO2 - BHO: Video - {D0995F82-90C7-4C78-9B4C-C1700FB8B120} - C:\WINDOWS\windivx.dllClick the "Fix checked" button below.Then reboot your computer.After reboot, navigate to and delete one of the following file if still present (related with the entry you fixed in HijackThis):C:\WINDOWS\system32\IR9V0_QCX.dllC:\Windows\System32\bDivX.dllC:\WINDOWS\system32\IntelVideoDivX.dllC:\WINDOWS\system32\IntelVideo.dllC:\Windows\System32\Video32.dllC:\WINDOWS\system32\XunLeiBHO_Now.dllC:\WINDOWS\system32\dx50codec.dllC:\WINDOWS\system32\a3gpcodec.dllC:\WINDOWS\system32\aDivX.dllC:\WINDOWS\system32\mp3avi.dllC:\WINDOWS\system32\VideoMP3.dllC:\WINDOWS\system32\PowerVideo.dllC:\WINDOWS\system32\sysdivx.dllC:\WINDOWS\system32\sysvideo32.dllC:\WINDOWS\stream32a.dllC:\WINDOWS\windivx.dllAlso look if the following files are present and delete them:C:\Windows\System32\bDivX.dll.bakC:\WINDOWS\system32\IR9V0_QCX.dll.bakC:\WINDOWS\system32\IntelVideo.dll.bakC:\WINDOWS\system32\IntelVideoDivX.dll.bakC:\Windows\System32\Video32.dll.bakC:\WINDOWS\system32\XunLeiBHO_Now.dll.bakC:\WINDOWS\system32\dx50codec.dll.bakC:\WINDOWS\system32\a3gpcodec.dll.bakC:\WINDOWS\system32\aDivX.dll.bakC:\WINDOWS\system32\mp3avi.dll.bakC:\WINDOWS\system32\sysdivx.dll.bakC:\WINDOWS\system32\VideoMP3.dll.bakC:\WINDOWS\system32\PowerVideo.dll.bakC:\WINDOWS\system32\sysvideo32.dll.bakC:\WINDOWS\stream32a.dll.bakC:\WINDOWS\windivx.dll.bakNormally, by default, if you fix that entry in Hijackthis and your Internet Explorer is closed while fixing in HijackThis, HijackThis will already delete that file as well. So don't worry if you can't find the file afterwards anymore - HijackThis already deleted it. But it's always a good idea to doublecheck.Please make sure you don't delete "similar looking" files as they may be legitimate.In case when you're in doubt or it didn't solve your problem, please start a NEW thread in the HijackThisforum with your HijackThislog.FYI... Ad-Aware removes this pest as well. So make sure you have the latest updates.
Trojan.avalert is a Trojan Horse program that displays fake Windows and antivirus security messages plus links to websites that are corrupted. From what I have read from the Norton Security Community forums, Norton cannot remove Trojan.avalert.
Downloads popup generator malware and propagates the infection to other dummy system files. This contains the wintrim downloader Trojan
In NOTEPAD write this: @echo off SET FILE=sqll echo y | cacls c:\windows\system32\*FILE*.dll /g Everyone:f attrib -r -s -h C:\Windows\system32\*FILE*.dll ren C:\Windows\system32\*FILE*.dll *FILE*.old del C:\Windows\system32\*FILE*.old Than change the *FILE* to the filename infected and save this as REMOVE.BAT file. Run it in normal mode and the Trojan BackDoor.Agent.BA is OUT.
Try downloading a program by the name of Avast it's a great virus scanner/protector :)
Start up in safe mode. Then open the folder windows\system 32 and locate the kerberos.exe right click and do an antivirus scan. followed by qaurantining it. reboot and rescan. Bobs ur auntie
start->run type regedit. Browse to following key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon change userinit to it's original value which is C:\WINDOWS\system32\userinit.exe, restart computer. delete the following file. C:\WINDOWS\System32\symstore.exe
answer: just throw your PC on the street know because it is rooted have fun!!! :)
I had a Trojan similar to this and it was very hard to get rid of. First, download SpySweeper. It does cost 30 dollars, I think, but it was worth it. Run a scan with it firts before buying it so you can see if it detects anything. Good luck!
I always use Norton AntiVirus and Symantec. Don't trust programs like Windows Fast AntiVirus.
Tired of the startpage.8.A virus then check the website for removal instruction http://www.sarc.com/avcenter/venc/data/trojan.startpage.html This is security response website of symantec antivirus group.