Trojan Desktop Hijack

  cableguy2005 11:24 01 Jul 05
Locked

hi, my friend has norton antivirus and firewall, running xp.
norton says thers two trojandesktophijack viruses on his system and the 'high risk' window stays on screen all the time. we ran norton but it couldnt repair, quarintine or delete the file. cant manual delete it either.
one is in C:WINDOWS/SYSTEM 32/WINI.DLL

Virus names are
spoolsrv32.exe
srpcsrv32.dll

tried the online instructions to remove the virus to no avail.and the actual online scan says thers no viruses, but norton on his system keeps picking it up.
it can send data of what you type into internet pages and so on. seems bad.

can anyone help at all? thanks

  Fruit Bat /\0/\ 11:41 01 Jul 05

The invading dll loads via the registry entry:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs

This causes it to attach to every application at startup.

If there is a dll specified, like c:windows\system32\wini.dll, don't bother looking for it in that folder. As long as the intruder is active, it will hide the filename in any folder or directory listing.

YOU MUST DELETE THE REGISTRY KEY! (even if there is no dll listed in it)

However, if you delete it, the intruder will put it back since it is currently running.

1. in regedit, this key is in the Windows "folder" that you see in the left part of the window. Change the name of this folder to "Windows2".

2. Then delete the AppInit_DLLS key.

3. Then change the name of the folder back to "Windows"

Do this in safe mode, but I don't know if that is required.

Run the various anti-hijack programs to clean up whatever they find.

Then reboot and run the anti-hijack programs again to be sure.

  cableguy2005 11:55 01 Jul 05

thank you. will try that this evening and be back....

  cableguy2005 08:39 04 Jul 05

done that, the AppInit_DLLS key was deleted.
but norton says the virus is still there in c:windows\system32\wini.dll

  cableguy2005 10:33 04 Jul 05

does anyone have any advice please?

  Terry Brown 11:14 04 Jul 05

Have you tried 'Adaware' and 'spybot', both free (use any search engine to find the latest version), these will normally catch the majority of trojans and spyware. I suggest you turn OFF your system restore, while you are doing this as some spyware has been known to hide in the restore folder.

  cableguy2005 12:59 04 Jul 05

thanks terry. had already ran both adaware and spybot. turned off system restore too.

:(

  VoG II 13:06 04 Jul 05

Try a² click here

  cableguy2005 13:43 04 Jul 05

will try. cheers vog

  brambles 18:04 04 Jul 05

Recommend try this.

Also type Remove spoolsrv32.exe srpcsrv32.dll
in Google & you will see how prevelant this problem is.

It sounds like downloading some latest definitions from Norton is the answer.

Brambles

  stalion 18:28 04 Jul 05

This thread is now locked and can not be replied to.

Amazon Fire HD 8 review: A brilliant combination of function and value – with one massive caveat

1995-2015: How technology has changed the world in 20 years

How to create an introvert-friendly workplace

Apple Watch 2 review | Apple Watch Series 2 review: New Apple Watch is faster, brighter, water-resit…