Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

FrustratedUser1

14 Posts

5272

June 30th, 2005 17:00

How to remove a Trojan--HELP!!!!

My McAfee VirusScan indicates that I have a Trojan on my computer.  The file is called C:/WINDOWS\System32\OLEADM.dll and it is infected by the Spy-Agent.h . I keep trying to delete the file, but it is unable to do so, and tells me to use a Rescue Disk to remove the infected file (and I have no idea what a rescue disk is). My AOL Service Technician has indicated that I have done everything McAfee could offer (I ran the Stinger, and it only told me that I have like 100,000 clean files), so I was told to contact my manufacturer, Dell :smileymad:.The only thing  that I can do is Quarantine the Trojan.  I would greatly appreciate help... but please consider that I am not able to spend any money on anything to fix the problem.

Message Edited by FrustratedUser18 on 06-30-2005 01:19 PM

jwar19

22 Posts

June 30th, 2005 20:00

HJT = HiJack This

zbestwun2001

4 Apprentice

 • 

8.8K Posts

June 30th, 2005 20:00

The problem is that if you have one infection running...... odds are that you have more.

That file can be deleted but you really need to go over to the HJT forum and read the yellow instructions on the top of the page.

Then post your log.

Steve

FrustratedUser1

14 Posts

June 30th, 2005 20:00

What is the HJT?

rmm55

21 Posts

July 2nd, 2005 12:00

Reboot into safe mode with networking support. Go to http://housecall.trendmicro.com and do their on line scan or download the sysclean package with the latest virus pattern files. Do this as a start. My experience with trojans is to always do another scan besides Mcafee or Norton just to be sure.

zbestwun2001

4 Apprentice

 • 

8.8K Posts

July 2nd, 2005 18:00

Here are 3 online scans.

eTrust AntiVirus Web Scanner
Panda ActiveScan Trend Micro

Here are somemore instructions to help you out:

Go to here and download HiJackThis to its own folder that you create on your C:\ drive.
After it is downloaded open the program and click Scan and Save to log.

Post the log that it generates in the HiJackThis forum for analysis.

FrustratedUser1

14 Posts

July 3rd, 2005 14:00

Is HiJackThis a safe program?  I am concerned about the fact that people say it "alters" the brains (Registry) of Windows.  I don't want the program to do any damage.  And also, can I remove HJT after using it?

joe53

2 Intern

 • 

5.8K Posts

 • 

17.3K Points

July 3rd, 2005 15:00

Hi:

Yes, HJT is a perfectly safe program, providing you only use its scan function, and don't alter ("fix") anything until
instructed to do so by someone qualified. There is also a backup function that enables you to restore anything that
you remove by mistake. And yes, it can be uninstalled.

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

July 4th, 2005 11:00

Frustrated:
 
oleadm.dll is SPYWARE:   it monitors all accessed web pages and sends your private information to several remote servers.   it can also modify the appearance of your desktop.
 
It will corrupt (and even replace) a critical system file named Wininet.dll 
(Do *NOT* simply try to remove this latter file!!)
 
It is associated with various virus/worm names (dependent on which anti-virus program you're using) , including:
      spy-agent.h
        Backdoor.Win32.Agent.eo
       Virus.Win32.Nsag.a
       Trojan-Spy.HTML.Smitfraud.c
       W32.Desktophijack.B
       W32.Alemod.A
       Trojan-Downloader.Win32.Agent.ns
 
Have you seen references to any of these other names???   Or noticed a change in your desktop?
 
(EDIT)  First point:   There's nothing wrong with allowing your anti-virus program to quarantine the infected file, provided it can do so successfully
(Unfortunately, there are some "mean" viruses that can neither be deleted nor quarantined :smileysad:  ) 
While in quarantine, it's like a prisoner in jail:   it's trapped there, and can't hurt you any further.
 
Next:
 
Hi-Jack this is a very powerful program.  As Joe already pointed out, it can scan your PC to obtain useful diagnostic information; and the scan itself can't damage anything.   It's only when you go beyond the scan, to remove/fix entries, that you're actually modifying your registry --- and this part should only be done in consultation with experts (such as Steve).
 
As for removing HJT after using it, I would strongly advise against this, because of the backups it makes:  if you delete HJT, and then find need to restore something its modified, you won't be able to do so, unless you re-download another copy of HJT.   So, if you decide to follow the HJT approach, just leave the program alone when you're done with it.  (It's so tiny, you won't be saving any disk space, if that's your concern).
 
Since (it appears to me that) this thread has already grown much longer than it should have, rather than waiting for your response (or further questions), I'm going to give you detailed/explicit directions on how to proceed with HJT,   if  you choose to do so:
 
Download the latest version of HJT(hijackthis) (version 1.99.1) from

http://majorgeeks.com/download3155.html

you must create a separate folder and place it there.... people commonly use C:\HJT.   Note:  Please do *NOT* use a TEMP folder, *NOR* a DESKTOP folder, as HJT will be generating log files and backup files in the folder from which it is run... you risk accidentally losing these if you use a TEMP folder, and you will generate extreme clutter if you use a DESKTOP folder.

The file above comes as a compressed .ZIP file... you have to UNzip it (hopefully, you have an UNzip utility built into your Windows Explorer).

After Unzipping, double click on HiJackThis.EXE

Click on  Do a System Scan and Save a LogFile

This will automatically open NotePad

Copy the entire file from NotePad:  EDIT/SelectAll, EDIT/Copy

Then go to the new forum dedicated for HiJack This logs (**NOT** back here), and  PASTE the results there:

http://forums.us.dell.com/supportforums/board?board.id=si_hijack

Be sure to include a detailed description of any problems/errors/warnings you are encountering.

Hopefully, one of the HJT experts will get to it as quickly as possible.

 

WARNING:  HiJack This is a VERY POWERFUL tool.  Do *NOT* do anything else (in particular, do NOT use it to delete any entries) until you are advised to do so!!   Improper use of this tool can severely damage your system.
 
 
Please note:  The procedure as worded above has been carefully edited over time, so as to expedite the process of helping you.   Nevertheless, it seems that many people try to be "creative", and make some variations.  It really would be to your benefit if you follow these directions EXACTLY as stated... because certain changes on your part can result in slowing-down the help process. 
Specifically, the following are 3 very common BAD deviations which will cause delays:
a)  BAD:  using an older/outdated version of HiJackThis...
The experts only work with the current version.   So if you make a post with an older version, you'll simply be advised to get the latest version, re-run it, and re-post your log.
b) BADusing a TEMP or DESKTOP directory for HJT....
Some experts may insist you move HJT before they'll begin working with you.   Others will start the repair process, advising you to move HJT as one of the very first steps.   Failure to do so can result in losing potentially critical information.   So please,  just use the suggested  C:\HJT  directory, rather than try to be creative.
c) BAD:  posting your log in the wrong forum...
if you post your log back here, in the Virus/SpyWare forum, it will "sit idly", either until the forum moderator gets around to move it for you... or until you decide to repost your log...  in the HiJackThis forum.

Message Edited by ky331 on 07-04-2005 10:24 AM

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

July 5th, 2005 13:00

Frustrated,
the web-site I gave you is SUPPOSED to generate HJT in the form of a zipped file...
HOWEVER, the size is only supposed to be about 206 (or 207) kilobytes, NOT 4 gig!!
 
You can try downloading the .EXE file (already UNzipped) from the following:
the file size should be about 213 k

FrustratedUser1

14 Posts

July 5th, 2005 13:00

I have downloaded the latest version of HiJackThis, and it came up as a zipped folder on my computer.  And it says that the reason the file is zipped is because it is lareger that 4 gigabytes.  And I don't believe there is anyway to change the actual size of the file.  So, what do I do now?

ky331

5 Journeyman

 • 

15.6K Posts

 • 

45K Points

July 5th, 2005 14:00

Do you know how to open/run Windows Explorer?   (Look on your START menu for Windows Explorer, and click on it).  
(If for any reason you can't find Windows Explorer, you can go to your desktop, and click on the My Documents icon)
 
Move your cursor into the right-half of the Windows Explorer screen (or anywhere among the files in the My Documents screen).  RIGHT-click with your mouse, and a drop-down menu will appear:  highlight NEW.  another drop-down menu will appear, highlight and click on FOLDER.   this will create a new folder with the (initial/default) name NEW FOLDER... change the folder's name to HJT.   Copy ("drag") the HJT.EXE file you just downloaded (in)to this folder.   Click on the HJT folder, and then run the HJT program you copied/dragged there.
 
 
 

Message Edited by ky331 on 07-05-2005 12:33 PM

FrustratedUser1

14 Posts

July 5th, 2005 14:00

Now that I have downloaded the version of HJT that you recommended, it tells me to copy the file somewhere where it's not in Temporary Files, because they often get deleted or something.  Do I have to turn off that Temporary Files option in My Computer Properties?  What do I do now?

Was this post helpful?

View All

No Events found!

Top