Cannot Remove Or Delete Virus

My Norton's anti virus program has found 2 virus instances on my computer. I configured it to clean first and if that doesn't work to delete the file. It can do neither and I am running the latest virus definitions. The files infected are: WININET.DLL and OLEADM.DLL It says the infection is: W32.Desktophijack (WININET) and Trojan.Desktophijack.B (OLEADM). I have ran all kinds of other removal tools including Norton's from Safemode with networking to no avail. None of this seems to be affecting my computer except for the Norton's popup. The computer might be running a little slower than usual. Any suggestions?

 

Please follow the steps below.

- Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above if you still have a problem:

- Download HijackThis 1.99.1

- Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

- Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

- Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

- Run HijackThis and save your log file.

- Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).

 

I have followed all the directions on the

sticky thread before asking for help. I

ran all the programs in safemode

w/networking. All the online scans were

ran in normal boot mode because I could

not get an internet connection in safe

mode with networking. Symantec's online

scan found the same 2 trojans but they

were unable to clean or delete. I was not

able to do it manually either. It said

the disk may be full and it could not

delete at a new startup in safe mode

either. None of the other programs found

anything with the exception of Rav

Antivirus that found 2 files at

c:\winnt\dstart2.exe

(dialer.dialplatform) The other was

located at c:\winnt\winsocks5.exe

(adware.cwsconyc). I am guessing these

were deleted because I could not find

them later looking in this folder. Are

the 2 files I can't get rid of (in

original post) critical system files that

are infected or actual trojans? I have

attached the HJT log file. I shut down

every program I could prior to running it

including the ones reccommended in the

sticky thread. What do I do next? Help!

 

Sorry about the way my last post came out. I use an air card and half the time it doesn't work right because I have a weak signal and sometimes it is just searching for network............ I actually typed the post up in notepad and pasted it in and that's how it came out. I will try and do it the right way this time. I have done what youasked in your last post and it made no difference. Norton's immediately detects both Trojan's. Concerning the 2 proxy settings, yes I need both for my work. Here is the new HJT log.

 

If it wasn't for Norton's telling me I have a problem I would not know it. I can change wallpaper and my desktop has not changed. I now believe this is left over from a previous infection about 2 or 3 weeks ago yet Norton's just recently detected a problem. After reading the info on the w32 desktop hijack it was a dead ringer for what my computer was doing at that time although it does not have thoses symptons now. When I followed the instructions on Symantec's website for removing this infection, I was never able to delete the files even while running in safe mode. There were no subkeys in my registry that matched what they were telling me to delete or modify or there was nothing wrong with them. I then noticed the link was for w32 desktophijack. Norton's had identified it as w32 desktophijack B. I went through everything there also and I found only 1 registry key to delete and I did. At this time it still detects this Trojan constantly but is unable to do anything about it. What next?

 

I was not able to do as you suggested. It would not let me copy the file from the cache folder to the system32 folder. I noticed the file in the cache folder was in caps and the one in the system32 folder was in lower case. I tried to change the name of the file in the system 32 folder. I was successful and changed it to wwinet.dll. I then tried to delete the oleadm.dll file with no success so I changed the name of that to zoleadm.dll At that point I was able to delete zoleadm.dll so I tried to copy WININET.DLL from the cache folder to the system32 folder and that was successful. I then tried to delete the wwinet.dll file, (the one I changed the name on) and it would not let me so I rebooted and brought it back up in safe mode. I was then able to delete the wwininet.dll file. I rebooted again and brought it up normally and ran Norton's full system scan. It detected a virus in the file but it said clean was successful. I have not seen a problem since. Thank you for your help!...........Crossbow

 

I have enabled most of what you suggest in the sticky thread to protect my machine, in fact I have tried to use it all at one time or another. I have 2 problems though. At one time I had automatic updates turned on for windows and got updates regularly but I was told to turn it off when SP2 was rolled out because it was known there were problems with it. They had me run a small program to keep SP2 from downloading. I have since turned auto updates back on but I have a whole string of updates that have failed to install and they continue to fail when I try them again. I found no real help with on the Microsoft update website. The other problem is I use a VPN connection to connect to my office website and with XP's firewall turned on I can't even get a logon screen. I have no problems browsing anyplace else. (I am assuming XP"s firewall works okay.) Do you have any advice you can give me on these 2 issues?

 

Thank you. I appreciate all the help.