Can't get rid of W32_API.cab, adapi.exe

Hi there,
I ran a virus scan with Norton and found I was infected with downloader.trojan, - theres a new file C:W/32_API.cab. Norton couldn't remove the file or fix the registry, even in Safe Mode, so I thought I'd post my HT log and see what you think.
I've googled for this, but only found German users with this problem - no English advice anywhere...

Any advice much appreciated!

Here's my log:

[log removed]

 

4 things and then we'll get you fixed

1. only post logs as txt attachements and they will be requested.
2. make sure you run Hijackthis from its' own folder like C:\HJT
3. You need to get the latest version http://www.majorgeeks.com/download3155.html
4. You need to READ ME FIRST: Basic Spyware, Trojan And Virus Removal.

 

Ok fine, thanks Kodo:

Now I have the latest HiJackthis, l've unzipped it into its own folder, and I've read the READ ME FIRST info. I've run both AdAware and Spybot, but neither of them find anything. Only Norton...
I'm using WinXP with Firefox.

What do I do next?

 

Hijack This Tutorial And How To Post Your Log File

 

Ok thanks, so here's the fresh log...

 

I don't see anything in your log file. have you tried the alternate scans listed in the READ ME FIRST at the bottom?

was this the name of the virus
C:W/32_API.cab
or is that the file that is infected?

 

I found it with Norton - other scans (AdAware, Spybot) don't find anything, although admittedly I haven't tried ALL the ones listed in the RMF.

Norton comes up with an infected file adapi.exe in C:/W32_API.cab. It says it contains the virus download.trojan. This cab file appeared in my C: directory. File size is 29,484. Norton is unable to remove it, even in safe mode.

The computer is noticeably slower.

As I said, I did a google search for w32_api.cab, but all the results were in German. I'm in the Czech Republic, right next door, as if that might affect it...

 

here's what I found on that
http://vil.nai.com/vil/content/v_127670.htm

can you manually remove the file and the registry entires it changes?

 

Cheers for the link, I'll try rebooting in safe mode and manually removing it. I'll let you know how it goes after I've run another scan.

 

Hmm, that's odd. I deleted the C:/W32_API.cab file, but there were none of those 5 register entries given on that page. I've scanned again and I'm clean, so let's hope that's that.

Thanks a lot Kodo, I appreciate your advice...