Problem, My PC just did a virus scan & it came back telling me that I have a back door trojan. Below is the exact wording...
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Backdoor.Trojan
File: C:\WINDOWS\SYSTEM32\RESOH.DLL
Location: C:\WINDOWS\SYSTEM32
Computer: P4
User: Administrator
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Fri Jul 23 23:34:28 2004
Now, I can't seem to locate this trojan to delete it, what can I do.??
Thanks,
Maxx

Ah, the old Backdoor.Trojan. Here are the removal instructions Click here Good luck!

Symbios

I just dealt with this bugger about a week or so ago.

Those symantec instructions, although well thought out and thourough, are not gonna solve your problem.

I tried so many different angles on that bugger. It is one resiliant pest.

Save yourself the headache.

Make backups of what you want to keep.

ie; Pictures, documents, taxes, hardware drivers, your XP CD key.

Repartition and reformat that hard drive and reinstall XP.

The good news is, that since you Antivirus is now detecting it, your virus definitions are now up to date and will prevent a reinfection.

However. When you reformat and reinstall, you will lose all of that.

One you have the newly installed OS up and running.

Go straight to Microsoft.com and download all critical and driver updates.

Then run live update for your Norton Anti virus, or whatever anti virus you are running.

Hope this helps.

first off there is no need in formating your harddrive..first and formost most people have tons of data they like to keep without backing all that info up, only someone who doesnt know how to remove infection takes this last resort. as it is used only as a last resort period.

simple to keep in mind all viruses,trojans, and other crap are just software written programs and can be deleted period, yes some have hidden arch and other stuff but nevertheless its software and it can be deleted. here are my simple steps to a clean path without formating.

1. download nod32, its the best on market for detection and update it.
http://www.nod32.com/home/home.htm

2. disable your system restore as trojans copy and paste and save themselves there so they can reinfect your system.

3. restart computer after u disable system restore and press f8 at bootup to get menu choices and choose safe mode.

4. run nod32 see if it finds your infection, and most likely it will detect and delete it.

i noticed u said the av scan u had said this file name was in
C:\WINDOWS\SYSTEM32\RESOH.DLL

resoh.dll is the dll file that needs to be deleted if its still on there u have to manually delete it in a dos prompt.
but worry about that later just use those 5 steps to see where u at and if u got any other files..i will tell u how to delete them manually

good luck

If the above post does not work, go to this topic and read post #55: http://www.computing.net/security/wwwboard/forum/12255.html

agree that reformatting is not the way to go--yet.

Do the Symantec program, it will not hurt to try, and it has many of the things I wuold recommend. However, there are some very good trojan detecting and cleaning tools available for free, for use after disabling system restore:

Use these in order:

Trojan Hunter trial version:

http://www.misec.net/

Trojan Scan:
http://www.windowsecurity.com/trojanscan/

SWATIT:
http://swatit.org/download.html

these are some diagnostics you can use after you get clean to asess your browser's vulnerability:

Diagnostics:

Jason’s Browser Security Test:

http://www.jasons-toolbox.com/BrowserSecurity/

Gibson tests:
http://www.grc.com/default.htm

I use LeakTest, DCOMbobulator, ShieldsUp, and UnplugNpray

Now, you have to ask yourself...how did this happen, and one of the first things yuo have to consider is your firewall, if it is letting trojans in--either the settings aren't adaquate, or it isn't sufficient, and you need a new one:

http://smb.sygate.com/products/spf_standard.htm

You also need to celan up the system: empty TIF, cookies, %TEMP%, recycle bin, and run and update Spybot and Adaware about every three days.

Thresher