I have the same problem as these other guys. Running XP, it started with the about:blank hijack. Tried to eliminate the hijack to no avail for about 2 weeks, and then it morphed into this backdoor.trojan virus problem. Mine is called "c:\windows\\system32\logoh.dll", and no matter how many times I run HijackThis, spybotS&D, adaware, TrojanRemover or Norton Antivirus 9, it keeps coming back on reboot. Norton pops up a window saying "unable to repair this file" and "access to this file was denied". I tried the Symantec solution (didn't work). HijackThis finds it and tries to delete but fails. I also now get a trojan.bookmarker.gen warning when I reboot, but Norton does fix that one (kkdi.dll). PLEASE GOD SOMEONE PLEASE HELP ME!

This one seems to be relatively new. Through a lot of luck and persistence, I eventually found a way to get rid of it. Look at this forum and scroll down to post #55: http://www.computing.net/security/wwwboard/forum/12255.html

Almost forgot, make sure system restore is disabled before proceeding with the above directions. You can turn it back on after its removed.

THANKS BE TO ALL THE AVAILABLE DEITIES! SOLVED 3 WEEKS OF HELL! >>> The problem - I had a variant of this one (win.dll) that couldn't be moved, deleted, or renamed. It wouldn't show up in safe mode, yet I couldn't overwrite it. The registry values couldn't be deleted. The problem is that its being loaded constantly. The solution - Open regedit (go to Start->Run, then type regedit and hit enter), then open HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\Current Version\Windows, and then rename that Windows folder to Windows2. Delete the entry with the name AppInit_DLLs, and then rename Windows2 back to Windows. You will notice that the key is deleted and won't come back. Now restart your computer. Your antivirus program (I used Norton AntiVirus) should detect the file now if it has an auto protect feature. If it does not, run a virus scan in the C:\WINDOWS folder. This should permanently destroy that tricky SOB. <<<<

*****************THIS WORKS****************** OK guys, after reading sooo much of this thread and trying various things, my eyes crossed and I just couldn't keep reading ;-) So here's how to get rid of this bu**er (mine was the WIN.DLL variant): throw your XP setup CD in and boot off of it (this should work for 2K as well) and select the Recovery Console. Drill to the folder with the miscreant in it (probably Windows\System32) and do DIR /A **filename**, you should be able to see it, and it will probably have some combination of the S, R, & H attributes - remove all the attributes, and DELete the file - that's it! You can reboot and your system "should" come up clean. BTW, for those who are trashing AVG, it has nothing to do with it - AVG didn't bring you the problem, and of course it can't fix it, because the file is locked any time Windows is running (even in Safe Mode - grrr!) The reason that it seems like AVG both does and doesn't know about the contaminated file is probably because it is being picked up by the heuristic scanning function. Like it or not, AVG &/or AntiVir are still the best, even in their free versions - we're always finding a dozen or so viruses with them on machines that Norton swears are clean. Good hunting!