I did a scan with Trend Micro Housecall today and it found TROJ_SMALL.ATR in C:\WINDOWS\system32\pmnnl.dll.
Housecall tells me that the infection is uncleanable and gives the option to delete the file or to pass on it. I did not delete it as I am not sure if it would be safe to do so (system wise).
I have also been getting the Winfixer/Winantivirus pop-ups. AVG Free hasn't picked up on it, nor has Adaware for some reason. I know that Symantic has a removal tool for this - but I am hesitant to run it (let's just say I am afraid I may do something wrong?)...
I have no idea where these have come from or if the two are related.
Thanks for reading - I know I have posted a cpl of times already in the last month and a half and I have tried my best to keep my system clean. I am totally baffled.
Hope someone can help me.
Thanks,
Jodie

Do all your virus and spyware cleaning while in Safe Mode (without networking). Do a System Restore point, then turn off System Restore. Boot into safe mode and clean your system. If thing get messed up, you can try to restore.

98% of the population is asleep. The other 2% are staring around in complete amazement, abject terror, or both.

Download and update Spysweeper.

Clean using above method.

Good luck

Hello Zenith and NotNormal,
Thank you both for your replies. I did not have a chance to follow your instructions yesterday....
Zenith, I am not sure if I am to disable system restore before I scan in safemode?
As for creating a restore point, I am not sure if I should, as I don't know how long I have had this virus!
AVG found it yesterday after I changed the scanning configuration from just scanning executable files to scanning all files (the reason it wasn't caught in the first place?)
In the scan log it says it was deleted. It is now in the Virus Vault?
This morning I went to check the scanning results for this morning and the same virus was found in: C:\SystemVolumeInformation\_restore{CFEOD905-ED60-402A-B9B4-95B82D-188874}\RP98\A0006804.dll
It too was deleted and is now in the Virus Vault.
Thanks so much for your answers,
Jodie

Hi Jodie

Nothing can be removed from a system restore point (C:\SystemVolumeInformation\_restore )

you have to turn off system restore to delete it thats why they always put themselves in a restore point so they can keep coming back, and thats why Trend Micro Housecall said it was uncleanable

I would turn off system restore to delete it then reboot and do a virus scan with AVG then turn on system restore then to double check for peace of mind do an on line scan again with housecall and also there spyware scan here http://www.trendmicro.com/spyware-scan/

If any advice helps, please post back as it might help others.

Hello Smifff :)
I am sorry for not replying sooner - I had to figure out how to get rid of the Winfixer pop-up I kept getting & it took a bit of time :(
I kind of figured that I would need to purge the System Restore folder......
However, I am a bit concerned about the pmnnl.dll file itself that is infected. I forgot to mention that what AVG gives as a source for that file, is "Backup Copy".
So, I'm not sure about deleting it.
AVG clearly says it is not healable - which leads me to wonder if the pmnnl.dll file is the trojan itself? (or that it is just a backup of the trojan itself which could be in a file/folder that is hidden in my OS) Should I "unhide" all files and folders before I scan again?
Thanks!