I've been doing what I was told to remove a trojan I have, but after scanning in safe mode with restore turned off, I can't find the DLL file I need to remove. Below is a list of DLL files that are most recently created as of June 1st. I only discovered this trojan a week ago. but cannot seem to locate it in my sys32 folder.

winhttp.dll jy 1

sdfup.dll may 21

schedsvc.dll june 8

nthst32.dll may 21

mshelper.dll may 5

msdtcuiu.dll july 24

msdtctm.dll " "

msdtcprx.dll " "

msexch40.dll " "

msexcl.dll " "

msjet40.dll " "

msjetoledb40.dll " "

msjtes40.dll " "

msjint40.dll " "

msjter40.dll " "

msltus40.dll " "

mspdbe40.dll " "

msrd2x40.dll " "

"msrd3x".dll " "

msrepl40.dll " "

mstask.dll " "

mstext40.dll " "

mswdat10.dll " "

mswstr10.dll " "

msxbde40.dll " "

mtxclu.dll " "

mycomput.dll " "

netapi.dll " "

ole32.dll " "

qmqrprxy.dll " "

rpcss.dll " "

rcpcrt4.dll " "

rtcdll.dll " "

schedsvc.dll " "

shell32.dll " "

shlwapi.dll " "

sxs.dll " "

txflog.dll " "

vbajet32.dll " "

xpod2res.dll " "

xpsp2res.dll " "

itss.dll june 6

ipnathlp.dll july 24

inetcomm.dll (caps) june 7

icnfe.dll may 21

icqrt.dll " "

icvbr.dll " "

h323msp.dll july 24

qupd.dll may 21

fldrclnr.dll july 24

expsrv.dll july 24

es.dll july 24

comuid.dll july 24

comsvcs.dll " "

colbact.dll " "

clbcatex.dll " "

clcatq.dll " "

cidpoq32.dll may 21

cidft.dll " "

catsrvut.dll july 21

catsrv.dll " "

bitsprx2.dll " 24

bitsprx3.dll " "

aiqadd.dll may 21

Can anyone tell me if any of these have been named a trojan.?
If not, can someone help me find this RESOHO.DLL file.?
thanks,
Maxx

How did you find out that you have trojan? What was the name of the trojan that was idenntified by your antivirus program? Try a trial version of TDS from http://wilders.org/anti_trojans.htm Scroll down the page and you will see its link. Be sure to update it and then run in from the safe and normal modes. Turn system restore off and restart your computer before you begin your scans.

I second everything from Capt. Here is a free trojan scan and trojan killer:

Trojan Scan:
http://www.windowsecurity.com/trojanscan/

SWATIT:
http://swatit.org/download.html

Also, if you were not advised, do a general clean out:

reboot, back into safe mode:

Tools > Intenet Options> General Tab > Delete files > check the box to delete off line content > click ok > delete cookies > click ok. click ok...

dump %TEMP% files:
Dble click My Computer icon on desk top > type
%TEMP% in the address bar > click enter > click on "edit" and click "select all" > click on "file" click delete. Everything will delete, and you will not need anything there if you have rebotted at least once since your last download.

Empty recycle bin.

Go to start > Programs > Accessories > System Tools > run Disk Clean Up, then Scan Disk, if Scan Disk tells you there are programs running in the background--ctrl+alt+delete and end-task on everything except systray and explorer, then run Scan Disk > then Defragmenter.

Don't worry about those .dll files, just get the system restore disabled and leave it that way until you are squeaky clean

Update Windows, IE, and Outlook (affects IE settigns even if you do not use Outlook), update your AV and Spybot and Adaware and run them in safe mode. If they come out clean, it is generally accepted that you are clean.

Thresher

below is a copy word 4 word of what my norton av. found...

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Backdoor.Agent.B
File: C:\WINDOWS\System32\resoh.dll
Location: C:\WINDOWS\System32
Computer: P4
User: Administrator
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Sun Aug 01 22:14:37 2004

I,ve try everything to find the infected file named above with no luck even in safe mode & restore turned off. How can I find the file if it's not named that in my sys.32 file.??

I am having the same trouble. I get a pop up from norton stating backdoor Agent.b. in the System 32 file at d3djceo.dll
I tried the fix at symantics but I dont find anything in the right pane of the registry key.
The only way I find this file is in Note pad during a regular windows session.
When I go to Note pad in the safe mode I cant find it.
Is there an easy way clear this up using note pad in the safe mode.
I also tried response two above but I dont find an address bar when I click on My computer.
Any help for a novice? thanks

I'm still on W98SE and know little about XP.

Just wondered if XP allows you to see hidden files unless you set it to do that (like W95/98). If so it could be a hidden file.

Derek.W

if you have a 'Backdoor Agent', visit this site, it will walk you through the steps of getting rid of it. http://www.symantec.com/avcenter/venc/data/backdoor.agent.b.html

The symantics site is lacking when you get to the registry part. It just doesnt match up at least for xp.

I think in XP you have to check a box so you can view hidden files and folders.
I just click on my Documents from start menu.
Click Tools>Folder Options>View>show hidden files and folders.

HTH.
JB.

Ya I have that checked already & still we cannot find this Virus named: Backdoor.Agent.B
Located here,File: C:\WINDOWS\System32\resoh.dll.
We tried the above at www.symantec.com but we only get as far as searching for the file, it tells us once's we've located it, to move it to the desk-top but we can't find it to move it.
If it's just traces of it left on the pc. how can I get rid of them aside from re-formatting, which I really don't want to do.?
thanks all for your help, hopefully we can find a way to rid this sucker for good,