I've been doing what I was told to remove a trojan I have, but after scanning in safe mode with restore turned off, I can't find the DLL file I need to remove. Below is a list of DLL files that are most recently created as of June 1st. I only discovered this trojan a week ago. but cannot seem to locate it in my sys32 folder. winhttp.dll jy 1 sdfup.dll may 21 schedsvc.dll june 8 nthst32.dll may 21 mshelper.dll may 5 msdtcuiu.dll july 24 msdtctm.dll " " msdtcprx.dll " " msexch40.dll " " msexcl.dll " " msjet40.dll " " msjetoledb40.dll " " msjtes40.dll " " msjint40.dll " " msjter40.dll " " msltus40.dll " " mspdbe40.dll " " msrd2x40.dll " " "msrd3x".dll " " msrepl40.dll " " mstask.dll " " mstext40.dll " " mswdat10.dll " " mswstr10.dll " " msxbde40.dll " " mtxclu.dll " " mycomput.dll " " netapi.dll " " ole32.dll " " qmqrprxy.dll " " rpcss.dll " " rcpcrt4.dll " " rtcdll.dll " " schedsvc.dll " " shell32.dll " " shlwapi.dll " " sxs.dll " " txflog.dll " " vbajet32.dll " " xpod2res.dll " " xpsp2res.dll " " itss.dll june 6 ipnathlp.dll july 24 inetcomm.dll (caps) june 7 icnfe.dll may 21 icqrt.dll " " icvbr.dll " " h323msp.dll july 24 qupd.dll may 21 fldrclnr.dll july 24 expsrv.dll july 24 es.dll july 24 comuid.dll july 24 comsvcs.dll " " colbact.dll " " clbcatex.dll " " clcatq.dll " " cidpoq32.dll may 21 cidft.dll " " catsrvut.dll july 21 catsrv.dll " " bitsprx2.dll " 24 bitsprx3.dll " " aiqadd.dll may 21 Can anyone tell me if any of these have been named a trojan.? If not, can someone help me find this RESOHO.DLL file.? thanks, Maxx

How did you find out that you have trojan? What was the name of the trojan that was idenntified by your antivirus program? Try a trial version of TDS from http://wilders.org/anti_trojans.htm Scroll down the page and you will see its link. Be sure to update it and then run in from the safe and normal modes. Turn system restore off and restart your computer before you begin your scans.

I second everything from Capt. Here is a free trojan scan and trojan killer: Trojan Scan: http://www.windowsecurity.com/trojanscan/ SWATIT: http://swatit.org/download.html Also, if you were not advised, do a general clean out: reboot, back into safe mode: Tools > Intenet Options> General Tab > Delete files > check the box to delete off line content > click ok > delete cookies > click ok. click ok... dump %TEMP% files: Dble click My Computer icon on desk top > type %TEMP% in the address bar > click enter > click on "edit" and click "select all" > click on "file" click delete. Everything will delete, and you will not need anything there if you have rebotted at least once since your last download. Empty recycle bin. Go to start > Programs > Accessories > System Tools > run Disk Clean Up, then Scan Disk, if Scan Disk tells you there are programs running in the background--ctrl+alt+delete and end-task on everything except systray and explorer, then run Scan Disk > then Defragmenter. Don't worry about those .dll files, just get the system restore disabled and leave it that way until you are squeaky clean Update Windows, IE, and Outlook (affects IE settigns even if you do not use Outlook), update your AV and Spybot and Adaware and run them in safe mode. If they come out clean, it is generally accepted that you are clean. Thresher

below is a copy word 4 word of what my norton av. found... Scan type: Realtime Protection Scan Event: Virus Found! Virus name: Backdoor.Agent.B File: C:\WINDOWS\System32\resoh.dll Location: C:\WINDOWS\System32 Computer: P4 User: Administrator Action taken: Clean failed : Quarantine failed : Access denied Date found: Sun Aug 01 22:14:37 2004 I,ve try everything to find the infected file named above with no luck even in safe mode & restore turned off. How can I find the file if it's not named that in my sys.32 file.??

I am having the same trouble. I get a pop up from norton stating backdoor Agent.b. in the System 32 file at d3djceo.dll I tried the fix at symantics but I dont find anything in the right pane of the registry key. The only way I find this file is in Note pad during a regular windows session. When I go to Note pad in the safe mode I cant find it. Is there an easy way clear this up using note pad in the safe mode. I also tried response two above but I dont find an address bar when I click on My computer. Any help for a novice? thanks

I'm still on W98SE and know little about XP. Just wondered if XP allows you to see hidden files unless you set it to do that (like W95/98). If so it could be a hidden file. Derek.W

if you have a 'Backdoor Agent', visit this site, it will walk you through the steps of getting rid of it. http://www.symantec.com/avcenter/venc/data/backdoor.agent.b.html