OBJECT:
C:\ Documents and Settings\myname\Local Settings\Temp\AAWTMP\C23416981\23D8217\ATPartners.dll
RESULT:
Trojan Horse Downloader.Rameh.E
STATUS:
Infected, embedded object

I run on Windows XP for OS.
I have scanned with: killme, Ad-adware SE, ccleaner, cwshredder, hsremove, pvlx2cleaner, Spybot search and destroy, stinger. spywaredoctor, AVG Free, about:Buster, spyware blaster and a few other ones i picked up.
A few have detected spyware, of which i took care of but only the AVG has detected the Rameh.E trojan and when i try to delete it or move it to a vault, i can't. i've also tryed to go to the location and remove it manually but cannot find it....it's embedded.
Any help REMOVING the sucker would be appreciated...our household is quite lost about what approach to take next.

also, before scanning, i disabled system restore temporarily and enabled viewing of hidden files, folders, and extentions as well as scanning in normal mode and safe mode.

thank you for any advice
d. bowman

You might try these two online scanning services: TrojanScan and Anti-Trojan.org.

Keep System Restore turned off while the scans are run.

Report Offensive Follow Up For Removal

As it's in your TEMP folder there won't be any problem deleting it - legitimate embedded files don't install themselves there. Start by trying to delete it in Safe Mode. Next, get a freeware program called 'MoveonBoot' - available from a lot of sites, but here's just one:

http://www.snapfiles.com/get/moveonboot.html

It lets you select the file which, as the name implies, is removed on boot-up so it hasn't got a chance to start. As always, of course, make sure you have your important data backed up - and disable system restore so the *** doesn't hang around.

"I know that I'm mad - I've always been mad..."

I guess your first paragraph is the report from one of your many scans.

If so, it seems odd that the scan found it and you say it's not there.

Try this:

attrib /s c:\ATPartners.dll

M2

d.bowman

"OBJECT:
C:\ Documents and Settings\myname\Local Settings\Temp\AAWTMP\C23416981\23D8217\ATPartners.dll"

That folder is created temporarily while running ad-aware.
If you have your antivirus enabled during the ad-aware scan....it will pick it up.

Once ad-aware scan is finished it deletes its temp folder.
Ad-aware temporarily creates a temp folder to uncompress zipped files to scan them if you have that option enabled.

Thats why you cannot find the trojan or the aawtmp folder. It no longer exists.

Ad-aware did remove the objects it found? Yes?

If subsequent ad-aware scans continue to pull up favoriteman....

Here's manual removal instructions near bottom of page for ATPartners Favoriteman varient:

http://www.doxdesk.com/parasite/FavoriteMan.html

Be sure to back up registry before attempting the suggessted removal.

How?:

http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/199762382617?OpenDocument&src=sec_doc_nam

I never give up!

Windows Update