I have AVG anti-virus s/w running on my machine, which has detected trojan downloader.Rameh.E in one of my .dll files. But running AVG does not locate the virus, rather a system message displays stating it has been detected. I am having serious problems with running my mahine because of this virus. Is rebuilding my machine the only option?? Any advise/info greatly appreciated. Michelle

Try the scan at http://housecall.trendmicro.com/ You might also need to delete all your temp interet files and off line content as wll as turning system restore off. Just follow the removal instruction that Tren Micro provides if the scan detects a problem. HTH

Good free firewall to prevent this kind of thing: Sygate firewall: http://smb.sygate.com/products/spf_standard.htm Trojan killers: http://swatit.org/download.html Trojan Hunter trial version: http://www.misec.net/ Do this immediately: Disabling system restore in Win Xp http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001012513122239?Open&src=sec_doc_nam&docid=2001111912274039&nsf=tsgeninfo.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl More Xp resource: XP resource info: www.blackviper.com http://grc.com/dos/xpsummary.htm http://www.annoyances.org/exec/forum/winxp If you do not have SpyBot and Adaware, do this: Spybot: Download and Read the SpyBot tutorial here: http://s89223352.onlinehome.us/mirror/spybot/index1.php Download it, Unzip the program, and immediately check for updates, install the updates and then do the scan. Let it fix everything marked in red. Reboot but not with restart, shut it down for two full minutes. You’ve got two measely minutes and it’s worth it, and let Spybot run if it indicates. To add an item to your ‘Ignore List” click on the little ‘+’ sign next to the item and left click it to highlight it, then right click it and a menu appears, select the function you want. When you are done reboot again same way. Two full minutes shut sown is best. Tea Time discussed by designer here: http://forums.net-integration.net/index.php?showtopic=13433 Also, go to the update page. Notice 3 icons across the top. Between "Search For Updates" and "Download Updates" there is an icon for the download mirror location. After you click on ‘search for updates,’ the one in the middle will change. If it doesn't say "Spybot.US by Rootboxen.net USA" click on the dropbox arrows and click on Rootboxen, and use only that one. If you got a "checksum error" trying to download --that's why. Ad-Aware: Download AdAware from http://www.lavasoft.de/ check for updates at "webupdate". I use these settings (green check) From main window click "Start" then make sure " Activate in-depth scan" has a green check next to it. Put a black dot nest to "Use custom scanning options” and click Customize" next to it, then green check these options: "Scan within archives" ,"Scan active processes", "Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" "Scan my host-files" At the top of the “STATUS” page notice the Tweak (gear) icon. Click on it. The first setting is “Scanning Engine.” Click on the little plus sign next to it, and in the drop-down green check "Unload recognized processes during scanning", and “include basic Ad-Aware settings in log file”. Next click on the ‘+’ next to "Cleaning Engine" and in the drop-down green check "Let windows remove files in use at next reboot" and Delete quarantine objects after restoring” Click "proceed", that will save those settings. Click "Scan" When the scan finishes, mark everything for removal and delete it. Right-click the window and choose "select all" from the drop down menu, press ‘next’ and then ‘yes’ to the prompt: “remove all these entries”. However, if you have certain programs running that will give a false indicator of a browser hijack attempt, such as Script Sentry, which places a monitoring function in the registry and looks like a browser hijacker but is not, then you may want to add that to the ignore list because you want to keep it there to do it’s job. To add an item to the ignore list, put the a cursor on the file it reveals and left click it to highlight it, then right click it and a menu appears. Click on ‘ignore list.’ Shut down, two minute shut down is best, and let Adaware run on reboot if it indicates. When you are done all that, go into Safe Mode and run Adaware, SpyBot, and Av. Then go to 'search files and folders' and search for the file name of the trojan and delete it in Safe Mode. If you are clean there, that's about it. Re-enable your system restore. I also use these: Spyware Blaster http://www.javacoolsoftware.com/spywareblaster.html MRU Blaster http://www.javacoolsoftware.com/mrublaster.html and Script Sentry. Run Adaware, SpyBot and your AV in normal mode. Clean? good. Go here: Jason’s Browser Security Test: http://www.jasons-toolbox.com/BrowserSecurity/ Gibson tests: http://www.grc.com/default.htm I use LeakTest, DCOMbobulator, ShieldUp, and plugnpray. Post abck how things are going. Thresher

Empty cookies, temp files, and Temporary Internet Files in Windows Explorer (or the Browser), and empty the Recycle Bin. Disable System Restore and keep it disabled until the computer is free of malware. Update and run Adaware 6.0 from Lafasoft and at least two different antivirus programs in Safe mode. For malicious files not removed by antivirus tools, search the virus encyclopedias of the antivirus vendors that identified the malware for manual removal instructions. Manual removal is a direct way to remove malware once malicious files are detected and identified. The locations of malicious files make a difference in removing them directly and manually. You may have to remove them by going directly to other System Registry keys and ini files, temporary folders, disabling Service, or removing them from MS-DOS. If the above steps do not remove the malware, please post where the .dll are and the AVG detection message as it appears.

Thresher, Thank you for the most comprehensive help I have ever found on the net. Thank to all of you who help us out there in the dark!