Does anyone know anything about the twain32 trojan? It installed a file named "atmlk.exe" on my system, and now I have no browsing capabilities. I'm not sure yet what to do, other than obvious stuff. I'm running something now that I just learned about called Ewido Anti-Malware. Please leave a post if you've encountered this... Thanks! ~Alan

These instructions I found at www.spywareinfo.com worked like a charm, except, I did a search for "atmclk.exe" afterward, and it's still in a prefetch folder. Not sure what to do with that. ======================================== Please download SmitfraudFix (by S!Ri) Extract the content (a folder named SmitfraudFix) to your Desktop. Next download, install, and update the free version of Ewido Anti-Malware: When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment. From the main Ewido screen, click on update in the left menu, then click the Start update button. After the update finishes, the status bar at the bottom will display "Update successful" Exit Ewido. DO NOT run a scan yet. Next, please reboot your computer in Safe Mode by doing the following : · Restart your computer · After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually; · Instead of Windows loading as normal, a menu with options should appear; · Select the first option, to run Windows in Safe Mode, then press "Enter". · Choose your usual account. Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd Select option #2 - Clean by typing 2 and press "Enter" to delete infected files. You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection. The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter". The tool may need to restart your computer to finish the cleaning process. A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply. After SmitfraudFix finishes (and after a reboot if required), please open Ewido. (If a reboot is required, please boot BACK into Safe Mode.) · Click on Scanner · Click on Complete System Scan and the scan will begin. · If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK. · When the scan is finished, click the Save report button at the bottom of the screen. · Save the report to your desktop · Close Ewido ===================================== ~Alan

All I know about this file is that it is related to a new variant of SpyFalcon. However, it can be possible for different pests to use it.

After I was good to go last night (or so I thought), it came back today. This time I was in the middle of a game at teagames.com (not surfing around), and the browser just disappeared, following which I was promted by NIS that I had the twain32.dll trojan.

Nothing's working. I bought and used Spyware Doctor, and it seemed to make it worse. Can anyone help?? Thanks...

AdAware Norton Spyware Doctor Ewido SpyBot S&D -- all did not work. This is starting to really tick me off.........

Try these free online scans. Panda Kaspersky If problems persist, try this. Download Hijack This Here then place it into a folder of it's own, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed. Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editorHere Any entries that are definitely nasties, Run Hijackthis again and select "Do a system scan only", place a check by these entries.Close all open windows and browsers, and hit "Fix Checked". This is a powerful tool that can crash your computer if used improperly so if your not sure, post those questionable entries here or wait for someone like "Jabuck" ( Very good at this), to ask you to post the entire log.