Alright I was able to figure out how to get rid of this pesky bug through all of your help (Windows XP only). So here is the fix. Close out any unecessary service/app that is running by using task manager. Go to the registry and clear not delete the AppInit_DLLs string. Reboot your system in safemode command prompt. Delete the file that has been giving you problems (this varies from system to system) ex: c:\windows\system32\del comjgfn.dll Restart and all should be fine.

0

Dear all The problem still persists; John FZ i tried to delete using c:\windows\system32\del log.dll The name of my object in the NAV pop up is c:\windows\system32\log.dll Any other ideas to kill this NAV pop up called Virus Alert?? Thanks in advance sbasti01

0

Telemachus, Try these instructions. They worked for me. HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs You have to remove this key. This key tells Windows to load the Trojan DLL every time ANY application is run. You need to remove it so that the Trojan DLL cannot load and keep re-infecting your PC. If you just delete it from RegEdit, it will re-add itself. (Try it. Delete the AppInit_DLLs key and hit F5. Notice it immediatly reappears). Do the following: 1. Rename the HLM\Software\Microsoft\Windows NT\CurrentVersion\Windows folder to Windows2 (select Windows folder and RT click, rename). 2. Now delete the AppInit_DLLs key under the Windows2 folder. 3. Hit F5 and notice that AppInit_DLLs doesn't come back. 4. Rename the Windows2 folder back to Windows. Now that AppInit_DLLs is gone, run the latest AdAware 6 and Housecall to remove any Trojan remnants for good. Reboot your machine. Check the registry and make sure AppInit_DLLs is still gone. Your computer should be free of this for good now. On this computer, there was an infected .dll file in the Windows\System32 directory called comojgl.dll which was detected by Norton, but could not delete. Norton reported the infection as BackDoor.Agent.A. The file, comojgl.dll, was the Trojan. Until I deleted the file using the rename Windows folder trick, Norton continued to report it with the annoying NAV Alert. After reboot, the NAV reported it had deleted it. I was just happy it was gone. Goodluck

0

Dear Verily Slow I shall try and let you know the result Thanks very much sbasti01

0

thank you thank you thank you! I have been struggling with this virus for the past couple of days and followed above directions. I just rebooted my computer and Norton told me that the virus is gone. (they took credit for deleting it, but whatever). Thank you so much

0

Dear Verily Slow Thanks One Million It worked at last Finally the nagging window is gone All credits to you Veryily Slo Cheers Telemachus sbasti01

0

Can someone explain this removal process in "For Dummies" form? Were do I start? Please help a non IT guy out! I have to get rid of this virus!! Thank You in advance, Greg

0

VerilySo, Thank you very much, you made my headache went away. Ebman74, Go to START, > RUN (type REGEDIT) > a registry editor will come up > click on folder called HKEY_LOCAL_MACHINE > Then folder SOFTWARE > then MICROSOFT > WINDOWS NT > Then CURRENT VERSION >WINDOWS > Then look to the right panel there should be a file called "AppInit_DLLs". Now go back to the left panel and highlight the WINDOWS folder > then right click on the mouse > go to RENAME > you need to rename WINDOWS to WINDOWS2 > then go to the right panel and delete the file called "AppInit DLLs". Once it's deleted, back to the folder that you renamed to WINDOWS2, right click and rename it back to WINDOWS. After that reboot your computer, you should be on your way of free Back Door Trojan virus. Hope this help!

0

I'm wrestling with this same trojan on a Windows 2K Pro box. I tried the regedt trick renaming the Windows subtree and that won't work as W2K doesn't have a rename option (no rightclick menu). I also tried booting into safemode to edit the registry and delete the file but that doesn't work because the file's not there and while the key exists there is no value set. There must be some startup task that creates/renames the file and sets the key. My next attempt is to run NAV from safemode but I'm open to suggestions.... Thanks, Dan

0

I have an emachine with XP, and the same backdoor problem. My questionable file is resd.dll, reported as infected, but can not be found anywhere on the machine. Searching the complete registry, I can't find any entry for Applnit, anywhere. Meanwhile, I continue to get popups stating that I am infected with the backdoor virus, and then I get a lot of ads, trying to sell me the programming to get rid of it. Is it possible that the people who sell the product, also created a fake infection, just to make a sale? I AM FRUSTRATED!!!! Dick Rowland dickrowland@sbcglobal.net

0