I did an online scan using symantec's online scanner, and it found a virus
that it called Trojan Horse in the system32 folder. the file that was
infected was called awttqpo.dll but when I googled this file name, it
returned NO results... I dont mean no usable results, I mean NONE. What kind
of virus is discovered by norton, but not discussed by ANYONE on the
internet. It says "Did you ean" but no.. I didn't mean ANYTHING other than
what I typed. Anywho, as you probably guessed, lookig for the path given by
the scanner had poor results. It's not there in reguler or safe mode. So my
question is:

How do you delete awttqpo.dll in C:\WINDOWS\system32 if it can not been seen
in even safe mode, there are no discussion groups on the internet for it, and
there are NO references, phrases, or the SLIGHTEST mention of it ANYWHER in
exstence except for here, right now... Anyone, any ideas? Thanks in advance.

P.S. I put this question here because its a Windows problem (The file is
hidden in a VERY advanced way) and because thre are no other grups that have
discussions for it. Please don't send me other places... I beg of you!

From: "thunderstruck_302********.com" <thunderstruck302hotmailcom@discussions.microsoft. com>

| I did an online scan using symantec's online scanner, and it found a virus
| that it called Trojan Horse in the system32 folder. the file that was
| infected was called awttqpo.dll but when I googled this file name, it
| returned NO results... I dont mean no usable results, I mean NONE. What kind
| of virus is discovered by norton, but not discussed by ANYONE on the
| internet. It says "Did you ean" but no.. I didn't mean ANYTHING other than
| what I typed. Anywho, as you probably guessed, lookig for the path given by
| the scanner had poor results. It's not there in reguler or safe mode. So my
| question is:
|
| How do you delete awttqpo.dll in C:\WINDOWS\system32 if it can not been seen
| in even safe mode, there are no discussion groups on the internet for it, and
| there are NO references, phrases, or the SLIGHTEST mention of it ANYWHER in
| exstence except for here, right now... Anyone, any ideas? Thanks in advance.
|
| P.S. I put this question here because its a Windows problem (The file is
| hidden in a VERY advanced way) and because thre are no other grups that have
| discussions for it. Please don't send me other places... I beg of you!

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

You said "...found a virus that it called Trojan Horse"
You are confused, this is a Trojan and it is NOT a virus !

Google is a NOT a source for all information. At best Google will tell you if a file name
is legitimate or not but that is only half the story since any file can be named anything !

Looking at the file name I'll give it two possibilities.

1. It is <20KB DLL file and it is a Conhook/Klone Trojan

2. It is >400KB DLL file and is really a Vundo Trojan.

Trojans can and do hide. They can make themselves invisible to EXPLORER.EXE and also mark
the file as a Hidden & System file.
However, chaging its attributes so it is NOT a Hidden and System file and performing a
DIRectory command in a Command Prompt would reveal it.

If you look in the Registry, I'll bet you will find...

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awttqpo

Pointing to...

C:\WINDOWS\system32\awttqpo.dll

Now, are you ready to listen ?

I ask that because I noted alot of attitude and assunmoptions in your post and if you want
help you need to drop them and listen. This includes the understanding that if you think
you have a virus, you ask about it is a virus relatede News Group.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Hi Thunder,

"thunderstruck_302********.com" wrote:

> I did an online scan using symantec's online scanner, and it found a virus
> that it called Trojan Horse in the system32 folder. the file that was
> infected was called awttqpo.dll but when I googled this file name, it
> returned NO results.

=> Viruses can be named any name so that not new, the new in the Virus case
is how it is Behave and it's ability to do a severe damage to the infected
Computer/System.
There are many viruses try to Hide from Scanners and Anti-Viruses by
changing their Name, Path and pretend that they are a ligitimate System
Processor to con the AV.

... I dont mean no usable results, I mean NONE. What kind
> of virus is discovered by norton, but not discussed by ANYONE on the
> internet. It says "Did you ean" but no.. I didn't mean ANYTHING other than
> what I typed. Anywho, as you probably guessed, lookig for the path given by
> the scanner had poor results. It's not there in reguler or safe mode. So my
> question is:
>
> How do you delete awttqpo.dll in C:\WINDOWS\system32 if it can not been seen

=> First try to Disable the Runing Processor by Pressing ALT + CTRL + DEL on
your Keyboard/Pad and if Norton mention the Processor say 4 ex. awtt.exe
Disable this and Open your search Engine and type the full name for the
file/folder created by this Virus and Delete it by pressing SHIFT + Delete.
And scan again with your Av to see if it will pick it up again.

> in even safe mode, there are no discussion groups on the internet for it, and
> there are NO references, phrases, or the SLIGHTEST mention of it ANYWHER in
> exstence except for here, right now... Anyone, any ideas? Thanks in advance.


=> There is a NG for Viruses here on MS NG;
http://www.microsoft.com/communities...&lang=en&cr=US


> P.S. I put this question here because its a Windows problem (The file is
> hidden in a VERY advanced way) and because thre are no other grups that have
> discussions for it. Please don't send me other places... I beg of you!

HTH.
Please let us know your progress.
Regards,
nass
-------
www.nasstec.co.uk

On Mon, 9 Oct 2006 08:39:01 -0700, thunderstruck_302********.com
<thunderstruck302hotmailcom@discussions.microsoft. com> wrote:

>I did an online scan using symantec's online scanner, and it found a virus
>that it called Trojan Horse in the system32 folder. the file that was
>infected was called awttqpo.dll but when I googled this file name, it
>returned NO results... I dont mean no usable results, I mean NONE. What kind
>of virus is discovered by norton, but not discussed by ANYONE on the
>internet. It says "Did you ean" but no.. I didn't mean ANYTHING other than
>what I typed. Anywho, as you probably guessed, lookig for the path given by
>the scanner had poor results. It's not there in reguler or safe mode. So my
>question is:
>
>How do you delete awttqpo.dll in C:\WINDOWS\system32 if it can not been seen
>in even safe mode, there are no discussion groups on the internet for it, and
>there are NO references, phrases, or the SLIGHTEST mention of it ANYWHER in
>exstence except for here, right now... Anyone, any ideas? Thanks in advance.
>
>P.S. I put this question here because its a Windows problem (The file is
>hidden in a VERY advanced way) and because thre are no other grups that have
>discussions for it. Please don't send me other places... I beg of you!

Some viruses generate filenames using semi-random names, so not
finding the name elsewhere isn't such a big or suprising thing.

An interesting reply David. I did find some of the spelling in the last
paragraph a
little bizarre, however <g>.

One aspect you didn't mention. Wouldn't an anti-virus scanner normally give
the
option to remove, to quarantine or leave? Most of us would opt to remove or
quarantine thus the file may not still be there to find?

--

Regards.

Gerry
~~~~
FCA
Stourport, England

Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eosTYy76GHA.4996@TK2MSFTNGP04.phx.gbl...
> From: "thunderstruck_302********.com"
> <thunderstruck302hotmailcom@discussions.microsoft. com>
>
> | I did an online scan using symantec's online scanner, and it found a
> virus
> | that it called Trojan Horse in the system32 folder. the file that was
> | infected was called awttqpo.dll but when I googled this file name, it
> | returned NO results... I dont mean no usable results, I mean NONE. What
> kind
> | of virus is discovered by norton, but not discussed by ANYONE on the
> | internet. It says "Did you ean" but no.. I didn't mean ANYTHING other
> than
> | what I typed. Anywho, as you probably guessed, lookig for the path given
> by
> | the scanner had poor results. It's not there in reguler or safe mode. So
> my
> | question is:
> |
> | How do you delete awttqpo.dll in C:\WINDOWS\system32 if it can not been
> seen
> | in even safe mode, there are no discussion groups on the internet for
> it, and
> | there are NO references, phrases, or the SLIGHTEST mention of it ANYWHER
> in
> | exstence except for here, right now... Anyone, any ideas? Thanks in
> advance.
> |
> | P.S. I put this question here because its a Windows problem (The file is
> | hidden in a VERY advanced way) and because thre are no other grups that
> have
> | discussions for it. Please don't send me other places... I beg of you!
>
> There are anti virus News Groups specifically for this type of discussion.
>
> microsoft.public.security.virus
> alt.comp.virus
> alt.comp.anti-virus
>
> You said "...found a virus that it called Trojan Horse"
> You are confused, this is a Trojan and it is NOT a virus !
>
> Google is a NOT a source for all information. At best Google will tell
> you if a file name
> is legitimate or not but that is only half the story since any file can be
> named anything !
>
> Looking at the file name I'll give it two possibilities.
>
> 1. It is <20KB DLL file and it is a Conhook/Klone Trojan
>
> 2. It is >400KB DLL file and is really a Vundo Trojan.
>
> Trojans can and do hide. They can make themselves invisible to
> EXPLORER.EXE and also mark
> the file as a Hidden & System file.
> However, chaging its attributes so it is NOT a Hidden and System file and
> performing a
> DIRectory command in a Command Prompt would reveal it.
>
> If you look in the Registry, I'll bet you will find...
>
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Notify\awttqpo
>
> Pointing to...
>
> C:\WINDOWS\system32\awttqpo.dll
>
> Now, are you ready to listen ?
>
> I ask that because I noted alot of attitude and assunmoptions in your post
> and if you want
> help you need to drop them and listen. This includes the understanding
> that if you think
> you have a virus, you ask about it is a virus relatede News Group.
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

A "Trojan Horse" is technically not a virus. If the Symantec scanner did
identify it; however, it should have offered either a removal/quarantine
mode or a statement that it did not presently have one. I suggest you
Google with something like "free Trojan Horse scanner and remover" to find a
remover.
Gene K

Symantec's online scanner would have given you the name of the Trojan - that
is the name you should have googled for, and you would have found hundreds
of hits. The filename is probably a randomly generated name, as already
suggested.

--
Jon


The reason I decided to write that, was mainly because
"thunderstruck_302********.com"
<thunderstruck302hotmailcom@discussions.microsoft. com> wrote in message
news:7C2FFCCC-68A4-42F4-967A-C7EE0361E575@microsoft.com...
>I did an online scan using symantec's online scanner, and it found a virus
> that it called Trojan Horse in the system32 folder. the file that was
> infected was called awttqpo.dll but when I googled this file name, it
> returned NO results... I dont mean no usable results, I mean NONE. What
> kind
> of virus is discovered by norton, but not discussed by ANYONE on the
> internet. It says "Did you ean" but no.. I didn't mean ANYTHING other than
> what I typed. Anywho, as you probably guessed, lookig for the path given
> by
> the scanner had poor results. It's not there in reguler or safe mode. So
> my
> question is:
>
> How do you delete awttqpo.dll in C:\WINDOWS\system32 if it can not been
> seen
> in even safe mode, there are no discussion groups on the internet for it,
> and
> there are NO references, phrases, or the SLIGHTEST mention of it ANYWHER
> in
> exstence except for here, right now... Anyone, any ideas? Thanks in
> advance.
>
> P.S. I put this question here because its a Windows problem (The file is
> hidden in a VERY advanced way) and because thre are no other grups that
> have
> discussions for it. Please don't send me other places... I beg of you!

From: "Gerry Cornell" <gcjc@tenretnitb.com>

| An interesting reply David. I did find some of the spelling in the last
| paragraph a
| little bizarre, however <g>.
|
| One aspect you didn't mention. Wouldn't an anti-virus scanner normally give
| the
| option to remove, to quarantine or leave? Most of us would opt to remove or
| quarantine thus the file may not still be there to find?
|

Yeah, I embarass myself way too often with spellings mistakes. :-(

The problem with this, and I'll bet it is a Conhook/Klone Trojan rather than the Vundo
Trojan, is not only does it use the Winlogon Notify function to load but it loads as a
Browser Helper Object (BHO) with a randomized CSLID. This is a self preservation Trojan.
That it is takes steps to prevent its removal. Quarantining is removal but storing it in a
safe place where it can do no harm if it is truly malicious or restorable if it was deemed
non-malicious (aka; False Positive).

If it is what I suspect, then if you try to delete...
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\awttqpo

it would appear as if you were succesful but, if you close Regedit and look again it would
still be there. The same goes for the BHO and if you used something like BHODemon it
wouldn't be able to remove it either.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

David

Thanks. Point taken.


--

Regards.

Gerry
~~~~
FCA
Stourport, England

Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:eNA4dR86GHA.1560@TK2MSFTNGP04.phx.gbl...
> From: "Gerry Cornell" <gcjc@tenretnitb.com>
>
> | An interesting reply David. I did find some of the spelling in the last
> | paragraph a
> | little bizarre, however <g>.
> |
> | One aspect you didn't mention. Wouldn't an anti-virus scanner normally
> give
> | the
> | option to remove, to quarantine or leave? Most of us would opt to remove
> or
> | quarantine thus the file may not still be there to find?
> |
>
> Yeah, I embarass myself way too often with spellings mistakes. :-(
>
> The problem with this, and I'll bet it is a Conhook/Klone Trojan rather
> than the Vundo
> Trojan, is not only does it use the Winlogon Notify function to load but
> it loads as a
> Browser Helper Object (BHO) with a randomized CSLID. This is a self
> preservation Trojan.
> That it is takes steps to prevent its removal. Quarantining is removal
> but storing it in a
> safe place where it can do no harm if it is truly malicious or restorable
> if it was deemed
> non-malicious (aka; False Positive).
>
> If it is what I suspect, then if you try to delete...
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows
> NT\CurrentVersion\Winlogon\Notify\awttqpo
>
> it would appear as if you were succesful but, if you close Regedit and
> look again it would
> still be there. The same goes for the BHO and if you used something like
> BHODemon it
> wouldn't be able to remove it either.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>

From: "Gerry Cornell" <gcjc@tenretnitb.com>

| David
|
| Thanks. Point taken.
|

The problem is how to remove it under a running OS. It would mean killing; EXPLORER, SMSS,
CSRSS and the WINLOGON processes at the minimum or at least suspending those process.
However, the last time I ran against a Conhook/Klone Trojan the above process created a BSoD
condition.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

sry if my spelling gave you the hebee jebees.. lol, no... really, I didnt
mean to piss ou off with poor spelling. anywho... I checked for the registry
entries with no luck, I even searched the registry for he file name, but I
only found it under Search Assistant somehwere off in HKEY_Users under
Software/Microsoft/Search Assistant

The reason the scanner didnt have that option to delete or quarantine is
because I am using hte Norton Online scanner to CHECK for all the viruses.
So, can someone explian to me, as I am not really sure of how his works.....
How is the virus hiding itself? Is it really in the system32 folder, just
hidden? If so, and if it is like you say (hidden to explorer) is there any
forcable way to unhide it?

"Jon" wrote:

> Symantec's online scanner would have given you the name of the Trojan - that
> is the name you should have googled for, and you would have found hundreds
> of hits. The filename is probably a randomly generated name, as already
> suggested.
>
> --
> Jon
>
>
> The reason I decided to write that, was mainly because
> "thunderstruck_302********.com"
> <thunderstruck302hotmailcom@discussions.microsoft. com> wrote in message
> news:7C2FFCCC-68A4-42F4-967A-C7EE0361E575@microsoft.com...
> >I did an online scan using symantec's online scanner, and it found a virus
> > that it called Trojan Horse in the system32 folder. the file that was
> > infected was called awttqpo.dll but when I googled this file name, it
> > returned NO results... I dont mean no usable results, I mean NONE. What
> > kind
> > of virus is discovered by norton, but not discussed by ANYONE on the
> > internet. It says "Did you ean" but no.. I didn't mean ANYTHING other than
> > what I typed. Anywho, as you probably guessed, lookig for the path given
> > by
> > the scanner had poor results. It's not there in reguler or safe mode. So
> > my
> > question is:
> >
> > How do you delete awttqpo.dll in C:\WINDOWS\system32 if it can not been
> > seen
> > in even safe mode, there are no discussion groups on the internet for it,
> > and
> > there are NO references, phrases, or the SLIGHTEST mention of it ANYWHER
> > in
> > exstence except for here, right now... Anyone, any ideas? Thanks in
> > advance.
> >
> > P.S. I put this question here because its a Windows problem (The file is
> > hidden in a VERY advanced way) and because thre are no other grups that
> > have
> > discussions for it. Please don't send me other places... I beg of you!
>
>

You need to post in the name of the Trojan that the online scanner gave you.
Re-run it if you don't remember. I doubt very much that the only information
it gave you was a filename.

--
Jon


I was more than a little surprised to hear the following from
"thunderstruck_302********.com"
<thunderstruck302hotmailcom@discussions.microsoft. com> in message
news:ACE3DED8-2355-4A99-BF9D-B6628E27DEB9@microsoft.com...
> sry if my spelling gave you the hebee jebees.. lol, no... really, I didnt
> mean to piss ou off with poor spelling. anywho... I checked for the
> registry
> entries with no luck, I even searched the registry for he file name, but I
> only found it under Search Assistant somehwere off in HKEY_Users under
> Software/Microsoft/Search Assistant
>
> The reason the scanner didnt have that option to delete or quarantine is
> because I am using hte Norton Online scanner to CHECK for all the viruses.
> So, can someone explian to me, as I am not really sure of how his
> works.....
> How is the virus hiding itself? Is it really in the system32 folder, just
> hidden? If so, and if it is like you say (hidden to explorer) is there any
> forcable way to unhide it?
>
> "Jon" wrote:
>
>> Symantec's online scanner would have given you the name of the Trojan -
>> that
>> is the name you should have googled for, and you would have found
>> hundreds
>> of hits. The filename is probably a randomly generated name, as already
>> suggested.
>>
>> --
>> Jon
>>
>>
>> The reason I decided to write that, was mainly because
>> "thunderstruck_302********.com"
>> <thunderstruck302hotmailcom@discussions.microsoft. com> wrote in message
>> news:7C2FFCCC-68A4-42F4-967A-C7EE0361E575@microsoft.com...
>> >I did an online scan using symantec's online scanner, and it found a
>> >virus
>> > that it called Trojan Horse in the system32 folder. the file that was
>> > infected was called awttqpo.dll but when I googled this file name, it
>> > returned NO results... I dont mean no usable results, I mean NONE. What
>> > kind
>> > of virus is discovered by norton, but not discussed by ANYONE on the
>> > internet. It says "Did you ean" but no.. I didn't mean ANYTHING other
>> > than
>> > what I typed. Anywho, as you probably guessed, lookig for the path
>> > given
>> > by
>> > the scanner had poor results. It's not there in reguler or safe mode.
>> > So
>> > my
>> > question is:
>> >
>> > How do you delete awttqpo.dll in C:\WINDOWS\system32 if it can not been
>> > seen
>> > in even safe mode, there are no discussion groups on the internet for
>> > it,
>> > and
>> > there are NO references, phrases, or the SLIGHTEST mention of it
>> > ANYWHER
>> > in
>> > exstence except for here, right now... Anyone, any ideas? Thanks in
>> > advance.
>> >
>> > P.S. I put this question here because its a Windows problem (The file
>> > is
>> > hidden in a VERY advanced way) and because thre are no other grups that
>> > have
>> > discussions for it. Please don't send me other places... I beg of you!
>>
>>

From: "thunderstruck_302********.com" <thunderstruck302hotmailcom@discussions.microsoft. com>

| sry if my spelling gave you the hebee jebees.. lol, no... really, I didnt
| mean to piss ou off with poor spelling. anywho... I checked for the registry
| entries with no luck, I even searched the registry for he file name, but I
| only found it under Search Assistant somehwere off in HKEY_Users under
| Software/Microsoft/Search Assistant
|
| The reason the scanner didnt have that option to delete or quarantine is
| because I am using hte Norton Online scanner to CHECK for all the viruses.
| So, can someone explian to me, as I am not really sure of how his works.....
| How is the virus hiding itself? Is it really in the system32 folder, just
| hidden? If so, and if it is like you say (hidden to explorer) is there any
| forcable way to unhide it?
|

Go to; Start --> Run
enter; CMD.EXE

Tyep the following commands in the Command Prompt

cd %windir%\system32

attrib -r -h -s *.dll

copy awttqpo.dll c:\

exit



Please submit "C:\awttqpo.dll" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against many different AV vendor's scanners.
That will give you an idea what it is and who recognizes it. In addition, unless told
otherwise, Virus Total will provide the sample to all participating vendors.

You can also submit a suspect, one at a time, via the following email URL...
mailto:scan@virustotal.com?subject=SCAN

When you get the report, please post back the exact results.


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

Some notes about seeing hidden files.

To investigate how you are using hard disk space you need to make sure that
you can see all files. Go to Start, Control Panel, Folder Options, View,
Advanced Settings and verify that the box before "Show hidden files and
folders" is checked and "Hide protected operating system files " is
unchecked. You may need to scroll down to see the second item. You should
also make certain that the box before "Hide extensions for known file types"
is not checked. Next in Windows Explorer make sure View, Details is selected
and then select View, Choose Details and check before Name, Type, Total
Size, and Free Space.

You still will not see the System Volume Information folder.
How to Gain Access to the System Volume Information Folder
http://support.microsoft.com/default...b;en-us;309531

FileSize -a useful tool for use with Windows Explorer when investigating how
disk space is being used.
http://markd.mvps.org/

The download link is not obvious. Click the here in the two sentences of the
web page accessed through the link above. "I can't count the number of times
someone has asked for this. So here is a module you can install that shows a
Folder Size column in Explorer."

However, some viruses / trojans circumvent normal viewing methods. To
remove
them you need specialist advice. If you run the Online Scan again and it is
still
present you can get the name of the actual Trojan which is needed.

--

Hope this helps.

Gerry
~~~~
FCA
Stourport, England

Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~


"thunderstruck_302********.com"
<thunderstruck302hotmailcom@discussions.microsoft. com> wrote in message
news:ACE3DED8-2355-4A99-BF9D-B6628E27DEB9@microsoft.com...
> sry if my spelling gave you the hebee jebees.. lol, no... really, I didnt
> mean to piss ou off with poor spelling. anywho... I checked for the
> registry
> entries with no luck, I even searched the registry for he file name, but I
> only found it under Search Assistant somehwere off in HKEY_Users under
> Software/Microsoft/Search Assistant
>
> The reason the scanner didnt have that option to delete or quarantine is
> because I am using hte Norton Online scanner to CHECK for all the viruses.
> So, can someone explian to me, as I am not really sure of how his
> works.....
> How is the virus hiding itself? Is it really in the system32 folder, just
> hidden? If so, and if it is like you say (hidden to explorer) is there any
> forcable way to unhide it?
>
> "Jon" wrote:
>
>> Symantec's online scanner would have given you the name of the Trojan -
>> that
>> is the name you should have googled for, and you would have found
>> hundreds
>> of hits. The filename is probably a randomly generated name, as already
>> suggested.
>>
>> --
>> Jon
>>
>>
>> The reason I decided to write that, was mainly because
>> "thunderstruck_302********.com"
>> <thunderstruck302hotmailcom@discussions.microsoft. com> wrote in message
>> news:7C2FFCCC-68A4-42F4-967A-C7EE0361E575@microsoft.com...
>> >I did an online scan using symantec's online scanner, and it found a
>> >virus
>> > that it called Trojan Horse in the system32 folder. the file that was
>> > infected was called awttqpo.dll but when I googled this file name, it
>> > returned NO results... I dont mean no usable results, I mean NONE. What
>> > kind
>> > of virus is discovered by norton, but not discussed by ANYONE on the
>> > internet. It says "Did you ean" but no.. I didn't mean ANYTHING other
>> > than
>> > what I typed. Anywho, as you probably guessed, lookig for the path
>> > given
>> > by
>> > the scanner had poor results. It's not there in reguler or safe mode.
>> > So
>> > my
>> > question is:
>> >
>> > How do you delete awttqpo.dll in C:\WINDOWS\system32 if it can not been
>> > seen
>> > in even safe mode, there are no discussion groups on the internet for
>> > it,
>> > and
>> > there are NO references, phrases, or the SLIGHTEST mention of it
>> > ANYWHER
>> > in
>> > exstence except for here, right now... Anyone, any ideas? Thanks in
>> > advance.
>> >
>> > P.S. I put this question here because its a Windows problem (The file
>> > is
>> > hidden in a VERY advanced way) and because thre are no other grups that
>> > have
>> > discussions for it. Please don't send me other places... I beg of you!
>>
>>

the name given by the scanner is simply Trojan Horse. Believe it or not.....
it said: C:\WINDOWS\system32\awttqpo.dl is infected with Trojan Horse.

as for those cmd codes, ill give them a try, but i wish it was a little
easier for me to read what u mean.. like, so I know EXACTLY what I have to
type. anywho, when u say I should post it back here, does that mean you'll e
watching this thread no matter how far back it goes? or should I start up a
new one (if you say yes, then ill make a new thread with the same name as
this one but name it #2)

"Gerry Cornell" wrote:

> Some notes about seeing hidden files.
>
> To investigate how you are using hard disk space you need to make sure that
> you can see all files. Go to Start, Control Panel, Folder Options, View,
> Advanced Settings and verify that the box before "Show hidden files and
> folders" is checked and "Hide protected operating system files " is
> unchecked. You may need to scroll down to see the second item. You should
> also make certain that the box before "Hide extensions for known file types"
> is not checked. Next in Windows Explorer make sure View, Details is selected
> and then select View, Choose Details and check before Name, Type, Total
> Size, and Free Space.
>
> You still will not see the System Volume Information folder.
> How to Gain Access to the System Volume Information Folder
> http://support.microsoft.com/default...b;en-us;309531
>
> FileSize -a useful tool for use with Windows Explorer when investigating how
> disk space is being used.
> http://markd.mvps.org/
>
> The download link is not obvious. Click the here in the two sentences of the
> web page accessed through the link above. "I can't count the number of times
> someone has asked for this. So here is a module you can install that shows a
> Folder Size column in Explorer."
>
> However, some viruses / trojans circumvent normal viewing methods. To
> remove
> them you need specialist advice. If you run the Online Scan again and it is
> still
> present you can get the name of the actual Trojan which is needed.
>
> --
>
> Hope this helps.
>
> Gerry
> ~~~~
> FCA
> Stourport, England
>
> Enquire, plan and execute
> ~~~~~~~~~~~~~~~~~~~
>
>
> "thunderstruck_302********.com"
> <thunderstruck302hotmailcom@discussions.microsoft. com> wrote in message
> news:ACE3DED8-2355-4A99-BF9D-B6628E27DEB9@microsoft.com...
> > sry if my spelling gave you the hebee jebees.. lol, no... really, I didnt
> > mean to piss ou off with poor spelling. anywho... I checked for the
> > registry
> > entries with no luck, I even searched the registry for he file name, but I
> > only found it under Search Assistant somehwere off in HKEY_Users under
> > Software/Microsoft/Search Assistant
> >
> > The reason the scanner didnt have that option to delete or quarantine is
> > because I am using hte Norton Online scanner to CHECK for all the viruses.
> > So, can someone explian to me, as I am not really sure of how his
> > works.....
> > How is the virus hiding itself? Is it really in the system32 folder, just
> > hidden? If so, and if it is like you say (hidden to explorer) is there any
> > forcable way to unhide it?
> >
> > "Jon" wrote:
> >
> >> Symantec's online scanner would have given you the name of the Trojan -
> >> that
> >> is the name you should have googled for, and you would have found
> >> hundreds
> >> of hits. The filename is probably a randomly generated name, as already
> >> suggested.
> >>
> >> --
> >> Jon
> >>
> >>
> >> The reason I decided to write that, was mainly because
> >> "thunderstruck_302********.com"
> >> <thunderstruck302hotmailcom@discussions.microsoft. com> wrote in message
> >> news:7C2FFCCC-68A4-42F4-967A-C7EE0361E575@microsoft.com...
> >> >I did an online scan using symantec's online scanner, and it found a
> >> >virus
> >> > that it called Trojan Horse in the system32 folder. the file that was
> >> > infected was called awttqpo.dll but when I googled this file name, it
> >> > returned NO results... I dont mean no usable results, I mean NONE. What
> >> > kind
> >> > of virus is discovered by norton, but not discussed by ANYONE on the
> >> > internet. It says "Did you ean" but no.. I didn't mean ANYTHING other
> >> > than
> >> > what I typed. Anywho, as you probably guessed, lookig for the path
> >> > given
> >> > by
> >> > the scanner had poor results. It's not there in reguler or safe mode.
> >> > So
> >> > my
> >> > question is:
> >> >
> >> > How do you delete awttqpo.dll in C:\WINDOWS\system32 if it can not been
> >> > seen
> >> > in even safe mode, there are no discussion groups on the internet for
> >> > it,
> >> > and
> >> > there are NO references, phrases, or the SLIGHTEST mention of it
> >> > ANYWHER
> >> > in
> >> > exstence except for here, right now... Anyone, any ideas? Thanks in
> >> > advance.
> >> >
> >> > P.S. I put this question here because its a Windows problem (The file
> >> > is
> >> > hidden in a VERY advanced way) and because thre are no other grups that
> >> > have
> >> > discussions for it. Please don't send me other places... I beg of you!
> >>
> >>
>
>
>