a1420e.dll

motohead · ‎03-08-2009

get this message constantly and cannot remove the offender

Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: Trojan Horse
File: C:\WINDOWS\system32\a1420e.dll
Location: C:\WINDOWS\system32
Computer: IBM-99D43157127
User: SYSTEM
Action taken: Clean failed : Quarantine failed : Access denied
Date found: Sunday, March 08, 2009 4:41:20 PM

what to do?

Quads · ‎07-21-2008

Hi

1. Download, install, update definitions and run a full scan of Malwarebytes http://www.malwarebytes.org/mbam.php

2. if that doesn't work, post a Hijackthis log, Hijackthis http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Quads

dbrisendine · ‎10-06-2008

What is your OS (XP, Vista, ??, service packs?)?

What is your Antivirus software and version (Help>About>Version)?

Can you download SUPERAntiSpyware and update / run it in Windows SAFE mode?

huwyngr · ‎04-13-2008

Thanks for the detail -- what version of Windows are you using including Service Packs and whether 32 bit or 64 bit.

What version of what Norton software are you using -- Name and Year and Version ID -- check in Help / About nn.nn.nn.nn

Are you logged on with full administrative rights? If not that could be stopping the deletion and running Norton in SAFE mode might fix this.

Have a look at this message: How to troubleshoot a suspected Malware infection

At the end are these instructions on submitting a file for checking:

Submit suspicious files for analysis:

Any suspicious files identified in the above steps should be submitted to Symantec Security Response for analysis:

- There are 2 locations to which you can submit malware:
http://www.threatexpert.com/submit.aspx - use this submission page if you would like a quicker response on your submitted malware. It also provides a place to track your past submissions
https://submit.symantec.com/retail - use this submission page if you would like to pass along malware information to Symantec without an immediate follow-up
- Locate the files identified above and submit for analysis following the instructions provided
- An email with a tracking number one will sent once the submission has been received.
- A closing email will be sent once submissions have been processed with the results of the analysis
- For files which are determined to be malicious, details of the definition versions which provide detection will be included in the email.

The threatexpert is really interesting since you can get a reply back in a few minutes -- a test file I sent took about 7 minutes for the very detailed email to arrive. (You don't get an email with a tracking number with this service and the incoming email may be put in yuour spam folder if you have a spam filter so check there as well as your normal in-box (and tell the AntiSpam not to filter it in future <s>)

The second may take much longer to hear from.

Look forward to hearing from you with the information and whether your are able to follow the analysis methods which help everyone.

edited to insert link to Malware message

Message Edited by huwyngr on 03-08-2009 05:28 PM

Hugh

motohead · ‎03-08-2009

just downloaded and ran Malwarebytes and appears that it has removed the problem..................after trying three other applications earlier

thanks very much!

Quads · ‎07-21-2008

Quads wrote:

Hi

1. Download, install, update definitions and run a full scan of Malwarebytes http://www.malwarebytes.org/mbam.php

2. if that doesn't work, post a Hijackthis log, Hijackthis http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Quads