Hello all,

Norton AntiVirus detected Trojan.Adclicker on my PC, and I am having trouble removing it.  I followed the instructions at http://www.symantec.com/security_response/writeup.jsp?docid=2002-091214-5754-99&tabid=3, but after running the full system scan in step 4, Norton AntiVirus cannot delete the infected file (or quarantine it).  I cannot delete it either - I get a message telling me that it's in use or that I don't have the security to access it (and I have admin rights).  The infected file is c:\windows\system32\msziptools.dll.  Also, this infected file is not referenced in my registry in either the registry keys mentioned in step 5.  How can I completely remove this trojan from my computer? 

Thanks,

Sue 

---

sloozy66 wrote:

Hello all,

 

Norton AntiVirus detected Trojan.Adclicker on my PC, and I am having trouble removing it.  I followed the instructions at http://www.symantec.com/security_response/writeup.jsp?docid=2002-091214-5754-99&tabid=3, but after running the full system scan in step 4, Norton AntiVirus cannot delete the infected file (or quarantine it).  I cannot delete it either - I get a message telling me that it's in use or that I don't have the security to access it (and I have admin rights).  The infected file is c:\windows\system32\msziptools.dll.  Also, this infected file is not referenced in my registry in either the registry keys mentioned in step 5.  How can I completely remove this trojan from my computer? 

 

Thanks,

Sue 

---

Hi This is Tech0utsider =)

The file could be in use by vital Windows processes. Deleting it could crash your system. Do you have Norton AntiVirus 09? If not, upgrade ASAP:

http://shop.symantecstore.com/store/symnahho/en_US/ContentTheme/ThemeID.106300/pbPage.Trialware_en_US

Then, run a full system scan in safe mode. That way, the file hopefully won't be in use and can be safely removed. 

Please send the file to Symantec and see what they have to say

Malware Submission 

Hi Sue

The file is  used by trojan.adclicker. 

Are you will to use "Hijackthis" and PM (personal message)me the log as the file in use shows up in that as a filter hijack? 

Quads 

Download, run a full scan, and save a logfile using HiJackThis:

http://www.download.com/3001-8022_4-10781312.html?spi=808d48f7d41c1480996129ac1e08a740

You can also PM me a copy too :). Right click on my name and select PM. 

Safer link to HiJackThis. The real site.

http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis

Actually click "do a system scan and save a log file". 

It is already picked up by Norton as an infection, due to being used at start- up it can not be deleted, so after using Hijackthis, and fixing the correct entry (I know what it looks like in the list, the joys of being trained). after restarting the PC the File is no longer being used. So can be deleted.

Quads 

Never got trained, however I have a solid foundation. =)…until he replies.

Just give him some time. If he still has the problem, he’ll be back

---

Stu wrote:
Just give him some time. If he still has the problem, he'll be back

---

LOL, I thought "Sue" was a female name, must be cos I'm from NZ.    

haha

I did not see her signature. I just looked at her nickname ;)

Wow - I just posted this yesterday, I check in today, and 10 responses.  Thanks for all of the suggestions.  I did manage to find a fix - cnet recommended Malwarebytes' Anti-Malware and it did the trick!  My PC is clean again! 

Thanks again,

Sue