I need some help on this one.

Attached Files

hijackthis.txt (4.7 KB, 4 views)

[b]Boot into safe mode.[/b] See how HERE. [url]http://www.bleepingcomputer.com/forums/tutorial61.html[/url]

[b]Turn off system restore.(XP/ME only)[/b] See how HERE. [url]http://www.bleepingcomputer.com/forums/tutorial56.html[/url]

[b]In Windows Explorer, turn on "Show all files and folders, including hidden and system".[/b] See how HERE. [url]http://www.bleepingcomputer.com/forums/tutorial62.html[/url]

Click start/run and type regsvr32 /u E:\WINDOWS\SYSTEM32\winetn32.dll into the run box and press the enter key. Note the space between the 2 and the forward slash and again between the u and c.

Run HJT with no other programmes open. Have HJT fix the following, by placing a tick in the little box next to(if there).

O20 - Winlogon Notify: winetn32 - E:\WINDOWS\SYSTEM32\winetn32.dll

Click on the fix checked button.

Close HJT.

Locate and delete the following [b]bold[/b] files and/or directories(if there).

E:\WINDOWS\SYSTEM32\[b]winetn32.dll[/b]

Reboot into normal mode and turn system restore back on.


Regards Howard

Thanx for your help. I have followed the instructions but i cannot delete winetn32.dl l it says access denied currently in use.....

I am cuurently using AVG and this popup that a virus is detected keeps poping up even though i press heal or move to vault!!!.

Attached Images

AVG popup.JPG (42.4 KB, 6 views)

Run HJT and click on the config button, then the misc tools button. Click the delete file on reboot button and browse to E:\WINDOWS\SYSTEM32\winetn32.dll. Click winetn32.dll and click open. You will be prompted to reboot your computer, click yes.

Do exactly the same for this this file as well. E:\windows\temp\win7.temp

The file should be deleted when your computer restarts.

Please post a fresh HJT log after doing the above.

Regards Howard

I have merged your new thread into this one and have given you instructions on how to deal with the win7.temp file(see above).

Please carry on posting in this thread, rather than opening new threads for what is the same problem. Thanks.

Regards Howard

Ok I have managed to get rid of the .dll file. In the windows temp i cant delete ZLT07e76.TMP i tried to do it in safe mode but in safe mode that file doesnt appear.

Attached Files

hijackthis.txt (4.3 KB, 3 views)

First, your HJT log is clean.

I can`t find any info on ZLT07e76.TMP.

You will probably need to do the following. [b]In Windows Explorer, turn on "Show all files and folders, including hidden and system".[/b] See how HERE. [url]http://www.bleepingcomputer.com/forums/tutorial62.html[/url]


Download the Pocket Killbox programme from [URL=http://www.bleepingcomputer.com/files/killbox.php]HERE.[/URL] See if that can delete the file.

Regards Howard

That cant delete the file either!!! I have tried the kill on reboot option also. btw I think i have seen that file in the past though.....

What makes you think the ZLT07e76.TMP is nasty?

What application is telling you about the presence of that file? Maybe it`s a false positive.

When you say you`ve seen the file before, can you tell us what you mean exactly?

Regards Howard

My apologies. No application has said that file is present. The fact that i cant delete it, had led me to believe that it was something nasty. I have seen it in the past when i would manually delete tmps. Since my HJT is clear and you think it aint a virus then I'll leave it at that.

Thanks alot for your ongoing help and smilies.

It probably belongs to some application you`re running and in all likelyhood is nothing to worry about.

Regards Howard

Conficker drops the following copies of itself shown at the bottom. Though that may not be what it is, I'd suggest going to one of the major security company web site that has Conficker remover tools and run one anyway.

The ZLT file is a log file from Zone Alarm. If you go offline and disable zone alarm you should be able to delete it from the Temp file. There is probably an option somewhere in the interface to stop it from creating logs, or even for clearing the log file cache. Not sure about that though.

%System%\[Random].tmp
%Temp%\[Random].tmp