dereksheahan
asked on
Help! edlm2.exe trojan horse attack
Hi All,
A few days ago I got a message from Norton saying "High Alert Trojan Horse Virus". As I was busy I didn't take much notice. Now, 2 or 3 days later when I use the computer most of the programs shut down after a few seconds! The virus is almost continously found by Norton but the issue only seems to be getting worse. I also tried installing xsoftspy virus remover but that said it was unable to remove the threat. I also tried deleting the file manually but it keeps reappearing!
The Norton box that pops up continously looks like this:
Object name: c:\windows\system32\edlm2.
Virus Name: Trojan Horse
Action Taken: Unable to repair this file
Action Taken: Access to the file was denied
Any help would be greatly appreciated.
Thanks,
Derel
A few days ago I got a message from Norton saying "High Alert Trojan Horse Virus". As I was busy I didn't take much notice. Now, 2 or 3 days later when I use the computer most of the programs shut down after a few seconds! The virus is almost continously found by Norton but the issue only seems to be getting worse. I also tried installing xsoftspy virus remover but that said it was unable to remove the threat. I also tried deleting the file manually but it keeps reappearing!
The Norton box that pops up continously looks like this:
Object name: c:\windows\system32\edlm2.
Virus Name: Trojan Horse
Action Taken: Unable to repair this file
Action Taken: Access to the file was denied
Any help would be greatly appreciated.
Thanks,
Derel
ASKER
Thanks r-k,
Its on my parents computer so I only go over there every few days. I followed the above steps and ran the virus scan. It was taking too long so I had to leave. I'll take a look at the results of it 2moro and let you know if it worked. Thanks for your help.
D
Its on my parents computer so I only go over there every few days. I followed the above steps and ran the virus scan. It was taking too long so I had to leave. I'll take a look at the results of it 2moro and let you know if it worked. Thanks for your help.
D
ASKER
Thanks, thats after getting rid of the virus alright. One thing is after going a little strange with the computer now though. It takes a very long time for a user to log off or for the computer to shut down. This never used to happen before now as its a very new machine. Any suggestions on why this may be happening? I could post it as a new question in a different area as its only indirectly related to security?
Thanks,
D
Thanks,
D
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks a mil, I'll do that over the weekend so. Have a good one
D
D
ASKER
Hi r-k,
sorry I haven't been in touch on the matter. Was away so didn't get a chance to complete your steps. Got the first part completed and the computer seems to be working fine again. I'll try to do the rest of the steps over the next few days.
Thanks,
D
sorry I haven't been in touch on the matter. Was away so didn't get a chance to complete your steps. Got the first part completed and the computer seems to be working fine again. I'll try to do the rest of the steps over the next few days.
Thanks,
D
No rush, and good luck.
ASKER
Hi r-k,
here's a link to that file you suggested I upload for you.
http://www.reachateacher.ie/viruscheck.html
Thanks so much for your help,
D
here's a link to that file you suggested I upload for you.
http://www.reachateacher.ie/viruscheck.html
Thanks so much for your help,
D
(0) If running XP Home, boot in safe mode, if XP Pro, then start with step (1)
(1) Right click on the file (edlm2.exe) in Windows Explorer or My Computer, select Properties
(2) Click on the Security tab.
(3) Click on the Advanced button.
(4) Uncheck the box labeled "Inherit from Parent...", then click "Remove"
(5) Close all windows.
(6) Reboot.
After reboot the file will be unable to run (because no one can access it any more). The symptoms should be gone.
You should then re-scan your disk with Norton to remove the rest of the virus.
Let us know if any of the above does not work.