• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 193
  • Last Modified:

Help! edlm2.exe trojan horse attack

Hi All,
A few days ago I got a message from Norton saying "High Alert Trojan Horse Virus". As I was busy I didn't take much notice. Now, 2 or 3 days later when I use the computer most of the programs shut down after a few seconds! The virus is almost continously found by Norton but the issue only seems to be getting worse. I also tried installing xsoftspy virus remover but that said it was unable to remove the threat.  I also tried deleting the file manually but it keeps reappearing!
The Norton box that pops up continously looks like this:
Object name: c:\windows\system32\edlm2.exe
Virus Name: Trojan Horse
Action Taken: Unable to repair this file
Action Taken: Access to the file was denied

Any help would be greatly appreciated.
Thanks,
Derel
0
dereksheahan
Asked:
dereksheahan
  • 5
  • 3
1 Solution
 
r-kCommented:
Try the following:

(0) If running XP Home, boot in safe mode, if XP Pro, then start with step (1)

(1) Right click on the file (edlm2.exe) in Windows Explorer or My Computer, select Properties

(2) Click on the Security tab.

(3) Click on the Advanced button.

(4) Uncheck the box labeled "Inherit from Parent...", then click "Remove"

(5) Close all windows.

(6) Reboot.

After reboot the file will be unable to run (because no one can access it any more). The symptoms should be gone.

You should then re-scan your disk with Norton to remove the rest of the virus.

Let us know if any of the above does not work.

0
 
dereksheahanAuthor Commented:
Thanks r-k,
Its on my parents computer so I only go over there every few days. I followed the above steps and ran the virus scan. It was taking too long so I had to leave. I'll take a look at the results of it 2moro and let you know if it worked.  Thanks for your help.
D
0
 
dereksheahanAuthor Commented:
Thanks, thats after getting rid of the virus alright. One thing is after going a little strange with the computer now though. It takes a very long time for a user to log off or for the computer to shut down. This never used to happen before now as its a very new machine. Any suggestions on why this may be happening? I could post it as a new question in a different area as its only indirectly related to security?
Thanks,
D
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
r-kCommented:
Glad things are somewhat better at least.

Re. the log-off problem, the original trojan may have left behind something that is interfering. To be sure, can you please do the following:

Download and run HijackThis from http://www.hijackthis.de/
Copy-and-paste the resulting log back to that same web site (not here)
Click on "Analyze", and then click on "Save Analysis" at the bottom of the next page.
Finally post a link here to the saved analyzed page.

I realize this is your parents computer so it may not be reasonable to expect them to do all this, but if you could do it the next time over there it would definitely help in pinpointing any remaining problems.

In fact, as long as you are over there anyway, you could also do the following if you have the time:

(1) Download Autoruns from: http://www.sysinternals.com/Utilities/Autoruns.html

(2) Run the program. It lists a bunch of things that start when Windows starts.

(3) From the menu bar, select Options, and uncheck "Include Empty Locations" and "check" "Hide Microsoft Entries"

(4) This will give you a shorter, more meaningful list.

(5) Examine that list and disable anything suspicious by un-checking it. Then reboot and see if it helped.

(6) If not, or if not sure, you can use the File -> Save as.. option in Autoruns to save the list to a text file and then cut and paste it here.

Finally, the fololowing is not likely to be too productive, but if you have the interest you can browse this link:

 http://support.microsoft.com/default.aspx?scid=kb;en-us;308029

Good luck.

0
 
dereksheahanAuthor Commented:
Thanks a mil, I'll do that over the weekend so. Have a good one
D
0
 
dereksheahanAuthor Commented:
Hi r-k,
sorry I haven't been in touch on the matter. Was away so didn't get a chance to complete your steps. Got the first part completed and the computer seems to be working fine again. I'll try to do the rest of the steps over the next few days.
Thanks,
D
0
 
r-kCommented:
No rush, and good luck.
0
 
dereksheahanAuthor Commented:
Hi r-k,
here's a link to that file you suggested I upload for you.
http://www.reachateacher.ie/viruscheck.html

Thanks so much for your help,
D
0

Featured Post

 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

  • 5
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now