Are you familiar with Process Explorer? I've already uploaded here in symantec that application. First try to terminate the running application of that virus then zip and send the sample to symantec.

No, I am not familiar with it, however I did find it and downloaded it and can run it.  Just not sure what it is telling me.  I can find the "bad file" on my computer, I just cant delete the darn thing.  Here is the file;

File:  C:\WINDOWS\ukebidukemug.dll

I could zip it and send it along if that helps.

Or, if you can walk me through what to do with the Process Explorer that would be good as well.  I know when I run a reg edit, the process that is tied to it is rundll32.exe  and I can terminate that through the normal process tracker.

Ok, small update - I used the Process Explorer to identify all application/processes that were relying on the dll listed above.  I then stopped all of those processes and eventaully Symantec was able to quarantine the dll in question and I then deleted it.  However, it appears as if the virus will just replace the old dll with a new dll.  So while I may have fixed the single dll, I dont think the problem is solved.  I also removed the first dll from my registry.  That should stop the message I now get on start up that is is missing. 

I will keep posted.

JD

Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you'll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you'll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

I can easily locate unwanted application running just simply look at explorer.exe
Under that all applications running is usually found at your right part of taskbar. I forgot what its called.
^_^

Yeah. I really like this tool. I can troubleshoot and isolate any kind of application problem wheather virus detection, or unwanted DLL 

Thanks for the info.  After I used the process explorer and nuked all processes using the suspect dll, I was able to delete it and now the system seems to be working fine.

Thanks for the help.

JD

No problem. To me, its the best tool I ever used.

hey kalrod23. i just read an noticed u had the same problem i'm having now. would u pleas explain to me how u used the process explorer to stop your dlls and how u did to get rid of that trojan. thnx a lot.
this thing is really getting on my nerve n just dnt no how to get rid of it.

hello! anyone out there can advise me how to get rid of Trojan.Zefarch!gen????? pleasseeeeeeeeeeeeeeeeeeeeee..

Trofan.Zefarch!gen has also infected my system for several weeks. I will try the above.

Read from Symantec Threats and Risks this article : Trojan.Zefarch!gen - Removal

Hope it helps

regards,
Paolo

I have tried everything and this virus is persistent. Can someone please tell me how to get rid of it for good. I have tried scans in ordinary mode and safe mode. I have tried updates and still no luck. How do you delete this virus from your hard drive.

Yep, same here.  Symantec finds the virus, but says it only partially removes it.  Is there some way to permanently remove it?

i've downloaded process explorer and am able to spot the random .dll (in my case, it's called owebamisabamo.dll, which seems to be in almost every file under explorer.exe). can someone please show everyone how to go about cleaning this virus that just won't seem to go away?

kalrod23/anyone else: how did you go about deleting it? can i get a step-by-step as i am computer-illiterate and am very frustrated? the IT guy is about to rebuild my computer but i want to make sure we've tried everything before giving up. thanks.

get him to remove it, not rebuild. 

Has anyone had this one? Norton finds it but cannot delete or quarantine it. It seems to have infected mephlict.dll. 

I've tried running Norton in Safe Mode but I can't seem to get anti virus working in Safe mode. ...

have you tried the process explorer? from there, you delete first the suspicious running process on your computer.

Symantec would find and claim to have quaranteened or deleted it but after a restart it would be right back (What's up with that???).  I used HijackThis to identify the bad dll, in my case osegucob.dll under 04 in HijackThis.  At this point HijackThis would also fail to permanently remove it.  I went into C:\windows and found the osegucob.dll.  You can't remove the DLL but you can rename it so I changed the extension to osegucob.d which partially diabled it.  I went into Regedit and did a find on osegucob and removed the line with the entry.  I reran HijackThis and again checked the 04 entry for osegucob and hit the fix checked button and this time it seems to be gone for good.  I removed the osegucob.d file in C:\windows.  It no longer shows up in HijackThis and scans with Symantec no longer returns hits and it no longer exists in C:\windows.

if anyone has found a solution please let us know as im still suffering from this trojan and cant get rid of it. Simple, step-by-step instructions for dummies please.

If your antivirus fails, try Symantec Power Eraser Tool (Download: ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/SEPDIAG/Sep_SupportToolSPE.exe), more information are available here : 

HOW-TO: Symantec Power Eraser 

Symantec Power Eraser Tool Video

WinProc is a great util but over kill for this.

Get this free (and very useful util) called

Unlocker 1.9.0 and install it.

Find out the file name of infected file.

Search the entire comp for that file.

If you attempt to delete it, it shouldn't let you.  Right click on the file and a little magic wand will be there, that is the unlocker util.

Select unlock all and very quickly delete the file.

Reboot

You will now get an error that either a .dll, exe or something can't be found.  Take note of the name and search the registry for it.

Delete all occurances of it (should only be one in \run folder

Reboot again to confirm the error goes away and that the virus has gone.

Nice. I also use Unlocker tool. Once the process is unstopable due to running executable file on progress. It has capability to detect and stop the source of process who calls that application.