Endpoint Protection

 View Only

  • 1.  Trojan Horse c:\windows\system32\atmf.dll

    Posted Jan 10, 2008 03:30 PM

    A user on my network has a Trojan Horse that the SAV client can't fix.  Everyday when the scheduled scan occurs, the user gets the SAV pop up window displaying:

    Risk Found!Risk: Trojan Horse in File: C:\WINDOWS\system32\atmf.dll by: Auto-Protect scan. Action: Clean failed : Quarantine failed : Access denied. Action Description: The file was left unchanged.

    I've done all the removal tips (disabling system restore, run a full scan, etc.) and nothing fixes this.  The atmf.dll file which is the cause can't be deleted.

    Can anyone help me out on this?

    Much appreciated!



  • 2.  RE: Trojan Horse c:\windows\system32\atmf.dll

    Posted Feb 10, 2008 04:10 PM
    hey all,
    I know the pain of your problem, because supporting customers who are facing virus outbreaks and still waiting for vendors antivirus update ,,,, this will leave a window between infection and recovery
    here is a multi-part tutorial about analyzing malware-infections on your own ... check it to help yourself


  • 3.  RE: Trojan Horse c:\windows\system32\atmf.dll

    Posted Feb 11, 2008 09:26 AM
    hi!!!
    there is the main reason of trojan recovering - another trojan or virus that recovery it

    i using a drweb cureit! tool