Hiya everyone x

I was wondering if I could get some more advice about a Trojan Horse I have found on my PC.

Its under the file name of vbsys2.dll

Ive tried to delete the file, but it wont allow me to, and my antivirus software cant do it either. Ive had a look under processes to see if it is running, but its no use because its not an exe file if you know what I mean?

I searched the registry and I found the following keys under HKEY_CURRENT_USER under a folder Software/Microsoft/Search Assistant/ACMru/5603

000 REG_SZ vbsys2.dll
001 REG_SZ banner.aspx
(default) REG_SZ value not set

I also found vbsys2.dll in other parts of the registry.

Now, Im not too clued up on the registry but it seems to me that I need to delete these keys but I just wanted to check if I can do this or if it will help get rid of the file that is stuck in my Windows/System32 folder and wont budge because it keeps telling me its write protected or in use.

I tried to launch in safe mode, but my PC wont let me for some reason. It just automatically restarts again normally when I get to the log on screen.

Id be grateful if you could help out with this. Thanks

Lucie

Hello

The Registry entries you found appear to be the result of, maybe you searching for the file? They are MRUs (most recently used, which includes searches) and are not a threat, although security scans could well target them.

What you do need to locate and remove are the following. Copy the text to notepad and save it as a Registry (REG) file and execute the script so as to merge into the Registry, automatically removing the offending items...
Also locate the file itself, which will be in either the C:\WINDOWS or C:\WINDOWS\System32 directory. You could always try using [Pocket Killbox] to attempt its removal.

HTH,
M_M

You might also want to follow the instructions in the "Prework" link below in my sig and post the resulting logs to see if there is more malware on youre pc.

Hi guys

thanks for your advice...i tried the killbox and it removed the trojan so great stuff thank you!!

It was pretty straightforward actually! I just wondered why I couldnt kill the process myself?

ive done an antivirus scan and there isnt anything else present...my antivirus is the one that detected it in the first place but for some reason couldnt remove it,

is that what viruses and trojans do..run a process which you cant seem to find so it can stay on your pc?

Anyways thanks for your help i appreciate it x

Yup , and alot more im afraid.. Good to hear you got rid of it.