Hey all, I have a problem that Norton Anti-Virus has identified as a generic Trojan that has compromised a file on my system. The file, windmh32.dll, is located in WINDOWS\system32\ directory and is, as of today, uncleanable, quarantineable or deleteable.
Upon discovering this, through a full system scan in safe mode, I did a manual search for the filename which returned this:
FOUND: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\windmh32\DllName type:reg_sz value:windmh32.dll
Having no recourse, I backed up my registry and deleted the entry in the hopes that it would orphan the file itself. Unfortunately, this hasn't been the case and realtime scans of my system have reported nothing has changed.
I've run through the list of programs to run and scans to perform prior to submitting a Hijack-This logfile (and have also submitted one for unrelated reasons) but I'd like to get some input on what else there is to be done. Reformatting is a possibility, albeit an unattractive one. However, if there are any other options to be explored that I haven't already I'd love to hear them.
Thanks for your time, all.
-Edit- Tarun reminded me of this, as well: If anyone knows what thar particular DLL does and if it is a legitimate file, I'd like to know that as well. If it's a system file, I'd like to avoid deleting it entirely. If not, great. I'll try what he proposed.