I have a Trojan on my machine - BackDoor-CVT
This is what McAfee says about it;
When this dropper file is run, it creates the following file:
%SysDir%\winicd32.dll (18,944 bytes)This file is injected into Internet Explorer's memory space, to avoid triggering firewall software.
The following registry keys are created:
The dropped file will also try to connect to a remote website, like here4search.biz, where it can get an additional configuration file, named text.dat.
I have the latest update but the scan results say that the infected file
(C:\WINDOWS\SYSTEM32\WINBFI32.DLL) can not be removed.
If I delete these registry entries will the Trojan be removed or should I remove the WINBFI32.DLL file manually - or would I be screwing up my machine?
Um..This is a Windows security problem.
It's probably been there for quite some time now, and McAfee just now found it. Run HijackThis, and remove the offending startup/winlogon entry (if you have issues with this, or questions. Post the output from the scan), and try running AVG, and AVG Anti-Rootkit in safe mode to get the rest removed.
arrogance breeds ignorance
Screaming Electron, Full of BSD Goodness