Jump to content

Build Theme!
  • Infected?


We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91551 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


[Closed] removal of Win32/Daonol.L please!

  • This topic is locked This topic is locked
2 replies to this topic

#1 d3ell


    New Member

  • Authentic Member
  • Pip
  • 11 posts

Posted 19 October 2009 - 01:14 AM

Hello, was just wondering if someone could help me get rid of a really frequent annoying pop up i keep getting, i have a networked pc on a small server and have e-trust antivirus software on it, Every 2 minutes or so i get this pop up from e-trust, which says it has found an infected file an that it has been deleted. The Win32/Daonol.L was detected in C:\WINDOWS\ELQKKOE.TMP. Machine: DANIELBELL, User: BELL\Dan. Status: Deleted it obviously just keeps coming back as this pop up comes up all the time. I have opened the folder which it says the file is in and you can actually see the file keep disappearing and reappearing. Im guessing that the antivirus software is doing its job in detecteing and deleting this file, but its obviously not found the trojan or virus that keeps distributing it! i have done a full system scan with e-trust and it returned nothing! any help please!!!


Register to Remove

#2 CatByte


    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 19 October 2009 - 05:16 AM


Please do the following:

Please download DDS from either of these links


and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
Please include the contents of the following in your next reply:



Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.

    Posted Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in your next reply.

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

#3 CatByte


    Classroom Administrator

  • Classroom Admin
  • 21,059 posts
  • MVP

Posted 24 October 2009 - 01:10 PM

Due to inactivity this topic will be closed. If you need help please start a new thread.

Microsoft MVP 2010, 2011, 2012, 2013, 2014, 2015

Related Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users