Avast can't delete virus.

[chem-ixtrems]

Hello. Avast(with last updates) found virus "Win32:Agent-WUB [trj]" in C:\WINDOWS\system32\browsew.dll. I deleted it. But after rebote this virus didn't deleted.
What i must do?

[Lisandro]

Besides the fact that delete is not the safer option. Choose send to Chest, there the file could be further analyzed, I suggest:

1. Disable System Restore and reenable it after step 3.
2. Clean your temporary files.
3. Schedule a boot time scanning with avast with archive scanning turned on.
4. Use SUPERantispyware, MBAM or Spyware Terminator to scan for spywares and trojans. If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
5. Test your machine with anti-rootkit applications. I suggest avast! antirootkit or Trend Micro RootkitBuster.
6. Make a HijackThis log to post here or, better, submit the RunScanner log to to on-line analysis.
7. Immunize your system with SpywareBlaster or Windows Advanced Care.
8. Check if you have insecure applications with Secunia Software Inspector.

[DavidR]

I don't have that file in my system32 folder, I think this is a

I have browseui.dll, which is a MS file, also browsewm.dll, also an MS file, but no sign of browsew.dll. I have searched all of my HDD and no sign of it.

A google search finds this is part of a fake alert process so it might well be that avast is correctly detecting it, but something is restoring it.

See http://www.uninstall-spyware.com/uninstallTrojanFakeAlert.html and http://www.windowsvistaplace.com/unknown-trojan-removal-instructions/spyware-removal.

[polonus]

Hi chem-ixtrems,

Trojan Win32.Murlo is a new warning message that is being generated by a rogue anti-spyware program
like iE Defender or Files Secure, and that is a variety of malicious software created by Internet crackers.
It is a Trojan.win32 variant, Trojan.Win32.agent.akk, Trojan.Win32.Patched, Trojan.Win32, or Trojan.Win32.Qoologic.
You may get an alert for this virus: "Your computer is infected with Trojan Win32.Murlo".
Trojan Win32.Murlo as such is not a virus, but part of a rogue anti-spyware program.
Never install software related to Trojan Win32.Murlo, because it is rogue and can infect your computer
additionally.

Manual removal:

files associated with this infection (Trojan Win32.Murlo):

poswin.dll
avicap3.dll
xmljacodec.dll
hggdbab.dll
ddcyvtt.dll
ctl3d3.dll
sprt_ads.dll
browsew.dll
byxww.dll
ssqpp.dll
ezzhjmt.dll
oggview32.dll
toprates.dll
turbosearchsite.dll
tuvtr.dll
efcdcbx.dll
mljjh.dll
duserf.dll
dbmsrpcnw.dll
pmkhi.dll
ttaqdcwmaoxzw.dll
D3DCompiler_3.dll
domnftwqpd.dll
wfcynbmx.dll
sstqr.dll

dynamic link data associated with (Trojan Win32.Murlo):

poswin.dll
avicap3.dll
xmljacodec.dll
hggdbab.dll
ddcyvtt.dll
ctl3d3.dll
sprt_ads.dll
browsew.dll
byxww.dll
ssqpp.dll
ezzhjmt.dll
oggview32.dll
toprates.dll
turbosearchsite.dll
tuvtr.dll
efcdcbx.dll
mljjh.dll
duserf.dll
dbmsrpcnw.dll
pmkhi.dll
ttaqdcwmaoxzw.dll
D3DCompiler_3.dll
domnftwqpd.dll
wfcynbmx.dll
sstqr.dll

values to be deleted from the registry: (Trojan Win32.Murlo):

CAA8DC4B-648A-4C2F-8F2A-39E607830DEF
4E7BD74F-2B8D-469E-A0E8-F479B685FA7D
4AAC4708-FE47-4B80-92EF-47406444DDD2
8E015787-B1E3-404a-95DE-3E71E1FA0305
3D50DBC0-414E-480F-9C5E-5DB9E4568EF7
7E24E909-FB8A-4837-9DF7-05E7587CB26C
F10587E9-0E47-4CBE-84AE-7DD20B8684BB
47EFD4AD-CB46-4549-B24B-CEE415394C56
14B65C62-1F53-4B15-9476-5D697608536F
A74F3FC3-CC9A-4D4C-AFB5-B56F0CAA445D
80DFDD57-D8B8-4991-82B9-9E9D426668B0
BCBC8B3C-397C-4D98-B6BA-FF337B9671E1
4090F502-6B2D-41B4-8409-B08905A3A0E6
82C8422E-86A3-41C1-9F2E-094F7BF849E2
17D2F953-B2D1-4D1B-BCD3-20432E09ECF1
4911E55D-9240-49DB-B878-337DE4F53E70
3DAF1739-AB9E-493E-8DD7-F65CDF363BCB
9733dacb-e689-4eb1-9928-aa8008944dd5
C3DFA1D4-A6F6-4920-A4E1-AD78DA649AA2
BD8C0E45-7FC1-48A2-8A8A-ABCDFF848D23
00DC0058-A87E-4D19-9C26-F1AAC98AD4D7
69B98C68-D2B8-4A4E-9CB7-E85B6F3A7014
E90BBB19-1B2E-42C0-8BFF-AFC6984247DD
1E40AD15-4280-428A-9A26-AB96F9DA2ACE
4EBAA7B0-740D-4CFA-9455-5C233BB354E1
9DEC81A1-919F-41F0-A983-7F202E3EBBB3
819EFD78-6FD4-42EF-9030-F6DAB24BB9F0

polonus