So I suddenly get a popup from AVG Sunday saying that I had a trojan horse detected, WNL32.DLL. AVG reported it was able to remove it.

Ever since then, my system is slower than Congress and Task Manager shows the processor is pegged at 100% all the time.

It shows explorer and iexplore, and explorer stays at around 95-98% of cpu usage.

From what I've been able to find, this appears to be a horribly nasty thing that many people have wound up having to reinstall over to fix.

Anyone else have any experience or any suggestions before I throw this thing out a window?

EDIT to add:
Oh yeah, I should have mentioned...

I booted into safe mode and explorer was still there and pegged at ~95-98%. I went ahead and ran AVG again as well as AdAware - both of which I updated before going into Safe Mode. Though interestingly, AdAware wouldn't update. It was only about 20 days out of date though.

B

So I suddenly get a popup from AVG Sunday saying that I had a trojan horse detected, WNL32.DLL. AVG reported it was able to remove it.

Ever since then, my system is slower than Congress and Task Manager shows the processor is pegged at 100% all the time.

It shows explorer and iexplore, and explorer stays at around 95-98% of cpu usage.

From what I've been able to find, this appears to be a horribly nasty thing that many people have wound up having to reinstall over to fix.

Anyone else have any experience or any suggestions before I throw this thing out a window?

B


i remember i had something familar to that. My cpu would always be at 100% and i would always get a nortan anitvirus pop up saying there was a virus on my computer every minute. Also everytime i would open up internet explorer my homepage would always change :(. I tried alot of things but nothing worked so i just reinstalled windows :(. But if you can't remove it try going into safe mode and try removing it then. I heard it can work. Hope this helps :)

Oh yeah, I should have mentioned...

I booted into safe mode and explorer was still there and pegged at ~95-98%. I went ahead and ran AVG again as well as AdAware - both of which I updated before going into Safe Mode. Though interestingly, AdAware wouldn't update. It was only about 20 days out of date though.

Did you try rolling back via System Restore to the day before you started having problems?

I tried system restore first. It failed every time. :(

well doi...Marz I dunno how system restore has ever helped you with anything but basic virus probs.

Rule of thumb with bad bugs, first place they set roots is in system restore so the second you remove their main files, the backup is automatically replaced.

Here's what I do at work for the real nasty ones:
*Turn off system restore (this clears all restore info, clearing any bugs)
*Boot to safe mode with networking
*Install Spybot S&D (http://fileforum.betanews.com/download/Spybot_Search_and_Destroy/1043809773/1), A-Squared Free (http://download6.emsisoft.com/a2FreeSetup.exe), AVG AntiSpy (http://free.grisoft.com/filedir/inst/avgas-setup-7.5.1.43-3339.exe), and Dr. WebCureIt (http://www.freedrweb.com/cureit/)
*Update all the programs
*Run full scans with each untill satisfied the problem has been removed

Running these in safe mode will increase the likelyhood of removal
As always, please post the names of any viruses found, and watch for Smitfraud and Vundo (aka. Virtumonde, Virtumundo)

If you see any traces of these, please post back asap and I will give you further instructions.

The alert came up that it found WNL32.dll

After poking around, here is what I had found to do on my own. Pretty much exactly what you listed as well:

Updated AVG and AdAware
Turned off "Automatically search for network folders/printers" in Folder Options
Turned off System Restore
Booted to plain regular Safe Mode
(At this point while in Safe Mode, explorer still showed up in Task Manager and CPU was still pegged at 100%)
Ran both AVG and AdAware
Shut down, booted back into regular XP

System is still the same. :(

Run the A-squared free program than Caged mentioned in Safe mode. It removed a nasty bug that AGV couldn't touch.

run msconfig and disable all start up apps.

use avast and do an offline scheduled scan. it will ask you this after you install and you should say yes.

after reboot you will notice the system go into the scan utility before windows actually boots up. This is the only way to prevent the app from starting in windows which will be hard to stop.

see how that works.

this is kind of a cheap trick I've used for removing vundo and smitfraud

download and install spyware doctor, it will run a full scan and tell you what it found, but requires you to pay in order to remove.

However...
It does tell you the exact location of where it found the file, registry key, w/e
So if you got the skillz, hunt them down yourself and delete them :)