Hi,
Ad-Aware Plus detected a Trojan and performed systems scan. The file was c:\windows\system32\wininet.dll. I pressed the performed action now button and my systems went down completely and would not even re-boot. A error message was telling me to reinstall this file.
I went into my task manager and found access to a restore point and got my computer back up and running. Ad-Aware is still wanting to quarantine this file again. I can not perform this action, but I am concerned whether this file is actually a Trojan. I do not want to ignore it in case it is an infection. Has anyone had a similar problem and could someone provide some guidance as to how I should approach fixing this problem.
Best Regards
Mike
Full Version: Systems collapsed
Lavasoft Support Forums > Archived Topics > Archives: Resolved/Inactive Topics > Resolved/Inactive False Postive Issues
QUOTE(miketb @ Aug 11 2009, 04:19 PM) 
Hi,
Ad-Aware Plus detected a Trojan and performed systems scan. The file was c:\windows\system32\wininet.dll. I pressed the performed action now button and my systems went down completely and would not even re-boot. A error message was telling me to reinstall this file.
I went into my task manager and found access to a restore point and got my computer back up and running. Ad-Aware is still wanting to quarantine this file again. I can not perform this action, but I am concerned whether this file is actually a Trojan. I do not want to ignore it in case it is an infection. Has anyone had a similar problem and could someone provide some guidance as to how I should approach fixing this problem.
Best Regards
Mike
Ad-Aware Plus detected a Trojan and performed systems scan. The file was c:\windows\system32\wininet.dll. I pressed the performed action now button and my systems went down completely and would not even re-boot. A error message was telling me to reinstall this file.
I went into my task manager and found access to a restore point and got my computer back up and running. Ad-Aware is still wanting to quarantine this file again. I can not perform this action, but I am concerned whether this file is actually a Trojan. I do not want to ignore it in case it is an infection. Has anyone had a similar problem and could someone provide some guidance as to how I should approach fixing this problem.
Best Regards
Mike
Hi miketb!
Would it be possible for you to post the Ad-Aware log file from the scan where the object was detected?
Here is some info on how to locate the Ad-Aware log file:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Regards,
LS Pekka
Lavasoft Malware Labs
QUOTE(miketb @ Aug 11 2009, 03:19 PM)
Hi,
Ad-Aware Plus detected a Trojan and performed systems scan. The file was c:\windows\system32\wininet.dll. I pressed the performed action now button and my systems went down completely and would not even re-boot. A error message was telling me to reinstall this file.
I went into my task manager and found access to a restore point and got my computer back up and running. Ad-Aware is still wanting to quarantine this file again. I can not perform this action, but I am concerned whether this file is actually a Trojan. I do not want to ignore it in case it is an infection. Has anyone had a similar problem and could someone provide some guidance as to how I should approach fixing this problem.
Best Regards
Mike
Ad-Aware Plus detected a Trojan and performed systems scan. The file was c:\windows\system32\wininet.dll. I pressed the performed action now button and my systems went down completely and would not even re-boot. A error message was telling me to reinstall this file.
I went into my task manager and found access to a restore point and got my computer back up and running. Ad-Aware is still wanting to quarantine this file again. I can not perform this action, but I am concerned whether this file is actually a Trojan. I do not want to ignore it in case it is an infection. Has anyone had a similar problem and could someone provide some guidance as to how I should approach fixing this problem.
Best Regards
Mike
I had exactly the same problem as this
I had to fix it by restoring a copy of wininet.dll from c:\windows\system32\dllcache
The Trojan reported by Ad-Aware was TR/Patched 827392
I chose to delete it
Next time I started the computer I had exactly the same problem as described above
After restoring wininet.dll Ad-Aware is still reporting the same trojan
I have scanned wininet.dll with my other anti-virus and anti-spyware software - nothing found on any of them
QUOTE(arkansasracer @ Aug 12 2009, 02:29 AM)
I had exactly the same problem as this
I had to fix it by restoring a copy of wininet.dll from c:\windows\system32\dllcache
The Trojan reported by Ad-Aware was TR/Patched 827392
I chose to delete it
Next time I started the computer I had exactly the same problem as described above
After restoring wininet.dll Ad-Aware is still reporting the same trojan
I have scanned wininet.dll with my other anti-virus and anti-spyware software - nothing found on any of them
I had to fix it by restoring a copy of wininet.dll from c:\windows\system32\dllcache
The Trojan reported by Ad-Aware was TR/Patched 827392
I chose to delete it
Next time I started the computer I had exactly the same problem as described above
After restoring wininet.dll Ad-Aware is still reporting the same trojan
I have scanned wininet.dll with my other anti-virus and anti-spyware software - nothing found on any of them
Hi arkansasracer!
Would it be possible for you to post the Ad-Aware log file from the scan where the object was detected?
Here is some info on how to locate the Ad-Aware log file:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Regards,
LS Pekka
Lavasoft Malware Labs
QUOTE(LS Pekka @ Aug 12 2009, 06:54 AM)
Hi arkansasracer!
Would it be possible for you to post the Ad-Aware log file from the scan where the object was detected?
Here is some info on how to locate the Ad-Aware log file:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Regards,
LS Pekka
Lavasoft Malware Labs
Would it be possible for you to post the Ad-Aware log file from the scan where the object was detected?
Here is some info on how to locate the Ad-Aware log file:
http://www.lavasoftsupport.com/index.php?showtopic=18033
Regards,
LS Pekka
Lavasoft Malware Labs
Log File as requested
Hi arkansasracer and miketb!
Would it be possible for you to attach the object/file detected by Ad-Aware.
Please zip the file (password: infected) and attach it to the post.
That would be really helpful
Regards,
LS Pekka
Lavasoft Malware Labs
Would it be possible for you to attach the object/file detected by Ad-Aware.
Please zip the file (password: infected) and attach it to the post.
That would be really helpful
Regards,
LS Pekka
Lavasoft Malware Labs
QUOTE(miketb @ Aug 11 2009, 10:19 AM)
Hi,
Ad-Aware Plus detected a Trojan and performed systems scan. The file was c:\windows\system32\wininet.dll. I pressed the performed action now button and my systems went down completely and would not even re-boot. A error message was telling me to reinstall this file.
I went into my task manager and found access to a restore point and got my computer back up and running. Ad-Aware is still wanting to quarantine this file again. I can not perform this action, but I am concerned whether this file is actually a Trojan. I do not want to ignore it in case it is an infection. Has anyone had a similar problem and could someone provide some guidance as to how I should approach fixing this problem.
Best Regards
Mike
Ad-Aware Plus detected a Trojan and performed systems scan. The file was c:\windows\system32\wininet.dll. I pressed the performed action now button and my systems went down completely and would not even re-boot. A error message was telling me to reinstall this file.
I went into my task manager and found access to a restore point and got my computer back up and running. Ad-Aware is still wanting to quarantine this file again. I can not perform this action, but I am concerned whether this file is actually a Trojan. I do not want to ignore it in case it is an infection. Has anyone had a similar problem and could someone provide some guidance as to how I should approach fixing this problem.
Best Regards
Mike
I had the same thing yesterday (Aug 11, 2009). Copied wininet.dll from another computer back into the affected one on a usb stick using Task Manager and all went instantly back to normal (missing file seems to prevent start of explorer.exe and most other windows programs). Then I ran a full scan with ad-Aware and it detected a virus (page.gen) in three html files in the Temporary Internet Files directory as well as re-detecting the same trojan but this time in two other .dll files. Microsoft Malicious Software Removal Tool and Trend Micro Internet Security do not detect anything even in full scan mode including all hidden and system files. Can't even find the directory they are said to be in. Also can't find any Ad-Aware catalog of detectable threats to describe this or any reference under detected name out on the internet (but I may be just too new to this to know where to look on lavasoft site)
Deleting temporary internet files got rid of the virus detection for the second run though.
Was there some update yesterday to cause this stuff?
Cheers ... Dennis
QUOTE(dhw196 @ Aug 12 2009, 02:30 PM)
I had the same thing yesterday (Aug 11, 2009). Copied wininet.dll from another computer back into the affected one on a usb stick using Task Manager and all went instantly back to normal (missing file seems to prevent start of explorer.exe and most other windows programs). Then I ran a full scan with ad-Aware and it detected a virus (page.gen) in three html files in the Temporary Internet Files directory as well as re-detecting the same trojan but this time in two other .dll files. Microsoft Malicious Software Removal Tool and Trend Micro Internet Security do not detect anything even in full scan mode including all hidden and system files. Can't even find the directory they are said to be in. Also can't find any Ad-Aware catalog of detectable threats to describe this or any reference under detected name out on the internet (but I may be just too new to this to know where to look on lavasoft site)
Deleting temporary internet files got rid of the virus detection for the second run though.
Was there some update yesterday to cause this stuff?
Cheers ... Dennis
Deleting temporary internet files got rid of the virus detection for the second run though.
Was there some update yesterday to cause this stuff?
Cheers ... Dennis
Hi dhw196, miketb and arkansasracer!
Would it be possible for you to attach the object/file detected by Ad-Aware.
Please zip the file (password: infected) and attach it to the post.
That would be really helpful
Regards,
LS Pekka
Lavasoft Malware Labs
I had this same problem this morning - Adaware warned me of a trojan horse, scanned, recommended a quarantine of wininet.dll. I did this, rebooted, and wininet.dll was removed. Now Windows (Vista) won't start - I get my wallpaper but no icons and no start button.
Would you provide the steps I need to conduct to put wininet.dll back on my computer so I can boot Windows Vista?
PS - I did google the trojan horse name and found products similar to Adaware that also falsly identified this file as containing a trojan horse, so I suspect this is a false hit by Adaware.
Thanks for helping me through this recovery of wininet.dll!
PPS - I didn't check the box to create a restore point before running the quarantine, so I'll need to find a way to copy wininet.dll back to its original spot...at least that's what I think I need to do!
Would you provide the steps I need to conduct to put wininet.dll back on my computer so I can boot Windows Vista?
PS - I did google the trojan horse name and found products similar to Adaware that also falsly identified this file as containing a trojan horse, so I suspect this is a false hit by Adaware.
Thanks for helping me through this recovery of wininet.dll!
PPS - I didn't check the box to create a restore point before running the quarantine, so I'll need to find a way to copy wininet.dll back to its original spot...at least that's what I think I need to do!
QUOTE(LS Pekka @ Aug 12 2009, 01:34 PM)
Hi dhw196, miketb and arkansasracer!
Would it be possible for you to attach the object/file detected by Ad-Aware.
Please zip the file (password: infected) and attach it to the post.
That would be really helpful
Regards,
LS Pekka
Lavasoft Malware Labs
Would it be possible for you to attach the object/file detected by Ad-Aware.
Please zip the file (password: infected) and attach it to the post.
That would be really helpful
Regards,
LS Pekka
Lavasoft Malware Labs
Zip File as requested
Please note that after an Ad-Aware update today to Definitions File: 0149.0025 this problem has now disappeared - that is, a fresh scan after the definitions file was updated today, now no longer shows any threats
I can only assume that this problem was caused by the definitions file update from yesterday (11th August) ?
QUOTE(arkansasracer @ Aug 12 2009, 03:08 PM)
Zip File as requested
Please note that after an Ad-Aware update today to Definitions File: 0149.0025 this problem has now disappeared - that is, a fresh scan after the definitions file was updated today, now no longer shows any threats
I can only assume that this problem was caused by the definitions file update from yesterday (11th August) ?
Please note that after an Ad-Aware update today to Definitions File: 0149.0025 this problem has now disappeared - that is, a fresh scan after the definitions file was updated today, now no longer shows any threats
I can only assume that this problem was caused by the definitions file update from yesterday (11th August) ?
Hi again arkansasracer!
Thanks for uploading the file!
Is the uploaded file the actual wininet.dll file that was detected by Ad-Aware or is this the one that you copied from the other computer?
Regards,
LS Pekka
QUOTE(LS Pekka @ Aug 12 2009, 02:39 PM)
Hi again arkansasracer!
Thanks for uploading the file!
Is the uploaded file the actual wininet.dll file that was detected by Ad-Aware or is this the one that you copied from the other computer?
Regards,
LS Pekka
Thanks for uploading the file!
Is the uploaded file the actual wininet.dll file that was detected by Ad-Aware or is this the one that you copied from the other computer?
Regards,
LS Pekka
The sequence of events was as follows:
On 11th August in the evening a manual update of the definitions was performed
A scan was run and Ad-Aware reported the Trojan
I chose to delete the file
On the 12th August this morning the computer failed to start explorer.exe with the message wininet.dll was missing from the c:\windows\system32 folder
The background wallpaper was visible, but no Start menu, no Icons, no System Tray
I started Task Manager and was able to open a Command Box
I located another wininet.dll file in the c:\windows\system32\dllcache folder on the SAME computer and copied this to the c:\windows\system32 folder - this is the file that I uploaded for you
I rebooted the computer and windows started normally with no problems, but Ad-Aware Live reported the Trojan and started a background scan
The scan reported the Trojan as before
This time I decided NOT to delete the file
I rebooted the computer and the same thing happened again, that is normal windows startup, but Ad-Aware Live reported the Trojan and started a background scan
This afternoon the definitions file updated automatically and since then there has been no problem, even after rebooting the computer again
So to answer your question
The file I uploaded for you was a copy from the c:\windows\system32\dllcache folder on the SAME computer
The file I uploaded for you did cause Ad-Aware to report the Trojan this morning, but after the definitions update this afternoon, it no longer reports the Trojan
Hope that helps you
QUOTE(arkansasracer @ Aug 12 2009, 04:04 PM)
The sequence of events was as follows:
On 11th August in the evening a manual update of the definitions was performed
A scan was run and Ad-Aware reported the Trojan
I chose to delete the file
On the 12th August this morning the computer failed to start explorer.exe with the message wininet.dll was missing from the c:\windows\system32 folder
The background wallpaper was visible, but no Start menu, no Icons, no System Tray
I started Task Manager and was able to open a Command Box
I located another wininet.dll file in the c:\windows\system32\dllcache folder on the SAME computer and copied this to the c:\windows\system32 folder - this is the file that I uploaded for you
I rebooted the computer and windows started normally with no problems, but Ad-Aware Live reported the Trojan and started a background scan
The scan reported the Trojan as before
This time I decided NOT to delete the file
I rebooted the computer and the same thing happened again, that is normal windows startup, but Ad-Aware Live reported the Trojan and started a background scan
This afternoon the definitions file updated automatically and since then there has been no problem, even after rebooting the computer again
So to answer your question
The file I uploaded for you was a copy from the c:\windows\system32\dllcache folder on the SAME computer
The file I uploaded for you did cause Ad-Aware to report the Trojan this morning, but after the definitions update this afternoon, it no longer reports the Trojan
Hope that helps you
On 11th August in the evening a manual update of the definitions was performed
A scan was run and Ad-Aware reported the Trojan
I chose to delete the file
On the 12th August this morning the computer failed to start explorer.exe with the message wininet.dll was missing from the c:\windows\system32 folder
The background wallpaper was visible, but no Start menu, no Icons, no System Tray
I started Task Manager and was able to open a Command Box
I located another wininet.dll file in the c:\windows\system32\dllcache folder on the SAME computer and copied this to the c:\windows\system32 folder - this is the file that I uploaded for you
I rebooted the computer and windows started normally with no problems, but Ad-Aware Live reported the Trojan and started a background scan
The scan reported the Trojan as before
This time I decided NOT to delete the file
I rebooted the computer and the same thing happened again, that is normal windows startup, but Ad-Aware Live reported the Trojan and started a background scan
This afternoon the definitions file updated automatically and since then there has been no problem, even after rebooting the computer again
So to answer your question
The file I uploaded for you was a copy from the c:\windows\system32\dllcache folder on the SAME computer
The file I uploaded for you did cause Ad-Aware to report the Trojan this morning, but after the definitions update this afternoon, it no longer reports the Trojan
Hope that helps you
Hi arkansasracer!
Thanks for the uploaded logfile/file and the detailed description of the issue, much appreciated
The file (uploaded by you) was evidently falsely detected by the antivirus engine in Ad-Aware.
Our tests show that the file is not detected by Ad-Aware using the current definitions.
Regards,
LS Pekka
Lavasoft Malware Labs
QUOTE(bippie @ Aug 12 2009, 09:04 AM)
I had this same problem this morning - Adaware warned me of a trojan horse, scanned, recommended a quarantine of wininet.dll. I did this, rebooted, and wininet.dll was removed. Now Windows (Vista) won't start - I get my wallpaper but no icons and no start button.
Would you provide the steps I need to conduct to put wininet.dll back on my computer so I can boot Windows Vista?
PS - I did google the trojan horse name and found products similar to Adaware that also falsly identified this file as containing a trojan horse, so I suspect this is a false hit by Adaware.
Thanks for helping me through this recovery of wininet.dll!
PPS - I didn't check the box to create a restore point before running the quarantine, so I'll need to find a way to copy wininet.dll back to its original spot...at least that's what I think I need to do!
Would you provide the steps I need to conduct to put wininet.dll back on my computer so I can boot Windows Vista?
PS - I did google the trojan horse name and found products similar to Adaware that also falsly identified this file as containing a trojan horse, so I suspect this is a false hit by Adaware.
Thanks for helping me through this recovery of wininet.dll!
PPS - I didn't check the box to create a restore point before running the quarantine, so I'll need to find a way to copy wininet.dll back to its original spot...at least that's what I think I need to do!
I also did a fresh update today (August 12) and then re ran the full scan and the trojan detection has gone away too. (I did not attach the reported problem dll files because as I explained earlier my Explorer search can't actuall find them) I am attaching a summary I created as a text file that shows path and filenames.
QUOTE(dhw196 @ Aug 12 2009, 09:29 AM)
I also did a fresh update today (August 12) and then re ran the full scan and the trojan detection has gone away too. (I did not attach the reported problem dll files because as I explained earlier my Explorer search can't actuall find them) I am attaching a summary I created as a text file that shows path and filenames.
My computer was brought down by that same thing and I couldn't get it to boot so I took it into the shop. I will pass on what I just read to the tech. there. This is very upsetting because it will cost me money and was completely unwarranted. I couldn't get the computer to do anything except boot up my desktop picture...
same dll file missing.
If you can get to a command prompt go to C:\WINDOWS\system32 or where ever your system32 folder is and rename wininet(2).dll to wininet.dll restart PC. Hopefully you do this BEFORE TRYING TO RESTORE FROM A PREVOUS RESTORE POINT.
You can go to system32 dir and copy the wininet.dll file to the root dir C:\. Then reboot in safemode command prompt and copy file back to C:\WINDOWS\system32.
OR
If you can get to a command prompt go to C:\WINDOWS\system32 or where ever your system32 folder is and rename wininet(2).dll to wininet.dll restart PC. Hopefully you do this BEFORE TRYING TO RESTORE FROM A PREVOUS RESTORE POINT.
I had to restore my PC to factory because I tried to use system restore and confused all of the programs. First I started to reinstall the programs but found that I was going to have to install everything. So, If you catch it before, copy the wininet.dll file to the root dir C:\. You might have to delete wininet(2)
(3).dll or however many there is.
OR
If you can get to a command prompt go to C:\WINDOWS\system32 or where ever your system32 folder is and rename wininet(2).dll to wininet.dll restart PC. Hopefully you do this BEFORE TRYING TO RESTORE FROM A PREVOUS RESTORE POINT.
I had to restore my PC to factory because I tried to use system restore and confused all of the programs. First I started to reinstall the programs but found that I was going to have to install everything. So, If you catch it before, copy the wininet.dll file to the root dir C:\. You might have to delete wininet(2)
(3).dll or however many there is.
QUOTE(crikb @ Aug 12 2009, 10:41 PM)
You can go to system32 dir and copy the wininet.dll file to the root dir C:\. Then reboot in safemode command prompt and copy file back to C:\WINDOWS\system32.
OR
If you can get to a command prompt go to C:\WINDOWS\system32 or where ever your system32 folder is and rename wininet(2).dll to wininet.dll restart PC. Hopefully you do this BEFORE TRYING TO RESTORE FROM A PREVOUS RESTORE POINT.
I had to restore my PC to factory because I tried to use system restore and confused all of the programs. First I started to reinstall the programs but found that I was going to have to install everything. So, If you catch it before, copy the wininet.dll file to the root dir C:\. You might have to delete wininet(2)
(3).dll or however many there is.
OR
If you can get to a command prompt go to C:\WINDOWS\system32 or where ever your system32 folder is and rename wininet(2).dll to wininet.dll restart PC. Hopefully you do this BEFORE TRYING TO RESTORE FROM A PREVOUS RESTORE POINT.
I had to restore my PC to factory because I tried to use system restore and confused all of the programs. First I started to reinstall the programs but found that I was going to have to install everything. So, If you catch it before, copy the wininet.dll file to the root dir C:\. You might have to delete wininet(2)
(3).dll or however many there is.
Thanks for this suggestion, but I don't find a wininet(2).dll file. I think the computer I'm trying to fix runs XP and not Vista. Does this make a difference?
I've avoided trying to restore from a restore point. Can I copy the wininet.dll from another computer? How can I tell if the computer that's broken runs Vista or XP? I can get to the command prompt - thankfully I remembered some of the old DOS commands so I was able to view several directories looking for wininet.dll.
Thanks again for any help or suggestions. This is getting quite frustrating!
QUOTE(bippie @ Aug 14 2009, 02:44 AM)
Thanks for this suggestion, but I don't find a wininet(2).dll file. I think the computer I'm trying to fix runs XP and not Vista. Does this make a difference?
I've avoided trying to restore from a restore point. Can I copy the wininet.dll from another computer? How can I tell if the computer that's broken runs Vista or XP? I can get to the command prompt - thankfully I remembered some of the old DOS commands so I was able to view several directories looking for wininet.dll.
Thanks again for any help or suggestions. This is getting quite frustrating!
I've avoided trying to restore from a restore point. Can I copy the wininet.dll from another computer? How can I tell if the computer that's broken runs Vista or XP? I can get to the command prompt - thankfully I remembered some of the old DOS commands so I was able to view several directories looking for wininet.dll.
Thanks again for any help or suggestions. This is getting quite frustrating!
Lavasoft provided a solution that worked for me so I thought I'd post information about the solution.
When I booted XP, I got to the wallpaper but no icons or start button appeared. I pressed Ctrl+Alt+Delete to get the Windows Task Manager. Under "File", I chose "New Task (Run...)" and entered CMD in the Create New Task window. This opens a new window running the command prompt.
Having some old DOS command knowledge is helpful here. If your computer has an i386 folder, you might find a backup and compressed copy of Wininet.dll called Wininet.dl_ (underscore). I found my i386 folder under my Windows folder. At this point, the commands that are most helpful are to change directories (example: CD \windows\i386) or to display the contents of the directory (dir /p). The /p pauses after each "full" screen so you don't just have the directory contents scrolling off the top of the box.
If you find the backup copy, go back to the root directory (CD C:\) and type the following command (substituting the path to your backup copy):
expand c:\windows\i386\wininet.dl_ c:\windows\system32\wininet.dll
This uncompresses the backup file and puts it into the system32 folder. Be patient - it might take a few minutes to run even if your system doesn't look like anything is happening. You'll receive a message when finished.
I rebooted and all was well. Of course, I immediately updated the definitions file for Ad-Aware so this problem wouldn't happen again.
If you've never used the command prompt before, be very careful to type precisely.
Good luck!
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.