My PC appears to be infected with this trojan. First showed up during AVG's daily scan of the computer, two days ago.

The scanner cannot remove the trojan, I think because it appears to be embedded within imm32.dll.

I've tried using AVG's rescue disk but this does not find any evidence of the problem.

Have also tried using system restore to roll back a few days. That also didn't work. Rather confusingly, the AVG scan that I launched after system restore, found no problems. Yet the scheduled daily scan, which coincidentally started just a few minutes after my manual scan, DID find the trojan.

Advice on how to deal with this would be much appreciated: attached are MSINFO record, GMER scan, AVG scan record.

Incidentally, I can't find any detail about what this trojan does. Is there any info?

Hello malkymalk,

In order to further analyze please provide us with rootkit scan GMER result.

Thank you

---

AVG Team
How-To articles | FAQ | Free Support
We Protect Us

Computer not working? Laptop slowing down?
Let our AVG TechBuddy expert remotely fix it for you.
Find out more (US & Canada)

Also have issue with citem.zq - imm32.dll..

I tried running the command line AVG scan in safe mode and it ended up deleting the imm32.dll. All looked clean with an additional scan but one program would not start without the imm32.dll. I dropped a fresh imm32.dll from an identically configured workstation and the resident shield alerts immediately returned with the new .dll.

This started on Tuesday, April 3rd. I have also tried cleaning with Malwarebytes (free version) and it now shows clean.

Please let me know if you guys come up with anything.

Hello consciouscorner,

Please refer to the following article for help on your issue: How To Handle Suspicious False Positive Detection?

Thank you

---

AVG Team
How-To articles | FAQ | Free Support
We Protect Us

Computer not working? Laptop slowing down?
Let our AVG TechBuddy expert remotely fix it for you.
Find out more (US & Canada)

Thanks!..

It looks like it was a false positive after all. The update this morning did the trick. Thanks so much for the quick response!

Hello consciouscorner,

We are happy to see that your issue is resolved.

Thank you for posting back

---

AVG Team
How-To articles | FAQ | Free Support
We Protect Us

Computer not working? Laptop slowing down?
Let our AVG TechBuddy expert remotely fix it for you.
Find out more (US & Canada)

(once again)..

OK, so I posted this on 4 April but AVG have decided to lock the post after solving not my problem, but that of someone who followed up my post! Try again, guys?

--- original post---

My PC appears to be infected with this trojan. First showed up during AVG's daily scan of the computer, two days ago.

The scanner cannot remove the trojan, I think because it appears to be embedded within imm32.dll.

I've tried using AVG's rescue disk but this does not find any evidence of the problem.

Have also tried using system restore to roll back a few days. That also didn't work. Rather confusingly, the AVG scan that I launched after system restore, found no problems. Yet the scheduled daily scan, which coincidentally started just a few minutes after my manual scan, DID find the trojan.

Advice on how to deal with this would be much appreciated: attached are MSINFO record, GMER scan, AVG scan record.

Incidentally, I can't find any detail about what this trojan does. Is there any info?
---

EDIT.. Thread reopened & post merged.

Hello malkymalk,

In order to get rid of this kind of infection please restore master boot record in offline mode.

Right after the MBR is restored, please scan your computer with updated AVG Rescue CD to kill all remains of infection.

After all above mentioned procedures are done, please provide us with new Gmer and AVG scan results so we can confirm that your computer is clean.

Thank you.

---

AVG Team
How-To articles | FAQ | Free Support
We Protect Us

Computer not working? Laptop slowing down?
Let our AVG TechBuddy expert remotely fix it for you.
Find out more (US & Canada)

Hello again

Ok, so its taken me a long time to do this but now done.

Have scanned several times now and infection is not now being detected. However, start up and shut down for PC is verrrry slow, which worries me that something could still be present.

Attached scan and GMER report as requested - would welcome your feedback.

Hi Malkymalk,


While performing multiple scans in pursuit of a virus, my PC also slowed dramatically. It turned out to be a limit in the MS IDE Driver on the number of DMA errors a drive may have. If exceeded, the driver reverts to PIO (aka Lame Disk Mode) and does not reset itself. You can check this by using the Device Manager.
(From My Computer, right click Hard Disk Drives and Properties, select the Hardware tab and then the [Device Manager] button. From the list, expand the IDE Controllers, and on Primary IDE Channel right click and Properties. Select the Advantaged Settings tab.)

If the Transfer Mode has “DMA if available”, and the Current Transfer Mode has “Ultra DMA Mode” or something similar, your okay. But if Current is “PIO”. You have the problem. Some people have indicated that just changing the requested Transfer Mode to “PIO”, and then back to “DMA if available” resets it, but almost all have not.

The Good News, it can be reset. Read this article and use the VB Script to reset the count. Hope this is it, because it’s easy to fix. One other thing, if after re-enabling the DMA it reverts back to "PIO" in a short period of time then it is an actual hardware problem.

---

Helping People Not Get Stung Since 1970
A V C © - Almost Very Clever
[which implies some cleverness, but staying humble (or is that bumble)]
Gary