Man, I hate the spastics that make virus' and trojans.....

I got this notification from Norton Antivirus yesterday, saying that I had a file called SQLM.DLL and it contained a Backdoor.Trojan

Grrrr, ripping out imaginary hair....

It was a complete pain in the ass, and I finally removed it this morning..... after trying all last night, and this morning.  A real waste of damn time.

It is a trojan file that recreates itself to survive, but it is clever in that it regenerates itself everytime *ANY* application is run.

We used Ad-Aware, Norton, TDS3, SpyBot Search & Destroy, House Call and Panda Scan but none (except for Norton, which only detected) could find the infection and remove it.  However, I did discover 4 other trojans lurking in my machine, thanks to TDS3 and House Call.  They were removed with a click of a button.

We eventually found this forum (well, my brother Herb did, so thank you very much Herb, where as Ken is being a spas, cos he's still pissed at me for not starting is *precious* I, Robot movie rip BitTorrent..... so he refuses to talk to me or help me in anything) and we finally found the process to get rid of it.

So, if you have a self preservating trojan with a file name that can not be found using explorer, but can be in command prompt, this is what you do.  Microsoft XP Pro is what I'm running..... so if you're not, then these might not work.
But do a backup of your registry and stuff incase my instructions stuff your machine.
I hold no responsibility whatso ever. =)

Use one or more of the products I listed above and do a scan of the computer.  Files, Active processes, memory AND MOST IMPORTANTLY THE *REGISTRY*

If there is any registry files, delete them.
Refresh.
If the registry file regenerates, then the problem is a more complex issue.
Find where the registry is, and rename the local folder.
So for example, it was HK_LocalMachine\Software\Microsoft\WindowsNT\CurrentVersion\Windows
So, rename the last section to
HK_LocalMachine\Software\Microsoft\WindowsNT\CurrentVersion\Windows2

This means that the program which activates the self propegator looks for the folder but can't find it.

Then, delete the registry key, NOT THE FOLDER!

Reboot the machine into Safe Mode.

Go into command prompt to the directory where the trojan file is located that could not be removed by the programs is stored.

Delete it.

Then check your registry to make sure the registry key doesn't exist with the reference to the deleted file.

Reboot and restart into normal.

Do a scan to ensure all reminents are gone.

Yay!
No crap arsed Trojan.

Man, Trojans suck.  Severely.