teret

Hi folks.

I have a Trojan on my machine - BackDoor-CVT

This is what McAfee says about it;

When this dropper file is run, it creates the following file:

%SysDir%\winicd32.dll (18,944 bytes)This file is injected into Internet Explorer's memory space, to avoid triggering firewall software.

The following registry keys are created:

hkey_local_machine\software\microsoft\windows,
nt\currentversion\winlogon\notify\winxtx32,
hkey_local_machine\software\microsoft\mssmgr\

The dropped file will also try to connect to a remote website, like here4search.biz, where it can get an additional configuration file, named text.dat.

I have the latest update but the scan results say that the infected file
(CWINDOWS\SYSTEM32\WINBFI32.DLL) can not be removed.

If I delete these registry entries will the Trojan be removed or should I remove the WINBFI32.DLL file manually - or would I be screwing up my machine?