Tech Support Forum banner

Trojan horse backdoor.agent.nrb

2156 Views 3 Replies 2 Participants Last post by  chemist
Trojan horse backdoor.agent.NRB virus. Unable to delete hidden file.

All of the following has been done when logged on as administrator.
I recently attempted to install Nero 7 on a Windows XP Pro SP2 system, the install failed with an error "unable to create c:\windows\system32\nerocom.dll file". Subsequent investigations have led me thru a mine field of strange issues.

I have discovered:
- I cannot create any file (under any folder) with a name "xxxCOM.dll", even a simpe text file from Notepad can't be saved with a name containing "com.dll" - I get the same error as with the Nero install. I can create files with names like "xxxCOM1.dll, xxxCOM2.dll" but not "xxxCOM.dll". If I do create one with "xxxCOM1.dll" I can rename it as"xxxCOM.dll" from Explorer and this seems to work, if I then "right click" on the file and try and open the file I get an error "file does not exist" yet it is still showing under Windows explorer.
- I cannot display the security property information for any file on the system that has a name"xxxCOM.dll"

I then tried a variety of virus and spyware tools, with the following results
- Win Defender - nothing
- SpyBot - nothing
- AVG - continually pops up a threat warning "Trojan horse backdoor.agent.NRB in file c:\windows\system\COM.dll" but AVG can't heal the problem
- NOD32 - does not detect a virus in the file c:\windows\system\COM.dll but issues a message that it cannot open file c:\windows\system\COM.dll

I have formed the opinion that this mysterious file is somehow behind the problems I am having in trying to install Nero/create a file with a name "xxxCOM.DLL" etc. Seems reasonable to me.

This file c:\windows\system\COM.dll is a mysteriously hidden file. Windows Explorer does not show it (and I have all options set properly to display system and hidden files). I have tried booting up in safe mode and entering commands like "attrib c:\windows\system\COM.dll" but they all say "file not found". I have tried specialised PC file management tool packages to walk the NTFS tree and locate it and they can't find it either. I have searched the registry for any references to "com.dll" and found nothing. But both AVG and NOD32 detect the existence of the file (but can't open or delete it).

I am seeking any further suggestions anybody may have on understanding this problem.

I am thinking of trying the following rather radical step as a way of deleting this mysterious "COM.dll" file
- create a new folder "system32new"
- one by one copy every sub-folder and file from the existing system32 folder to the new one using Explorer (on the belief/hope that the mysterious "COM.dll" file will not be copied")
- checking the resultant system32 total storage used vs the system32new storage used and hoping to see a small difference (to account for the fact that the mysterious "COM.dll" file is not present under "system32new")
- then (risky), boot up in safe mode and do 2 commands
* ren system32 system32old
* ren system32new system32
- hopefully this will create a new instance of system32 with the mysterious file absent

I am worried there may be unique file identifier linkages present in the registry or other parts of the system which will cause problems with this approach (and I am not even sure the renames will work on system32).

Any comments on this strategy.
See less See more
Not open for further replies.
1 - 4 of 4 Posts
Hello and Welcome to TSF.

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.


I am thinking of trying the following rather radical step as a way of deleting this mysterious "COM.dll" file

- create a new folder "system32new".....

Any comments on this strategy.
Please, please, please do not do that. Post the logs and I will help you.


Please follow our 5 Step process outlined here:

IMPORTANT - Read This Before Posting For Malware Removal Help

After running through all the steps, you shall have a proper set of logs. Please post them.

If you have trouble with one of the steps, simply move on to the next one, and make note of it in your reply.
See less See more
Thx for response. I have fixed my problem. I used the Microsoft rootkit revealer tool (// to confirm the rootkit virus in the com.dll file then the sophos tool to delete the file. The file was totally hidden by the rootkit so could not be seen, opened or removed using normal commands.
Thanks for letting us know.
1 - 4 of 4 Posts
Not open for further replies.