I recently became infected with the virus Backdoor.Coreflood.

I've ran windows update and norton won't remove/repair/quarantine the file. I'm in safe mode, I've tried working in it but it still won't remove the virus.

Any help? :mad:

I found a page with some info on it, you might be able to remove it manually. Go
here (http://securityresponse.symantec.com/avcenter/venc/data/backdoor.coreflood.html)
EDIT:Oh and good luck removing it, if you can find the .dll file and delete it that would work too. To prevent this from happening again you should probably get a firewall.

I have a firewall, I know which .dll it is, I tried deleting it manually, but it wouldn't let me. It said it's being used by some process. And yea, thanks for a page I've already visited about ten thousand times. :cry:

I have a firewall, I know which .dll it is, I tried deleting it manually, but it wouldn't let me. It said it's being used by some process. And yea, thanks for a page I've already visited about ten thousand times. :cry:
Then perhaps you could go into Norton and tell it to quarantine that dll without running a scan(It's on my version but I'm not sure if you can do it in regular norton) If that fails than try moving the dll to somewhere else so it can't locate the file. If you could kill the .exe that would probably work too. Finally you could try to find what process it is that is using it and delete it.(although you probably would have already done that) If you have windows xp you could use system restore although I'm not sure that get rid of it.

Any ideas what .exe it might use? The .dll is oleaccuq.dll

Any ideas what .exe it might use? The .dll is oleaccuq.dll
Nope, the symantec site didn't list it so I don't have any idea. It might possibly be related to dll file but I doubt it. Did you try moviing the dll file?

Yea, it just gives me the same message that it's currently in use by some program and denies me.

I have a feeling it might be with Microsoft Money, because windows installer keeps popping up with it whenever I try to do something despite the fact that I deleted it.

Perhaps you could rename the dll and the trojan might not be able to recognize it.

No, it won't let me rename it either.

Perhaps you should contact Norton, this thing seems to be vigorusly resisting attempts to delete it.

If it says that it is being used by a process you would only need to kill the process and you could delete it... but I don't know how you could possibly ID the process. When I got infected by a trojan the process name was the same name as the dll.

go to www.bootdisk.com and create a boot disk for your system. You should be able to load dos that way, and then remove it from the dos prompt.

Thanks, I just backed up important files and then did a system restore, and now all is well. Just have to spend a lotta time reinstalling everything.

Oh joy. Isn't that just the most fun? :rolleyes:

I hate restoring systems...

It's not that bad... =/ Just a pain reinstalling everything afterwards....

When I had a similar problem, I was able to remove the .dll file running DOS in safe mode, per advice I got from Symantec (Norton). I know you said you tried some things in safe mode, but did you explicitly try deleting the .dll file?

One possibility that came to mind is to read the virus library on either Norton's site, TrendMicro's site, or others'. They will hopefully list what processes the trojan or virus creates - then you could have opened task manager - ended the correct process(es) and deleted the dll file. Since the dll is used by the memory, that is the only solution I can think of. I did that when a friend got a virus once - Trendmicro's virus database told me the virus was harmless. His virus scanner detected it, but the virus's payload (set to hang windows) disallowed for removal via the program. Manual deletion was possible - since I knew then what the file to delete was called, and what processes to end. Did so, and cleaned the computer :)

When I had a similar problem, I was able to remove the .dll file running DOS in safe mode, per advice I got from Symantec (Norton). I know you said you tried some things in safe mode, but did you explicitly try deleting the .dll file?

Yes, ten characters.