Removing pmnnnno.dll file from system32 folder

Software, Cloud and Development Software & Tools
1

My pc got infected recently by an unknown virus/spyware, inspite of NOD32 AV & Spybot S&D. Symptoms were icons & taskbar disappeared from desktop, ie explorer.exe did not load at start up. Had to run explorer.exe from Task Manager to make them appear.

Ran ComboFix to rectify the problem.

However, the file-pmnnnno.dll cannot be erased from the Windows System32 folder. It reappears in the folder & also the registry under

HKEY_LOCAL_MACHINE/SOFTWARE/MICROSOFT/WINDOWSNT/CurrentVersion/
Winlogon/Notify

after deletion.

Pl help !!!

2

When Sysinternals Autoruns is run, the file - pmnnnno.dll is seen under Winlogon in HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWSNT\CurrentVersion\Winlogon\Notify. After its deletion in safe mode, it reappears in the Windows\System32 folder & also in the registry.

3

Do this, get a linux live cd preferably latest ubuntu which has native ntfs support,and try deleting the file…And try kaspersky antivirus…
Also u can try a boot time virus scan…

4

If you have vista, then delete it when you’re logged into it. Otherwise, load the Windows XP disc, and head to the command-prompt recovery mode. From there merely type ‘del pmnnnno.dll’ (minus the single quotes) and wash your sorrows away.

5

Thanks for all the suggestions, but I finally got rid of the file using Spyware Terminator Version 1.9.3.142 with Definition file 1.0.038.801 dtd 26.11.2007.
Steps used are given below :

  1. Downloaded latest bin_stdata zip file (this is the Definition file) from Spyware Terminator website in another pc & transferred to pen drive.

  2. Started infected laptop. Explorer.exe not loading, as Desktop icons & taskbar not visible. So, I used ctrl+alt+del>New Task>C:\WINDOWS\explorer.exe. Double clicked on the now visible My Computer icon in Desktop to open the pen drive contents. Bin_stdata file extracted to Spyware Terminator folder - C:\Program Files\Spyware Terminator in laptop to update definition file. Again, used ctrl+alt+del to load explorer.exe, as icons again disappeared. Clicked Start>Run>msconfig. Ticked /SAFEBOOT under BOOT.INI & restarted laptop under Safe Mode.

  3. In Safe Mode, Spyware Terminator scan was run. 7 critical objects detected as Trojan Agent 37376, which included the C:\WINDOWS\System32\pmnnnno.dll file. After scan completion, these 7 files were offered by ST for removal, which I confirmed. ST flashed message that it was unable to delete files & advised to restart pc in Safe Mode & re-scan, even though I was already in Safe Mode.

  4. Restarted pc again in Safe Mode. ST deleted the offensive file on the reboot.

  5. Explorer loaded on start up as icons & taskbar were visible.

  6. Clicked Start>Run>msconfig. Unticked ‘/SAFEBOOT’ under BOOT.INI & resarted pc in normal mode.

  7. Upon running Sysinternals’ Autoruns, right clicked on ‘pmnnnno.dll’ under Winlogon>Clicked on ‘Jump to’ to go to file location . Message ‘Unable to find file C:\WINDOWS\System32\pmnnnno.dll’ was displayed.

I have posted this so that it might help anyone trawling the net for a solution to this big pain in the ass.