Sign in with
Sign up | Sign in
Your question

Trojan problem

Tags:
  • Trojan
  • Computers
  • Windows XP
Last response: in Windows XP
Share
Anonymous
June 23, 2005 8:01:41 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Hi Group,

I have a trojan problem or at least that's what I think it's going on with
my computer.
I have Sony laptop running winXP, all updates, running NAV '03, no firewall
since I'm connected to a router with built-in firewall (Cayman).I assigned
port forwarding so I can access my laptop from home and of course I leave my
computer on every night. When I arrived Monday morning and checked my
computer, there was a message from NAV, it had encountered the W32.Gobot.A
virus and it couldn't delete it but it managed to quarantined it. I figured
no problem...then few minutes later I saw many, many outgoing e-mails being
scanned by NAV...and OE wasn't even running....it didn't report any virus,
but some were being blocked by our e-mail server because of spam, but most
were going trough. Immediately I unplug the network cable and of course it
stopped. Then I scan for virus and none were found...also used TrojanHunter
and it reported nothing...ran Spybot and it found several spyware, which
were fixed. Again I plugged back the network cable and again it tried to
send out many e-mails...again I ran the NAV, TrojanHunter and Spybot and all
came out clean, but I still have the same problem. Has anyone else
experienced this same problem, was there a fix to it? If anyone can offer me
some help, it would be greatly appreciated.

Thanks
Marco

More about : trojan problem

Anonymous
June 23, 2005 8:01:42 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Have you checked here
http://securityresponse.symantec.com/avcenter/venc/data...

--

Harry Ohrn MS-MVP [Shell/User]
www.webtree.ca/windowsxp


"Limonzito" <marc_ati@icsi.net> wrote in message
news:F1Bue.1302$Lj2.226@newssvr12.news.prodigy.com...
> Hi Group,
>
> I have a trojan problem or at least that's what I think it's going on with
> my computer.
> I have Sony laptop running winXP, all updates, running NAV '03, no
firewall
> since I'm connected to a router with built-in firewall (Cayman).I assigned
> port forwarding so I can access my laptop from home and of course I leave
my
> computer on every night. When I arrived Monday morning and checked my
> computer, there was a message from NAV, it had encountered the W32.Gobot.A
> virus and it couldn't delete it but it managed to quarantined it. I
figured
> no problem...then few minutes later I saw many, many outgoing e-mails
being
> scanned by NAV...and OE wasn't even running....it didn't report any virus,
> but some were being blocked by our e-mail server because of spam, but most
> were going trough. Immediately I unplug the network cable and of course it
> stopped. Then I scan for virus and none were found...also used
TrojanHunter
> and it reported nothing...ran Spybot and it found several spyware, which
> were fixed. Again I plugged back the network cable and again it tried to
> send out many e-mails...again I ran the NAV, TrojanHunter and Spybot and
all
> came out clean, but I still have the same problem. Has anyone else
> experienced this same problem, was there a fix to it? If anyone can offer
me
> some help, it would be greatly appreciated.
>
> Thanks
> Marco
>
>
>
Anonymous
June 23, 2005 8:01:42 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Hi Limonzito - Download and run the free or trial version of A2 Personal,
here: http://www.emsisoft.com/en/ UPDATE, then run from a Clean Boot or Safe
Mode with Show Hidden Files enabled as below (from my Blog, address in
Signature). Continue to re-run A2 in Safe mode or from a Clean Boot until
no more problems are found, then reboot to normal operation and run one more
time. You might also want to run SysClean, below:


Show hidden files and run all removal tools from Safe mode or a "Clean Boot"
when possible, logged on as an Administrator. BEFORE running these tools, be
sure to clear all Temp files and your Temporary Internet Files
(TIF)(including offline content.) Reboot and test if the malware is fixed
after using each tool.

HOW TO Enable Hidden Files
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/doci...

Clean Boot - General Win2k/XP procedure, but see below for links for other
OS's (This for Win2k w/msconfig - you can obtain msconfig for Win2k here:
http://www.3feetunder.com/files/win2K_msconfig_setup.ex... ):

1. StartRun enter msconfig.

2. On the General tab, click Selective Startup, and then clear the 'Process
System.ini File', 'Process Win.ini File', and 'Load Startup Items' check
boxes. Leave the 'boot.ini' boxes however they are currently set.

3. In the Services tab, check the "Hide All Microsoft Services" checkbox,
and then click the "Disable All" button. If you use a third party firewall
then re-check (enable) it. For example, if you use Zone Alarm, re-check the
True Vector Internet Monitor service (and you may also want to re-check
(enable) the zlclient on the Startup tab.) Equivalent services exist for
other third party firewalls. An alternative to this for XP users is to
enable at this time the XP native firewall (Internet Connection Firewall -
ICF). Be sure to turn it back off when you re-enable your non-MS services
and Startup tab programs and restore your normal msconfig configuration
after cleaning your machine.

4. Click OK and then reboot.

For additional information about how to clean boot your operating system,
click the following article links to view the articles in the Microsoft
Knowledge Base:

310353 How to Perform a Clean Boot in Windows XP
http://support.microsoft.com/kb/310353
281770 How to Perform Clean-Boot Troubleshooting for Windows 2000
http://support.microsoft.com/kb/281770/EN-US/
267288 How to Perform a Clean Boot in Windows Millennium Edition
http://support.microsoft.com/kb/267288/EN-US/
192926 How to Perform Clean-Boot Troubleshooting for Windows 98
http://support.microsoft.com/kb/192926/EN-US/
243039 How to Perform a Clean Boot in Windows 95
http://support.microsoft.com/kb/243039/EN-US/


SysClean

Boot to Safe mode with Network Support (HowTo here:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/doci...)
or a Clean Boot as above.

Download sysclean.com , from Trend Micro, here:
http://www.trendmicro.com/download/dcs.asp along with the latest released
pattern file, here: http://www.trendmicro.com/download/pattern.asp Be sure
to read the "How-to" info here:
http://www.trendmicro.com/ftp/products/tsc/readme.txt

You might also want to get Art's updater, SYS-UP.Zip, here for future
updating of these:
http://bilder.informationsarchiv.net/Nikitas_Tools/SYS-...). (If you
download and use the updater from the beginning, it will automatically
handle downloading the other files.)

An alternative automatic updater which adds some capabilities to Art's
updater, such as restarting in Safe mode to run, etc., SYSCLEAN_FE , is
available here: http://www.ik-cs.com/programs/virtools/Sysclean_FE.exe.
There's a brief description here: http://www.ik-cs.com/more_information.htm.
I would recommend that you use Clean Boot with either updater, however.

NOTE: You can get a somewhat more current interim pattern file, the
Controlled Pattern Release, here and manually unzip it to your SysClean
folder: http://www.trendmicro.com/download/pattern-cpr-disclaim... Look
for the lptxxx.zip file after you agree to the terms. (Sorry, but the
Updaters won't go get this one for you. However, if you manually download
the CPR first and then use one of the updaters, SysClean will automatically
use these CPR definitions when it starts.)

Place them in a dedicated folder after appropriate unzipping.

Show hidden and system files (HowTo here:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/doci...)

If you're using WindowsME or WindowsXP, SysClean (and the other cleaning
tools below) may find infections within Restore Points which it will be
unable to clean. You may choose to disable Restore if you're on XP or ME
(directions here:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...) which will
eliminate ALL previous Restore Points, or alternatively, you can wait until
cleaning is completed and then use the procedure within the *********'s
below to delete all older, possibly infected Restore Points and save a new,
clean one. This approach is in the sprit of "keep what you've got" so that
you can recover to an at least operating albeit infected system if you
inadvertently delete something vital, and is the approach I recommend that
you take.

Read tscreadme.txt carefully, then do a complete scan of your system and
clean or delete anything it finds EXCEPT EMAIL DATABASES OR FILES. These
need special handling. See here:
http://www.ik-cs.com/virus-emaildatabase.htm

Reboot and re-run SysClean and continue this procedure until you get a clean
scan or nothing further can be cleaned/removed.

Now reboot to normal mode and re-run the scan again.

This scan may take a long time, as Sysclean is VERY extensive and thorough.
For example, one user reported that Sysclean found 69 hits that an
immediately prior Norton AV v. 11.0.2.4 run had missed.




--
Regards, Jim Byrd, MS-MVP
My, Blog Defending Your Machine, here:
http://defendingyourmachine.blogspot.com/

"Limonzito" <marc_ati@icsi.net> wrote in message
news:F1Bue.1302$Lj2.226@newssvr12.news.prodigy.com
> Hi Group,
>
> I have a trojan problem or at least that's what I think it's going on
> with my computer.
> I have Sony laptop running winXP, all updates, running NAV '03, no
> firewall since I'm connected to a router with built-in firewall
> (Cayman).I assigned port forwarding so I can access my laptop from
> home and of course I leave my computer on every night. When I arrived
> Monday morning and checked my computer, there was a message from NAV,
> it had encountered the W32.Gobot.A virus and it couldn't delete it
> but it managed to quarantined it. I figured no problem...then few
> minutes later I saw many, many outgoing e-mails being scanned by
> NAV...and OE wasn't even running....it didn't report any virus, but
> some were being blocked by our e-mail server because of spam, but
> most were going trough. Immediately I unplug the network cable and of
> course it stopped. Then I scan for virus and none were found...also
> used TrojanHunter and it reported nothing...ran Spybot and it found
> several spyware, which were fixed. Again I plugged back the network
> cable and again it tried to send out many e-mails...again I ran the
> NAV, TrojanHunter and Spybot and all came out clean, but I still have
> the same problem. Has anyone else experienced this same problem, was
> there a fix to it? If anyone can offer me some help, it would be
> greatly appreciated.
>
> Thanks
> Marco
Related resources
Anonymous
June 24, 2005 1:37:46 AM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

yes, tried it, but NAV doesn't find any more files infected with any
virus...
I'll keep checking others posts.

thanks

"Harry Ohrn" <harry---@webtree.ca> wrote in message
news:uM%233dKBeFHA.1288@tk2msftngp13.phx.gbl...
> Have you checked here
> http://securityresponse.symantec.com/avcenter/venc/data...
>
> --
>
> Harry Ohrn MS-MVP [Shell/User]
> www.webtree.ca/windowsxp
>
>
> "Limonzito" <marc_ati@icsi.net> wrote in message
> news:F1Bue.1302$Lj2.226@newssvr12.news.prodigy.com...
>> Hi Group,
>>
>> I have a trojan problem or at least that's what I think it's going on
>> with
>> my computer.
>> I have Sony laptop running winXP, all updates, running NAV '03, no
> firewall
>> since I'm connected to a router with built-in firewall (Cayman).I
>> assigned
>> port forwarding so I can access my laptop from home and of course I leave
> my
>> computer on every night. When I arrived Monday morning and checked my
>> computer, there was a message from NAV, it had encountered the
>> W32.Gobot.A
>> virus and it couldn't delete it but it managed to quarantined it. I
> figured
>> no problem...then few minutes later I saw many, many outgoing e-mails
> being
>> scanned by NAV...and OE wasn't even running....it didn't report any
>> virus,
>> but some were being blocked by our e-mail server because of spam, but
>> most
>> were going trough. Immediately I unplug the network cable and of course
>> it
>> stopped. Then I scan for virus and none were found...also used
> TrojanHunter
>> and it reported nothing...ran Spybot and it found several spyware, which
>> were fixed. Again I plugged back the network cable and again it tried to
>> send out many e-mails...again I ran the NAV, TrojanHunter and Spybot and
> all
>> came out clean, but I still have the same problem. Has anyone else
>> experienced this same problem, was there a fix to it? If anyone can offer
> me
>> some help, it would be greatly appreciated.
>>
>> Thanks
>> Marco
>>
>>
>>
>
>
Anonymous
June 24, 2005 6:28:04 PM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Did you run a virus scan in Safe Mode?

I had the same thing happen when I updated some of our PCs from Symantec 8.0
to 9.0. I ended up having to put 8.0 back in to solve the problem. Nothing I
did would stop it. Uninstalling, reinstalling. Hours wasted.

"Limonzito" wrote:
"there was a message from NAV, it had encountered the W32.Gobot.A
virus and it couldn't delete it but it managed to quarantined it."

I'd like to know why Norton can always find these things but not remove
them. People rip McAfee but at least it can stop these things before the get
their hooks in. Symantec/Norton is just a waste of money.
--
That's just like my opinion, Man........
June 28, 2005 12:55:02 AM

Archived from groups: microsoft.public.windowsxp.basics (More info?)

Hello ,
--
KD If you find a virus keeps coming back after you delete it, it's most
probably infected the System Restore folder, the best way to solve this is to
disable System Restore, reboot your machine and then enable it again. After
all, run a full avast! scanning. System Restore cannot be disabled on Windows
9x.
Turn off System Restore
To turn off System Restore, follow these steps: 1. Click Start, right-click
My Computer, and then click Properties.
2. Click the System Restore tab.
3. Select the Turn off System Restore check box (or the Turn off System
Restore on all drives check box), and then click OK.
4. Click Yes when you receive the prompt to the turn off System Restore.

Turn on System Restore
To turn on System Restore, follow these steps: 1. Click Start, right-click
My Computer, and then click Properties.
2. Click the System Restore tab.
3. Clear the Turn off System Restore check box (or the Turn off System
Restore on all drives check box), and then click OK .



"Limonzito" wrote:

> Hi Group,
>
> I have a trojan problem or at least that's what I think it's going on with
> my computer.
> I have Sony laptop running winXP, all updates, running NAV '03, no firewall
> since I'm connected to a router with built-in firewall (Cayman).I assigned
> port forwarding so I can access my laptop from home and of course I leave my
> computer on every night. When I arrived Monday morning and checked my
> computer, there was a message from NAV, it had encountered the W32.Gobot.A
> virus and it couldn't delete it but it managed to quarantined it. I figured
> no problem...then few minutes later I saw many, many outgoing e-mails being
> scanned by NAV...and OE wasn't even running....it didn't report any virus,
> but some were being blocked by our e-mail server because of spam, but most
> were going trough. Immediately I unplug the network cable and of course it
> stopped. Then I scan for virus and none were found...also used TrojanHunter
> and it reported nothing...ran Spybot and it found several spyware, which
> were fixed. Again I plugged back the network cable and again it tried to
> send out many e-mails...again I ran the NAV, TrojanHunter and Spybot and all
> came out clean, but I still have the same problem. Has anyone else
> experienced this same problem, was there a fix to it? If anyone can offer me
> some help, it would be greatly appreciated.
>
> Thanks
> Marco
>
>
>
>
!