backorifice.trojan detected, any help is welcome.

[SuperT]

aloha guys and girls, my norton 2002 a/v detected backorifice.trojan sitting in c:\windows\system32. the file is called umgr32.exe, i'm on winXP so i dont thinkit can do anything (can it?) and norton says it cannot repair or quarantine the file. i tried some other utilities on the net but they dont even detect it. any ideas please?
:disgust:

 

[n0cmonkey]

Best bet is to format, but there are instruction pages out there on the web for removing it.

 

[SuperT]

i was able to remove the registry value/key and rename the file but still cannot remove it. any ideas?

 

[n0cmonkey]

http://www.cultdeadcow.com/tools/bolinks3.html

Try that.

 

[SuperT]

thanks man! i appreciate your help.

 

[n0cmonkey]

<< thanks man! i appreciate your help. >>



Thank google.

 

[Psychoholic]

<< aloha guys and girls, my norton 2002 a/v detected backorifice.trojan sitting in c:\windows\system32. the file is called umgr32.exe, i'm on winXP so i dont thinkit can do anything (can it?) >>


Can it do anything??? It shouldn't be able to, if you have a properly configured firewall in place. Then again if the computer was set up properly, the trojan should have never been placed on the system to begin with. If you have aquired a trojan I would strongly encourage you to take n0c's first post as advice instead of removing the trojan. God only knows what else may be lurking in the abyss of your hard drive.

Next time around make sure your virus definitions are current and set your AV protection to scan files when "Run or Opened" and "Created or Downloaded". This way you'll catch it before it finds a home on your hard drive.

 

[n0cmonkey]

<<

<< aloha guys and girls, my norton 2002 a/v detected backorifice.trojan sitting in c:\windows\system32. the file is called umgr32.exe, i'm on winXP so i dont thinkit can do anything (can it?) >>


Can it do anything??? It shouldn't be able to, if you have a properly configured firewall in place. Then again if the computer was set up properly, the trojan should have never been placed on the system to begin with. If you have aquired a trojan I would strongly encourage you to take n0c's first post as advice instead of removing the trojan. God only knows what else may be lurking in the abyss of your hard drive.

Next time around make sure your virus definitions are current and set your AV protection to scan files when "Run or Opened" and "Created or Downloaded". This way you'll catch it before it finds a home on your hard drive. >>



If he is in fact using Norton 2k2 it should have found this trojan. Its what? 5 years old?

 

[bacillus]

<< Its what? 5 years old? >>


sounds about right!

 

[Psychoholic]

Some people load it and disable the Auto-Protect features, only having it check for viruses when they ask it to. Personally I've got enough crap to remember, I don't want to have to remember to scan once a week. I also don't trust my users to scan it themselves. A manual scan does nothing to really prevent infection either.