mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
Incidentally, go through all your Norton settings with a fine-toothed comb and make sure it's using heruistics and scanning within compressed files and not leaving any files exempt from the scanner, no matter what. A full scan of the insides of all compressed files can take longer... one of my office system's longest scans totalled nearly 900,000 files with the total including all the files within .CAB and .CHM files and so forth. Gnarly! 
*hugs Athlon64*
*hugs Athlon64*Well, I had to call it a night, but I did another scan and it only found one item, which I subsequently deleted. I quickly checked the settings, but did not have time to check to see if it were using heruistics. I did see, however, that it was scanning compressed files, and many of the files that it found infected were .CAB files. Not sure if those files are compressed files or if they deal with heruistics.
In any case, after I deleted the 1 file that it found on the second scan, I rebooted, and five minutes later, it was attacked by Download.Trojan, again! Of course Norton blocked it. This Trojan is relentless.
So, it has not been nabbed yet. I will check tomorrow if it is using heruistics, but if any of you know of anything else I could do to fix this situation, please let me know. And where exactly is the setting for heruistics?
dclive, could the registry entries that you mentioned be causing this?
In any case, after I deleted the 1 file that it found on the second scan, I rebooted, and five minutes later, it was attacked by Download.Trojan, again! Of course Norton blocked it. This Trojan is relentless.
So, it has not been nabbed yet. I will check tomorrow if it is using heruistics, but if any of you know of anything else I could do to fix this situation, please let me know. And where exactly is the setting for heruistics?
dclive, could the registry entries that you mentioned be causing this?
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
I'm not in daily contact with Norton Antivirus so I don't recall precisely where to find the heuristics option. Hunt for it or use Norton's Help to locate it, they may call it Bloodhound as a catchy name. I do know that if you had nuked the system and reinstalled Windows, you would certainly be done with getting rid of the trojan and its unseen master (which I'm guessing is some piece of adware/malware that uses the Download.trojan as a tool for doing its dirty work, that would jive with D.T's description). Just a thought...
So a search for adware/spyware is now in order, if you want to keep fighting the thing instead of dropping the bomb on it. Lavasoft AdAware, SpyBot Search & Destroy 1.3 and CWSShredder might get you somewhere on that.
Yes.
The registry entries tell the OS to run programs ... like, in your case, malware.
So, remove the bad entries from the registry, remove the programs, and the problem goes away. Easy! You just have to know what to remove - that's the only tough part.
I suggest booting in safe mode, removing all the junk that's starting up in the RUN keys (MSCONFIG can help), removing all software from the add/remove control panel that you didn't put there, and then doing some scanning. Last night I gave you a list of things to remove based on HijackThis reports - that's a good starting point.
The problem, IMHO, is that you're doing this piecemeal - you run a scan, reboot, and open up MSIE, and boom, you're reinfected, or a program that you missed runs again and reinfects you again. You need to remove ALL of the issues BEFORE you reboot. Easier said than done, I know! For example, your browser's hijacked, so you need to fix that. Your registry's loading mountains of malware on every boot, so you need to fix that.
I absolutely *dred* saying this, but sometimes it's easier to reformat and reinstall if you aren't too familiar with the registry and removing programs manually. This can be fixed, but you've got to be somewhat familiar with regedit to do so....
If this were my machine, I'd boot in safe mode, go thru the registry, remove all the malware, run AV and malware (Ad-Aware, etc.) scans, and remove any EXEs in odd places that I wasn't familiar with or didn't put there. MSINFO32 shows most of them pretty clearly. MSCONFIG can turn off most of the programs that run at boot, so that's a good start too.
Well, the system was too infected to be worth the effort. Just used a clone of the HD that was made a couple of months ago and rebuilt it. My client will just have to install the programs that he installed himself again. I also was able to save the email and data from his infected drive. I only grabbed the essentials so as not to infect the new drive. Did a new scan after it was rebuilt, and she was clean.
Didn't have a chance to install SP2. Client wanted to keep costs down, and I was working hourly. However, I did school my client on the art of safe surfing and downloading.
I also switched him to Firefox, immunized his system with Spybot, and told him to do weekly scans with Ad-aware and Spybot in safe mode, and with AVG.
I also switched him to Firefox, immunized his system with Spybot, and told him to do weekly scans with Ad-aware and Spybot in safe mode, and with AVG.
Sounds good. You might mail your client and inform him that installing SP2 would likely cause his support costs to drop.
Or just be nice and tell him how to get it via Windows Update, and tell him to set Windows Update (after SP2) to automatically download and install all updates.....I actually already set up his computer to download updates automatically, and notify him when they are ready to be installed. As of 2 days ago, SP 2 was still not available to the general public via Windows Update, so he wouldn't be able to get it anyway. I can send him the link, though.
Among many other things, it's got a better firewall, better IE security, a popup blocker, better program-level security, and it boinks you over the head if you don't do Windows Updates and keep your AV updated too. (But unfortunately, that's configurable too. Sigh....)
LOL. OK. Thanks. Looks like they added some features to their Wireless LAN config.'s as well.
Reading about what's new here:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx
Reading about what's new here:
http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/winxpsp2.mspx
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 403
-
Facebook
Twitter