yesterday I decided to install the NetBus Detective utility to search my W2000 Server system for the NetBus server. My system runs SQL Server 2000, is a Primary Domain Controller, and has also Norton Antivirus 2001, updated daily.
When the system rebooted, a message popped up from NetBus Detective saying that it removed the trojan Whack-A-Mole and NetBus server 1.7.
The problem is that each time the PC is rebooted the same messages appear, although the Detective is trying to remove them, and even then, I scan my PC with Norton and McAfee, no virus is found.
I even tried the steps mentioned in this page:
and there are no signs of it (even if NetBus Detective is not active since reboot).
I can send you a list of ports that are listening at any given time (before personal firewall or netbus detective is executed), but nothing suspicious there as well.
This PC has an internal IP address (192.168.1.10), and gets out on the Net via a Proxy. Even if it has been compromised, would it be possible for somebody to sneak into my PC?
Additionally, how do I remove it? Could it be possible that since this is a heavy duty server, the NetBus Detective utility believes that some other application listening to a port is Whack-A-Mole, whereas it is some other app from W2000?