Solved

Trojan Horse Infection

Posted on 2002-07-29
9
640 Views
Last Modified: 2013-12-28
I'm running Win98SE and Norton Antivirus tells me that windows\system\wnmngm1.exe is infected with a Trojan Horse, but is unable to repair the situation.
How do I proceed?
0
Comment
Question by:davereynolds
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7185927
I would rename the file, ( use *.old ) and see if it affects anything.

Other option is to do a
start-run - sfc
and have if replace that particular file ( if it is a system file at all ).

If not, then simply delete it since it is not needed.

I hope this helps !
0
 
LVL 12

Expert Comment

by:guidway
ID: 7186068
Try running this free virus scanner on your computer and see if it helps.

http://housecall.antivirus.com

Kind of like getting a second opinion. ;-)

guidway
0
 
LVL 12

Expert Comment

by:guidway
ID: 7186075
Strange, if that is a windows file there is no mention of it anywhere on the net (that I can find). Usually you can find a little info about any file on the net. This one isn't even listed.

guidway
0
Back Up Your Microsoft Windows Server®

Back up all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

 
LVL 3

Author Comment

by:davereynolds
ID: 7186127
Explorer will not let me delete the file, and sfc says "You do not have permission to open this file- see the owner of the file or an admin to obtain permission".
Does this indicate it is a system file or just a virus payload? What's next?
0
 
LVL 12

Expert Comment

by:guidway
ID: 7186144
did you try running that other virus scanner on it? That would eliminate the idea of it being a virus if it doesn't detect anything.

guidway
0
 
LVL 12

Expert Comment

by:guidway
ID: 7186151
Does NAV say what virus it is infected with or does your computer do anything weird as a result of this problem?

guidway
0
 
LVL 4

Accepted Solution

by:
jpanderson earned 100 total points
ID: 7186424
Restart in safe mode (hit F8 repeatedly or hold down Ctrl button when starting.  Start > run > msconfig > startup tab > find any reference to the file being loaded and uncheck the box.  Restart again in safe mode and look in the win.ini file for any reference to this file being loaded and delete it.

Search registry: Start > run > regedit > delete any reference to the file.

Restart the computer and do another virus scan and see if its gone.

Please note:
Back up the file and any files that you modify, also back up the registry before you edit it.
0
 
LVL 4

Expert Comment

by:jpanderson
ID: 7186433
Forgot to mention that you should be able to delete the file now in safe mode.  If you can't just make note of where its located and then use a boot disk to start the computer and navigate to the file and delete it in dos mode. del wnmngm1.exe
0
 
LVL 3

Author Comment

by:davereynolds
ID: 7186557
Thanks JP. After deleting the regisry entry, Norton was able to delete the exe file and everything seems to be working well.
0

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The use of stolen credentials is a hot commodity this year allowing threat actors to move laterally within the network in order to avoid breach detection.
In this article, I will show you HOW TO: Install VMware Tools for Windows on a VMware Windows virtual machine on a VMware vSphere Hypervisor 6.5 (ESXi 6.5) Host Server, using the VMware Host Client. The virtual machine has Windows Server 2016 instal…
As developers, we are not limited to the functions provided by the VBA language. In addition, we can call the functions that are part of the Windows operating system. These functions are part of the Windows API (Application Programming Interface). U…
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question