Solved

Trojan Horse Infection

Posted on 2002-07-29
9
638 Views
Last Modified: 2013-12-28
I'm running Win98SE and Norton Antivirus tells me that windows\system\wnmngm1.exe is infected with a Trojan Horse, but is unable to repair the situation.
How do I proceed?
0
Comment
Question by:davereynolds
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7185927
I would rename the file, ( use *.old ) and see if it affects anything.

Other option is to do a
start-run - sfc
and have if replace that particular file ( if it is a system file at all ).

If not, then simply delete it since it is not needed.

I hope this helps !
0
 
LVL 12

Expert Comment

by:guidway
ID: 7186068
Try running this free virus scanner on your computer and see if it helps.

http://housecall.antivirus.com

Kind of like getting a second opinion. ;-)

guidway
0
 
LVL 12

Expert Comment

by:guidway
ID: 7186075
Strange, if that is a windows file there is no mention of it anywhere on the net (that I can find). Usually you can find a little info about any file on the net. This one isn't even listed.

guidway
0
 
LVL 3

Author Comment

by:davereynolds
ID: 7186127
Explorer will not let me delete the file, and sfc says "You do not have permission to open this file- see the owner of the file or an admin to obtain permission".
Does this indicate it is a system file or just a virus payload? What's next?
0
Do email signature updates give you a headache?

Constantly trying to correctly format email signatures? Spending all of your time at every user’s desk to make updates? Want high-quality HTML signatures on all devices, including on mobiles and Macs? Then, let Exclaimer solve all your email signature problems today!

 
LVL 12

Expert Comment

by:guidway
ID: 7186144
did you try running that other virus scanner on it? That would eliminate the idea of it being a virus if it doesn't detect anything.

guidway
0
 
LVL 12

Expert Comment

by:guidway
ID: 7186151
Does NAV say what virus it is infected with or does your computer do anything weird as a result of this problem?

guidway
0
 
LVL 4

Accepted Solution

by:
jpanderson earned 100 total points
ID: 7186424
Restart in safe mode (hit F8 repeatedly or hold down Ctrl button when starting.  Start > run > msconfig > startup tab > find any reference to the file being loaded and uncheck the box.  Restart again in safe mode and look in the win.ini file for any reference to this file being loaded and delete it.

Search registry: Start > run > regedit > delete any reference to the file.

Restart the computer and do another virus scan and see if its gone.

Please note:
Back up the file and any files that you modify, also back up the registry before you edit it.
0
 
LVL 4

Expert Comment

by:jpanderson
ID: 7186433
Forgot to mention that you should be able to delete the file now in safe mode.  If you can't just make note of where its located and then use a boot disk to start the computer and navigate to the file and delete it in dos mode. del wnmngm1.exe
0
 
LVL 3

Author Comment

by:davereynolds
ID: 7186557
Thanks JP. After deleting the regisry entry, Norton was able to delete the exe file and everything seems to be working well.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Several part series to implement Internet Explorer 11 Enterprise Mode
Recently Microsoft released a brand new function called CONCAT. It's supposed to replace its predecessor CONCATENATE. But how does it work? And what's new? In this article, we take a closer look at all of this - we even included an exercise file for…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now