?
Solved

Trojan Horse Infection

Posted on 2002-07-29
9
Medium Priority
?
647 Views
Last Modified: 2013-12-28
I'm running Win98SE and Norton Antivirus tells me that windows\system\wnmngm1.exe is infected with a Trojan Horse, but is unable to repair the situation.
How do I proceed?
0
Comment
Question by:davereynolds
  • 4
  • 2
  • 2
  • +1
9 Comments
 
LVL 63

Expert Comment

by:SysExpert
ID: 7185927
I would rename the file, ( use *.old ) and see if it affects anything.

Other option is to do a
start-run - sfc
and have if replace that particular file ( if it is a system file at all ).

If not, then simply delete it since it is not needed.

I hope this helps !
0
 
LVL 12

Expert Comment

by:guidway
ID: 7186068
Try running this free virus scanner on your computer and see if it helps.

http://housecall.antivirus.com

Kind of like getting a second opinion. ;-)

guidway
0
 
LVL 12

Expert Comment

by:guidway
ID: 7186075
Strange, if that is a windows file there is no mention of it anywhere on the net (that I can find). Usually you can find a little info about any file on the net. This one isn't even listed.

guidway
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
LVL 3

Author Comment

by:davereynolds
ID: 7186127
Explorer will not let me delete the file, and sfc says "You do not have permission to open this file- see the owner of the file or an admin to obtain permission".
Does this indicate it is a system file or just a virus payload? What's next?
0
 
LVL 12

Expert Comment

by:guidway
ID: 7186144
did you try running that other virus scanner on it? That would eliminate the idea of it being a virus if it doesn't detect anything.

guidway
0
 
LVL 12

Expert Comment

by:guidway
ID: 7186151
Does NAV say what virus it is infected with or does your computer do anything weird as a result of this problem?

guidway
0
 
LVL 4

Accepted Solution

by:
jpanderson earned 400 total points
ID: 7186424
Restart in safe mode (hit F8 repeatedly or hold down Ctrl button when starting.  Start > run > msconfig > startup tab > find any reference to the file being loaded and uncheck the box.  Restart again in safe mode and look in the win.ini file for any reference to this file being loaded and delete it.

Search registry: Start > run > regedit > delete any reference to the file.

Restart the computer and do another virus scan and see if its gone.

Please note:
Back up the file and any files that you modify, also back up the registry before you edit it.
0
 
LVL 4

Expert Comment

by:jpanderson
ID: 7186433
Forgot to mention that you should be able to delete the file now in safe mode.  If you can't just make note of where its located and then use a boot disk to start the computer and navigate to the file and delete it in dos mode. del wnmngm1.exe
0
 
LVL 3

Author Comment

by:davereynolds
ID: 7186557
Thanks JP. After deleting the regisry entry, Norton was able to delete the exe file and everything seems to be working well.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
Most folks would know the basics of how Dropbox works, so that’s not the purpose of this article. Security is what it’s all about, so here I’ll share how I choose to secure my Dropbox Account and the Data it contains.
The viewer will learn how to successfully create a multiboot device using the SARDU utility on Windows 7. Start the SARDU utility: Change the image directory to wherever you store your ISOs, this will prevent you from having 2 copies of an ISO wit…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

840 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question