Trojan.download detected but can't be removed

I have Norton system works with the latest virus list available (11/19/03)
Lately I have been getting an error message from Norton telling me it has found a trojan.download virus.

So far it has given me two different paths:
c:\windows\system\sleep.exe       and
c:\documents & settings\jms\local settings\...\apdl[1].exe

when i follow norton's recommended solution to removing the virus it does not find anything. I have turned off stystem restore and started up in Safe mode -- I have even scanned the exact files -- but it does not find anything.
I have also downloaded trojan remover and hijack this -- neither of these programs finds anything.

Could someone please shed some light on this -- as I know I must have something (not to mention all the popups that appear when starting the internet).
jsnynAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

sunray_2003Commented:
0
jsnynAuthor Commented:
yes - those are the directions i have followed. problem is norton does not find anything -- even though when i start ie, norton will occasionally give me an error message telling me that i have the trojan.download virus detected but it could not repair the file.
0
chicagoanCommented:
see if HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79FA9088-19CE-715D-D85A-216290C5B738}\InProcServer32 exists in the registry and delete it if it does
0
Firewall Management 201 with Professor Wool

In this whiteboard video, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. Watch and Learn!

jsnynAuthor Commented:
thanks for the help chicagoan - but i do not find that file in the registry
0
chicagoanCommented:
tried deleting rather than repairing?
0
jsnynAuthor Commented:
Well - i thought about deleting the sleep.exe file - but wasn't sure if that was an important file -- do you know?
0
WillHudsonCommented:
Sleep.exe allows you pc to go into standby mode. It's not part of windows, so its safe to delete it.
Apdl[1].exe looks really suspicious - this is definately not part of windows.

After checking, APDL is a Automatic Porn DownLoader program - so i would delete this also.
0
chicagoanCommented:
If a executable file's been inserted by the malware, you can't repair it.
You can repair data files usually... .doc.xls, etc.
You can always rename a suspicious file until you've had an opportunity to compare it to a known copy.
0
SunBowCommented:
Consider also scanning registry for those names, but look in the keys for running at startup. Delete any in task manager before HD and rebooting. Worst case, revert to prior registry configuration, or simply reInstall the OS, for that often takes less time than debugging unless you want to get into forensics. Don't forget to grab also a personal firewall like sygate or zonealrm that can block and quickly identify the activity of these "auto" background wares, which can get you a better idea of where they came from in the first place. I think Sleep pgm is downloadable, if you want to check that.
0
Zam-BukCommented:
Delete the APDL and overwrite the sleep.exe with a fresh copy.
Reinstall your spyware/trojan remover and update them.
You may want to enable OS (eg:XP) firewall too other than external firewall programs.
End some of your suspicious system processes especially if they do not belong to system.

As for pop ups, personally I use pop-up stopper to block it. Its free =)
http://www.panicware.com/process_download.html?prdid=PSFREE
0
dorkestraCommented:
Another thing you might try is booting the pc to dos and manually deleting those files....If you find them there.  If you get an access denied message trying to do that it's likely that the virus files are read only (many viruses are) and you can take care of that using the attrib command ex.

attrib -r apdl[1].exe

then

del apdl[1].exe
0
khoferCommented:
try this software, it's really good.. and free
http://www.safer-networking.org/
0
cdhillCommented:
This may be overly simplistic, but have you looked in your quarantine?  I have found that Symantec AV puts things safely into quarantine but will continue to give you warnings until you deal with the quarantined item.  Searching for the item in the path given is always fruitless, and some have mistaken these warnings false positives because of it.  Unfortunately the warning doesn't actually say that the item is in the quarantine.  You may have already done this, but if not it might be worth the 20 seconds it takes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Software Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.