manch03
asked on
Possible Trojan? Unable to find.
When I try and access "MY Computer", try and open up "my documents", or even try and open "My Network Places. The computer system will not allow me to open these items and the screen will refresh and "kick me" off the internet (if connected). Also I am not able to open up the "control panel". It acts as though there is a trojan or worm but when I do a virus scan and use "The Cleaner) the system is unable to find any trojan horses or viruses. ANy ideas?
Boot to safe mode and use this
Stinger
BackDoor-AQJ, Bat/Mumu.worm, Exploit-DcomRpc, IPCScan, IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, NTServiceLoader, PWS-Sincom, W32/Bugbear@MM, W32/Deborm.worm.gen, W32/Dumaru@MM, W32/Elkern.cav, W32/Fizzer.gen@MM, W32/FunLove, W32/Klez, W32/Lirva, W32/Lovgate, W32/Lovsan.worm, W32/Mimail@MM, W32/MoFei.worm, W32/Mumu.b.worm, W32/Nachi.worm, W32/Nimda, W32/Sdbot.worm.gen, W32/SirCam@MM, W32/Sobig, W32/SQLSlammer.worm, W32/Yaha@MM
http://vil.nai.com/vil/stinger/
Stinger
BackDoor-AQJ, Bat/Mumu.worm, Exploit-DcomRpc, IPCScan, IRC/Flood.ap, IRC/Flood.bi, IRC/Flood.cd, NTServiceLoader, PWS-Sincom, W32/Bugbear@MM, W32/Deborm.worm.gen, W32/Dumaru@MM, W32/Elkern.cav, W32/Fizzer.gen@MM, W32/FunLove, W32/Klez, W32/Lirva, W32/Lovgate, W32/Lovsan.worm, W32/Mimail@MM, W32/MoFei.worm, W32/Mumu.b.worm, W32/Nachi.worm, W32/Nimda, W32/Sdbot.worm.gen, W32/SirCam@MM, W32/Sobig, W32/SQLSlammer.worm, W32/Yaha@MM
http://vil.nai.com/vil/stinger/
Hey Manch03,
I had some of the same symptoms on a pc try this link and see if it helps.
Also does it allow you to access the regedit and taskmanager?
https://www.experts-exchange.com/questions/20940675/Win2k-Norton-Anitvirus-Taskmanager-and-Regedit-no-open.html
ASKER
I currently have Spybot-S &D no luck finding anything. The first web site is unavailable. Is there a certain program you would like me to try?
Run the program I posted "Stinger"
Hey Manch03,
This question was answered on 4/1/2004 I can' t figure why the link is unavailable now.
The site for the WORM_AGOBOT is
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.DU
or
http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_AGOBOT.JP
There are many variants for these and the names for the process may differ from
what is listed since mine was MSclock.exe. As for Spybot, I tried Norton Antivirus, Mcaffre Virus
Scanner, Stinger, Ad-aware 6, spybot, all updated and with update definitions and none of them detected this worm.
ASKER
At this point I have tried just about everything. The Stinger could not find any viruses or trojans. Ad-Ware found 16 objects and deleted them. Most of the on-line virus scanners were not available because I do not have access to Internet Explorer (will not open) so I have to use Netscape. Most sites (Anti-Virus) are prompting me to use Internet Explorer. I will proceed with the next two suggustions from "fatel Exception" and "Worked4me". NO solution yet. Any more suggustions?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I am still not sure which Virus or Trojan that was in the computer but the program HijackThis worked and everything is working fine. Thanks
Spyware/Adware removal tools
SpyBot
http://www.webattack.com/download/dlspybot.shtml
http://www.safer-networking.org/
Ad-aware
http://www.webattack.com/download/dladaware.shtml
CWShredder
http://www.spywareinfo.com/~merijn/downloads.html
also
online virus scanner
Trend-Micro
http://housecall.trendmicro.com/
Symantec
http://security.symantec.com/
Mcafee
http://us.mcafee.com/root/mfs/default.asp
Panda
http://www.pandasoftware.com/activescan/com/activescan_principal.htm