Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Virus detected - regedit, task manager, Norton Anti-virus disabled in normal mode - Win XP

Posted on 2004-08-30
15
Medium Priority
?
511 Views
Last Modified: 2013-12-03
I have detected (in Safe-Mode) and deleted with Norton BAT.Trojan; W32.Korgo.S
I deleted several current "Run" entries from the registry, however when I reboot in normal mode, I still get similar problems.  When I try to launch regedit or task manager they come up for a brief second and then go away.  The same thing happens to Norton Anti-virus.  I have seen evidence of anonymous logins in the system event viewer.  Any ideas on how to finaly get rid of this bug?  How many bugs am I chasing?
PS. I can run regedit and task manager and Norton in Safe Mode.

Thanks for the help (in advance)
0
Comment
Question by:meos01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11938984
Yeah were is your FIREWALL?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939000
Screw Norton. Without a firewall you are heavily exposed. Now Norton Interenet Security and ZoneAlarm are something you should conseider
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939004
Double Check for viruses
Online Scanners

 Norton Web Services  
Virus Detection provides an analysis of your results and offers suggestions for further action. It does not examine compressed files or fix infected files.

When Symantec receives notification about a new virus, we develop and post a solution as quickly as possible. We are committed to providing swift responses to all virus threats, including Trojan horses.
http://security.symantec.com/sscv6/vc_about.asp?ax=0&langid=ie&venid=sym&plfid=23&pkj=BSZNTGXIBVEMBQAUWZK

======================
 Trend Micro HouseCall        
http://housecall.antivirus.com/housecall/start_corp.asp

======================
eTrust Online antivirus scanner
http://www3.ca.com/virusinfo/virusscan.aspx
======================

PC Pitstop Virus Scan
When the download completes, you will receive an ActiveX security dialog for the PC Pitstop virus scanner. Click Yes to install the scanner and proceed to the virus scan.

If you are currently running an antivirus package such as Norton Antivirus, it may detect our own virus detection file as a virus. If this occurs and you wish to use our scanner, please (temporarily) disable any active background virus checking software before scanning, or add our signature file (PAV.SIG) to the scanner's file exclusion list
http://www.pcpitstop.com/antivirus/AVLoad.asp
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939005
Check for adware and sypware and browser hijackers. The following link is a list of tools to try out.
http://crazyone.tekmasters.com/malwaretools.html
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939011
If Win98/ME

Sart > Run msconfig
Click on the tab marked "Startup"
unckeck all items except System Tray and Explorer.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.

or if

WinXP

Try this

Sart > Run msconfig
Click on the tab marked "Startup"
Click the Disable All button.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 
LVL 1

Expert Comment

by:Moskjis
ID: 11939499
Hi meos01,
(comment :)

if win2000
http://www.techadvice.com/win2000/m/msconfig_w2k.htm

win 98 msconfig works for win 2000 too.

Cheers!
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939555
>>>win 98 msconfig works for win 2000 too.

Yeah and have you tried it. It don't work very good.
0
 
LVL 1

Expert Comment

by:Moskjis
ID: 11939645
Hi CrazyOne,

o.k. it will not work for later versions of 2000, but look at:
http://www.techadvice.com/win2000/m/msconfig_w2k.htm one more time
winXP version of it works just fine.

(about that "later versions of 2000" that was a surprise to me :))
I must read all, not only the beginning :)


Cheers!
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939673
Yep that MSCONFIG does work. The interestining thing about is that was originally designed for XP but the author of this (and it was NOT Microsoft) did port over to Win2000. In my opinion the problem is with a virus overall.
0
 
LVL 5

Expert Comment

by:Hammadian2
ID: 11939780
You need to do 2 things:

1. Clean your system
2. Update your system so that these trojans do not get into it again

For the 1st thing you need to download a cleanning utility
I recommened Pest Patrol, you can get an evaluation copy from:
http://www.pestpatrol.com/Products/PestPatrolHE/Single_User_Evaluation.asp

For the 2nd thing (and it's really important)
goto:
http://windowsupdate.microsoft.com

Then re-scan again and everything should be ok
 
0
 
LVL 21

Expert Comment

by:jvuz
ID: 11940168
Also do acheck with Stinger:

http://vil.nai.com/vil/stinger/
0
 
LVL 9

Expert Comment

by:woodendude
ID: 11941522
When this was detected and deleted in safe mode, did you first turn off system restore? If not turn of system restore, run your adware and anti virus program in safe mode , delete all that is found, reboot turn on system restore, you should be good.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 13747417
PAQed with no points refunded (of 125)

modulo
Community Support Moderator
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I. Introduction There's an interesting discussion going on now in an Experts Exchange Group — Attachments with no extension (http://www.experts-exchange.com/discussions/210281/Attachments-with-no-extension.html). This reminded me of questions tha…
Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.
If you’ve ever visited a web page and noticed a cool font that you really liked the look of, but couldn’t figure out which font it was so that you could use it for your own work, then this video is for you! In this Micro Tutorial, you'll learn yo…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question