Solved

Virus detected - regedit, task manager, Norton Anti-virus disabled in normal mode - Win XP

Posted on 2004-08-30
15
472 Views
Last Modified: 2013-12-03
I have detected (in Safe-Mode) and deleted with Norton BAT.Trojan; W32.Korgo.S
I deleted several current "Run" entries from the registry, however when I reboot in normal mode, I still get similar problems.  When I try to launch regedit or task manager they come up for a brief second and then go away.  The same thing happens to Norton Anti-virus.  I have seen evidence of anonymous logins in the system event viewer.  Any ideas on how to finaly get rid of this bug?  How many bugs am I chasing?
PS. I can run regedit and task manager and Norton in Safe Mode.

Thanks for the help (in advance)
0
Comment
Question by:meos01
15 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11938984
Yeah were is your FIREWALL?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939000
Screw Norton. Without a firewall you are heavily exposed. Now Norton Interenet Security and ZoneAlarm are something you should conseider
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939004
Double Check for viruses
Online Scanners

 Norton Web Services  
Virus Detection provides an analysis of your results and offers suggestions for further action. It does not examine compressed files or fix infected files.

When Symantec receives notification about a new virus, we develop and post a solution as quickly as possible. We are committed to providing swift responses to all virus threats, including Trojan horses.
http://security.symantec.com/sscv6/vc_about.asp?ax=0&langid=ie&venid=sym&plfid=23&pkj=BSZNTGXIBVEMBQAUWZK

======================
 Trend Micro HouseCall        
http://housecall.antivirus.com/housecall/start_corp.asp

======================
eTrust Online antivirus scanner
http://www3.ca.com/virusinfo/virusscan.aspx
======================

PC Pitstop Virus Scan
When the download completes, you will receive an ActiveX security dialog for the PC Pitstop virus scanner. Click Yes to install the scanner and proceed to the virus scan.

If you are currently running an antivirus package such as Norton Antivirus, it may detect our own virus detection file as a virus. If this occurs and you wish to use our scanner, please (temporarily) disable any active background virus checking software before scanning, or add our signature file (PAV.SIG) to the scanner's file exclusion list
http://www.pcpitstop.com/antivirus/AVLoad.asp
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939005
Check for adware and sypware and browser hijackers. The following link is a list of tools to try out.
http://crazyone.tekmasters.com/malwaretools.html
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939011
If Win98/ME

Sart > Run msconfig
Click on the tab marked "Startup"
unckeck all items except System Tray and Explorer.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.

or if

WinXP

Try this

Sart > Run msconfig
Click on the tab marked "Startup"
Click the Disable All button.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 
LVL 1

Expert Comment

by:Moskjis
ID: 11939499
Hi meos01,
(comment :)

if win2000
http://www.techadvice.com/win2000/m/msconfig_w2k.htm

win 98 msconfig works for win 2000 too.

Cheers!
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939555
>>>win 98 msconfig works for win 2000 too.

Yeah and have you tried it. It don't work very good.
0
 
LVL 1

Expert Comment

by:Moskjis
ID: 11939645
Hi CrazyOne,

o.k. it will not work for later versions of 2000, but look at:
http://www.techadvice.com/win2000/m/msconfig_w2k.htm one more time
winXP version of it works just fine.

(about that "later versions of 2000" that was a surprise to me :))
I must read all, not only the beginning :)


Cheers!
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939673
Yep that MSCONFIG does work. The interestining thing about is that was originally designed for XP but the author of this (and it was NOT Microsoft) did port over to Win2000. In my opinion the problem is with a virus overall.
0
 
LVL 5

Expert Comment

by:Hammadian2
ID: 11939780
You need to do 2 things:

1. Clean your system
2. Update your system so that these trojans do not get into it again

For the 1st thing you need to download a cleanning utility
I recommened Pest Patrol, you can get an evaluation copy from:
http://www.pestpatrol.com/Products/PestPatrolHE/Single_User_Evaluation.asp

For the 2nd thing (and it's really important)
goto:
http://windowsupdate.microsoft.com

Then re-scan again and everything should be ok
 
0
 
LVL 21

Expert Comment

by:jvuz
ID: 11940168
Also do acheck with Stinger:

http://vil.nai.com/vil/stinger/
0
 
LVL 9

Expert Comment

by:woodendude
ID: 11941522
When this was detected and deleted in safe mode, did you first turn off system restore? If not turn of system restore, run your adware and anti virus program in safe mode , delete all that is found, reboot turn on system restore, you should be good.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 13747417
PAQed with no points refunded (of 125)

modulo
Community Support Moderator
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I don't know if many of you have made the great mistake of using the Cisco Thin Client model with the management software VXC. If you have then you are probably more then familiar with the incredibly clunky interface, the numerous work arounds, and …
Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
This video shows how to remove a single email address from the Outlook 2010 Auto Suggestion memory. NOTE: For Outlook 2016 and 2013 perform the exact same steps. Open a new email: Click the New email button in Outlook. Start typing the address: …

914 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now