Solved

Virus detected - regedit, task manager, Norton Anti-virus disabled in normal mode - Win XP

Posted on 2004-08-30
15
502 Views
Last Modified: 2013-12-03
I have detected (in Safe-Mode) and deleted with Norton BAT.Trojan; W32.Korgo.S
I deleted several current "Run" entries from the registry, however when I reboot in normal mode, I still get similar problems.  When I try to launch regedit or task manager they come up for a brief second and then go away.  The same thing happens to Norton Anti-virus.  I have seen evidence of anonymous logins in the system event viewer.  Any ideas on how to finaly get rid of this bug?  How many bugs am I chasing?
PS. I can run regedit and task manager and Norton in Safe Mode.

Thanks for the help (in advance)
0
Comment
Question by:meos01
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
15 Comments
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11938984
Yeah were is your FIREWALL?
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939000
Screw Norton. Without a firewall you are heavily exposed. Now Norton Interenet Security and ZoneAlarm are something you should conseider
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939004
Double Check for viruses
Online Scanners

 Norton Web Services  
Virus Detection provides an analysis of your results and offers suggestions for further action. It does not examine compressed files or fix infected files.

When Symantec receives notification about a new virus, we develop and post a solution as quickly as possible. We are committed to providing swift responses to all virus threats, including Trojan horses.
http://security.symantec.com/sscv6/vc_about.asp?ax=0&langid=ie&venid=sym&plfid=23&pkj=BSZNTGXIBVEMBQAUWZK

======================
 Trend Micro HouseCall        
http://housecall.antivirus.com/housecall/start_corp.asp

======================
eTrust Online antivirus scanner
http://www3.ca.com/virusinfo/virusscan.aspx
======================

PC Pitstop Virus Scan
When the download completes, you will receive an ActiveX security dialog for the PC Pitstop virus scanner. Click Yes to install the scanner and proceed to the virus scan.

If you are currently running an antivirus package such as Norton Antivirus, it may detect our own virus detection file as a virus. If this occurs and you wish to use our scanner, please (temporarily) disable any active background virus checking software before scanning, or add our signature file (PAV.SIG) to the scanner's file exclusion list
http://www.pcpitstop.com/antivirus/AVLoad.asp
0
Don't Cry: How Liquid Web is Ensuring Security

WannaCry is just the start. Read how Liquid Web is protecting itself and its customers against new threats.

 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939005
Check for adware and sypware and browser hijackers. The following link is a list of tools to try out.
http://crazyone.tekmasters.com/malwaretools.html
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939011
If Win98/ME

Sart > Run msconfig
Click on the tab marked "Startup"
unckeck all items except System Tray and Explorer.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.

or if

WinXP

Try this

Sart > Run msconfig
Click on the tab marked "Startup"
Click the Disable All button.

If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
0
 
LVL 1

Expert Comment

by:Moskjis
ID: 11939499
Hi meos01,
(comment :)

if win2000
http://www.techadvice.com/win2000/m/msconfig_w2k.htm

win 98 msconfig works for win 2000 too.

Cheers!
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939555
>>>win 98 msconfig works for win 2000 too.

Yeah and have you tried it. It don't work very good.
0
 
LVL 1

Expert Comment

by:Moskjis
ID: 11939645
Hi CrazyOne,

o.k. it will not work for later versions of 2000, but look at:
http://www.techadvice.com/win2000/m/msconfig_w2k.htm one more time
winXP version of it works just fine.

(about that "later versions of 2000" that was a surprise to me :))
I must read all, not only the beginning :)


Cheers!
0
 
LVL 44

Expert Comment

by:CrazyOne
ID: 11939673
Yep that MSCONFIG does work. The interestining thing about is that was originally designed for XP but the author of this (and it was NOT Microsoft) did port over to Win2000. In my opinion the problem is with a virus overall.
0
 
LVL 5

Expert Comment

by:Hammadian2
ID: 11939780
You need to do 2 things:

1. Clean your system
2. Update your system so that these trojans do not get into it again

For the 1st thing you need to download a cleanning utility
I recommened Pest Patrol, you can get an evaluation copy from:
http://www.pestpatrol.com/Products/PestPatrolHE/Single_User_Evaluation.asp

For the 2nd thing (and it's really important)
goto:
http://windowsupdate.microsoft.com

Then re-scan again and everything should be ok
 
0
 
LVL 21

Expert Comment

by:jvuz
ID: 11940168
Also do acheck with Stinger:

http://vil.nai.com/vil/stinger/
0
 
LVL 9

Expert Comment

by:woodendude
ID: 11941522
When this was detected and deleted in safe mode, did you first turn off system restore? If not turn of system restore, run your adware and anti virus program in safe mode , delete all that is found, reboot turn on system restore, you should be good.
0
 

Accepted Solution

by:
modulo earned 0 total points
ID: 13747417
PAQed with no points refunded (of 125)

modulo
Community Support Moderator
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Windows 7 does not have the best desktop search built in. This is something Windows 7 users have struggled with. You type something in, and your search results don’t always match what you are looking for, or it doesn’t actually work at all. There ar…
Windows 10 is here and for most admins this means frustration and challenges getting that first working Windows 10 image. As in my previous sysprep articles, I've put together a simple help guide to get you through this process. The aim is to achiev…
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Suggested Courses

627 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question