meos01
asked on
Virus detected - regedit, task manager, Norton Anti-virus disabled in normal mode - Win XP
I have detected (in Safe-Mode) and deleted with Norton BAT.Trojan; W32.Korgo.S
I deleted several current "Run" entries from the registry, however when I reboot in normal mode, I still get similar problems. When I try to launch regedit or task manager they come up for a brief second and then go away. The same thing happens to Norton Anti-virus. I have seen evidence of anonymous logins in the system event viewer. Any ideas on how to finaly get rid of this bug? How many bugs am I chasing?
PS. I can run regedit and task manager and Norton in Safe Mode.
Thanks for the help (in advance)
I deleted several current "Run" entries from the registry, however when I reboot in normal mode, I still get similar problems. When I try to launch regedit or task manager they come up for a brief second and then go away. The same thing happens to Norton Anti-virus. I have seen evidence of anonymous logins in the system event viewer. Any ideas on how to finaly get rid of this bug? How many bugs am I chasing?
PS. I can run regedit and task manager and Norton in Safe Mode.
Thanks for the help (in advance)
CrazyOne
Yeah were is your FIREWALL?
Screw Norton. Without a firewall you are heavily exposed. Now Norton Interenet Security and ZoneAlarm are something you should conseider
Double Check for viruses
Online Scanners
Norton Web Services
Virus Detection provides an analysis of your results and offers suggestions for further action. It does not examine compressed files or fix infected files.
When Symantec receives notification about a new virus, we develop and post a solution as quickly as possible. We are committed to providing swift responses to all virus threats, including Trojan horses.
http://security.symantec.com/sscv6/vc_about.asp?ax=0&langid=ie&venid=sym&plfid=23&pkj=BSZNTGXIBVEMBQAUWZK
======================
Trend Micro HouseCall
http://housecall.antivirus.com/housecall/start_corp.asp
======================
eTrust Online antivirus scanner
http://www3.ca.com/virusinfo/virusscan.aspx
======================
PC Pitstop Virus Scan
When the download completes, you will receive an ActiveX security dialog for the PC Pitstop virus scanner. Click Yes to install the scanner and proceed to the virus scan.
If you are currently running an antivirus package such as Norton Antivirus, it may detect our own virus detection file as a virus. If this occurs and you wish to use our scanner, please (temporarily) disable any active background virus checking software before scanning, or add our signature file (PAV.SIG) to the scanner's file exclusion list
http://www.pcpitstop.com/antivirus/AVLoad.asp
Online Scanners
Norton Web Services
Virus Detection provides an analysis of your results and offers suggestions for further action. It does not examine compressed files or fix infected files.
When Symantec receives notification about a new virus, we develop and post a solution as quickly as possible. We are committed to providing swift responses to all virus threats, including Trojan horses.
http://security.symantec.com/sscv6/vc_about.asp?ax=0&langid=ie&venid=sym&plfid=23&pkj=BSZNTGXIBVEMBQAUWZK
======================
Trend Micro HouseCall
http://housecall.antivirus.com/housecall/start_corp.asp
======================
eTrust Online antivirus scanner
http://www3.ca.com/virusinfo/virusscan.aspx
======================
PC Pitstop Virus Scan
When the download completes, you will receive an ActiveX security dialog for the PC Pitstop virus scanner. Click Yes to install the scanner and proceed to the virus scan.
If you are currently running an antivirus package such as Norton Antivirus, it may detect our own virus detection file as a virus. If this occurs and you wish to use our scanner, please (temporarily) disable any active background virus checking software before scanning, or add our signature file (PAV.SIG) to the scanner's file exclusion list
http://www.pcpitstop.com/antivirus/AVLoad.asp
Check for adware and sypware and browser hijackers. The following link is a list of tools to try out.
http://crazyone.tekmasters.com/malwaretools.html
http://crazyone.tekmasters.com/malwaretools.html
If Win98/ME
Sart > Run msconfig
Click on the tab marked "Startup"
unckeck all items except System Tray and Explorer.
If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
or if
WinXP
Try this
Sart > Run msconfig
Click on the tab marked "Startup"
Click the Disable All button.
If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
Sart > Run msconfig
Click on the tab marked "Startup"
unckeck all items except System Tray and Explorer.
If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
or if
WinXP
Try this
Sart > Run msconfig
Click on the tab marked "Startup"
Click the Disable All button.
If the problem no longer persists then one of the items in the starup is the culprit you just need to track it down.
Hi meos01,
(comment :)
if win2000
http://www.techadvice.com/win2000/m/msconfig_w2k.htm
win 98 msconfig works for win 2000 too.
Cheers!
(comment :)
if win2000
http://www.techadvice.com/win2000/m/msconfig_w2k.htm
win 98 msconfig works for win 2000 too.
Cheers!
>>>win 98 msconfig works for win 2000 too.
Yeah and have you tried it. It don't work very good.
Yeah and have you tried it. It don't work very good.
Hi CrazyOne,
o.k. it will not work for later versions of 2000, but look at:
http://www.techadvice.com/win2000/m/msconfig_w2k.htm one more time
winXP version of it works just fine.
(about that "later versions of 2000" that was a surprise to me :))
I must read all, not only the beginning :)
Cheers!
o.k. it will not work for later versions of 2000, but look at:
http://www.techadvice.com/win2000/m/msconfig_w2k.htm one more time
winXP version of it works just fine.
(about that "later versions of 2000" that was a surprise to me :))
I must read all, not only the beginning :)
Cheers!
Yep that MSCONFIG does work. The interestining thing about is that was originally designed for XP but the author of this (and it was NOT Microsoft) did port over to Win2000. In my opinion the problem is with a virus overall.
You need to do 2 things:
1. Clean your system
2. Update your system so that these trojans do not get into it again
For the 1st thing you need to download a cleanning utility
I recommened Pest Patrol, you can get an evaluation copy from:
http://www.pestpatrol.com/Products/PestPatrolHE/Single_User_Evaluation.asp
For the 2nd thing (and it's really important)
goto:
http://windowsupdate.microsoft.com
Then re-scan again and everything should be ok
1. Clean your system
2. Update your system so that these trojans do not get into it again
For the 1st thing you need to download a cleanning utility
I recommened Pest Patrol, you can get an evaluation copy from:
http://www.pestpatrol.com/Products/PestPatrolHE/Single_User_Evaluation.asp
For the 2nd thing (and it's really important)
goto:
http://windowsupdate.microsoft.com
Then re-scan again and everything should be ok
When this was detected and deleted in safe mode, did you first turn off system restore? If not turn of system restore, run your adware and anti virus program in safe mode , delete all that is found, reboot turn on system restore, you should be good.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.