System infected w/ trojan.vundor.b & cant remove the infected file
Hi every 1,
I have a laptop with Windows XP SP2 installed on, & i find that its infected with a virus trojan called torjan.vundor.b, i used Norton AV but it faild to clean the system.
The norton has reported that the file is C:\Windows\Microsoft.net\a
& i have downloaded the removal tool for that virus from the symantec site, it scans the file & reported that it will deleted after the restart, but its still there
i followed all the instructions & disabled the system restore function but its still there after restarting the laptop.
I tired to delete the infected file manully but i failed, its like been used by another application or maybe the OS itself.
i tried also to delete it while i'm n the safe mode but its no use 2.
is there any way to git rid of this file????
I have a laptop with Windows XP SP2 installed on, & i find that its infected with a virus trojan called torjan.vundor.b, i used Norton AV but it faild to clean the system.
The norton has reported that the file is C:\Windows\Microsoft.net\a
& i have downloaded the removal tool for that virus from the symantec site, it scans the file & reported that it will deleted after the restart, but its still there
i followed all the instructions & disabled the system restore function but its still there after restarting the laptop.
I tired to delete the infected file manully but i failed, its like been used by another application or maybe the OS itself.
i tried also to delete it while i'm n the safe mode but its no use 2.
is there any way to git rid of this file????
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Shane Russell
I forgot to mention that you need to press enter after typing that command in to the run dialog, or you can click ok , either way works :) which im sure is obvious to you :)
First a trojan is 'Malware' that cannot be removed by an Antivirus program. The program is probably in memory when you boot windows. Boot in safe mode so that there is less of a chance that it is in memory. You mentioned you had identified several viruses. Make sure that your Norton program is set to automatically update the antiviruses files. Also there is a page that you can check so that Norton will try to repair and if not sucessful, then it will quarantine the file.
Here are some programs that work on eliminating Trojans, worms etc.
Spyblaster
http://www.javacoolsoftware.com/spywareblaster.html
Spybot Search and Destroy
http://download.com.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button
Ad-Aware
http://www.lavasoftusa.com
Adware scanner
http://www.adwarekillers.com/
Here are some programs that work on eliminating Trojans, worms etc.
Spyblaster
http://www.javacoolsoftware.com/spywareblaster.html
Spybot Search and Destroy
http://download.com.com/3000-2144-10122137.html?part=104443&subj=dlpage&tag=button
Ad-Aware
http://www.lavasoftusa.com
Adware scanner
http://www.adwarekillers.com/
ASKER
TO gecko_au2003,
the scanner find the infected file but they faild to remove it, even in safe mode. its like been used by Windows it self.
the sfc is only to check the Windows XP system files but the file adrole.dll is not part of the windows xp system files so it didnt do nothing to it.
managing the startup services is also cant fix the issue since i scanned the laptop under the safe mode condition & its known that windows xp under that mode loads only the necessary services that it need to be able to work disabling all other stuffs.
TO gonzal13,
Norton Antivirus can identify many trojan viruses as n this case with this trojan virus but it faild to delete becasue its being used. i have mentioned also that i try scanning it under save mode using the symantec removal tool for that trojan but it faild also giving a message that it will be deleted at the next windows booting but its still there n the system.
also i dont see that i mentioned that i identified severl viruses!!!!!!!!!!!!!!!!!!!
i still have that file of the infected virus & couldnt clean it
the scanner find the infected file but they faild to remove it, even in safe mode. its like been used by Windows it self.
the sfc is only to check the Windows XP system files but the file adrole.dll is not part of the windows xp system files so it didnt do nothing to it.
managing the startup services is also cant fix the issue since i scanned the laptop under the safe mode condition & its known that windows xp under that mode loads only the necessary services that it need to be able to work disabling all other stuffs.
TO gonzal13,
Norton Antivirus can identify many trojan viruses as n this case with this trojan virus but it faild to delete becasue its being used. i have mentioned also that i try scanning it under save mode using the symantec removal tool for that trojan but it faild also giving a message that it will be deleted at the next windows booting but its still there n the system.
also i dont see that i mentioned that i identified severl viruses!!!!!!!!!!!!!!!!!!!
i still have that file of the infected virus & couldnt clean it
If that is not the right one then you can search through here :
http://www.symantec.com/avcenter/vinfodb.html
click on the relevant one and it shows you removal instructions as well as what it does :)
http://www.symantec.com/avcenter/vinfodb.html
click on the relevant one and it shows you removal instructions as well as what it does :)
I found this tool which was highly rated by cnet so might be worth a go :
https://www.pctools.com/spyware-doctor/?ref=google_t
I would also suggest you use registry mechanic :)
http://www.majorgeeks.com/download3306.html
https://www.pctools.com/spyware-doctor/?ref=google_t
I would also suggest you use registry mechanic :)
http://www.majorgeeks.com/download3306.html
http://www.bleepingcomputer.com/files/killbox.php
http://www.techwarelabs.com/downloads/?action=file&id=201
Not sure how useful those are but its a program to help you delete files that are hard to delete :)
http://www.techwarelabs.com/downloads/?action=file&id=201
Not sure how useful those are but its a program to help you delete files that are hard to delete :)
ASKER
Thx gecko_au2003, i have used the removal tool from the link u give to me from before but as i stated it reported that it will delete the file at the next bootm but it didnt.
the file is still there although i followed all the instructions of it.
any other suggestions pls.
Do a system restore as I suggested earlier !
ASKER
although the both last 2 links are for the same tool which is Killbox.exe, but really thx alot gecko_au2003, i'll give it try & let you know what happened!!
well obviously the manual removal method didnt work and neither did the other things so I am guessing a repair install, if that does not work then the only other thing I can think of would be to back up your data and do a fresh install which btw is also shown and explained to you on that site I gave you earlier :)
Well Google, Yahoo, and gigablast come out with out any results which is strange. Would you repost the name of the Trojan horse?
Did you try the 'Malware' programs. I just had been on a "Warez" site which is known for it's viruses and malware. I then used the programs I listed and it removed 8 items which I got just by visiting the site and not even clicking on anything.
By the way do not visit a 'Warez' site since one time when I was downloading something and did not have DSl, I came back and my HD was wiped clean!
Joe
By the way do not visit a 'Warez' site since one time when I was downloading something and did not have DSl, I came back and my HD was wiped clean!
Joe
I went through 7 search engines. Possibly the spelling is incorrect? could it be trojan nvundor.b?
Normally using a search engine comes up with what is looked for. I have about a 100 engines, but I do need a double check on the exact spelling of the trojan horse.
Joe
Normally using a search engine comes up with what is looked for. I have about a 100 engines, but I do need a double check on the exact spelling of the trojan horse.
Joe
Are you sure it is not the Trojan.Vundo.B ? As per my suggestion earlier or when you do the scan does it show up as what you typed ?
I have alot of search enginess to try the search. I am glad you confirmed the spelling. Another approach may be needed. Does it mention Trojan in the phrase or did you add that word? Is it noted as a virus, because the word Trojan appears? if so what program mentions it?
You had 'torjan.vundor.b' which I did not notice later that it should have been trojan.vundor.b. Now this a 'Malware' which will not work with Norton AV. Now do you get the message from Norton?. If so please confirm the EXACT wording.
Also, if you do not have a fire wall install the free firewall called "zonealarm" at www.zonealarm.com. You should accompany it with a hardware firewall for more protection.
I will look at it again on Monday.
Here is an explanation of 'Malware' that Norton AV cannot deal with. It came from BillDll. I recently asked him if I could use it.
It is a wonderful description of 'Malware' that shopuld be shared.
MALWARE PROGRAMS
The following was obtained from BillDll. The text for each URL came from the url site and of course credit was given to them.
Download these programs, make an icon for each, run the programs in safe mode in case there is something in memory.
There can sometimes be a very fine line between a Virus and "spyware", generally Norton AntiVirus (and most other antivirus applications) will not detect normal "spyware" unless it comes in the form of what is referred to as a "Trojan". This name is taken from the historical "Trojan Horse" where invaders sneaked into the walled city hidden in a wooden horse. Similarly, a computer Trojan comes packaged and disguised as something else, and sneaks into your system where it can hide unseen doing a variety of things such as stealing passwords and sending them out to some other remote computer, monitoring activity, etc.
AntiVirus applications are often able to detect known Trojans, but not always. It is very important for this reason to always allow your AntiVirus program to check regularly for updated "definition" files. These are the "libraries" (for want of a better word) that the program uses to detect known threats, and new definition files will find new viruses.
Spyware is generally less nasty than a Trojan, but can certainly be a security leak. In normal cases, they are huge annoyances rather than actual "spies". I suppose that, if there were sub-categories, they could be divided into "Internet Home Page HiJackers" that redirect your internet pages constantly to specific search pages, "Ad Ware" which monitors your internet browsing habits and transmits them to central repositories for marketing purposes, and "Scumware" that sneakily installs programs that masquerade as legitimate programs and do similar things as "Adware", and "Scumware" which just messes up your system for no particular reason.
For the most part, all of these rely on changing or adding registry settings. For instance, some will install and register files that have very similar names to genuine Windows system files so that a user checking what program files are currently being used won't immediately suspect a rogue process at work. Some replace a windows system file with a rogue version of their own, and change a registry setting so that their rogue file does something else entirely different.
There is something known as a "Browser Helper Object" or BHO. Most are legitimate and helpful, such as the integration of Adobe Acrobat Reader which will open up within Internet Explorer if you click on a link to a .PDF file. Other BHO's are Norton AntiVirus Helper, which adds a "Scan with NAV" to various places and also runs behind the scenes ready to scan incoming email. Unfortunately, some unscrupulous programs add unwanted BHO's into your system.
To somebody who is neither well acquainted with the names of files and folders in the "system" areas, and who has never had to know what lies in their windows registry, it can be difficult for that person to identify results thrown up by spyware removal tools.
Microsoft is often maligned and accused of creating unwanted, annoying, or "big brother-like" processes in Windows, and for that reason anti-spyware programs will often identify normal Windows registry settings, files, and processes as undesireable. In most cases, these found items could be safely removed using the anti-spyware tool without suffering any adverse effects because they are not crucial to functionality. In odd cases, however, allowing an anti-spyware utility to remove something could adversely affect your system.
There is also the risk that, by removing a rogue file that has deliberately replaced a legitimate system file, your system will look for that file and throw up errors when it can't find it.
The above was plagiarized from BilDll
http://www.cyberwalker.net/columns/oct02/241002.html
Hijackers exploiting this bug will insert one or several .hta files on your hard drive which run when you start up Windows.
To fix this nastiness manually, search your computer for *.hta files. Click Start and Search or Find and then Files or Folders and type in *.hta. If you find them rename them so that they can't be found. For example, change file.hta to file.hta1 or move the files to another folder on your computer. Then switch your homepage back to one you like. If your computer doesn't do weird things after this permanently delete them. If it does, you might want to put them back one by one until you find the offender and then delete it.
Anti spyware tutorial
Spyware, also known as adware or malware, are programs that can cause problems. These include: pop up advertisements on your computer, browser hijacks, search engine hijacks, website redirections, website restrictions, computer problems (like slowdowns, lockdowns, etc.), personal information being logged in without your permission, preventing you access to certain sites or the whole internet, etc. Some spyware are worst than viruses, in my opinion. This section was created to help you detect and remove any suspicious activity that may be going on your computer. Also included is a section on how to prevent future spyware installations. Please read and follow the steps below to help make this process much faster and easier.
Before running any spyware programs, please run an online antivirus scan at one of the below sites to make sure that you don't have a virus. It is recommended to run a scan online because there are some viruses that can disable or make themselves invisible to the antivirus programs you have on your computer. If any viruses are found, write them down and remove them. Before running any of them, first disable System Restore if you have Windows ME/XP. You may use more than one:
Hopefully the above explanation will understand about 'Malware.
You had 'torjan.vundor.b' which I did not notice later that it should have been trojan.vundor.b. Now this a 'Malware' which will not work with Norton AV. Now do you get the message from Norton?. If so please confirm the EXACT wording.
Also, if you do not have a fire wall install the free firewall called "zonealarm" at www.zonealarm.com. You should accompany it with a hardware firewall for more protection.
I will look at it again on Monday.
Here is an explanation of 'Malware' that Norton AV cannot deal with. It came from BillDll. I recently asked him if I could use it.
It is a wonderful description of 'Malware' that shopuld be shared.
MALWARE PROGRAMS
The following was obtained from BillDll. The text for each URL came from the url site and of course credit was given to them.
Download these programs, make an icon for each, run the programs in safe mode in case there is something in memory.
There can sometimes be a very fine line between a Virus and "spyware", generally Norton AntiVirus (and most other antivirus applications) will not detect normal "spyware" unless it comes in the form of what is referred to as a "Trojan". This name is taken from the historical "Trojan Horse" where invaders sneaked into the walled city hidden in a wooden horse. Similarly, a computer Trojan comes packaged and disguised as something else, and sneaks into your system where it can hide unseen doing a variety of things such as stealing passwords and sending them out to some other remote computer, monitoring activity, etc.
AntiVirus applications are often able to detect known Trojans, but not always. It is very important for this reason to always allow your AntiVirus program to check regularly for updated "definition" files. These are the "libraries" (for want of a better word) that the program uses to detect known threats, and new definition files will find new viruses.
Spyware is generally less nasty than a Trojan, but can certainly be a security leak. In normal cases, they are huge annoyances rather than actual "spies". I suppose that, if there were sub-categories, they could be divided into "Internet Home Page HiJackers" that redirect your internet pages constantly to specific search pages, "Ad Ware" which monitors your internet browsing habits and transmits them to central repositories for marketing purposes, and "Scumware" that sneakily installs programs that masquerade as legitimate programs and do similar things as "Adware", and "Scumware" which just messes up your system for no particular reason.
For the most part, all of these rely on changing or adding registry settings. For instance, some will install and register files that have very similar names to genuine Windows system files so that a user checking what program files are currently being used won't immediately suspect a rogue process at work. Some replace a windows system file with a rogue version of their own, and change a registry setting so that their rogue file does something else entirely different.
There is something known as a "Browser Helper Object" or BHO. Most are legitimate and helpful, such as the integration of Adobe Acrobat Reader which will open up within Internet Explorer if you click on a link to a .PDF file. Other BHO's are Norton AntiVirus Helper, which adds a "Scan with NAV" to various places and also runs behind the scenes ready to scan incoming email. Unfortunately, some unscrupulous programs add unwanted BHO's into your system.
To somebody who is neither well acquainted with the names of files and folders in the "system" areas, and who has never had to know what lies in their windows registry, it can be difficult for that person to identify results thrown up by spyware removal tools.
Microsoft is often maligned and accused of creating unwanted, annoying, or "big brother-like" processes in Windows, and for that reason anti-spyware programs will often identify normal Windows registry settings, files, and processes as undesireable. In most cases, these found items could be safely removed using the anti-spyware tool without suffering any adverse effects because they are not crucial to functionality. In odd cases, however, allowing an anti-spyware utility to remove something could adversely affect your system.
There is also the risk that, by removing a rogue file that has deliberately replaced a legitimate system file, your system will look for that file and throw up errors when it can't find it.
The above was plagiarized from BilDll
http://www.cyberwalker.net/columns/oct02/241002.html
Hijackers exploiting this bug will insert one or several .hta files on your hard drive which run when you start up Windows.
To fix this nastiness manually, search your computer for *.hta files. Click Start and Search or Find and then Files or Folders and type in *.hta. If you find them rename them so that they can't be found. For example, change file.hta to file.hta1 or move the files to another folder on your computer. Then switch your homepage back to one you like. If your computer doesn't do weird things after this permanently delete them. If it does, you might want to put them back one by one until you find the offender and then delete it.
Anti spyware tutorial
Spyware, also known as adware or malware, are programs that can cause problems. These include: pop up advertisements on your computer, browser hijacks, search engine hijacks, website redirections, website restrictions, computer problems (like slowdowns, lockdowns, etc.), personal information being logged in without your permission, preventing you access to certain sites or the whole internet, etc. Some spyware are worst than viruses, in my opinion. This section was created to help you detect and remove any suspicious activity that may be going on your computer. Also included is a section on how to prevent future spyware installations. Please read and follow the steps below to help make this process much faster and easier.
Before running any spyware programs, please run an online antivirus scan at one of the below sites to make sure that you don't have a virus. It is recommended to run a scan online because there are some viruses that can disable or make themselves invisible to the antivirus programs you have on your computer. If any viruses are found, write them down and remove them. Before running any of them, first disable System Restore if you have Windows ME/XP. You may use more than one:
Hopefully the above explanation will understand about 'Malware.
Just out of curiousty did you try the system restore yet or are you trying other things first ?
ASKER
Dear All,
Thanks for your participations, i have backed up my data, and i formated the HD, all the solutions shown above didn't fix my problem.
Anyway, you deserve the points for your instant efforts, and thanks.
Regards
Naser
Thanks for your participations, i have backed up my data, and i formated the HD, all the solutions shown above didn't fix my problem.
Anyway, you deserve the points for your instant efforts, and thanks.
Regards
Naser