Urgent …Help Please! *???

My system’s crippled because of a possible Trojan attack any assistance or recommendations as to what steps I should follow next to fix my current dilemma (delete Trojan) *would certainly be appreciated.

During a file download the following happened:

ZoneAlarm was disabled & shutdown.
NOD32 *for POP3 was disabled.
BOClean didn’t notice or log an attack.

Immediately ran a virus scan & NOD *logged the following:

C:\Documents and Settings\Blake Mar\Local Settings\Temporary Internet Files\Content IE5\RRXJ7X8W\startnow[1].js – probably modified JS/Seeker trojan.

Tried to clean the above with NOD & got the following message:

File C:\Documents and Settings\Blake Mar\Local Settings\Temporary Internet Files\Content IE5\RRXJ7X8W\startnow[1].js – probably modified JS/Seeker trojan.
NOD32 cannot clean this virus.

Here’s my primary system security configuration:

OS: * * * * *W2K Pro 5.00.2195 *SP2
AV Soft: *NOD32 *Ver. 1.225 (20020305)
AT *Soft: *BOClean *Ver. 4.09 Filedate 03/02/2002
Firewall: * ZoneAlarm *Ver. 2.6.362

TIA,
Mars Man *;)

Hi Mars Man,

Just clean your temporary internet files, and run the scans once more.

Internet Sweeper might come in handy:

http://www.geocities.com/Internet_Sweeper/

regards.

paul

try TDS-3 free thirty day trial.

Well, cleaning the temp internet files is a start. Having a look at the shut downs from various security apps, this most probably isn't a modified JS/Seeker trojan: that one does not have those capacities.

Nevertheless, I was/am interested in the result from cleaning the temp int. files and a rescan.

TDS would indeed be an option. On the other hand, depending on the malware infection, TDS could be put out of business as well. If the problem isn't solved after cleaning the temp files mentione above and a rescan, examining the file by a third party would be the best option IMHO.

Let's wait'n see what comes up * ;)

regards.

paul

to ensure the security tools don't get blown out, here's what I do:

1) take out hard drive, put it in another computer as a data drive. now no infections will boot when you start the other machine.

2) Scan with tool from the other machine, strip it of malware, run scandisk/chkdisk and defrag it.

3) put it back in first computer, done

I removed 514 viruses from my suster's machine htis way.

UPDATE …System Restored!

After the crash it was suggested I delete my Temporary Internet Files & rescan. *In fact, I use System Mechanic 3.6g for cookie, cache & file removal and this had already been done along with several reboots. * On closer investigation SM didn't remove these Temp Files after a Run Now & reboot, which is very unusual. *Anyways, I manually deleted them & rescanned, this time NOD32 showed 0 viruses/trojans. *

At this point my system was still really sluggish & it wouldn’t shut down properly. ZoneAlarm was still disabled & would not restart & I was getting the following message:
"ZoneAlarm is trying to initialize the TrueVector internet monitor *on your system. Cancel?"

NOD32 for POP3 indicated it was disabled & it wouldn’t restart after close/quit & relaunch. *Several applications & sys functions wouldn’t run. *My computer’s date was reset to March 08, 2059 & CPU usage was running at a constant 100%.

COURSE OF ACTION:
Ran an Ad-Aware scan & checked StartPage Guard for any peculiarities. *No Spyware or Malware detected. *

PROBLEM & SOLUTION:
Closed down & completely uninstalled ZA’s TrueVector & all traces of the ZA application. *

SIDEBAR:
I have uninstalled & reinstalled ZA a few times previously but I was always able to uncheck/unload the TrueVector Service from ZA’s Configure Panel. *Unfortunately, the crash prevented access to the panel so this time around it was a slow & painful ordeal. *For the life of me I couldn’t understand why so many of you were complaining about ZA’s uninstall …now I understand!

ZA’s delightful complete W2K uninstall procedure: *
http://www.zonelabs.com/services/support_install.htm
http://www.zonelabs.com/services/support_install_2000.htm

WHAT CAUSED THE CRASH:
Sorry, no idea at this point. * ???

NEXT STEP:
Look into the LNS & Sygate offerings.

Thanks Paul, Unicron, Kevin & Blacksheep for your suggestions & possible solutions, I’m very appreciative.

Cheers,
Mars Man * ;)

*P.S. * Kevin /PSC your tech support, genuine customer concern & BOClean AT product is 2nd to none!

Mars Man,

I'm very glad to see the problem has been solved *;D.

Indeed PSC/Kevin is *reputation for fine costumer service!

regards.

paul

Wow! Kevin does costumes, too? Cool! :) *Pete

{QUOTE-> Wow! Kevin does costumes, too? Cool! <-QUOTE}

Oops..did reveal a secret here! Indeed he does, but on special demand only. Armani costumes are very cheap in comparison with PSC costumes, (5 grant and up), so start putting money aside *;D

regards.

paul