Hi folks I dont know if this is the right place to be asking this question but it cant hurt. I run Nortons anti virus on my home computer and its detecting a trojan in two files. However it wont quarantine this trojan, it only leaves it alone. So i downloaded TDS and this program isnt detecting any problems so i'm a bit stumped. Any help would be much appreciated. Thanks. Pacer
Hi Pacer ...welcome to Wilders. When you downloaded TDS (trial ?), did you also update to the latest definition files? Anymore information on the files NAV is identifying as trojans? Regards, CrazyM
Welcome, pacer. First of all: could you mention the trojan name Norton detects, and the files infected? As for TDS: make sure you download and install the latest database ("radius") from here. Perform a full system scan after doing so. read the cofiguration instructions as mentioned and coming with screen shots in the sticky post on top of this forum. regards. paul
Hi Crazy and Paul Nortons calls it "Trojan Horse" and the file are File: C:\_RESTORE\TEMP\A0034378.CPY and File: C:\_RESTORE\TEMP\A0034383.CPY Downloaded TDS today and have now updated the radius and am currently doing a full scan. Will see what happens. Thanks for your help so far Sean
Hi pacer, The file is found in your System Restore point(s). Please disable System Restore, reboot and re-enable System Restore. Then scan again and once you are satisfied that your system is clean, create a manual restore point. Details about disabling and re-enabling System restore can be found here. Regards, Pieter
Hi Pacer, welcome to TDS. looking forward to your results. It is in the system restore, so depending on what TDS says we'll advice you further.
Hi all TDS didnt find any problems but Nortons is so will try the system restore approach and let you know. Thanks again Sean.
You cant delete those because they are in System Restore. The best thing to do would be to try zipping and deleting those files from Safe Mode to get rid of the alarms and to be able to send them to submit@diamondcs.com.au for analysis. I'll give you an indication of what they are, but you are already CLEAN because they are only old backup copies. System Restore has kept a copy from before they were removed.
G'day folks Thanks for everyones help it was most appreciated. 'm not sure how i got the trojan and i'm not sure how i got rid of it but its gone now after playing around with the system restore. I tried to send the files into Diamond but they're not there anymore and i cant find them sorry. Anyway thanks all again. Merry christmas. Regards, Sean.
Hi Sean, after disabling the system restore and reboot, all older restore points are gone, even if you re-enable system restore again after reboot. This is why you best make a new system restor point manually from the clean situation. It might as well have been a false positive - hard to say now! At least you're clean now, and keep updating TDS and once every few days make a new scan and you'll like the software more by the day for keeping you secure and the many nice functions.
I also had Norton find a Trojan.Backdoor. However Norton was unable to repair, quarantine or delete it. There instructions have told me it is located at (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows) It appears as AppInit_Dlls msconfd.dll. It is still there after using your program and I have these desktop Notepads messages that pop up after windows loads and they also appear throughout various other locations (like in my program files) What can I do?
Is this the one you are referring to trojan bookmarker? In case my presumption is correct (see the link provided), you can follow instructions as mentioned in the link. In essence, it's spyware. If not, please report back. regards. paul
Yes this is the Trojan I have (Trojan Bookmarker) and I have already gone through all the instructions to remove, as listed on the Norton Web site (and the same as your link) and yet it still remains.
We are moving to a new server now - your problem will be addressed as soon as we've moved over. regards. paul
Paul is correct. This is highly likely CWS. Please download, unzip and run CWShredder Regards, Pieter