a problem

Hi folks

I dont know if this is the right place to be asking this question but it cant hurt. I run Nortons anti virus on my home computer and its detecting a trojan in two files. However it wont quarantine this trojan, it only leaves it alone. So i downloaded TDS and this program isnt detecting any problems so i'm a bit stumped.
Any help would be much appreciated.
Thanks.

Pacer

 

Hi Pacer

...welcome to Wilders.

When you downloaded TDS (trial ?), did you also update to the latest definition files?

Anymore information on the files NAV is identifying as trojans?

Regards,

CrazyM

 

Hi Crazy and Paul

Nortons calls it "Trojan Horse" and the file are File: C:\_RESTORE\TEMP\A0034378.CPY and File: C:\_RESTORE\TEMP\A0034383.CPY

Downloaded TDS today and have now updated the radius and am currently doing a full scan.

Will see what happens. Thanks for your help so far

Sean

 

Hi pacer,

The file is found in your System Restore point(s).
Please disable System Restore, reboot and re-enable System Restore. Then scan again and once you are satisfied that your system is clean, create a manual restore point.

Details about disabling and re-enabling System restore can be found here.

Regards,

Pieter

 

Hi Pacer, welcome to TDS.
looking forward to your results.
It is in the system restore, so depending on what TDS says we'll advice you further.

 

Hi all

TDS didnt find any problems but Nortons is so will try the system restore approach and let you know.

Thanks again

Sean.

 

You cant delete those because they are in System Restore. The best thing to do would be to try zipping and deleting those files from Safe Mode to get rid of the alarms and to be able to send them to submit@diamondcs.com.au for analysis. I'll give you an indication of what they are, but you are already CLEAN because they are only old backup copies. System Restore has kept a copy from before they were removed.

 

G'day folks

Thanks for everyones help it was most appreciated. 'm not sure how i got the trojan and i'm not sure how i got rid of it but its gone now after playing around with the system restore. I tried to send the files into Diamond but they're not there anymore and i cant find them sorry.

Anyway thanks all again.

Merry christmas.

Regards, Sean.

 

Hi Sean,
after disabling the system restore and reboot, all older restore points are gone, even if you re-enable system restore again after reboot. This is why you best make a new system restor point manually from the clean situation.

It might as well have been a false positive - hard to say now!
At least you're clean now, and keep updating TDS and once every few days make a new scan and you'll like the software more by the day for keeping you secure and the many nice functions.

 

I also had Norton find a Trojan.Backdoor. However Norton was unable to repair, quarantine or delete it. There instructions have told me it is located at (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows) It appears as AppInit_Dlls msconfd.dll.

It is still there after using your program and I have these desktop Notepads messages that pop up after windows loads and they also appear throughout various other locations (like in my program files)

What can I do?

 

Yes this is the Trojan I have (Trojan Bookmarker) and I have already gone through all the instructions to remove, as listed on the Norton Web site (and the same as your link) and yet it still remains.

 

Paul is correct. This is highly likely CWS.

Please download, unzip and run CWShredder

Regards,

Pieter