a problem

Discussion in 'Trojan Defence Suite' started by pacer, Dec 21, 2003.

Thread Status:
Not open for further replies.
  1. pacer

    pacer Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    4
    Hi folks

    I dont know if this is the right place to be asking this question but it cant hurt. I run Nortons anti virus on my home computer and its detecting a trojan in two files. However it wont quarantine this trojan, it only leaves it alone. So i downloaded TDS and this program isnt detecting any problems so i'm a bit stumped.
    Any help would be much appreciated.
    Thanks.

    Pacer
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Pacer

    ...welcome to Wilders.

    When you downloaded TDS (trial ?), did you also update to the latest definition files?

    Anymore information on the files NAV is identifying as trojans?

    Regards,

    CrazyM
     
  3. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Welcome, pacer.

    First of all: could you mention the trojan name Norton detects, and the files infected?

    As for TDS: make sure you download and install the latest database ("radius") from here. Perform a full system scan after doing so. read the cofiguration instructions as mentioned and coming with screen shots in the sticky post on top of this forum.

    regards.

    paul
     
  4. pacer

    pacer Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    4
    Hi Crazy and Paul

    Nortons calls it "Trojan Horse" and the file are File: C:\_RESTORE\TEMP\A0034378.CPY and File: C:\_RESTORE\TEMP\A0034383.CPY

    Downloaded TDS today and have now updated the radius and am currently doing a full scan.

    Will see what happens. Thanks for your help so far :)

    Sean
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi pacer,

    The file is found in your System Restore point(s).
    Please disable System Restore, reboot and re-enable System Restore. Then scan again and once you are satisfied that your system is clean, create a manual restore point.

    Details about disabling and re-enabling System restore can be found here.

    Regards,

    Pieter
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Pacer, welcome to TDS.
    looking forward to your results.
    It is in the system restore, so depending on what TDS says we'll advice you further.
     
  7. pacer

    pacer Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    4
    Hi all

    TDS didnt find any problems but Nortons is so will try the system restore approach and let you know.

    Thanks again

    Sean.
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    You cant delete those because they are in System Restore. The best thing to do would be to try zipping and deleting those files from Safe Mode to get rid of the alarms and to be able to send them to submit@diamondcs.com.au for analysis. I'll give you an indication of what they are, but you are already CLEAN because they are only old backup copies. System Restore has kept a copy from before they were removed.
     
  9. pacer

    pacer Registered Member

    Joined:
    Dec 21, 2003
    Posts:
    4
    G'day folks

    Thanks for everyones help it was most appreciated. 'm not sure how i got the trojan and i'm not sure how i got rid of it but its gone now after playing around with the system restore. I tried to send the files into Diamond but they're not there anymore and i cant find them sorry.

    Anyway thanks all again.

    Merry christmas.

    Regards, Sean.
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Sean,
    after disabling the system restore and reboot, all older restore points are gone, even if you re-enable system restore again after reboot. This is why you best make a new system restor point manually from the clean situation.

    It might as well have been a false positive - hard to say now!
    At least you're clean now, and keep updating TDS and once every few days make a new scan and you'll like the software more by the day for keeping you secure and the many nice functions.
     
  11. SteveT

    SteveT Registered Member

    Joined:
    Dec 26, 2003
    Posts:
    2
    I also had Norton find a Trojan.Backdoor. However Norton was unable to repair, quarantine or delete it. There instructions have told me it is located at (HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows) It appears as AppInit_Dlls msconfd.dll.

    It is still there after using your program and I have these desktop Notepads messages that pop up after windows loads and they also appear throughout various other locations (like in my program files)

    What can I do?
     
  12. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    Is this the one you are referring to trojan bookmarker?

    In case my presumption is correct (see the link provided), you can follow instructions as mentioned in the link. In essence, it's spyware. If not, please report back.

    regards.

    paul
     
  13. SteveT

    SteveT Registered Member

    Joined:
    Dec 26, 2003
    Posts:
    2
    Yes this is the Trojan I have (Trojan Bookmarker) and I have already gone through all the instructions to remove, as listed on the Norton Web site (and the same as your link) and yet it still remains.
     
  14. Paul Wilders

    Paul Wilders Administrator

    Joined:
    Jul 1, 2001
    Posts:
    12,472
    Location:
    The Netherlands
    We are moving to a new server now - your problem will be addressed as soon as we've moved over.

    regards.

    paul
     
  15. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Paul is correct. This is highly likely CWS.

    Please download, unzip and run CWShredder

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.