Help - Trojan Attack?

Urgent …Help Please!  

My system’s crippled because of a possible Trojan attack any assistance or recommendations as to what steps I should follow next to fix my current dilemma (delete Trojan)  would certainly be appreciated.

During a file download the following happened:

ZoneAlarm was disabled & shutdown.
NOD32  for POP3 was disabled.
BOClean didn’t notice or log an attack.

Immediately ran a virus scan & NOD  logged the following:

C:\Documents and Settings\Blake Mar\Local Settings\Temporary Internet Files\Content IE5\RRXJ7X8W\startnow[1].js – probably modified JS/Seeker trojan.

Tried to clean the above with NOD & got the following message:

File C:\Documents and Settings\Blake Mar\Local Settings\Temporary Internet Files\Content IE5\RRXJ7X8W\startnow[1].js – probably modified JS/Seeker trojan.
NOD32 cannot clean this virus.

Here’s my primary system security configuration:

OS:          W2K Pro 5.00.2195  SP2
AV Soft:  NOD32  Ver. 1.225 (20020305)
AT  Soft:  BOClean  Ver. 4.09 Filedate 03/02/2002
Firewall:   ZoneAlarm  Ver. 2.6.362

TIA,
Mars Man  

 

try TDS-3 free thirty day trial.

 

to ensure the security tools don't get blown out, here's what I do:

1) take out hard drive, put it in another computer as a data drive. now no infections will boot when you start the other machine.

2) Scan with tool from the other machine, strip it of malware, run scandisk/chkdisk and defrag it.

3) put it back in first computer, done

I removed 514 viruses from my suster's machine htis way.

 

UPDATE …System Restored!

After the crash it was suggested I delete my Temporary Internet Files & rescan.  In fact, I use System Mechanic 3.6g for cookie, cache & file removal and this had already been done along with several reboots.   On closer investigation SM didn't remove these Temp Files after a Run Now & reboot, which is very unusual.  Anyways, I manually deleted them & rescanned, this time NOD32 showed 0 viruses/trojans.  

At this point my system was still really sluggish & it wouldn’t shut down properly. ZoneAlarm was still disabled & would not restart & I was getting the following message:
"ZoneAlarm is trying to initialize the TrueVector internet monitor  on your system. Cancel?"

NOD32 for POP3 indicated it was disabled & it wouldn’t restart after close/quit & relaunch.  Several applications & sys functions wouldn’t run.  My computer’s date was reset to March 08, 2059 & CPU usage was running at a constant 100%.

COURSE OF ACTION:
Ran an Ad-Aware scan & checked StartPage Guard for any peculiarities.  No Spyware or Malware detected.  

PROBLEM & SOLUTION:
Closed down & completely uninstalled ZA’s TrueVector & all traces of the ZA application.  

SIDEBAR:
I have uninstalled & reinstalled ZA a few times previously but I was always able to uncheck/unload the TrueVector Service from ZA’s Configure Panel.  Unfortunately, the crash prevented access to the panel so this time around it was a slow & painful ordeal.  For the life of me I couldn’t understand why so many of you were complaining about ZA’s uninstall …now I understand!

ZA’s delightful complete W2K uninstall procedure:  
http://www.zonelabs.com/services/support_install.htm
http://www.zonelabs.com/services/support_install_2000.htm

WHAT CAUSED THE CRASH:
Sorry, no idea at this point.  

NEXT STEP:
Look into the LNS & Sygate offerings.

Thanks Paul, Unicron, Kevin & Blacksheep for your suggestions & possible solutions, I’m very appreciative.

Cheers,
Mars Man  

 P.S.   Kevin /PSC your tech support, genuine customer concern & BOClean AT product is 2nd to none!

 

Wow! Kevin does costumes, too? Cool!  Pete