Trojan Horse, despite Norton!
Thread Starter
Join Date: Jul 1999
Location: 58-33N. 00-18W. Peterborough UK
Posts: 3,040
Likes: 0
Received 0 Likes
on
0 Posts
Trojan Horse, despite Norton!
I’ve got the latest Norton Works and Firewall with XP Home. I’ve just run a virus Scan and, lo and behold, end up with this;
19/12/2003 16:03:24, Virus scanner. Trojan Horse, Delete failed.
File, N/A,N/A,200312180019,10.0.1.13
Threat category: Virus Source: C
WINDOWS\Start Menu\Programs\Startup\Reboot.exe
Description:
The compressed file Reboot.exe within Cundo\backcup.cab is infected with the Trojan Horse virus.
Norton won’t delete it, and doesn’t seem to want to do anything with it.
How’d it get there in the first place if Norton was doing it’s job?
Help!
19/12/2003 16:03:24, Virus scanner. Trojan Horse, Delete failed.
File, N/A,N/A,200312180019,10.0.1.13
Threat category: Virus Source: C
WINDOWS\Start Menu\Programs\Startup\Reboot.exeDescription:
The compressed file Reboot.exe within C
undo\backcup.cab is infected with the Trojan Horse virus.Norton won’t delete it, and doesn’t seem to want to do anything with it.
How’d it get there in the first place if Norton was doing it’s job?
Help!
Last edited by forget; 20th Dec 2003 at 00:33.
The Oracle
Join Date: Aug 2001
Location: Naples, Florida U.S.A.
Posts: 2,902
Likes: 0
Received 0 Likes
on
0 Posts
forget,
There is a small delay between the time a Virus/Trojan/Worm is released into the wild and the time before the Antivirus Company has a patch for it. There is a further delay in the time the patch is available and when your Antivirus Program downloads/installs it.
So there is always a small window for a virus to get in. If you ever download anything, update your Antivirus Program and scan the file before opening it. That is your best chance to keep from catching something on your computer.
Also you could run an independent virus program just to double check your system from time to time. I always recommend:
Trend Micro's HouseCall
As a second line of defense for your computer.
Take Care,
Richard
There is a small delay between the time a Virus/Trojan/Worm is released into the wild and the time before the Antivirus Company has a patch for it. There is a further delay in the time the patch is available and when your Antivirus Program downloads/installs it.
So there is always a small window for a virus to get in. If you ever download anything, update your Antivirus Program and scan the file before opening it. That is your best chance to keep from catching something on your computer.
Also you could run an independent virus program just to double check your system from time to time. I always recommend:
Trend Micro's HouseCall
As a second line of defense for your computer.
Take Care,
Richard
Join Date: Feb 2003
Location: Worcester
Posts: 104
Likes: 0
Received 0 Likes
on
0 Posts
Hi Forget,
It may not delete it because it is "running".
Try the following
Press <CTRL> <ALT> <DELETE>
Under the applications tab can you see "reeboot.exe".
If you can then highlight it and click "end task"
It may be running under the next tab "Processes". Again, if it is highlight it and click "end Process"
Now re -run your AV software and see if it will delete it (or quarantine it). If it won't you may have to locate the file yourself and delete it.
What message were you getting from Norton?
Hope this helps,
F - Wyg
It may not delete it because it is "running".
Try the following
Press <CTRL> <ALT> <DELETE>
Under the applications tab can you see "reeboot.exe".
If you can then highlight it and click "end task"
It may be running under the next tab "Processes". Again, if it is highlight it and click "end Process"
Now re -run your AV software and see if it will delete it (or quarantine it). If it won't you may have to locate the file yourself and delete it.
What message were you getting from Norton?
Hope this helps,
F - Wyg
Join Date: Oct 2000
Location: Brighton. UK. (Via Liverpool).
Posts: 5,068
Likes: 0
Received 0 Likes
on
0 Posts
I have just got rid of "WelchWorm" of which both Norton and Zone alarm pro faild to intercept. I got it and downloaded the latest patch and that got rid of it.
Interestingly, when I changed over to Broadband, I noticed that my automatic Norton LiveUpdate wasn't working any more. A couple of words with either Symantec or Virgin (can't remember which) and I was advised to check the Symantec LiveUpdate 'applet' (whatever that is) on the Control Panel. Sure enough, it wasn't 'talking to' the Broadband ISP, but after resetting it, all now works as before.
So I wonder whether there are other folk thinking that they're protected by Norton whereas in fact they haven't received any updates ever since they changed to Broadband...??
So I wonder whether there are other folk thinking that they're protected by Norton whereas in fact they haven't received any updates ever since they changed to Broadband...??
Thread Starter
Join Date: Jul 1999
Location: 58-33N. 00-18W. Peterborough UK
Posts: 3,040
Likes: 0
Received 0 Likes
on
0 Posts
Belated thanks for your replies. I thought I’d better stay off-line until this was fixed.
Turns out that the problem was;
Source: CWINDOWS\Start Menu\Programs\StartUp\Reboot.exe
Description: The compressed file Reboot.exe within Cundo\backup.cab is infected with the Trojan Horse virus.
This means (I’m told) that, as the problem got into the Restore Files Norton couldn’t Delete it. I understand that. What I don’t understand is this. Norton warned me of an infection and therefore recognised the virus. If it was able to do that then why couldn’t it stop the damn thing in the first place. I’ve always got Norton Automatic Up-Date enabled. Even so, when I go to manual up-date there’s always something new to download.
Turns out that the problem was;
Source: C
WINDOWS\Start Menu\Programs\StartUp\Reboot.exeDescription: The compressed file Reboot.exe within C
undo\backup.cab is infected with the Trojan Horse virus.This means (I’m told) that, as the problem got into the Restore Files Norton couldn’t Delete it. I understand that. What I don’t understand is this. Norton warned me of an infection and therefore recognised the virus. If it was able to do that then why couldn’t it stop the damn thing in the first place. I’ve always got Norton Automatic Up-Date enabled. Even so, when I go to manual up-date there’s always something new to download.
forget,
I had exactly the same prob as you (on Win XP). Liveupdate set to work, but never seemed to get the definitions with me telling it to. I found this article on Norton's site. Seems there's a problem with the task scheduler and LU. Step one on the following page sorted it for me:
http://service1.symantec.com/SUPPORT...&osv=&osv_lvl=
Before you apply the fix, go "Start/All Programs/Accesories/System Tools/Task Scheduler" and see when Symantec Net Detect last ran............do the same after you apply the fix to check it has worked.
Hope this helps.
Osbo
I had exactly the same prob as you (on Win XP). Liveupdate set to work, but never seemed to get the definitions with me telling it to. I found this article on Norton's site. Seems there's a problem with the task scheduler and LU. Step one on the following page sorted it for me:
http://service1.symantec.com/SUPPORT...&osv=&osv_lvl=
Before you apply the fix, go "Start/All Programs/Accesories/System Tools/Task Scheduler" and see when Symantec Net Detect last ran............do the same after you apply the fix to check it has worked.
Hope this helps.
Osbo
Official PPRuNe Chaplain
Join Date: Apr 2001
Location: Witnesham, Suffolk
Age: 80
Posts: 3,498
Likes: 0
Received 0 Likes
on
0 Posts
Yes, I had that problem too. Norton Update kept telling me everything was up to date, until I ran the "manual" check and found I was months behind.
Even with manual updates, viruses still got past Norton and into the machine.
The suspicious mind is the better cure - never open an attachment you weren't expecting...
Even with manual updates, viruses still got past Norton and into the machine.
The suspicious mind is the better cure - never open an attachment you weren't expecting...
I'd like to expand on what Keef said. The primary safety system here is "the pilot": i.,e. you, the user. Try to avoid trouble in the first place. You're not daft and many of you are actually licensed to navigate large metal objects at high speed over densely populated areas: so why is it so difficult to avoid clicking the mouse on a "don't do this" button?
Anti-virus software is there to help you when something is already going wrong. You should no more rely on Norton etc. to prevent infection than you rely on TCAS to prevent collisions.
It is unfortunate that the marketeers will try and sell you "100% safe internet surfing" or some similarly bovine ordure, but that's about as realistic as a 100% safe aeroplane.
On the other hand, do continue to open attachments and download software without thinking too much about where it's come from: it helps people like me pay the bills, when we come round and clean up the mess.
Anti-virus software is there to help you when something is already going wrong. You should no more rely on Norton etc. to prevent infection than you rely on TCAS to prevent collisions.
It is unfortunate that the marketeers will try and sell you "100% safe internet surfing" or some similarly bovine ordure, but that's about as realistic as a 100% safe aeroplane.
On the other hand, do continue to open attachments and download software without thinking too much about where it's come from: it helps people like me pay the bills, when we come round and clean up the mess.
