I guess this may not be quite the right place for this, but I didn't know where else to go. I think I may have a potentially serious problem.

Ok, so I've been running that free ZoneAlarm firewall, along with Norton Antivirus. I figure, great, I'm covered. But tonight, I get this nifty little page pop up when I try to use my browser, and it tells me that ZoneAlarm was shut down unexpectedly, and says it was either caused by an error, or by a trojan which has shut down all my security. Thus, it informs me it has locked out all internet access and suggests I restart ZoneAlarm, my pc, or both, and that I scan my computer (it also provides a link to a web-based online scanning utility, which I try to make use of later, but only freezes up. Ctrl-Alt-Del showed that it was "Not responding").

So, I make sure my Norton is updated, and set to scanning my comp. Shortly, it, and my firewall, just quit. No errors, no windows, they just disappear as if I never started them. I try a couple more times, restarting as it suggests, trying the web-based scanner I mentioned above, and so forth, but to no avail. Every time I start my firewall and/or Norton, they just disappear in short order.

Now I'm really starting to get nervous. Only way I'm even able to post this message is by using selective startup and just never starting the firewall so I don't get locked down. But who knows what's going on behind the scenes while I'm even typing this. What's more, this rig is new. Hasn't been on my desk over a week, so I'm really pained by this recent development. I've had dealings with the offhand virus or two before, but never anything that could just smack down all my security like this.

Anybody got any ideas?

I finally got the Trendmicro.com scan to work (it was the one the page had a link to). Well, I didn't really get it to work, I just tried it one more time and it did.

Anyway, it didn't turn up anything. Any idea what my next step could be?

Get rid of Zone Alarm. When I used it, after it was installed for a while it would start shutting down and then got to where it would not start at all. Not real sure what the problem was with it, but I started using Sygate PE, which is also free, from www.sygate.com

Zone Alarm is not the cause of this problem, but it has to be shut down to fix it. There are viruses out there that cause this exact problem, and I don't know why Trend isn't picking up on it. For now, uninstall Zone Alarm and Norton till it's fixed, try the Trend online scan again.

If you have WinME or WinXP, have you tried a system restore back to a week ago or so?

Well, it puts me at ease to know that at least my computer isn't going to be eaten and there's nothing I can do about it.

As far as system restore, everything is brand new. I don't think there's been a state saved that I can restore from. Guess I'll just have to wait for Trend to pick up on it.

Correction, I did have one checkpoint that it saved, but after two tries it says the computer can't be restored from that point.

Also, I think I may have found another effect of the virus. Since the troubles with ZoneAlarm and Norton began, I haven't been able to installo anything. It'll get about half way through, and then the screen will go black, the computer will crash or freeze, or something will happen that will stop the installation.

I don't know, maybe it's an unrelated problem. Maybe I just have a lemon on my hands. All I know is I installed a thing or two I'm sure before the security programs started acting up, and now I can't finish not one installation.

Here's another tidbit. I had been running my computer using selective startup, so all the little background programs weren't running. But just now I restarted with the normal settings, and I'm getting new message. This might be important to getting rid of this thing, because I'd l;ove to be able to install things again.

It says
RUNDLL
Error loading NvQTwk
The system cannot find the file specified.

That's an Nvidia file - reinstalling your video driver should fix that.

Hello WarmMachineME,
If I'm not mistaken, NvQTwk is the tweak utility for nvidia. Reinstalling the video drivers may fix that error, but it sure sounds like you have virus problems also.

Links to online virus scans: Symantec (http://security.symantec.com/ssc/home.asp?j=1&langid=us&venid=sym&plfid=20&pkj=RDDJORVWHFHMFNZMBBX) , Panda (http://www.pandasoftware.com/activescan/) , Bitdefender (http://www.bitdefender.com/scan/licence.php) , try as many as you can to be sure of Housecall's findings. Hope this helps.

Yeah, I reinstalled the Detonator drivers and it took care of that error. I'm having a crack at those scan sites you posted right now.

Thanks much.

Looks like I got it. Bitdefender flagged a file or two in my Windows/Temp folder. Backdoor something or other. They're gone now, and ZoneAlarm and Norton are behaving normally.

But, I'm still having the installation issue. Guess I'll take it to the general software forum or something.

Thanks a lot for all your help everyone. ^_^

There may be some remains still left from the backdoor trojan - get the name again and look on Symantec's site for full manual removal instructions - and try running Spybot Search and Destroy (www.lurkhere.com) to look for more malware that's not specifically viral or trojan in nature.

How would I find the name of it again after I've already deleted it? Is there a log file somewhere?

Sorry it took so long to get back to you. I e-mailed Bitdefender and their online scan doesn't keep a log file, so you have no way of finding the name that I know of.

Well, I just ran their online scanner again, and it flagged the same thing I think. But why, if I pressed that nice shiny delete button, is it finding it a second time?

Anyways, it says it's Backdoor.NetDevil. I went to symantec and looked it up, and it just says to run a scan, delete the files, and remove it's keys fromthe registry. When I went into the registry sections it gave me, however, I didn't see any keys that pointed to the backdoor files.

I'm running bitdefender a third time, though I'm not really sure why. Now what?

Ok, bitdefender picked it up again, and here's the file it's giving me for Backdoor.Netdevil:

C:\WINDOWS\TEMP\(ASPack 2.12)

Edit: It just flagged that same file a second time.

ASPack 2.12 is a file compressor: ASPack 2.12 (http://www.webattack.com/get/aspack.shtml) . Anyway, delete all the temporary internet files, run SpyBot S&D, empty C:/windows/Temp and try again. What does Symantec's online scanner show? Housecall's?

Turn off system restore, delete all restore points, scan again
delete what it finds and you should be good to go.
Enable system restore only after you have cleaned the infection from your system.

No virus scan can delete files contained within the system restore area.

Erhm, how do you disable system restore? The only options I see are create a restore point and restore your computer.

Win ME- Right click "MY Computer"/select properties/performance tab/file system/troubleshooting, there should be an option to disable system restore.

Win XP- Right click "My Computer"/select properties/system restore.

Symantec and Trendmicro's scans turned up nothing. As for system restore, when I got to it, the box was already checked. But, I unchecked it and checked it again, restarted, and ran the scans then.

The AsPack files haven't reappeared in Temp. I deleted everything in the folder last night. Maybe I got rid of it this time?