Running Win98SE with Norton Anitvirus 2002 and I keep getting this box (from my firewall) that
C:\WINDOWS\TEMP\XegB292.TMP is trying to connect to internet, I have checked to see what this file was and I can't seem to open it with any program I have. I have tried to delete but won't allow me to delete it, any help will be appreciated.

I didn't find anything on it in a general Web search on it, nor at SARC. It's not part of NAV. Did you try to delete it in either Safe mode or from the command line?

That's the remnants of a trojan. Update your Norton and do a full system scan. It's easily enough deleted in safe mode, you should totally clean out c:\windows\temp periodically anyway.

I have tried to delete in safe mode and got the notice that this file cannot be deleted. Ran an update on Norton and running it will let you'll know what is happening. Thanks for the reply

If it won't delete in safe mode, then you have to boot to safe mode command prompt only and deltree it at the dos prompt.

GLC this is very weird, it keeps changing its name, now its running YAU72A2.TMP, is that how this type virus works?
Will try to del from command prompt.

Start in SAFE MODE and examine the startup items in msconfig. Bet you find something strange there.

Boot to safemode command prompt only and type the following at the C prompt:

cd\windows\temp

deltree *.*

Keep hitting Y

Have you run a full system scan with updated virus definitions yet? Try going to housecall.trendmicro.com and get a free online scan to confirm.

XegB292.TMP is the name of an infected file...it is not the name of the virus.

Remember to turn off your system restore before you run your virus program or you will only reinfect your computer.

To turn off your system restore...click on start...then right click on my computer...then properties...click on system restore tab... uncheck box turn off system restore...then apply and ok. Just reverse this process when it comes time to enable it.

Make sure Norton is up-to-date in its definitions and do a full scan. Write the name of the virus down. If Norton does not quarentine it it will have to be manually removed from your registery. When you get a virus never shut your computer down and reboot it for the virus will spread itself to other files
Look for its name here:
http://securityresponse.symantec.com/avcenter/vinfodb.html

Remember to enable your system restore when you are done.

For futher help go here:
http://www.spywareinfo.com/forums/

Thats all fine and dandy, but Win98SE doesn't have system restore.

Thanks guys for all the help, but unfortunately bug had damaged some files and had to do a complete restore, so now I'm bug free. You guys are great with all the help, again thanks.

Not trying to burst any bubbles but housecall and norton A-V are specifically designed for viruses. While they do detect "some" trojans they don't get them all. If you would like to try a test go to wilders (http://www.wilders.org) and download trojan simulator (http://www.wilders.org/downloads.htm) and try it out. It is a harmless trojan that is used to test a-v scanners and trojan scanners.
Although it is a trojan it is just like the eicar test for a-v's. Delete the two files you get when finished.
I just did a scan for it on my box with norton (newest updates installed) and it didn't get it.

cat

* Housecall will find this file.