|
|||||||
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread | Display Modes |
04-17-2002, 11:11 PM
|
#1 |
|
Member (11 bit)
Join Date: Oct 2000
Location: Yorba Linda, CA
Posts: 1,159
|
Virus question when using Norton.
About 5 months ago I built a PC for a family friend and it seems that he now has a virus. He called and said it was called BACKDOOR.SUBSEVEN22 but that Norton had it Quarantined. He mentioned that he could not remove it and every time he uses OUTLOOK his PC locks up. Other than that he says the PC works without any problems but I told him I would get back to him. I went to the Symantec site and there are instructions on removing the Trojan like editing the registry and such. I always thought that this was the whole point of having anti virus, so that it could do all the fixing for you. So I take it that even though NAV could detect it, one must go in there and remove the Trojan manually. Are most viruses and Trojans removed this way and not by the NAV software itself. Thanks
Edrod13
__________________
"Do not worry about your difficulties in Mathematics. I can assure you mine are still greater." - Albert Einstein |
|
|
|
04-17-2002, 11:32 PM
|
#2 |
|
The Preacher Man
Premium Member
Join Date: Apr 2000
Location: Dallas
Posts: 4,828
|
I'd follow the instructions by Symantec, since it's their program.
 I'm no virus expert, as I've only gotten 1. Zone Alarm nabbed it before InoculateIt did and changed the extension and then quarantined it. I suspect Norton did the same. Opinions & facts may vary...
__________________
"Don't be so open-minded that your brains fall out." |
|
|
|
|
04-18-2002, 12:04 AM
|
#3 |
|
Banned
Join Date: Jan 2000
Location: East of Lake Michigan -- West of Lake Huron -- South of Lake Superior and North of civilization.
Posts: 2,219
  |
Norton and other antivirus programs find virii, they don't always remove virii -- that's why the trojan is quarantined.
If you don't like the idea of messing with the registry, there's a program called The Cleaner. It's designed to find and remove trojans. Since Norton already has it quarantined, The Cleaner may not find it -- but it is a shareware program that will work fully for 30 days so it can't hurt to try it. You can get it here: www.moosoft.com/ -Craig |
|
|
|
|
04-18-2002, 12:55 AM
|
#4 |
|
Banned
Join Date: Jul 2000
Location: Bakersfield,CA
Posts: 7,761
|
If Norton Quarantined the file it did not get a chance to execute. And you can go in to the Quarantined file in the Norton program and just throw it away. As to the Outlook problem this could be caused by a glitch in outlook or a news reader program that recieved the backdoor.subseven when it came in.
The first step is to throw the file away and then if this is Outlook express run the Internet Explorer Repair tool that is located by going Start>Programs>Accessories>System Tools>System Information>Tools Tab> Internet Explorer Repair tool. For the main Outlook Program you will need to run the Repair Microsoft Office from the disk. |
|
|
|
|
04-18-2002, 12:59 AM
|
#5 |
|
Member (11 bit)
Join Date: Oct 2000
Location: Yorba Linda, CA
Posts: 1,159
|
Well the thing is Norton was installed after the trojan came in. If I do run the CLEANER from moosoft will I still have to go in and edit the WIN.ini and system.ini etc... and just the registry gets done by the cleaner. I will probably take a look at the pc within the next two weeks so I only know a little of the detials. Thanks guys
Edrod13 |
|
|
|
|
04-18-2002, 01:41 AM
|
#6 |
|
Banned
Join Date: Jul 2000
Location: Bakersfield,CA
Posts: 7,761
|
Run the cleaner and then, using the Norton print out as a guide, check the registry.
Another good free Trojan remover, that you can update the definitions on is SWATIT. http://www.lockdowncorp.com/bots/downloadswatit.html Also for the Registry ou may want to download RegCleaner from the link below. It make it easy. http://www.jv16.org/ |
|
|
|
|
04-19-2002, 09:47 AM
|
#7 |
|
Resident NORML Supporter
Join Date: Jan 2002
Location: New York
Posts: 1,184
|
SubSeven.... is your friend a hacker? Subseven is a program used to get into people's computers that have a specific trojan, you get in and you can do any from forcing them to print to writing/deleting repeatedly to burn out the hard drive. Unfortunately this often come swith the trojan itself. Get rid of it as fast as possible, using Symantec instructions or such. If that doesn't work, reformat it.
__________________
Asus P5B-E - Core 2 Duo E6300 @ 2.4 GHz - 2GB Corsair XMS2 - HIS X1650 XT Turbo - 400GB Seagate 7200.10 - Sound Blaster Audigy SE - Samsung 960BF LCD - Antec P180B - Corsair HX620W |
|
|
|
|
04-19-2002, 06:57 PM
|
#8 |
|
The Preacher Man
Premium Member
Join Date: Apr 2000
Location: Dallas
Posts: 4,828
|
Besides the few other perks, I use Yahoo mail for virus protection. Yahoo uses Norton that scans and if something does slip through, no address book on pc is effected. DL long ago made up her own mind in this area, so she uses NS and gets tons of mail each day; been lucky.
|
|
|
|
|
04-19-2002, 07:18 PM
|
#9 |
|
Tanker Yanker
Premium Member
Join Date: Nov 2001
Location: Lewisville TX
Posts: 2,920
|
I'm currentely using NAV and I have it set to check for virus everytime mail comes and goes from My Outlook express.
Open NAV go to Options>Internet and make sure that you checked off Scan incomming Email and Scan outgoing Email. You might also want to make sure under the system tab> auto protect Check> Enable auto Protect when windows start and under Script blocking> check> Enable Script blocking. Good Luck
__________________
MB: DFI Lanparty UT-NF4 SLI-D/Processor AMD Athlon 64x2 Toledo/video Card:XFX 9800GTX+/Audio:Sound Blaster Audigy 4/Ram:Corsair XMS Extreme 4x1Gig PC3200/HD:1x150GBWestern Digital Raptor 1x80GB Segate Beracuda 7200 SATA /Monitor:ASUS VS247 H-P 23.6"/Keyboard Mouse:Logitech Cordless Wave/Speakers: Logitech G51/Printer/Fax/Scanner:Brother MFC-685CW |
|
|
|
|
04-19-2002, 08:05 PM
|
#10 |
|
Member (11 bit)
Join Date: Oct 2000
Location: Yorba Linda, CA
Posts: 1,159
|
Thanks all,
Sarge, I also use Yahoo, but this friend like to use outlook. I will most likely just reformat since he has told me that he has very little on the drive he cares about. It's a 40GB IBM so I set it up as two partitions. One 9Gb and the rest on the other. I have told him to place whatever he wants to save if anything to the 30GB partition and run a full virus scan. I will come over and reformat the 9Gb and reload Win98SE. I can probably load win98 faster than searching through the registry and what not for the virus. I am glad I set up his drive that way since we can at least have somehwere to keep some data he would like to keep. Its a P4 1.6Ghz and 98se loads like its nobodys business. Thanks OH, FOR ALL YOU KAZZA USERS, THIS IS HOW HE GOT IT! Edrod13 |
|
|
|
|
04-19-2002, 08:22 PM
|
#11 |
|
The Preacher Man
Premium Member
Join Date: Apr 2000
Location: Dallas
Posts: 4,828
|
Hey bud, I'm tired and ain't thinking too swift, but even with a reformat, seems I read here abouts that the mbr (master boot record, or whatever they call it) could have the virus and a reformat wouldn't fix it. I could be very wrong, but do a search for mbr, etc and see. Something to think about...
|
|
|
|
|
04-19-2002, 08:50 PM
|
#12 |
|
Member (11 bit)
Join Date: Oct 2000
Location: Yorba Linda, CA
Posts: 1,159
|
Sarge,
I guess I could FDISK /MBR before anything then format the drive and load the OS. Anybody think that would do it or should I approach it any other way. Could I just be able to format the drive and skip the MBR, or could that just be an extra step for precaution? Thanks Edrod13 |
|
|
|
|
04-19-2002, 09:00 PM
|
#13 |
|
The Preacher Man
Premium Member
Join Date: Apr 2000
Location: Dallas
Posts: 4,828
|
If you're going for the Gold anyway, throw in an FDISK.
 Hpro had some good info on virii in the mbr and how to rid. I've got the thread somewhere in my very fragmented files. |
|
|
|
|
04-19-2002, 09:05 PM
|
#14 |
|
Member (11 bit)
Join Date: Oct 2000
Location: Yorba Linda, CA
Posts: 1,159
|
I guess I will. Sarge if I did use the FDISK /MBR I couldn't ruin the drive in anyway?
Edrod13 |
|
|
|
|
04-19-2002, 09:23 PM
|
#15 |
|
Member (7 bit)
Join Date: Jul 1999
Location: slum just south of Lake Erie
Posts: 125
|
subseven virus
Do a low level format first- nothing survives that unless your bios is corrupted. Most drive makers have a utility that will do this. Good luck!!!
|
|
|
|
|
04-19-2002, 09:25 PM
|
#16 |
|
Member (11 bit)
Join Date: Oct 2000
Location: Yorba Linda, CA
Posts: 1,159
|
I have one called an IBM fitness test that has some type of partition proggy. Well I guess when the time comes I will have to figure out what my best solution is. Thanks
Edrod13 |
|
|
|
|
04-19-2002, 09:30 PM
|
#17 |
|
The Preacher Man
Premium Member
Join Date: Apr 2000
Location: Dallas
Posts: 4,828
|
DL has always accused me of going for the gusto on things. Although not necessary, I always FDISK anyway when I reformat. Folks in these parts say it's not necessary, but what the hey, it takes only a minute and, in my opinion, starts with an absolute beginning, a fresh start if you will, and leaves no question marks.
|
|
|
|
|
04-19-2002, 11:50 PM
|
#18 |
|
Member (11 bit)
Join Date: Oct 2000
Location: Yorba Linda, CA
Posts: 1,159
|
Sarge,
After what you just said, I think it's time for: And the preacher said, "AMEN". Good night all. Edrod13 |
|
|
|
|
04-20-2002, 06:35 AM
|
#19 |
|
Premium Member
Join Date: Jun 1999
Posts: 9,231
|
The Backdoor.Subseven22 is not an MBR virus, try trend's online scan, and it should clean it for u.
|
|
|
|
|
| Bookmarks |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
Linear Mode
