Norton Not Deleting Trojan Horse(s)

[rjfvillarosa]

I am on my way out soon to a few service calls and a friend is going back to Europe tomorrow so I could be out this evening but I will try and stop by later to see how you get on.
I have been trying to find out if when you do a Dell recovery to format and reinstall Windows, if it will clear out the root area of the harddrive, I will see what I can find out and check back later.

[glc]

If you have a rootkit, I'd do a full zero fill on the hard drive before running the Dell restore. You will have to do it with the XP CD and the resource CD, the zero fill will wipe out the recovery partition.

[jbbrown211]

I'll definitely need a walkthrough on that. If I do a full zero install, would that fix the internet connection issue as well? Also, would the virus attach to common type files I would want to save, like music, pics, or MS office files (Word, Excel, etc)?

[rjfvillarosa]

Quote:

Originally Posted by jbbrown211 Also, would the virus attach to common type files I would want to save, like music, pics, or MS office files (Word, Excel, etc)?

That is my concern, contaminated music files are unlikely as far as I know, but pictures and office documents can be contaminated.
What type of internet set up do you have? is it an always on DSL?

[jbbrown211]

It is Comcast cable...always on, same as DSL. However, since this issue with my tower, I have only had the internet on when my tower is powered down and I am using the laptop.

[rjfvillarosa]

This is good, this means that all you have to do after the format and reinstall is use the connection setup wizard to reset your internet connection, you dont have to mess around with any comcast software.
Both glc and myself are concerned that you could have a rootkit and that is why both of us have suggested a zero fill of the harddrive, I can talk you through the zero fill and reinstall later, do you have a memory stick/pen drive?

[jbbrown211]

No I don't have a memory stick. Should I get one, and what would i use it for. I was going to take the weekend and start backing up my music etc. I'll check back in shortly.

[rjfvillarosa]

Memory sticks are an invaluable little tool when you are doing what you are doing now, "trouble shooting" especially when you have a working computer right next to you with internet connection. IE: you could download the rootkit detector to your laptop and put it on the memstick and transfer it to your tower (that currently doesn't have internet access).
Again, so as not to transfer the problem back to the laptop, you would format the memstick before opening it, you don't know how virrulent what ever has contaminated your tower is and the last thing you need is to infect the laptop.
Does your laptop have a CD burner?

[jbbrown211]

Yes, laptop has a burner. I see what you're saying about the memory stick though.

[jbbrown211]

I tried to run connection wizard to get back on the net, didn't work. Not sure how to get conencted again. I'm backing up things now, then I guess I'll be ready to reformat the hard drive. I burned blacklight onto a cd, but when i put it into my tower, the cd is showing as a burnable cd, rather than a cd with content on it. I tried another ewido scan, the same infected files are coming up again, even after they were quarantined on the original scan.

[jbbrown211]

One other question. I have a windows reinstall cd for both my tower and my laptop (the laptop has SP2 on it). Should I still install the same windows cd that came with my tower?

[rjfvillarosa]

Stay with the CD that came with your tower, I know it means a lot of downloading but Dell recovery software is tied to Dell hardware.
Are you saying your tower didn't recognise the contents of the CD you burned?

[jbbrown211]

I guess it didn't recognize it...it launched a window with the option to burn files to a cd. When I tried to "explore" the CD, it was showing no files in it. When I put it back in my laptop, it launched with blacklight in it, so I don't know what the problem is. I'm almost finished doing my backup, so I should be ready to reformat windows soon....can you let me know what I'll need to have handy before I get started. And do I need to have the internet connection on for my tower as we're re-formatting?

[rjfvillarosa]

Something must be very wrong if your tower is not seeing the contents of that disk, what type of optical drive do you have in the tower? is it a CD rom or CD burner? Some CD rom's will not read a multi session CD, but a CD burner will see it and if your tower is opening the CD and offering to burn files to it then it must be a CD burner, can you confirm this?
I would like to see you do a zero fill but I want to check the procedure for a Dell machine first, do you have a recovery option in system tools or programs? or is there a Dell suite of programs that recover your machine?

[jbbrown211]

It is a burner. The optical drive looks like a NEC DVD+RW (ND-1100A).

Where exactly would I look to find out if I have a recovery option?

[rjfvillarosa]

Look in Start>Programs see if there is a Dell suite of programs listed there or go Start>Programs >Accessories and see if any kind of recovery utility is listed in there.
What CD's have you got to go with your tower? ie: recovery CD, XP CD, driver's CD.
What exact model number of Optiplex is it?






sorry I keep dodging in and out there is a bit of a party going on here....

[jbbrown211]

Nothing under Dell....
I have an accessories > system tools, which shows the following:
Character Map
Disk Cleanup
Disk Defrag
Files and Settings Transfer Wizard
Scheduled Tasks
Security Center
System Info
System Restore

When i try to start windows in safe mode, I do have the ability to get into safe mode with command window. I don't know DOS, but would we be able to run anything from the DOS command window that would be helpful?

Enjoy the party, thanks for checking in

[jbbrown211]

I have:
Re-installation CD for windows xp SP1
Monitor Setup Disc
Data/Fax Modem Disc
Various other program drivers, nothing important (power dvd, roxio, etc)

[rjfvillarosa]

What Optiplex model number is it?

[jbbrown211]

Gx260

[jbbrown211]

I just tried burning some files to a CD on my tower for backup purposes. It went through to the last 5 seconds and said there was an error and the files could not be written. It was a CD-R so I could not re-write (need to pick up a few RW discs). This seems extremely bad...would it be any help for me to take my tower somewhere for someone to look at, or is it beyond help at this point. You have been a big help, but are only getting info from my descriptions of what's going on, maybe I'm leaving out info that might be important, or missing an important piece of info.

[rjfvillarosa]

I tuely hope this is not the first problem you have had with a computer because if it is, it is a real baptism of fire, you have had more than your fair share of problems putting this right.
Have a read of this it is the Dell instructions to reinstall your operating system.
http://support.dell.com/support/edoc...l/reinstal.htm
If you are happy to go ahead with it carry out the reinstall, this I believe will use the recovery partition on your harddrive, but, if there is a rootkit installed on your machine this may not get rid of it so be prepared for more work, also you may need another installation CD from Dell if you have to do a zero fill.
A zero fill is a utility that fills your entire harddrive with zero's putting it in a just left the factory condition, the only thing is it will wipe out the recovery partition as well, hence the possible need for another installation CD from Dell.





I will keep checking back to see how you are doing, but, they have just cracked open a few bottles of Barcelo Gran Añejo Rum here so things might get a little hazy........

[rjfvillarosa]

Quote:

Originally Posted by jbbrown211 I just tried burning some files to a CD on my tower for backup purposes. It went through to the last 5 seconds and said there was an error and the files could not be written. It was a CD-R so I could not re-write (need to pick up a few RW discs). This seems extremely bad...would it be any help for me to take my tower somewhere for someone to look at, or is it beyond help at this point. You have been a big help, but are only getting info from my descriptions of what's going on, maybe I'm leaving out info that might be important, or missing an important piece of info.

If you are prepared to stick with it you can do this but it will take some work to put it all back as it was, up till now the info you have been giving is fine, my personal opinion is to stick with it, but then I am a stubborn old git and won't be beaten by a machine.....

[jbbrown211]

I've encountered other problems, NEVER to this degree and others were fixable. Would I lose all of my files in a re-install of the OS? I know everything gets wiped in a zero fill, but what degree would I lose files in a reinstall? I will take a look at the link and decide what to do, enjoy the rum.

[rjfvillarosa]

A reinstall of the OS is going to wipe your harddrive clean and reinstall Windows, you will then have to install a few drivers for some of your hardware and some third party software like CD burning tools and antivirus, after this your machine will be the same as the day you bought it.

[jbbrown211]

gotcha. I'll pick this back up tomorrow, sorry to keep you from the fun...thanks again, I'll check back tomorrow.

[rjfvillarosa]

But!! remember this damn rootkit, that maybe the reason all this is happening, carry on with the reinstall but be prepared to have to go throught it all again, IF, we have to do a zero fill, by the way, if you had a tech do this for you it would cost a fortune, doing it here costs nothing and maybe you get to learn a little along the way.

[jbbrown211]

true. I'd rather do it here. I need to be able to connect to the net to get that rootkit detector, but i am going to pick up a mem stick today and see if that works. I'll let you know once i've done the reinstall

[jbbrown211]

Quick update...I did get a 1gb memory stick today, and ran blacklight. It is telling me that I do not have a rootkit, which is good news. I also brought over Killbox, which could not delete a file that Norton is telling me is on the computer ("issearch"). Figured I would try. I'm moving some files off of my tower so I can start the reinstall process.

[rjfvillarosa]

Excellent news about the "rootkit".
Have you managed to run ani antivirus scans via your laptop on the files you have backed up?
I know early on at the start of this you said you were using Norton, is it possible that you can switch to AVG after the reinstall on the tower?
I have never used this: http://www.softwarepatch.com/software/moveonboot.html it's called "move on boot" try it on that file you can't delete.