Over the years I've been very careful about malicious attacks and I am
currently using Symantec.

I've been attacked and Symantec detected it and lists the following virus'

Trojan.BAT
hacktool.dos
IRC.Trojan

Files are created in \windows\java and \winnt\system32\certsvr and my
registry is modified to run some batch files (vv.bat?) which contains a load
of net stop commands to kill off any anti-virus software...other
applications like KAMMI.EXE are also installed.

Symantec says they are detected and quarantined but somehow these files
still get in and my registry modified.

Somehow, there is a door that's open on my PC allowing these attacks to
happen and I do not know how to find or close the door.

Whilst online, Symantec can trigger 3-4 times with these attacks, each
attack reporting 15 files detected with virus'

Anyhelp help.suggestions welcomed.

(I've booted into safe mode and deleted all these files but they still keep
coming back)

"LongYP" <(E-Mail Removed)> wrote in message
news:ccueio$9n7$(E-Mail Removed)...
> Over the years I've been very careful about malicious attacks and I am
> currently using Symantec.
>
> I've been attacked and Symantec detected it and lists the following virus'
>
> Trojan.BAT
> hacktool.dos
> IRC.Trojan
>
> Files are created in \windows\java and \winnt\system32\certsvr and my
> registry is modified to run some batch files (vv.bat?) which contains a
load
> of net stop commands to kill off any anti-virus software...other
> applications like KAMMI.EXE are also installed.
>
> Symantec says they are detected and quarantined but somehow these files
> still get in and my registry modified.
>
> Somehow, there is a door that's open on my PC allowing these attacks to
> happen and I do not know how to find or close the door.
>
> Whilst online, Symantec can trigger 3-4 times with these attacks, each
> attack reporting 15 files detected with virus'
>
> Anyhelp help.suggestions welcomed.
>
> (I've booted into safe mode and deleted all these files but they still
keep
> coming back)

If you're using WinXP, you should disable the Restore feature and then redo
the virus scan.
Try an online virus scan (free), especially if your Norton is not up to
date.
Antivirus scanners:
--------------------------
http://housecall.trendmicro.com/hous...start_corp.asp
http://www.kaspersky.com/remoteviruschk.html
http://security.symantec.com/sscv6/default.asp
http://www.pandasoftware.com/activescan/activescan.asp
http://commandondemand.com/eval/index.cfm
http://www.ravantivirus.com/scan/ [See **]
http://www.bitdefender.com/scan/licence.php
http://www.pcpitstop.com/antivirus/default.asp
http://scan.sygatetech.com/prestealthscan.html

Also, your firewall should be stopping most of those attacks.
If you don't have one, you should probably install one.
ZoneAlarm has a good free firewall.
Also install these three free SpyWare detector and preventor programs.
They are free.
Download,install,update and THEN run:

AdAware
http://www.lavasoftusa.com/

Spybot Search & Destroy
http://security.kolla.de/

Spyware Blaster
http://www.wilderssecurity.net/spywareblaster.html

Buffalo wrote:
> "LongYP" <(E-Mail Removed)> wrote in message
> news:ccueio$9n7$(E-Mail Removed)...
>> Over the years I've been very careful about malicious attacks and I
>> am currently using Symantec.
>>
>> I've been attacked and Symantec detected it and lists the following
>> virus'
>>
>> Trojan.BAT
>> hacktool.dos
>> IRC.Trojan
>>
>> Files are created in \windows\java and \winnt\system32\certsvr and my
>> registry is modified to run some batch files (vv.bat?) which
>> contains a load of net stop commands to kill off any anti-virus
>> software...other applications like KAMMI.EXE are also installed.
>>
>> Symantec says they are detected and quarantined but somehow these
>> files still get in and my registry modified.
>>
>> Somehow, there is a door that's open on my PC allowing these attacks
>> to happen and I do not know how to find or close the door.
>>
>> Whilst online, Symantec can trigger 3-4 times with these attacks,
>> each attack reporting 15 files detected with virus'
>>
>> Anyhelp help.suggestions welcomed.
>>
>> (I've booted into safe mode and deleted all these files but they
>> still keep coming back)
>
> If you're using WinXP, you should disable the Restore feature and
> then redo the virus scan.
> Try an online virus scan (free), especially if your Norton is not up
> to date.
> Antivirus scanners:
> --------------------------
> http://housecall.trendmicro.com/hous...start_corp.asp
> http://www.kaspersky.com/remoteviruschk.html
> http://security.symantec.com/sscv6/default.asp
> http://www.pandasoftware.com/activescan/activescan.asp
> http://commandondemand.com/eval/index.cfm
> http://www.ravantivirus.com/scan/ [See **]
> http://www.bitdefender.com/scan/licence.php
> http://www.pcpitstop.com/antivirus/default.asp
> http://scan.sygatetech.com/prestealthscan.html
>
> Also, your firewall should be stopping most of those attacks.
> If you don't have one, you should probably install one.
> ZoneAlarm has a good free firewall.
> Also install these three free SpyWare detector and preventor programs.
> They are free.
> Download,install,update and THEN run:
>
> AdAware
> http://www.lavasoftusa.com/
>
> Spybot Search & Destroy
> http://security.kolla.de/
>
> Spyware Blaster
> http://www.wilderssecurity.net/spywareblaster.html

You should also include in this list, this spyware scanner as well:

Spy Sweeper
http://www.webroot.com

Quoth the raven The Prophecy:

> You should also include in this list, this spyware scanner as well:
>
> Spy Sweeper
> http://www.webroot.com

You forgot to mention the price...

I do have the product, as part of a bundled freebie from one of my
ISPs, and I have formed the opinion that SpySweeper is no better than
the combination of AdAware and SpybotS&D.

Some folks have written that SpySweeper alerts with a lot more false
positives than any of the others.

--
-bts
-This space intentionally left blank.