Re: NAV unrepairable virus

kurt wismer <kurtw@sympatico.ca> wrote in message news:<s39Ja.2385$hY1.226760@news20.bellglobal.com>...
> Traveler82 wrote:
> > After having had McAfee 6 I decide to move to NAV 2003. The first
> > scan of my system (XP) indicates a backdoor trojan IMG32.EXE in the
> > System32 folder. NAV can't repair this. I have no idea what this is
> > except that a rollover indicates that it was created 2 days ago. I
> > tried to delete it but got the message that it is write protected or
> > is in use. How do I go about getting this off my system?
>
> you'll either want some dedicated cleaning tool (for which you'll need
> to know the name of the actual trojan, not just it's filename, so you
> can get the right dedicated cleaning tool) or go the manual route of
> hacking the registry and startup files to make stop it from being
> executed each time you boot so you can then remove it without that 'file
> in use' error... of course you'll still need to know the actual name of
> the thing so you can find out what it affects and thus how to undo what
> it has done...
>
> in short, you need the name before you can go further...


NAV only identifies this as a generic backdoor trojan, not the
specific name. I downloaded AVG 6.0 but it doesn't recognize that
there is a virus on my system.

I am going to have to hire someone with much deeper knowledge than I
have to get at this. "Hacking the registry and startup files" is not
something I know enough about to think about trying, even if I had the
virus name.

Thanks.

Traveler82 wrote:
[snip]
> NAV only identifies this as a generic backdoor trojan, not the
> specific name. I downloaded AVG 6.0 but it doesn't recognize that
> there is a virus on my system.

i see... that's not very useful behaviour on nav's part... personally
i'd complain - their product has alerted you to a problem but hasn't
given you enough information/functionality to be able to solve the
problem...

> I am going to have to hire someone with much deeper knowledge than I
> have to get at this. "Hacking the registry and startup files" is not
> something I know enough about to think about trying, even if I had the
> virus name.

y'know, you've already hired someone with deeper knowledge... in fact
you've hired a whole bunch of someones... collectively they're called
'symantec' (they make nav) and the help you've paid for is called 'tech
support'... send them a copy of this suspect file and ask for help...

--
"when surveys of all the world's countries are done,
canada frequently rates number one.
are we the best country? well we'll never know...
there's nowhere else we can afford to go."

"Traveler82" <traveler0882@hotmail.com> wrote in message
news:16d80320.0306220653.434b51a9@posting.google.com...
>
> NAV only identifies this as a generic backdoor trojan, not the
> specific name. I downloaded AVG 6.0 but it doesn't recognize that
> there is a virus on my system.
>
> I am going to have to hire someone with much deeper knowledge than I
> have to get at this. "Hacking the registry and startup files" is not
> something I know enough about to think about trying, even if I had the
> virus name.
>
> Thanks.

If the file is in quarantine or backup, submit it to SARC for analysis. It
*may not* be a trojan, but might be somethhing that exhibits suspicious
behavior, which is why NAV calls it a *generic* backdoor. Just check out the
quarantine and backup folder (access via reports tab) and look for the icon
on the taskbar for submitting it to SARC.

"optikl" <optikl@aol.com> wrote in message news:<XCtJa.64499$Fa6.43980@sccrnsc02>...
> "Traveler82" <traveler0882@hotmail.com> wrote in message
> news:16d80320.0306220653.434b51a9@posting.google.com...
> >
> > NAV only identifies this as a generic backdoor trojan, not the
> > specific name. I downloaded AVG 6.0 but it doesn't recognize that
> > there is a virus on my system.
> >
> > I am going to have to hire someone with much deeper knowledge than I
> > have to get at this. "Hacking the registry and startup files" is not
> > something I know enough about to think about trying, even if I had the
> > virus name.
> >
> > Thanks.
>
> If the file is in quarantine or backup, submit it to SARC for analysis. It
> *may not* be a trojan, but might be somethhing that exhibits suspicious
> behavior, which is why NAV calls it a *generic* backdoor. Just check out the
> quarantine and backup folder (access via reports tab) and look for the icon
> on the taskbar for submitting it to SARC.

Ok. I've now submitted it. But there was a message when I started the
process that this file could be deleted or repaired and no submission
was necessary. But the virus warning screen that is permanently up on
my desktop screen indicates that it is UNrepairable and I am also
unable to delete img32.exe myself.

I had installed the latest version of ZA Pro on Friday or Saturday and
have it set to ask permission for outgoing connections so that I could
establish the regular set of programs to be allowed out. I managed to
stop img32.exe at some point on Saturday morning I think and it is
being blocked regularly - the pattern now seems to be about once an
hour per the ZA log.