backdoor trojan py[1].exe

[Jane]

Hi,

This is all completely foreign to me and I need some help/advice. I keep
getting a warning from NAV that I have a backdoor Trojan py[1].exe and
access is denied for NAV to remove it. I've tried the NAV suggestions on
how to get rid of it but it does me no good. I'm running WindowsXP
Professional, with Norton Systems works, integrated with NAV. The path that
NAV gives me is c:\Documents and settings\(my full name)\Local
settings\temporary internet files\content.IE5\(there are approx 6 different
file names here\py[1].exe I can not manually find the py[1].exe file
anywhere to delete it manually. Nor can I find the six different file
names. I'm not experienced enough to dig in my registry. Is there a
software that'll find this backdoor Trojan and zap it? Is this wishful
thinking? How do I keep from it being put back on my computer? Lastly but
most importantly what the (^*%&^$^ is a backdoor Trojan?


Jane

 

[Duane Arnold]

Hi,

This is all completely foreign to me and I need some help/advice. I
keep getting a warning from NAV that I have a backdoor Trojan
py[1].exe and access is denied for NAV to remove it. I've tried the
NAV suggestions on how to get rid of it but it does me no good. I'm
running WindowsXP Professional, with Norton Systems works, integrated
with NAV. The path that NAV gives me is c:\Documents and settings\(my
full name)\Local settings\temporary internet files\content.IE5\(there
are approx 6 different file names here\py[1].exe I can not manually
find the py[1].exe file anywhere to delete it manually. Nor can I
find the six different file names. I'm not experienced enough to dig
in my registry. Is there a software that'll find this backdoor Trojan
and zap it? Is this wishful thinking? How do I keep from it being
put back on my computer? Lastly but most importantly what the
(^*%&^$^ is a backdoor Trojan?


Jane

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_and
_Rootkit_Tools_in_a_Windows_Environment.html

I'll give you that much. They have to practice on someone before going
after the bigger game.

I am sure some good people here will give you advise on how to remove it.

Duane

 

[Duane Arnold]

Hi,

This is all completely foreign to me and I need some help/advice. I
keep getting a warning from NAV that I have a backdoor Trojan
py[1].exe and access is denied for NAV to remove it. I've tried the
NAV suggestions on how to get rid of it but it does me no good. I'm
running WindowsXP Professional, with Norton Systems works, integrated
with NAV. The path that NAV gives me is c:\Documents and settings\(my
full name)\Local settings\temporary internet files\content.IE5\(there
are approx 6 different file names here\py[1].exe I can not manually
find the py[1].exe file anywhere to delete it manually. Nor can I
find the six different file names. I'm not experienced enough to dig
in my registry. Is there a software that'll find this backdoor Trojan
and zap it? Is this wishful thinking? How do I keep from it being
put back on my computer? Lastly but most importantly what the
(^*%&^$^ is a backdoor Trojan?


Jane

http://www.windowsecurity.com/articles/Hidden_Backdoors_Trojan_Horses_a

nd
_Rootkit_Tools_in_a_Windows_Environment.html

I'll give you that much. They have to practice on someone before going
after the bigger game.

I am sure some good people here will give you advise on how to remove it.

Duane

Oh, and you may want to look into doing some *hardening* of the XP O/S to
attack.

http://www.uksecurityonline.com/index5.php

Duane

 

[Jack the Bear]

Hi,

This is all completely foreign to me and I need some help/advice. I keep
getting a warning from NAV that I have a backdoor Trojan py[1].exe and
access is denied for NAV to remove it. I've tried the NAV suggestions on
how to get rid of it but it does me no good. I'm running WindowsXP
Professional, with Norton Systems works, integrated with NAV. The path that
NAV gives me is c:\Documents and settings\(my full name)\Local
settings\temporary internet files\content.IE5\(there are approx 6 different
file names here\py[1].exe I can not manually find the py[1].exe file
anywhere to delete it manually. Nor can I find the six different file
names. I'm not experienced enough to dig in my registry. Is there a
software that'll find this backdoor Trojan and zap it? Is this wishful
thinking? How do I keep from it being put back on my computer? Lastly but
most importantly what the (^*%&^$^ is a backdoor Trojan?


Jane

Try deleting your internet cache in IE
Menu bar => Tools | Internet Options
on the "General" tab (it'll be the one that's on top) about ½ way down the
page,
"Temporary Internet files" press the "Delete Files" button. Answer "yes" if
asked "are you sure."
Try scanning again, to see if it was just something in the cache that didn't
install itself.

As for the six different files (?) write to me directly and I may be able to
figure out what you mean, and explain it to you. I think you're talking
about your Gui ID,which should be part of the path, but I'm not sure.

- Jack the Bear.
(e-mail address removed)

 

[Jane]

Duane and Jack

I ran a I think it's called Panda or something like that and it did remove a
backdoor trojan. Not sure if that is it but I'm assuming as it's the only
think Panda found. Let's see if that it is. Will it keep coming back?

Jane

 

[Jane]

Try deleting your internet cache in IE
Menu bar => Tools | Internet Options
on the "General" tab (it'll be the one that's on top) about ½ way down the
page,
"Temporary Internet files" press the "Delete Files" button. Answer "yes" if
asked "are you sure."
Try scanning again, to see if it was just something in the cache that didn't
install itself.

As for the six different files (?) write to me directly and I may be able to
figure out what you mean, and explain it to you. I think you're talking
about your Gui ID,which should be part of the path, but I'm not sure.

- Jack the Bear.
(e-mail address removed)

Yup did all this, and did a safe mode start up and disabled system restore
while deleting a bunch of stuff. I didn't get notified for probably 24
hours then NAV started telling me again.

Jane