Computer Virus: Help Requested

March 30, 2004 | Self

[bd476]

About 7 hours ago a Security Alert pop-up from Norton Anti-Virus appeared suddenly on this computer screen.

Then followed another pop-up with text about closing Windows, then another pop-up followed that in the form of an adult content page, followed by yet another pop-up window with another adult content page, and then one more pop-up window with text about paying for a website using advertising pop-up windows.

I couldn't close the pop-up windows, so I unplugged the cable connection and then ran my updated Norton Virus Scan. It found nothing.

However, the Norton Anti-Virus Security Alert Log showed that in fact a virus "Download. Trojan" (there was a space between the dot and Trojan on the Norton log) had been found on my computer and that Norton Anti-Virus had failed to fix it.

Somehow I managed to get to Norton's website, where there were instructions on how to get rid/fix the virus.

Per Norton's online site instructions, I disabled System Restore, restarted this computer, ran Norton Virus Scan in regular Windows (XP) and then again in Safe Mode. Both times my Norton Anti Virus Program failed to locate the reported virus.

I had also updated virus definitions for Norton sometime earlier in the day, but decided to try updating them again. Norton's website added more virus definitions to the virus engine.

I have increased the Security options on this computer to "High." Yet still there is a concern that the reported trojan virus was not found nor fixed during the several runs of Norton's Virus Scan.

Any suggestions? Thanks in advance.

[rogueleader]

Norton is sub-par.

Buy Kaspsersky Anti-virus. kaspersky.com.

(Unfortunately, NAV is made in the USA and Kaspersky is made in Russia. This sad state of affairs is what we have come to, though.

(I blame the capital markets. Too much of a premium on short-term speculation and not enough on long-term capital accumulation.))

[CONSERVE]

bunp for info later read

[Squantos]

Zone alarm Pro (pay for it, well worth the duckets) , AVG, Norton AV, Spybot, Ad-aware, and get the google tool bar that has pop up stopper on it. Best I have found for my amature surfing and freeping pukin puter security needs. Also the tren micro sysclean pkg is well worth using as the post above suggests.....I use it too .

Stay Safe !!

[Squantos]

Really ? Ad aware does that ?............where can I get the spy sweeper ya mention ?

[Conservative4Ever]

bump

[Hawkeye's Girl]

AdAware is spyware, and Ad-Aware is a spyware removal program. The hyphen is important.

[Drammach]

Spy Sweeper:

http://www.webroot.com

[Swordmaker]

Hey, lighten up! I actually like macs.

Well, I'm starting to like veggies... even Brocolli and Cauliflower. Do you suppose my G5 Mac has something to do with it? On the other hand, I eat them with a 10 ounce Top Sirloin... Medium Rare.

[MaryFromMichigan]

Aw, a G5 Mac!
Must be nice!
I'm limping along on a G4.
Still running a powermac 6100/66!

[AppyPappy]

But I can't use a Mac. I'm a heterosexual.

[MrB]

I've gotten something similar. And I think it's from my provider, after close examination and calming down after a panic.

Did you also get something about "the FBI and others can trace your surfing" or something similar?
Along with an offer for "true anonymous surfing, click here?"

I have AdAware, Spybot, Norton Systemworks, Zone Alarm, and a hardware firewall, and I got that message. I used my scanning software and found nothing. It's a hoax.

I think it's just a sneaky sales pitch.

[LexBaird]

But I can't use a Mac. I'm a heterosexual.

Sure you can. You just have to be secure in your masculinity. Like Bush, for instance.

[AppyPappy]

You just have to be secure in your masculinity.

Yeah. That's what they say at the beauty salon when a guy walks in. He must be REALLY secure. (wink, wink)

[LexBaird]

Beauty salons are where all the hot chicks work.

[Squantos]

Thanks..........got it and found 4.....:o)

Stay safe !

[Squantos]

Kewl.........I learned something !

Stay safe !

[dcwusmc]

I NEVER advise clients to reformat their HDs. My suggestion is always to put the faulty HD down range and see how well it functions after a dose of buckshot from a 12 ga. pump gun. Reformatting is for wusses.

[Drammach]

From link:http://www.annoyances.org/exec/forum/win2000/t1061426385

I had a user today that was experiencing symptoms similar to those from "download.trojan".
She had Symantec anti-virus, which detected it, but could not remove it. I had
her try ZoneAlarm and told her to send me a HijackThis log.

ZoneAlarm immediately found C:\WINDOWS\System32\wintsvsu.exe trying to make an outbound
connection.

HijackThis also showed this suspicious entry

O4 - HKCU\..\Run: [WCPS] C:\WINDOWS\System32\wintsvsu.exe

which was in this Registry key:

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

Usually I find a lot of viruses/worms hiding in

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

but the Run key in HKEY_CURRENT_USER was new to me.

The user deleted the entry from her Registry, went into TaskManager->Processes and
killed the wintsvsu.exe entry, and was then able to delete the file from System32.

There isn't a lot of info about wintsvsu.exe through Google, but the 1 or 2 references
to it do mention spyware.

Good luck

[B4Ranch]

Moosoft.com has The Cleaner, it keeps track of registry keys, files and folders and alerts you to any changes the moment that they occur. You can edit the necessary files because it shows old data and new data.

I love it because it has caught more than Norton ever dreamed of

[Squantos]

Kewl .............Thank Yeeeeeew !

Stay safe !