Yes another one of these. I have tried to fix the issue myself but I can't figure it out. So I originally found the virus with Symantec Then a new full system scan did not turn anything up. My spyware program shows a Trojan.nnol. When I search google it brings up German websites. Now my windows updates are unable to be turned on and my Symantec real time protection is off and not able to be turned back on. What do I need to do here?

12/22/2008 9:50:30 PM

Are you running the scans and repairs in safe mode?

12/22/2008 10:12:06 PM

I am not.

12/22/2008 11:53:43 PM

one would think that would be an excellent idea

you might want to give it a shot

[Edited on December 23, 2008 at 12:01 AM. Reason : also, it would behoove you to post a hijackthis log]

12/22/2008 11:59:06 PM

http://www.malwarebytes.org/mbam.php

12/23/2008 12:02:01 AM

Also run Spybot in safe mode.

12/23/2008 12:44:42 AM

^all of the above

12/23/2008 1:09:01 AM

I never use spybot these days other than immunizing people's IE. malwarebytes is the shit and will most likely find anything/everything.

12/23/2008 2:30:21 AM

reformat.com

12/23/2008 3:26:19 AM

I had the exact same thing happen to me last night where my windows update turned itself off and I couldn't turn it back on. I am running AVG anti-virus in safe mode right now. I ran Ad-Aware last night and it found some maleware but I haven't found a virus yet.

12/23/2008 8:52:47 AM

excuse the ignorant, why do you suggest running these scans in safe mode?

I'm not sure I even know how to switch between the modes (I will google, no need to embarrass me more)

12/23/2008 11:40:55 AM

safe mode disables networking and a whole bunch of other stuff so that when you scan you get a more complete picture of everything

if a file is in use, you may not be able to scan it because it is locked

before you see the windows logo with the black background, press f8 to choose the mode you want

12/23/2008 11:52:00 AM

The AVG scan from last night said I have a trojan and I sent it to the vault. I ran the scan again this morning and again it said I have a trojan. I just reformatted this thing about 2 months ago because of a possible virus. Could reformatting not have gotten rid of it the first time or is it more likely that I just got another virus since then?

12/23/2008 12:21:58 PM

#2

12/23/2008 12:28:52 PM

Alright if I have to reformat this thing again I want to get some recommendations for anti-virus, anti-maleware, firewall programs. Right now I am using AVG, Ad-Aware, and Zone Alarm free editions.

If there is a software that is good enough to buy I'll take those recommendations as well.

12/23/2008 2:27:33 PM

http://www.ncsu.edu/antivirus/files/SEP11.exe (32-bit)
http://www.ncsu.edu/antivirus/files/SEP11x64.exe (64-bit)

grab SEP before they switch to trend micro in january

12/23/2008 2:33:41 PM

^Virus definitions will not be updated after the completion of the fiscal year, so I would not bother with Norton for virus protection.

12/23/2008 3:30:10 PM

how do you know that?

12/23/2008 4:19:00 PM

SEP11 sucks.

I just bought NOD32 for 10 bucks.

12/23/2008 4:29:50 PM

^^ why would they? SEP currently pulls from an NCSU server, AFAIK, and when the license for that software runs out, where will it pull from?

12/23/2008 4:42:32 PM

Quote :

"Timeline ======== We're currently targeting Monday, January 12, 2009, as our official date to release OfficeScan 8 and VirusBarrier to campus. This date may change depending on the results of some testing that is scheduled to be completed mid-December. Assuming all goes well, and we make our target launch date, we will disable downloads to all Symantec products on Friday, January 30, 2009. Throughout the Spring 2009 semester, we will be coordinating various forms of public communication about the new antivirus software, including The Bulletin, The Technician, OIT News newsletter, and so forth. Our aim is to reach out to as many people as possible. We expect to begin more targeted reminder notices to campus departments and individual users later in the semester, as we begin to identify computers that are still checking in with our existing Symantec parent servers. This will likely occur in mid-to-late-March. At the end of the fiscal year, our license for Symantec products and updates expires. At that time, the Symantec parent servers will be taken offline permanently. This will most likely occur on June 27, 2009 (also subject to change). Existing Symantec clients will begin complaining about virus definitions being out of date 30 days after the last time an antivirus client checks in with the parent server."

[Edited on December 23, 2008 at 4:47 PM. Reason : email]

12/23/2008 4:44:58 PM

NOD32 FTW!

12/23/2008 6:29:58 PM

I've always used the unmanaged versions of Symantec so I wouldn't have to deal with the university, I could just get my updates straight from Symantec. Is there a version of SEP11 that is unmanaged? I've got it on my new pc.

12/23/2008 6:47:43 PM

L2windows

12/23/2008 7:26:02 PM

fail

12/23/2008 7:40:27 PM

Just got back from vacation and have been working on this for a while. Now I'm dealing with spyware guard 2008 (a fake program) and a trojan - Troj/Rustok-N. Soon as this last scan is done I will restart and run everything in safe.

12/31/2008 12:14:17 AM

Help with Trojans?


Step 1: Rip open package.

Step 2: Hold it by the edges and place on the tip.

Step 3: Roll down over your unit.

That should provide ~99.5% protection from viruses!

12/31/2008 12:33:25 AM

Looks like I have everything fixed. Malewarebytes is the heat.

12/31/2008 1:02:16 AM

I try to go to the malwarebytes page, and it just says it doesnt exist ... I think though that this trojan has planed a dns server config on my pc that is intercepting my requests, and killing my access to certain things.

May just have to reinstall windows, though that sucks a big one.

12/31/2008 10:45:30 AM

^Try to boot into safe mode and access the webpage. That should keep your virus from loading and hijacking your browser. I haven't used malwarebytes but if it's like Spybot, you can download, install, update and scan all within safe mode.

12/31/2008 5:43:01 PM

even in safe mode, I cant access it, and I see the dns stuff all changed in the hijackthis log.

I downloaded malewarebytes on my work comp today, so Ill transfer that in a few and run it to see what happens, in safe mode.

12/31/2008 10:16:04 PM

I recently had a RAT (remote access trojan) on my CPU about a few weeks ago. I thought the combo of my anti-virus and manual Windows updates would fix it, but it didn't. After about a week, I decided to go nuclear and just re-install XP. Worked so far, but it was a pain re-d/l every single Windows Update. Took me 1.5 days, but I got a whole lot of space now, and my CPU runs fine now.

1/1/2009 4:19:39 PM