[thelist] trojan

[Janet FitzGerald]

Hey Everyone,

I'm sorry I haven't gotten back to everyone sooner.  I'm in Kansas and had a
power outage from the ice storms.  It's next to miserable, but awesomely
beautiful, here.

Anyway, I'm about ready to give up on McAfee support.  They gave me a "DOS
Scan with Clinic" to run on my machine.  I noticed that it's 10 months old.
Then, before running it, I was supposed to copy four files into a newly
created folder (containing the DOS Scan): Names.dat, Scan.dat, Extra.dat,
and Clean.dat.  Well, Extra.dat was nowhere to be found.  I ran it, anyway.
It pulled up about 40 files that it couldn't open or clean, I guess.  I'm
not clear as to whether I should delete these files, or what.

To answer the question "what worm is doing this"... As far as I can tell,
it's called Backdoor-wk.  Does that sound familiar?  I could not bring up a
specific definition to this ugly devil.  I checked McAfee's definitions, and
Symantec's, though I could find general information about Backdoors.

I'm going to take the advice from below and see what I can do with it.  I'll
keep you updated.

Off topic,...Is this Vic Wooten the same Vic Wooten that plays the best bass
I've ever heard and part of Bela' Fleck and the Flecktones???  Is it
possible?  Naaaaaa.  ....maybe?

Much appreciation for everyone's input.

Janet

>
> Janet,

>
> > Hello Everyone,
> >
> > Does anyone have experience getting rid of a trojan backdoor virus?
>
> I clean machines on a regular basis at the computer shop I work in. I can
> give you some helpful hints, but without knowing exactly what
> worm you have,
> I can't give you anything specific. Some are relatively easy....a piece of
> cake. Some are extremely difficult, and challenging to say the least. With
> some of the most recent lovelies, you can download free tools
> from Symantec
> that will do "most" of the work for you. You may find it necessary to edit
> the registery, and delete certain corrupt Windows system files. You will
> have to unpack those files and replace them from your Windows CD.
>
> One of the tools (free) that I use in the shop is F-Secures free dos
> scanner, F-Prot. It doesn't always help me remove the virus/worm, but in
> most cases, it will positively identify the worm. You have to know exactly
> what it is you're dealing with!
>
> You can download the tool here...
>
> ftp://ftp.f-secure.com/anti-virus/free/
>
> Make a folder, and download fp-311a.zip, fp-def.zip, and
> macrodef2.zip, and
> unzip them in the folder you've created. The fp-311a.zip file is the main
> program. When you unpack the other two, you will be prompted
> about replacing
> certain files. Replace them. They are updates to the original defs. Reboot
> your machine to dos, and CD to the folder you unpacked the files in. Type
> f-prot to run it. Use the "Tab" key to navigate the menu. Set the file
> scanning to "Dumb scan all files", and set to "Disinfect/Query".
> Let me know
> what you find.
>
> BTW, I've already seen a couple of REs making reference to McAfee
> Virusscan.
> I don't recommend it for several reasons.
>
> HTH
>
> Vic
>
> > Janet
>