Could backdoor trojan be a generic name? Symantec is known to detect trojan appz, possibly altered or generated by another app. It is quarantined because it is still active. Best bet is to
1. Boot into safe mode or emergency console (you have to allow group policy to access other drives/folders other then %SystemRoot% (i.e. Winnt32 or Windows) -- Delete the file or to trick the virus replace it with another application (rename it to same name/file extension). Virus most likely is executed w/in registry. If virus already detects the .exe it will not attempt to re-create it, and will blindly execute it (99% of the time). Even if other executables are infected, the virus is most likely only memory resident in one instance. 2. Locate registry entry of trojan/virus in registry, search for the name, search for any associated .dlls with the virus. Remove it from registry or point the path to another app (that will not harm your PC), reboot, the virus will check to make sure the registry entry is already there (if you delete it it may re-input it as you are shutting down).. It will execute the harmless app on reboot, you can clean the virus that way. 3. In emergency console you can replace any files that are not curable (if any) from a floppy or i386 cache. Good Luck, George -----Original Message----- From: McCleskey, David [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 10:03 AM To: 'Flory D Jeffrey Contractor 59MDSS/MSISI' Cc: Security Basics (E-mail) Subject: RE: Question for all Here is a link to trend http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ_BDFR.SV R it lists some information and you can use their online scan. David -----Original Message----- From: Flory D Jeffrey Contractor 59MDSS/MSISI [mailto:[EMAIL PROTECTED] Sent: Friday, August 01, 2003 8:23 AM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: Flory D Jeffrey Contractor 59MDSS/MSISI Subject: Question for all A friend of mine recently went from Windows ME to Win2K, but now he has a trojan on his computer. He is running Norton Anti-virus, and it will not clean it off, it will only quarentine it. The affliction is: Backdoor.Trojan, and it has placed a hidden folder on his hard drive called: Payload.Dat. He cannot get ride of it. We have tried doing a search on the internet for some kind of information pertaining to this, but we had no luck. We also tried all the antiviral websites but they do not have a tool for this. My question is: Has anyone ever heard of this, and if so, how do you clean it off. Thanks in advance for any assistance, anyone can provide. Jeff --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------