| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 53631 | 2005-01-22 22:40:00 | Can't get rid of navprotect | bpt2 (6653) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 317088 | 2005-01-22 22:40:00 | I have so far tried in vain to remove navprotect a trojan horse IRC/BackDoor.SdBot.109.BA which keeps recreating itself in the system32 folder. It is detected by AVG and successfully deleted but just comes back after a reboot (with system restore turned off). The object details in AVG show that the source of the file is a backup copy. If system restore is turned off could there be some other program that keeps backup copies? Any suggestions? |
bpt2 (6653) | ||
| 317089 | 2005-01-22 22:50:00 | Try this www.simplysup.com Make sure its up to date, then do a scan Or do a online scan here http://housecall.trendmicro.com/ or try this vil.nai.com |
Speedy Gonzales (78) | ||
| 317090 | 2005-01-23 00:10:00 | hey there, have you tried running hijackthis as mentioned in the other thread? i noticed that i have it too so i ran hijackthis and i am brought to screen (www.csc.school.nz). i have marked the dodgie ones, are they safe to delete, you may need to do the same. | Prescott (11) | ||
| 317091 | 2005-01-23 05:53:00 | I've run hijack this a number of times to remove navprotec but it just keeps reappearing. A scan by Trendmicro identified three trojans (asa.dbx, cmd.ftp and kalvslij.exe) which it could not clean; but no mention of navprotect! Does changing the extenstion to 000 disable any program file? |
bpt2 (6653) | ||
| 317092 | 2005-01-23 08:23:00 | I've run hijack this a number of times to remove navprotec but it just keeps reappearing. A scan by Trendmicro identified three trojans (asa.dbx, cmd.ftp and kalvslij.exe) which it could not clean; but no mention of navprotect! Does changing the extenstion to 000 disable any program file? Looking forward to see how this is sorted.Sounds tricky. :badpc: |
Cicero (40) | ||
| 317093 | 2005-01-23 08:48:00 | well in the other thread i mentioned removing it from startup list in msconfig also since (from the screenshot) HijackThis apparently removes the reg keys infected... i myself am confused. ill do some lookin around for ya and if i find anything worth trying ill let you know. |
Onyks (6908) | ||
| 317094 | 2005-01-23 08:56:00 | www.webuser.co.uk that didnt take long... i do not know this forum nor the posters/mods on it. Take it as it is. The person with the problem seemed to helped fully so i would say make a restore point or whatever you can do to backup files then follow the posts directions. good luck! |
Onyks (6908) | ||
| 317095 | 2005-01-23 08:58:00 | ugh yes me again sorry, i revisited the site and just to let you know you do not have to read all of the filenames/locations... pretty much the first post can be left out. just to save some time, im sure you are frustrated. | Onyks (6908) | ||
| 317096 | 2005-01-23 09:25:00 | I think I nailed it. I deleted a trojan in the windows\security folder (asa.dbx) and that seemed to do the trick. Thanks |
bpt2 (6653) | ||
| 1 | |||||