how to find a trojan?

[Xylob the Destroyer]

while surfing yesterday, Norton popped up a threat warning saying that a file named "Trojan.Download" was causing problems, but couldn't be quarantined, stopped, fixed, or removed.
It couldn't tell me the location of the file though.....

I ran all of my weekly maintenance programs (Norton LiveUpdate, Windows Update, 3 different drive cleaners, 2 different registry cleaners, AdAware with it's most aggressive settings, and a complete system scan with Norton), and my machine came out with a clean bill of health.
None of the programs could find any malicious code, viruses, trojans, worms, or spy-ware.

But I can't empty my recycle bin.
and I can't use Outlook. Everytime Outlook tries to run a send/receive, Norton freaks out and pops up an error/warning box saying that it "...cannot access the temporary folder...".
I'm sure that if I disable Norton's email scanning, I use Outlook again, but at what price?

Can anybody recommend a tool for finding, identifying, and hopefully removing the problem?
I've tried Googling "trojan.download", but only come up with trojan.download.something-else-extra-added-on -- nothing that described the problems I'm having.

TIA!

[redwudz]

It's too bad it doesn't have a more descriptive name. Just 'Trojan.Download' is too generic to search for.

You might try 'HiJack This'. There are other programs at the Merijin site that may help also. These removal programs can cause damage to your system, so be careful.

At least if you find the true name of the trojan, it may be easier.

http://www.spywareinfo.com/~merijn/downloads.html

I've had some trojans disable my antispyware programs and block updates. Booting in safe mode sometimes keeps the trojan from loading and you can run your antitrojan software there and detect it and destroy it that way.

Oh, one other thing. You may want to shut off the 'Restore' function in Windows. Some of the more sneaky programs hide a copy of their code there and load it back in after you cleaned it out.

[Xylob the Destroyer]

I'm running Win2K on this machine, so the restore isn't really an issue.
thanks for the input, I'll keep diggin'...

[TooLFooL]

norton will show you the location of that file if you click on it in that box. it's gonna be an HTML file that it couldnt delete. you can just go there and delete it. you must type the path name in the address bar cause windows wont show the folder. it'll be something like:

c:\documents and settings\*username\local settings\temporary internet files\content.ie5\07T72EJP\*filename

....something like that. find the file. DO NOT DOUBLE-CLICK IT! just delete it! thats all, no big deal, just some crap from a malicious website.

[Xylob the Destroyer]

already looked there.
all the funky named folders in the Content.IE5 folder are empty -- it's the first place i looked...

[TooLFooL]

in that case its possible it never actually made it to your hd. honestly, i wouldnt worry. i use norton and have seen this many times. (when i'm on the sites i shouldnt be on)
you should be able to see it in the log. open norton, click antivirus, reports, view activity log. when that opens, look under norton antivirus\threat alerts. provided norton keeps a log, thats where taht alert will be stored.

[Xylob the Destroyer]

...(when i'm on the sites i shouldnt be on)...

indeed.... how did you know?!?

anywhoooo, Norton's logs don't show anything. no mention of the initial alert, no mention of the tons of email alerts that popped up during the night while I was sleeping (Outlook does a send/receive every 5 minutes, times 8 or 9 hours = a lot of popups to click on!). nothing, not a damn thing in Norton's logs....

regardless, I still can't empty my recycle bin or use my outlook for email now...

[TooLFooL]

sorry, i totally misses the part about the problem you were having. i found this...

http://symantec.atgnow.com/consumer/resultDisplay.do?gotoLink=101&docType=1000&context...sultType=5000#

ive never had the problem you describe. maybe you dont have a virus, but something just got jacked up? btw, is your browser set to delete temp files on exit? saves a lot of trouble.

[isogonic]

if all your other malware apps came up clean, i woulnt worry about it to much. they are all capable of false positives.
you may want to try a online scan or two here:

BitDefender Free Online Virus Scan
http://www.bitdefender.com/scan/licence.php
check AutoClean under Scan Options.

Panda ActiveScan
http://www.pandasoftware.com/products/activescan?NRMODE=Published&NRORIGINALURL=%2fact...ACHEHINT=Guest


Housecall at TrendMicro
http://housecall.trendmicro.com/housecall/start_corp.asp
check Auto Clean.


eTrust Antivirus Web Scanner
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
-----------------------------------------
always good to have a trojan specific app on your computer also. AV is only good for the more popular trojans.

a squared free
ewido security suite (w2k,xp only)limited version after 14 days
trojan hunter 30 day trial version
the cleaner 30 day version

http://security-central.us/SafeHex/index.htm

[redwudz]

I don't want to ruin your day, keep trying with some of the suggestions offered. But back up your important files, just in case.

I've had one attack where I accidentally hit the key for 'yes, I will download all your unknown crap programs and completely destroy my computer', though I think it had a different name.

I ripped out the 17+ trojans, viruses, screensavers, toolbars, etc. that had been downloaded in .1 seconds. (Hi speed connections have a downside.) I removed them from the registry and anyplace I could find them. Destroyed a fair part of the OS in the process.

I ended up reformatting and reinstalling the OS. Then I reinstalled my Favorites from IE, and in doing so reinstalled all the malware package once again.

I run AVG, Spybot, Spyware Blaster, Windows firewall, a hardware firewall in my router, Protowall (To filter ISPs), Adaware and a couple of others now.

Hijack This seemed to be the best remedy. But you have to be very careful as it can easily remove OS programs.

Good luck! Keep us posted. And do your backups.

[Xylob the Destroyer]

fortunately, I back-up my important stuff on a fairly regular basis.
what you just described happened to me not too long ago on my XP machine.... took 2 seconds to massively infect my PC, took 4 hours to get rid of all the bad stuff, and wound up destroying my registry in the process. It was probably time for a reformat/re-install anyway.

I've been fighting with this since this morning and gaining no headway....
Reformat and re-install is starting to look more and more like the only viable option at this point.

thanks for all the input tho guys!

i'll keep fighting this until I completely lose all my patience

[Supreme2k]

I was all ready to help you, but then found out that you have a misleading title.

I was ready to give you the name of a reputable pharmacy.

[Xylob the Destroyer]

c'est la vie...
i thought you were referring to my personal title of "Destroyer" at first, which would have been a fatal mistake on your part.

but as for what you speak of, that's what the orthro evra patch on my old lady is for.

[jollyjohn]

G'day
Download free Ewido. Install, update, and do a full system scan. It never fails.
John

[garry]

As REDwudz said , Dont forget to run your apps in "safe mode", ie start machine , get into setup & then safe mode.

I have one PC at present that removed the Lodear trojan (I hope), however I cannot enter the registry as it has been played with by the trojan as well as unable to run " spybot search & destroy".

[BJ_M]

Norton IS a trojan