I thought that if you have NAV installed and up to date, you are
protected from known virusses and trojans. ANyone have a nidea why we
got hit with the backdoor.wininetd trojan even with NAV installed and
up to date? Starting on 5/28 at 3PM, we started getting notices that
a file was infected , but Norton couldn't delete the file. Checking
symantec's site for the page about this virus, it showed the registry
entries that WERE made by the trojan and the exe was in use (we
couldn't delete it, but looking in task manager failed to show it so
we could kill it there). So the trojan did run at some point /
currently to be able to add the registry entries. but NAV is up to
date!?

Since your problem is with a Symantec product, you need
to contact them for assistance: http://www.symantec.com/techsupp/


--=20
Nicholas

-------------------------------------------------------------------------=
---------------

"David" > wrote in message:
om...

| I thought that if you have NAV installed and up to date, you are
| protected from known virusses and trojans. ANyone have a nidea why we
| got hit with the backdoor.wininetd trojan even with NAV installed and
| up to date? Starting on 5/28 at 3PM, we started getting notices that
| a file was infected , but Norton couldn't delete the file. Checking
| symantec's site for the page about this virus, it showed the registry
| entries that WERE made by the trojan and the exe was in use (we
| couldn't delete it, but looking in task manager failed to show it so
| we could kill it there). So the trojan did run at some point /
| currently to be able to add the registry entries. but NAV is up to
| date!?

It's obvious to me you bought a lemon.

"David" > wrote in message
om...
> I thought that if you have NAV installed and up to date, you are
> protected from known virusses and trojans. ANyone have a nidea why we
> got hit with the backdoor.wininetd trojan even with NAV installed and
> up to date? Starting on 5/28 at 3PM, we started getting notices that
> a file was infected , but Norton couldn't delete the file. Checking
> symantec's site for the page about this virus, it showed the registry
> entries that WERE made by the trojan and the exe was in use (we
> couldn't delete it, but looking in task manager failed to show it so
> we could kill it there). So the trojan did run at some point /
> currently to be able to add the registry entries. but NAV is up to
> date!?

Do you have a Firewall installed ?
The backdoor Trojan was sent to you whilst you were
browsing the internet. A firewall may have prevented the
infection.

Do you run a full scan of Nortons AV regularly ?

>-----Original Message-----
>It's obvious to me you bought a lemon.
>
>"David" > wrote in message
om...
>> I thought that if you have NAV installed and up to
date, you are
>> protected from known virusses and trojans. ANyone have
a nidea why we
>> got hit with the backdoor.wininetd trojan even with NAV
installed and
>> up to date? Starting on 5/28 at 3PM, we started
getting notices that
>> a file was infected , but Norton couldn't delete the
file. Checking
>> symantec's site for the page about this virus, it
showed the registry
>> entries that WERE made by the trojan and the exe was in
use (we
>> couldn't delete it, but looking in task manager failed
to show it so
>> we could kill it there). So the trojan did run at some
point /
>> currently to be able to add the registry entries. but
NAV is up to
>> date!?
>
>
>.
>

Go to symantecs site and get the removal instructions.
Boot up in safe mode and remove the registry entries per
the directions. Depending on what kind of trojen it is
even after removale your system may still be comprimised,
because there could have been keylogging software, etc..
loaded on your machine without your knowledge. As far as
the deletion, try quarantining the file first then try to
delete it.

hth,
aaron
>-----Original Message-----
>Do you have a Firewall installed ?
>The backdoor Trojan was sent to you whilst you were
>browsing the internet. A firewall may have prevented the
>infection.
>
>Do you run a full scan of Nortons AV regularly ?
>
>>-----Original Message-----
>>It's obvious to me you bought a lemon.
>>
>>"David" > wrote in message
om...
>>> I thought that if you have NAV installed and up to
>date, you are
>>> protected from known virusses and trojans. ANyone
have
>a nidea why we
>>> got hit with the backdoor.wininetd trojan even with
NAV
>installed and
>>> up to date? Starting on 5/28 at 3PM, we started
>getting notices that
>>> a file was infected , but Norton couldn't delete the
>file. Checking
>>> symantec's site for the page about this virus, it
>showed the registry
>>> entries that WERE made by the trojan and the exe was
in
>use (we
>>> couldn't delete it, but looking in task manager failed
>to show it so
>>> we could kill it there). So the trojan did run at
some
>point /
>>> currently to be able to add the registry entries. but
>NAV is up to
>>> date!?
>>
>>
>>.
>>
>.
>

On rare occasions viruses and Trojans slip by AV programs.

--

Harry Ohrn - MS MVP (Windows Shell/User]
www.webtree.ca/windowsxp/
www.webtree.ca/newlife/


"David" > wrote in message
om...
> I thought that if you have NAV installed and up to date, you are
> protected from known virusses and trojans. ANyone have a nidea why we
> got hit with the backdoor.wininetd trojan even with NAV installed and
> up to date? Starting on 5/28 at 3PM, we started getting notices that
> a file was infected , but Norton couldn't delete the file. Checking
> symantec's site for the page about this virus, it showed the registry
> entries that WERE made by the trojan and the exe was in use (we
> couldn't delete it, but looking in task manager failed to show it so
> we could kill it there). So the trojan did run at some point /
> currently to be able to add the registry entries. but NAV is up to
> date!?

David wrote:
> I thought that if you have NAV installed and up to date, you are
> protected from known virusses and trojans. ANyone have a nidea why we
> got hit with the backdoor.wininetd trojan even with NAV installed and
> up to date? Starting on 5/28 at 3PM, we started getting notices that
> a file was infected , but Norton couldn't delete the file. Checking
> symantec's site for the page about this virus, it showed the registry
> entries that WERE made by the trojan and the exe was in use (we
> couldn't delete it, but looking in task manager failed to show it so
> we could kill it there). So the trojan did run at some point /
> currently to be able to add the registry entries. but NAV is up to
> date!?

Antivirus programs are best at removing viruses - repairing or isolating
infected files. They also have trojan "detection." While they may include a
"dropper virus," the mechnisms of trojans and worms are different than
viruses. Consequently, the detection and repair/isolation methods are
different too. It's not unusual for total cleanup of these nasties to
include additional steps that need to be performed manually.

"Up to date" is only part of safe computing. It is your best guarantee for
protection but it is never 100% protection. New viruses, trojans and worms
are always being discovered. Even when up to date, there is conceivably many
new dangers that have not been addressed yet by the most recent definitions.

In all fairness, Norton's did alert you to the trojan. It was not able to
clean it and informed you of that fact too. It is up to you to take the next
steps. Look the trojan up at the Symantec website for cleanup directions and
for a description of how the trojan enters the system. Use that information
to clean the system and to avoid a repeat of the situation.


--
Sharon F
Microsoft MVP, Windows - Shell/User

> Do you have a Firewall installed ?
> The backdoor Trojan was sent to you whilst you were
> browsing the internet. A firewall may have prevented the
> infection.

You need to go look up what a firewall does.

(Hint: It won't stop incoming packets on ports that are open or on protected
ports with an established TCP connection.)

--

-- Dan