HELP! NAV won't tell me Virus' Name so I can emlimiate it!

[mrlar]

Please, I hope someone can help me!
Norton has detected that I have a trojan on my system (NAV let it slip through). However it will NOT tell WHICH ONE it is so I can research how to get rid of it on my own. All it will say is that it is "Backdoor.IRC.Trojan" -- but it won't say WHICH ONE. In looking around on the net, I see there are many different types of Backdoor.IRC.Trojans (such as "Backdoor.IRC.Aladinz.G", etc) -- and each one has different instructions on how to fix the problem. Symantec themselves keeps pages on the various fixes for them (the detailed instructions I saw on how to get rid of the "Aladinz" version came from Symantec's own page) -- yet from NAV2007 I find NO WAY TO TELL which variant of trojan it is so I can get rid of it. It appears as if they almost seem to do this on purpose, forcing people to pay their staff in India $99.95 to get rid of it for you, by keeping the name of the virus secret.

Is there some way in NAV (or other) to find out the VARIANT of trojan I have so I can take care of it myself?

PLEASE help. I will no longer buy Symantec again if this is the case, because I forsee this problem happening again in the future.

Here's the details:
WinXP SP2. The program affected is "MIRC.exe" (an IRC program). NAV detects a "Backdoor.IRC.Trojan" on the system, and "protects" the computer by immediately deleting MIRC and refusing to let me re-install it from the clean CD-ROM. I've done everything I can think of: I've taken off System Restore, I've run the scans in both normal and safe modes, Norton detects it and "takes care of it" -- but of course it's still there because the registry needs to be changed. This is why I need to be able to idenfity WHICH trojan it is, so I can do the proper registry change and delete it.
I tried an on-line scan from Trend (didn't find it).

Please, there's got to be some way (maybe a hidden or burried command) in NAV for me to find out more details on exactly WHAT trojan it is so I can then look up the steps to delete it properly myself. Norton "taking care of it" doesn't do the job because the registry's not being fixed.

Please help, anybody!

 

[aloa63]

I have somehow the same problem.Norton 2008 says you are infected by Trojan.zlob but when I scan in safe mode restore registery off Norton can not fix it and by restarting again the nasty trojan comes up and bothers !

 

[mrlar]

Just an edit...

My computer has been cleaned.
NOT by Symantec.
I will no longer buy their products.
The F-Secure On-Line scanner did what Symantec refused to do: TELL ME WHAT MALWARE I ACTUALLY HAVE (and it even removed it successfully for me).

I'm not even mad that Symantec let the malware through. I realize that programs are never 100% perfect, especially on something like malware. What really turned me off on Symantec was the way that the program WOULD NOT TELL ME WHICH Malware I had -- only a generic "IRC.Backdoor.Trojan"

Their "customer support" was only to tell me "try it with system restore off" (something I already indicated I did in my email to them) and then told me for $100 their agents will remove it for me -- but that they (free "customer service") won't tell me anything else (including the actual STRAIN of virus I have).

This is how companies lose customers.

My computer is now clean and free of malware and viruses -- thanks to F-Secure's online scanner. I'm not sure which company I will use for my security needs, but you can be sure, it will NOT be Symantec. I don't like companies that practice extortion -- and make no mistake, that's what this is. I pay for Norton AntiVirus, a virus gets in (as it occasionally might do), but not only do they want to charge their customers yet again to remove it, THEY WON'T TELL YOU WHICH VIRUS YOU HAVE to prevent the customer from trying to remove it themselves.

I have a long memory, and they have lost me for life.

I realize that with some viruses NAV will say what the user has -- but not for a lot of them, especially malware.

It turns out, as F-Secure's online scanner said, I had the "W32" Malware (at least F-Serve told me what I have!) But even better, their on-line scanner cleaned my system. The W32 was located in two files (both called "READREG.EXE", located at different places on the C drive).

Now I load my mirc.exe and it works fine. And my computer (at least for now) is clean.

Again, make no mistake. I'm not mad at NAV for letting a virus slip through. I realize nothing is perfect. But I will NOT deal with a company that practices extortion -- you pay us for protection, and if something happens, you have to pay us again (in this case, $99.95) for us to remove the threat -- but we won't what the exact threat is so you can remove it yourself.

Kiss my money goodbye, Symantec. You will never get another dollar from me. I will do some research now on some of the various other options.

So just am posting here to let you know my problem is resolved. As someone who tried 4 on-line scanners from different companies, I would highly recommend users having problems with Symantec try "F-Secure"'s online scanner. At least for me, it was the only one that told me what I had, and fixed it properly. But now I will do research and go with another company. I don't like trying to be extorted. Say goodbye, Symantec. You've lost another customer.

 

[bugguy51]

mrlar:
Depending on how it's priced and what their support is like, F-Secure A/V is a capable product, and their engineers very proactive. When we were evaluating alternative Enterprise A/V solutions about 2 years ago, their product tested very positively. They only lost out because their Enterprise Management console wasn't mature enough for one guy (The Bug Guy) to manage 5000-plus nodes effectively.

Their site indicates they've got a 30-day trial version for home users--give it a try. It was my experience that the A/V client always uninstalled completely and cleanly.

The Bug Guy

 

[mrlar]

Thanks for the tip. My Norton will run out after the New Years, and I will leave them for someone else. I am inclined to go with F-Secure because even among the other online scanners, theirs was the only one that actually pegged the problem properly (and even fixed it for me). Everyone seems to have a different one they recommend; I'm going to look more throuroughly after the New Years and find a new AntiVirus solution. As I said, I'm inclined to use F-Secure. At least I know if something gets through, they'll stand behind it instead of screwing the customer. Thanks for letting me know your thoughts on it...