downloader.trojan

I updated my virus definitions and ran a full scan this morning. The result was that I had a virus, Downloader.trojan. I followed the instructions from Symantec. I disabled System Restore, restarted in Safe Mode, ran a full scan. The infected file was identified as C:\WINNT\system32\stcloader.exe. Norton said something about not being able to repair the file. Under the Quarantine area, it showed the stcloader.exe twice under the backup items and also showed a file, syscpy1.exe from earlier this week. The only instruction I didn't follow was to do stuff in the registry. Quite frankly, I don't feel confident enough in my computer skills to mess around in the registry.
My questions are have I done what I need to do to protect my computer? Are these files that can't be repaired something my computer needs? How did I get this virus? I'm pretty good about keeping my definitions up to date and running regular scans. I thought the whole idea of my firewall and virus software was to keep this stuff out of my computer in the first place, not neccessarily to just catch it after the fact.

 

Hi again Bucksone,
do you know about the EICAR test "reviewer" file?
It's not a virus itself; rather, it's a tiny file which should set the alarm bells or whatever ringing on any virus-busting software. Industry standard test, if you like. The idea is to check your defenses, see if they are set up correctly. I send it to myself every now and then just to check...
I don't run Norton, so I am not familiar with its setup options... but in most AV software is an option to turn on/off "real time checking ". It does sound rather as if yours might have been disabled?
Although the EICAR is quite harmless in it's own right, and is copy/pastable from plain text, I hesitate to put it up here because it might cause all sorts of chaos!
You should find it in the help for your Antivirus software, I'd guess.
best wishes, HJ.

edited to remove typingf errobs

 

further to previous
a new strain of Downloader.trojan is very recent (there are a bewildering number of related malware), would only have been included in AV defs very recently.
HJ

 

Hello Bucksone,

A good idea to cross-check NAV every once in a while. This site offers a menu of free on-line virus/trojan scans:

http://www.wilders.org/free_services.htm

As a rule: AV's do not do as well with trojans as they do with viruses.

Download and do regular sweeps of your system with:

SpyBot: http://tomcoyote.org/SPYBOT/ !download and tutorial

http://www.lavasoft.de/software/adaware/

Update both immediately before scanning.

EICAR home page, instructions on how to use:http://www.rexswain.com/eicar.html

Regards - Charles

 

Thanks for the EICAR tip!

Norton flagged it and removed it during the unzip. I'll sleep better tonight! LOL

Johanna

 

Norton caught the EICAR for me as well. I feel confident that my computer is OK at this moment, at least. I guess this little episode has demonstrated the need to be ever vigilant against people who seem to have nothing better to do with their time.