AAA crud Trojan detected

[Hi all

I just updated my Norton system works 3.0 AV. and ran System Doctor. I was surprised to see sign that seed WARNING THIS COMPUTER HAS A VIRUS . I was prompted to fix it and clicked yes. Norton seed it fixed the virus and gave me this name ( C:\windows\applc~1\mircos~1\inte… Back Door Trojan ) and (C:\ **** MPG… Back Door Trojan). I ran a search and found the pornMPG (I never download MPG’s cuzz it takes to long with a 56K connection) and deleted it manually. I could not fined the other Trojan.

I also have AVG 6.0 installed and keep it updated and it is not detecting anything. I never go on line without Zone Alarm firewall on.

Can someone please answer these questions?

1. What is a (Back Door Trojan)?
2. How can I prevent this from happening again?
3. Why is my Norton AV still detecting them (I deleted the mpg one)?
4. How did they get past AVG and the firewall?


Thank you for your time!

Tom Cat

 

To reply silghtly out of the order in which you asked:

1. Trojan/trojan horse/back door/etc. - programs that you got either from infected email, infected download, or infected software. They put a little program on your computer that allows for remote control of the PC. In addition to the usual ways of getting infected, I have heard of at least one game (from EZBoard) that places a trojan as part of the setup process.

2. Your AV software should have caught the thing either by having that specific one in it's virus defs or by noting a potentially dangerous pattern and warning you.

3. Your firewall is not designed to stop this sort of thing from getting to your computer. It should, however, protect you once you are infected by blocking attempts to connect to the program from outside. Again however, some of the interactive gaming programs require you to open a port in your firewall in order to play. Thus, a nice hole in the firewall thru a TCP port whose number is known.

4. You are probably still being notified you are infected because you didn't remove all traces of the critter. Check the web site for your AV software. It should have complete instructions for doing a manual removal of any viri they know about. There may be a remaining registry entry or something.

5. You are taking all reasonable efforts to prevent infection by running an AV package (assuming you keep the defs updated) and a firewall. The only way to be really sure is 1) stay off the net and email 2) never load any new software. Neither of these is very practical so there will always be a slight risk. For that reason, I suggest you keep a good backup of any files/data/etc. you don't want to lose. That way if you have a disaster, you can format and install clean copies.

 

Humm I see, gees I will just have to keep a closer eye on things, at least the Trojan didn’t do any thing to my PC.


Tom Cat