Hi, My norton antivirus found the trojan Backdoor.Sinit, but it can't deleted it. I went in symantec website, where it's explained that it's easy deleting this trojan...And anti-trojan 5.5 doesnt' find it too. What can I do? Many thanks for your answers But it's still in c:\windows\system32\svcsinit.exe, and I can't delete it.

Download 'Hijack This!'. Unzip, doubleclick HijackThis.exe, and hit "Scan". When the scan is finished, click "Save Log", and copy and paste it in a reply. HijackThis!

Go to start/run and type in "msconfig" w/out the quotes. Go to the Boot.Ini tab and place a check mark in /safeboot hit ok and say yes to the restart. The system will automatically start in safe mode. You should then be able to delete the file and I hope you already took the steps to clean the registry. KTTD

Logfile of HijackThis v1.97.2 Scan saved at 11:45:53 AM, on 10/19/2003 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: E:\WINNT\System32\smss.exe E:\WINNT\system32\winlogon.exe E:\WINNT\system32\services.exe E:\WINNT\system32\lsass.exe E:\WINNT\system32\svchost.exe E:\WINNT\system32\spoolsv.exe E:\WINNT\System32\svchost.exe E:\Program Files\Norton AntiVirus\navapsvc.exe E:\WINNT\system32\regsvc.exe E:\WINNT\system32\MSTask.exe E:\WINNT\system32\stisvc.exe E:\WINNT\System32\WBEM\WinMgmt.exe E:\WINNT\System32\svcinit.exe E:\WINNT\Explorer.exe E:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe E:\PROGRA~1\NORTON~1\navapw32.exe E:\WINNT\loadqm.exe E:\Program Files\QuickTime\qttask.exe E:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe E:\Program Files\MSN Messenger\MsnMsgr.exe E:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe E:\Program Files\Internet Explorer\iexplore.exe E:\Program Files\Internet Explorer\IEXPLORE.exe E:\PROGRA~1\DAP\DAP.exe E:\Program Files\WinRAR\WinRAR.exe E:\DOCUME~1\JOHNEA~1\LOCALS~1\Temp\Rar$EX00.953\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://www.searchalot.com/ O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - E:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - E:\Program Files\Yahoo!\Companion\ycomp5_1_6_0.dll O2 - BHO: (no name) - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - E:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - E:\WINNT\System32\DReplace.dll O2 - BHO: DNSErr object - {1E1B2879-88FF-11D2-8D96-D7ACAC95951F} - E:\WINNT\DNSErr.dll O2 - BHO: (no name) - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - E:\WINNT\System32\LightFrameIECOM.dll O2 - BHO: (no name) - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\ycomp5_1_6_0.dll O3 - Toolbar: My &Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - E:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - E:\WINNT\system32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [EM_EXEC] E:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.exe O4 - HKLM\..\Run: [NAV Agent] E:\PROGRA~1\NORTON~1\navapw32.exe O4 - HKLM\..\Run: [NeroCheck] E:\WINNT\System32\NeroCheck.exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [VB_run] E:\WINNT\comctl_32.exe O4 - HKLM\..\Run: [MMTray] E:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe O4 - HKCU\..\Run: [MsnMsgr] "E:\Program Files\MSN Messenger\MsnMsgr.exe" /background O4 - HKCU\..\Run: [Yahoo! Pager] E:\PROGRA~1\Yahoo!\MESSEN~1\ypager.exe -quiet O8 - Extra context menu item: &Download with &DAP - E:\PROGRA~1\DAP\dapextie.htm O9 - Extra button: Related (HKLM) O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM) O9 - Extra button: Yahoo! Messenger (HKLM) O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM) O9 - Extra button: Downloads (HKCU) O9 - Extra button: Searchalot (HKCU) O15 - Trusted Zone: *.masspass.com O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Fun Web Products Installer Start) - http://imgfarm.com/images/nocache/funwebproducts/SmileyCentralInitialSetup1.0.0.5.cab O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.trojanscan.com/trojanscan/TDECntrl.CAB O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37905.8799305556 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Logfile of HijackThis v1.97.2 Scan saved at 17:36:21, on 21/10/2003 Platform: Windows 2000 SP1 (WinNT 5.00.2195) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINNT\System32\smss.exe C:\WINNT\system32\winlogon.exe C:\WINNT\system32\services.exe C:\WINNT\system32\lsass.exe C:\WINNT\system32\svchost.exe C:\WINNT\system32\spoolsv.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe C:\WINNT\System32\Ati2evxx.exe C:\WINNT\System32\svchost.exe C:\Archivos de programa\Norton AntiVirus\navapsvc.exe C:\WINNT\system32\regsvc.exe C:\WINNT\system32\MSTask.exe C:\WINNT\system32\stisvc.exe C:\WINNT\System32\svcinit.exe C:\WINNT\Explorer.exe C:\Archivos de programa\DELL\AccessDirect\dadapp.exe C:\WINNT\System32\Atiptaxx.exe C:\Archivos de programa\DELL\AccessDirect\DadTray.exe C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe C:\WINNT\loadqm.exe C:\Archivos de programa\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe C:\ARCHIV~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe C:\WINNT\System32\internat.exe C:\Archivos de programa\MSN Messenger\MsnMsgr.exe C:\Archivos de programa\Caere\PageKeeper30\system\PKJobs.exe C:\Archivos de programa\WinZip\WZQKPICK.exe C:\Archivos de programa\Caere\PageKeeper30\SYSTEM\PKTOPASS.exe C:\Archivos de programa\Caere\PageKeeper30\SYSTEM\PKSlapi.exe C:\Archivos de programa\Internet Explorer\iexplore.exe C:\ARCHIV~1\WINZIP\winzip32.exe C:\Documents and Settings\Miguel Millán\Configuración local\Temp\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:/// R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:/// R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http:/// R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.eresmas.com/ R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http:/// R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos O1 - Hosts: 209.8.166.99 sleazy.ath.cx O1 - Hosts: 209.8.166.99 hornylist.ath.cx O1 - Hosts: 209.8.166.99 www.pichunter.com O1 - Hosts: 209.8.166.99 www.cowlist.com O1 - Hosts: 209.8.166.99 www.searchv.com O1 - Hosts: 209.8.166.99 www.sleazydream.com O1 - Hosts: 209.8.166.99 mmm100.com O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: HTML Source Editor - {086AE192-23A6-48D6-96EC-715F53797E85} - C:\WINNT\System32\DReplace.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [DadApp] C:\Archivos de programa\DELL\AccessDirect\dadapp.exe O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [ccRegVfy] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccRegVfy.exe" O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [HP Lamp] "C:\Archivos de programa\Hewlett-Packard\HP PrecisionScan\PrecisionScan Pro\hplamp.exe" O4 - HKLM\..\Run: [CreateCD] C:\ARCHIV~1\Adaptec\EASYCD~1\CreateCD\CreateCD.exe -r O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.exe" /background O4 - Global Startup: Microsoft Office.lnk = C:\Archivos de programa\Microsoft Office\Office\OSA9.exe O4 - Global Startup: Trabajos de PageKeeper.lnk = C:\Archivos de programa\Caere\PageKeeper30\system\PKJobs.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Archivos de programa\WinZip\WZQKPICK.exe O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab O16 - DPF: {1E5592CB-8F5B-46F8-9EA6-65C01213808A} (InstaladorBetyByte Control) - http://www.cocacola.es/uploads/cab/instaladorbetybyte.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab O16 - DPF: {C4660846-8760-4852-8154-82438E33E383} (FileSharingCtrl Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/FileSharing/es/filesharingctrl.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://fdl.msn.com/public/chat/msnchat45.cab O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B717456F-A7C7-4B92-9459-16466368A04B}: NameServer = 80.58.0.33,80.58.32.97