I just reformatted my computer a couple days ago and I haven't used it much since then. I just downloaded a NAV update and it told me I had the Backdoor.trojan virus. (http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan.html) I was able to remove it, but how do I know if I have actually been infected or not? I don't recall clicking on the file and I do not have any noticable signs, except my little computers in the taskbar flash when I am on idle at a site. Is somebody hacking me?! Is it ok for Rundll32 to access the internet? That's one of the files it told me was infected. Somebody please help me!

Put a firewall on your machine and check the traffic log

I think you need to delete your Rundll32 and download a new one. 1. Removing Trojans in Windows 95/98/Me To remove the Trojan * Check the virus analysis for details on the Trojan and its removal. * Go to Start|Programs|Sophos Anti-Virus and run the 'Sophos Anti-Virus' program. * Select the 'Immediate' tab. * Go to Options|Configuration... select the 'Action' tab, tick 'Infected files', select 'Delete' then click 'OK'. * Click the 'Go' button on the toolbar to start the scan. * Delete the files. Run another scan to check it has gone. * Go back to Options|Configuration... select the 'Action' tab, then deselect 'Infected files' and 'Delete'. Click 'OK'. * Reboot and run a final scan to be certain it has gone. If the Trojan cannot be removed because the files are held open by the operating system: * Reboot the PC from a clean startup or system disk. * Delete and replace the infected files manually or using the DOS instructions. http://www.sophos.com/search/index.cgi

Lisa, If your system is running OK,if so, sit tight for a while and don't take any drastic actions. Unless I am mistaken, NAV will identify with more specificity which trogan is the culprit. The message you related is a non specific warning that there is a trogan present. If you can get a more targeted trogan this site has a good list of them and their presence. http://www.simovits.com/sve/nyhetsarkiv/1999/nyheter9902.html It may be neccesary to re-install run32 as mentioned above, but you should at the very least get a good firewall such as ZoneAlarm so you can keep track of this stuff. GoodLuck sheo

hello dont let rundll on the internet at all

Trying To Trace the origin of Backdoor.Trojan Hello, I am running windows xp pro and have The Latest Zone Alarm As well as the Latest Norton 2002 installed on my PC. Norton detected the backdoor.Trojan in a file called winlogon.exe under c:\windows\system virus 2 days late. and sadly found out that the file c:\windows\system\winlogon.exe has bypassed ZoneAlarm !!!! I have deleted that file now and Norton doesn't detect anything else on my pc, I hope this is sufficient. 2 days ago I was running KaZaA and downloading something, I have a strong feeling the backdoor.trojan came through KaZaA, I would just like to know how it was done so it can be safe again to use KaZaA. Note: of course I had to let kazaa bypass zonealarm. was the file created for use with subseven? and how was it able to get into my c:\windows\system dir without clicking on any suspicious files? I always scan my files b4 I execute them on regular basis. I scanned all my hard drive and the only file that contained the trojan was winlogon.exe nothing else !!!! the reason this is making my head spin a little is because I have the latest Norton plus Zone alarm not only that I am always 100% careful about what components and programs are getting access through zonealarm and then I find this stupid winlogon as access !!!! Please if you have some information on how to prevent this in the future let me know as I don't know what mistakes I have done other than using KazAalite the one without spy ware. thanks in advance, Analyzer Analyzer_@hotmail.com

Please send me step by step instructi9on to remove this virus. My MRPEXE.exe file is infected with this virus. I run Window 95 system. Kishor Valia.