Norton warning for ftp.exe trying to connect to white.nigger.la?
Scanned my whole system with NortonAV and AdAware with no result. Anyone heard abot this?

Go here and download, unzip and run StartupList. Copy and paste the results in a reply.

http://www.lurkhere.com/~nicefiles/index.html

StartupList report, 2003-01-12, 15:01:36
StartupList version: 1.50
Started from : C:\Documents and Settings\Haddock\Desktop\startuplist15\StartupList.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\Program Files\Norton Personal Firewall\SymProxySvc.exe
C:\WINDOWS\anvshell.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Haddock\Desktop\startuplist15\StartupList.exe

---------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe

---------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

---------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
anvshell = anvshell.exe
SoundMan = SOUNDMAN.EXE
WinampAgent = "C:\Program Files\Winamp\Winampa.exe"
NeroCheck = C:\WINDOWS\system32\NeroCheck.exe
NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe
iamapp = C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
nwiz = nwiz.exe /install
LiveNote = livenote.exe

---------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe

---------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

ICQ Lite = C:\Program Files\ICQLite\ICQLite.exe -trayboot

---------------------

Enumerating Active Setup stub paths:
HKLM\Software\Microsoft\Active Setup\Installed Components
(* = disabled by HKCU twin)

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP

[>{26923b43-4d38-484f-9b9e-de460746276c}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE

[>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] *
StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

[{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] *
StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll

[{306D6C21-C1B6-4629-986C-E59E1875B8AF}]
StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install

[{89820200-ECBD-11cf-8B85-00AA005B4340}] *
StubPath = regsvr32.exe /s /n /i:U shell32.dll

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = %SystemRoot%\system32\ie4uinit.exe

---------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=
run=

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=
HKLM\..\Windows\CurrentVersion\WinLogon: load=
HKLM\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=
HKCU\..\Windows\CurrentVersion\WinLogon: load=
HKCU\..\Windows\CurrentVersion\WinLogon: run=
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: load=
HKLM\..\Windows NT\CurrentVersion\Windows: run=
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

---------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

*INI section not found*
*INI section not found*
*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr
*Registry value not found*

Policies Shell key:

HKCU\..\Policies: *Registry key not found*
HKLM\..\Policies: *Registry value not found*

---------------------

Checking for EXPLORER.EXE instances:

C:\WINDOWS\Explorer.exe: PRESENT!

C:\Explorer.exe: not present
C:\WINDOWS\Explorer\Explorer.exe: not present
C:\WINDOWS\System\Explorer.exe: not present
C:\WINDOWS\System32\Explorer.exe: not present
C:\WINDOWS\Command\Explorer.exe: not present

---------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

---------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

---------------------

Enumerating Task Scheduler jobs:

Symantec NetDetect.job

---------------------

Enumerating Download Program Files:

[Update Class]
InProcServer32 = C:\WINDOWS\System32\iuctl.dll
CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37623.0085069444

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

---------------------
End of report, 7,684 bytes
Report generated in 0.704 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

I don't see anything viral..To be on the safe side, go to either of the following two and run an online scan.

http://housecall.antivirus.com/

http://www.pandasoftware.com/activescan/com/

Also you may want to download and run Spybot Search and Destroy. AdAware hasn't been updated since September and is outdated.

http://beam.to/spybotsd

hello
try d/ling a trial virion of trojan remover or hunter

I'm really puzzled here.
I ran SpyBot, search & destroy, found nothing.
I did an online scan at Panda, found nothing.
I ran Trojan Remover from www.simplysup.com, found nothing.
And yet today I got another warning from Norton saying ftp.exe once again trying to access white.nigger.la.
I then visited ftp://white.nigger.la and ended up in a filesystem that seems to be someones c:\

Can someone tell me what the heck is going on?

It would appear someone is using your computer as a server to gain access to this other computer, how they are doing it ? I don't know.