Norton warning for ftp.exe trying to connect to white.nigger.la? Scanned my whole system with NortonAV and AdAware with no result. Anyone heard abot this?

Go here and download, unzip and run StartupList. Copy and paste the results in a reply. http://www.lurkhere.com/~nicefiles/index.html

StartupList report, 2003-01-12, 15:01:36 StartupList version: 1.50 Started from : C:\Documents and Settings\Haddock\Desktop\startuplist15\StartupList.exe Detected: Windows XP SP1 (WinNT 5.01.2600) Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106) * Using default options ================================================== Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.exe C:\WINDOWS\System32\inetsrv\inetinfo.exe C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\MI6841~1\MSSQL\binn\sqlservr.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\Norton Personal Firewall\NISUM.exe C:\WINDOWS\System32\nvsvc32.exe C:\Program Files\Norton Personal Firewall\NISSERV.exe C:\Program Files\Norton Personal Firewall\SymProxySvc.exe C:\WINDOWS\anvshell.exe C:\WINDOWS\SOUNDMAN.exe C:\PROGRA~1\NORTON~1\navapw32.exe C:\Program Files\Norton Personal Firewall\IAMAPP.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Haddock\Desktop\startuplist15\StartupList.exe --------------------- Listing of startup folders: Shell folders Common Startup: [C:\Documents and Settings\All Users\Start Menu\Programs\Startup] Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.exe Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe --------------------- Checking Windows NT UserInit: [HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] UserInit = C:\WINDOWS\system32\userinit.exe, --------------------- Autorun entries from Registry: HKLM\Software\Microsoft\Windows\CurrentVersion\Run NvCplDaemon = RUNDLL32.exe NvQTwk,NvCplDaemon initialize anvshell = anvshell.exe SoundMan = SOUNDMAN.exe WinampAgent = "C:\Program Files\Winamp\Winampa.exe" NeroCheck = C:\WINDOWS\system32\NeroCheck.exe NAV Agent = C:\PROGRA~1\NORTON~1\navapw32.exe iamapp = C:\Program Files\Norton Personal Firewall\IAMAPP.exe nwiz = nwiz.exe /install LiveNote = livenote.exe --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\Run CTFMON.EXE = C:\WINDOWS\System32\ctfmon.exe --------------------- Autorun entries from Registry: HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce ICQ Lite = C:\Program Files\ICQLite\ICQLite.exe -trayboot --------------------- Enumerating Active Setup stub paths: HKLM\Software\Microsoft\Active Setup\Installed Components (* = disabled by HKCU twin) [>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] StubPath = C:\WINDOWS\INF\unregmp2.exe /ShowWMP [>{26923b43-4d38-484f-9b9e-de460746276c}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE [>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] * StubPath = %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE [{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] * StubPath = %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll [{306D6C21-C1B6-4629-986C-E59E1875B8AF}] StubPath = "C:\WINDOWS\System32\rundll32.exe" "C:\Program Files\Messenger\msgsc.dll",ShowIconsUser [{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install [{7790769C-0471-11d2-AF11-00C04FA35D02}] * StubPath = "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install [{89820200-ECBD-11cf-8B85-00AA005B4340}] * StubPath = regsvr32.exe /s /n /i:U shell32.dll [{89820200-ECBD-11cf-8B85-00AA005B4383}] * StubPath = %SystemRoot%\system32\ie4uinit.exe --------------------- Load/Run keys from C:\WINDOWS\WIN.INI: load= run= Load/Run keys from Registry: HKLM\..\Windows NT\CurrentVersion\WinLogon: load= HKLM\..\Windows NT\CurrentVersion\WinLogon: run= HKLM\..\Windows\CurrentVersion\WinLogon: load= HKLM\..\Windows\CurrentVersion\WinLogon: run= HKCU\..\Windows NT\CurrentVersion\WinLogon: load= HKCU\..\Windows NT\CurrentVersion\WinLogon: run= HKCU\..\Windows\CurrentVersion\WinLogon: load= HKCU\..\Windows\CurrentVersion\WinLogon: run= HKCU\..\Windows NT\CurrentVersion\Windows: load= HKCU\..\Windows NT\CurrentVersion\Windows: run= HKLM\..\Windows NT\CurrentVersion\Windows: load= HKLM\..\Windows NT\CurrentVersion\Windows: run= HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs= --------------------- Shell & screensaver key from C:\WINDOWS\SYSTEM.INI: *INI section not found* *INI section not found* *INI section not found* Shell & screensaver key from Registry: Shell=Explorer.exe SCRNSAVE.EXE=C:\WINDOWS\System32\logon.scr *Registry value not found* Policies Shell key: HKCU\..\Policies: *Registry key not found* HKLM\..\Policies: *Registry value not found* --------------------- Checking for EXPLORER.exe instances: C:\WINDOWS\Explorer.exe: PRESENT! C:\Explorer.exe: not present C:\WINDOWS\Explorer\Explorer.exe: not present C:\WINDOWS\System\Explorer.exe: not present C:\WINDOWS\System32\Explorer.exe: not present C:\WINDOWS\Command\Explorer.exe: not present --------------------- Checking for superhidden extensions: .lnk: HIDDEN! (arrow overlay: yes) .pif: HIDDEN! (arrow overlay: yes) .exe: not hidden .com: not hidden .bat: not hidden .hta: not hidden .scr: not hidden .shs: HIDDEN! .shb: HIDDEN! .vbs: not hidden .vbe: not hidden .wsh: not hidden .scf: HIDDEN! (arrow overlay: NO!) .url: HIDDEN! (arrow overlay: yes) .js: not hidden .jse: not hidden --------------------- Enumerating Browser Helper Objects: (no name) - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872} --------------------- Enumerating Task Scheduler jobs: Symantec NetDetect.job --------------------- Enumerating Download Program Files: [Update Class] InProcServer32 = C:\WINDOWS\System32\iuctl.dll CODEBASE = http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37623.0085069444 [Shockwave Flash Object] InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab --------------------- End of report, 7,684 bytes Report generated in 0.704 seconds Command line options: /verbose - to add additional info on each section /complete - to include empty sections and unsuspicious data /force9x - to include Win9x-only startups even if running on WinNT /forcent - to include WinNT-only startups even if running on Win9x /forceall - to include all Win9x and WinNT startups, regardless of platform /history - to list version history only

I don't see anything viral..To be on the safe side, go to either of the following two and run an online scan. http://housecall.antivirus.com/ http://www.pandasoftware.com/activescan/com/ Also you may want to download and run Spybot Search and Destroy. AdAware hasn't been updated since September and is outdated. http://beam.to/spybotsd

hello try d/ling a trial virion of trojan remover or hunter

I'm really puzzled here. I ran SpyBot, search & destroy, found nothing. I did an online scan at Panda, found nothing. I ran Trojan Remover from www.simplysup.com, found nothing. And yet today I got another warning from Norton saying ftp.exe once again trying to access white.nigger.la. I then visited ftp://white.nigger.la and ended up in a filesystem that seems to be someones c:\ Can someone tell me what the heck is going on?

It would appear someone is using your computer as a server to gain access to this other computer, how they are doing it ? I don't know.