hey there,when i double clicked on a file,sent from icq,norton opened with message --explorer.exe infected by backdoor.trojan unable to repair file-- then i made full scan and nothing found,i looked at the activity log,saw --explorer.exe infected by backdoor.trojan virus access to this file denied -- then i ran anti-trojan 5.5 and trojan first aid kit 5.0 and ad-aware nothing found again,so am i safe or being attacked by someone???

hi picses, you may have picked up the ICQ trojan. look for these files and for more info on this trojan go to www.thepublicworks.com security section and link to simovits consulting. if found in windows directory delete them and do yourself a favor and uninstall icq as it is a major source of getting hacked into along with Kaaza. also go to pcflank and do a trojan and port scan, and get yourself a free copy of Regprot, a registry monitor, from wilders.org download a free 30 day trial of Trojan Hunter and scan your machine. here are the files: Icqt.zip - 37,554 bytes Icqtrp01.zip - 28,212 bytes Icqtrp02.zip -38,317 bytes Icqtroge.exe - 39,424 bytes Icqtrogen.exe - 39,424 bytes Icqclien.exe - 31,744 bytes Icqclient.exe - 31,744 bytes Icq.exe - [16 kb] System.dll Icqlogin.zip - 4,682 bytes Icq login.exe - 20,480 bytes Winflaws.sys- Icq_notify.zip - 278,839 bytes Edit_server.exe - 298,496 bytes Nk_notify_serv.exe - 237,056 bytes Icqrelay.zip - 217,230 bytes Icqrelay.zip - 217,619 bytes Icqrelay.exe - Icqupdate.exe - Server.exe - 6,688 bytes Modify.exe -220,672 bytes Fc_pager0.2.zip - 172,295 bytes Ipager.exe - 175,616 bytes Apxi.dll- 47 bytes Lmicqt.zip - 186,159 bytes Icqclient.exe - 31,744 bytes Command.exe- 27,779 bytes Findfast.exe - 188,438 bytes Icqwar2000.zip - 542,371 bytes Icqwar2000.exe - 32,768 bytes 1.exe - 181,760 bytes 2.exe - 47,104 bytes 3.exe - 65,536 bytes 4.exe - 202,240 bytes 5.exe - 159,232 bytes 6.exe - 33,792 bytes 7.exe - 69,632 bytes 8.exe - 518,144 bytes Mswinsck.ocx - 108,336 bytes Wnhotkey.ocx - 83,968 bytes hope this helps, take care of yourself, murve

Sounds like Norton saved your butt. this is one of the 1st 'popular' backdoors. i believe it was called "Hackers Paradise" written by "The Cult of the Dead Cow" they named it explorer.exe so windows wont let you delete it (sys file thing) I personally have removed this from at LEAST a dozen machines. ***IF YOU ARE INFECTED*** Go to "find files or folders" & search for EXPLORER.exe if you have more than 1 you are infected. the explorer.exe thats legit is in your c:/windows & properties say its about 176kb in size. The infected will probably be in C:/program files/ICQ/received files/ (& then the persons name that sent it to you)The explorer.exe thats an imposter can be renamed in DOS & then windows will allow you to delete it. Be sure to remove it from registry too. The trojan scans out there are pretty reliable & should do all this automatically REGISTRY: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run (virus writes itself here) <---remove it. NOW these instructions are for the explorer.exe backdoor that i have had experience in removing, it is an older one ('96?) & not as hard to find/remove as some of these newer ones. Hope this is helpful

thanks in advance for ur help,well i did wat u said,when i searched for explorer.exe ive found, that explorer.exe-082F38A9.pf in c:\windows\prefetch it is a PF file changed 12 hours later than norton message.it is 59 kb.then i went this folder and delete it easily (didnt use dos) its in recycle bin now,i didnt want to delete it before askin u,but the file norton access denied was in c:\windows\system\explorer.exe plz tell me how to reach them in dos, im usin xp proffessional ,then went to registry in the folder u said i ve found :anti-trojan watch(c:\windows\program files\anti trojan\atwatch.exe),mirabilis icq(c:\prog.files\icq\ndetect.exe)norton antivirus agent,trojan hunter guard,winamp agent,i dont think they are suspicious,are they?? wat was the file u deleted exactly? now does that mean someone attacked my comp.took any info bout me,or NAV saved my butt as u said :) and is it because of file sent by my friend(he denies that),or someone used one of my open ports??,thanks again,i sometimes love internet,it makes possible to reach ppl like u,and sometimes hate with problems like that...

I am very sorry for not answering you earlier as i usually look at previous posts to see if you problem is solved but didnt see this. 1st of all i may have given credit to the wrong programmer for hackers or masters paradise, it was a german programmer named Dan Lehman ,not CDC. But CDC was responsible for 'back orface', the 1st backdoor, (that im aware of) It does appear as if Norton did save ya on this one BUT i wouldnt rely on just an AV to pick up Trojans, The files you listed appear to be legit, I also see you have 'trojan hunter' That should assure you whether or not you are clean, Ask around & try different trojan scanners. Trojan Hunter, Tauscan, BO Clean, The Cleaner, are just a few... It is possible your "friend" may not be telling you the truth, i would believe norton. I would keep file in recycle bit till i was SURE it was ok to delete! I am not familiar with XP (only 3.1, 95, 98 & little dos) so you may want to ask someone that is. I should have told you to also look in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\ CurrentVersion\RunServices the newer trojans are harder to find but the older ones i believe 'always' wrote to those areas of the registry. Keep up with updates for AV & trojan scans, Also i would be sure to run a firewall (Zone Alarm, Sygate, Kerio...) even if you are infected w/trojan a firewall could 'halt' the operation of it. I personally dont care for norton (slows my already slow 400mhz down) BUT it IS STILL ranked #1. Trojans arent picked up alot of times by AVs, thats a seperate program as you already seem to know.. Also the file was "explore.exe" not explorer.exe. ps found this http://www.titan.co.nz/clint/page44.html Hope this is of some help