Hi,

It's pretty obvious that I have a few viruses. Norton picked up 4 files infected with Download.trojan, but it doesn't actually delete the files (Windows doesn't let me delete them either).

But a McAfee online scan picked up AdClicker-O, Keylog-briss, Generic backdoor.b, and Downloader-JT.

What is the best way to disinfect my computer if Norton is no help??

Run the scan within Safe Mode.

To start Windows 2000 in Safe mode
Do one of the following:

If Windows is running:

Close all open programs.

Click Restart, and then click OK.

If Windows is not running:

If the computer is on, turn off the power.

Turn on the computer.

Watch the screen while it is still black.

When you see the black-and-white Starting Windows bar at the bottom of the screen, start tapping the F8 key on your keyboard. The Windows 2000 Advanced Options Menu appears.

Ensure that the Safe mode option is selected. In most cases, it is the first item in the list and is selected by default. (If it is not selected, use the arrow keys on your keyboard to select it.) Press Enter. The computer will start in Safe mode. This can take a few minutes.

Log in, and run a complete scan. NAV should now be able to remove the files. If it quarantines them, delete them from quarantine when finished.
Just here to help.

You can also delete any identified malware files manually if they couldn't be removed by the antivirus tools by looking up the manual removal instructions in the virus encyclopedias of the antivirus programs that detected the malware.

Some malware can't be removed by software if there are reference files hidden in the Temporary or the Internet Temporary folders or added in the Windows registry. The Symantec search engine is full of step-by-step guides, but you have to be creative with your search, keywords, phrases, and detected malware sometimes to get the information.

Hi,

Thanks so much guys! I think I erased everything I could of the viruses, so the online scan says I'm virus-free. But I still get pop-up ads, which is new. I'll do my best to figure out which progam is doing this to my machine, but do you think I'm still at risk for any dormant viruses?

Thanks again,
Jeffrey

As long as you have followed the removal instructions as directed by the antivirus vendors that detected the threats and confirmed that no malware or associated files remained by doing a Search/Find of the files, and that you are scanning files with current up-to-date virus pattern files, you should be pretty certain that the security and privacy threats have been removed.

You may get a repeat infection or new security threats for one of the following three reasons: your computer is not up-to-date with Windows critical and product updates, computer is not protected by current virus pattern files, or not using a firewall.

A few popups are acceptable, and some are generated by cookies and therefore not necessary a sign that your system is infected.

To remove a malware, you have to identify it first either using software tools or the old fashion exploratory investigation by looking for suspicious files or unidentified program files in System Configuration Utility (not available in Windows 2000), Task Manager, Program Files folder, System Folder, Temporary Folder, Internet Temporary Folder, and changed value or entries in the common loading points for malware in the registry keys. And then you have to look up unidentified files in some online common file databases or search the Internet to identify them as legitimate or malware files.

Popup and memory-resident malware tend to leave clues or suspicious files that can be found one at a time in msconfig Startup tab, Task Manager, System folder, and the registry.

I reread your posts, and it's likely you didn't remove all the malware because you mentioned that you weren't able to remove the Download.trojan in your first post, and although you weren't descriptive with the specifics and whether they were removed by other antivirus tools, I had experience helping someone with this Norton detected trojan before and know some of the problem issues.

Some of the issues relating to Norton's Download.Trojan involved emptying the Temporary and Internet Temporary files that by default are hidden by Windows, not being able to search and locate the detected trojan in Windows, and required removing the Download.Trojan either in MS-DOS or run the purchased version of Norton's antivirus tool.

Some malware require additional manual removal steps after running the antivirus scans. Therefore, you shouldn't just rely on the software but get personally involved to get to the problem source. Read up and follow through with the manual removal instructions from the virus encyclopedias for all identified malware for the specifics.

Here is a Symantec article relevent to removing Download.Trojan:

"Norton AntiVirus displays the message "Unable to repair, quarantine or delete . . . access denied" when detecting an infected file"

http://service1.symantec.com/SUPPORT/nav.nsf/docid/2003051509301406?Open&src=&docid=2002012909032906&nsf=nav.nsf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=

Depending on the outcomes and messages of the most recent scans (Ad-aware 6.0 and antivirus tools) and if the fix above didn't clean up your computer, you have a choice of removing the Download.Trojan using various trouble-shooting techniques and remove it in MS-DOS or purchase Norton's antiviurs software.

You have the option of starting a new post with more specific and descriptive malware problems (i.e. what you have done and observations) so more people can help.