Looks like a new virus that can't be removed by ANY software. I started getting \winnt\system32\loggba.dll backdoor trojan virus alerts from NAV yesterday. NAV can't get rid of it, isolate it or quarantine it! Booting in to safe mode makes no difference, same outcome. Here's the kicker: If you open windows explorer, the file loggba.dll is not shown. Yes, I have show all files, hideen and OS checked. But, if you go to a command pronpt, I can see it @ 50kb ! trying to delete it results in file in use errors. Boot in to safe mode, file does not show in command prompt, but, trying to create a fake file with that name results in File Exists and in use, but, it's not there! Tried several programs on the web to remove it with no luck. Adaware fails also. Mainly because it can't be seen in windows explorer, thus, the scanners miss it. Tried to send it to Symantec using their software but they use a win32 drag and drop util that can't see it either! sure wish they had a file attach function instead. Seems like a new backdoor trojan that can't be removed and NAV and friends need to figure out how to scan files that don't show under typical windows explorer functionality. Any ideas how to get rid of a file like this? Sure hope I'm protected behind my LinkSys router.

Keith D

You have:
backdoor trojan virus alerts from NAV yesterday.

And NAV can't get rid of it? Is this an older version of the NAV engine? NAV2004 should be able to locate the ADS file and remove it or at least quarantine it.

Do a google for "LADS" this is a command line tool to list alternative data streams. This should help you find the trojan. Keep in mind many legit apps use ADS so don't delete everything you see. RTFM first.

Good luck,

J.
j e r u v y a t y a h o o d o t c o m

I have the latest 2003 Nav and signature files and it does not catch the virus. But, I figured outhow to do it manually. On Win2000, boot in to command prompt mode, delete the virused file and place a fake one it it's place. mark it read only. reboot and watch it try to load, but now fail! Then, cleanthe registry and run adaware, nav (worthless again) and registry cleaners and bingo, it's history. Thanx to MS for allowing a html page to write files tothe disk with no security in mind.

It's not a virus, it's a trojan. Don't get confused.

NAV is not a trojan solution. It's not sold as a trojan solution.

Preventing trojans really requires smart users not downloading stuff from untrusted sites, and protecting their browsers and email from executing content they shouldn't. There are REAL bugs here also, but stupid user syndrome is biggest one of all.

J.
j e r u v y a t y a h o o d o t c o m