I have Norton Internet Security 2005 security. On 6/18/2005 9:43-9:44 i execute a file i download on bittorrent that was suppose to be Ad-Aware Pro, instead it loaded trojans and trojan backdoor on my computer. My NIS 2005 deleted 2 files C:\WINDOWS\security\netclient.exe and C:\WINDOWS\security\msagent.exe. Access denied C:\WINDOWS\system32\msupdate.exe (Trojan horse ) and repaired failed on C:\WINDOWS\system32\msupdate.exe (Trojan Horse), all this occured with 9:43-9:44 on my nis log. My NIS2005 blocked a program thats winsecure,which i late found out ran in a process called FireDaemon.exe on window task manager. I read the norton site , I turn off system restore and scan and it didn't find anything anymore. And it also told me to delete the files, but i couldnt find "C:\Windows\Security" folder, which I know how to do today , by going to folder option and unchecking the "hide protected operating system files." In the security folder I see files like winsecure , msagent and netclient as xml document and alot of other files created on the same date 6/18/2005 9:43-9:45. I ran panda active scan a while back and it found nc.exe and it was also created on same date and in the folder "C:\Windows\Security\logs" with many other files with same created date. NOW I don't know what to do and i really need help, cause i dont want anything to happen to my other computers, like my Dad's or sister's. CAN YOU GUYS PLEASE HELP ME OUT I DONT WANT TO GET IN ANY TROUBLE WITH MY PARENTS OR GET INFORMATION STOLEN. If you can help please respond to the post or just IM me on Aol instant Messenger. MY screen name is azndragonkid4lif. THANKS ALOT!!! Intel® Board D915GAG Pentium 4 CPU 3.00GHz 512 MB PC-3200 WinXP Home SP2 Sony VGC-BR30

did you turn off system restore and reboot into safe mode? if not try this then do a scan. Also what anti-spyware are you using? Try Pest Patrol, Webroot Spy Sweeper, Spybot-Search and Destroy, rather go to lavasoft home page for ad-aware, or try download.com. Let us know further how it went.

Try Solo antivirus from http://srnmicro.com It is very effective in removing trojans and adware.

Well I just booted in safe mode and scan with spy bot - search and destroy. NIS won't load, and send me a program error. Intel® Board D915GAG Pentium 4 CPU 3.00GHz 512 MB PC-3200 WinXP Home SP2 Sony VGC-BR30

What I want to know is if I should delete the files that were created on the same days as the trojans. I don't know what I should do. Intel® Board D915GAG Pentium 4 CPU 3.00GHz 512 MB PC-3200 WinXP Home SP2 Sony VGC-BR30

Pretty much a standard procedure for removing those critters. Please download 1. Ewido Security Suite it is a trial version of the program. Install ewido security suite When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido, there should be an icon on your desktop double-click it. The program will now go to the main screen You will need to update ewido to the latest definition files. On the left hand side of the main screen click update Then click on Start Update The update will start and a progress bar will show the updates being installed. If you are having problems with the updater, you can use this link to manually update ewido. http://www.ewido.net/en/download/updates/ 1 - Restart your computer Safe Mode, start pressing the F8 key on your keyboard. On a computer that is configured for booting to multiple operating systems, you can press the F8 key when you see the Boot Menu. 2 - When the Windows Advanced Options menu appears, select an option, and then press ENTER. 3 - When the Boot menu appears again, and the words "Safe Mode" appear in blue at the bottom, select the installation that you want to start, and then press ENTER. Once the updates are installed and you are in Safe Mode do the following: Launch ewido again. Click on scanner Click on Complete System Scan and the scan will begin. While the scan is in progress you will be prompted to clean files, click OK When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. Once the scan has completed, there will be a button located on the bottom of the screen named Save report Click Save report. Save the report .txt file to your desktop. Now close ewido security suite. If there are any problem files that cannot be removed either post the text file you saved or the files that were not deleted.

you may want to get 2 small programs called Killbox and CCleaner, very efficient. Go to www.grc.com and run their online tests (Shields Up and LeaK Test)