Help With Virus Please

Discussion in 'Networking and Security' started by Eldredge, Feb 15, 2002.

  1. Eldredge


    My Norton Anti-Virus just finished a routine scan on one of my trading machines, and for the first time it found some infected files. I use Zone Alarm, so I'm not sure how I got them, but I could use some advise on what to do. My other machines which are behind a router seem to be okay.

    One of them is Trojan Horse, the item is kdll.dll. The other is W32.Badtrans.B@mm, item KERNEL32.EXE. Norton advised quarantine, so I had it do that (I don't even know what this means). I don't know anything about this stuff, and would greatly appreciate any advice on what to do. Thanks.

    I'm using WindowsXP if it matters.
  2. BKuerbs


    I suggest that you search the home pages of an antivirus software manufacturer for these viruses. As you use norton use their page, and the feature "Search virus encyclopedia" You will find a description of the virus and advice how to remove it.

    For your virus W32.Badtrans.B@mm, you will find:

    "W32.Badtrans.B@mm is a MAPI worm that emails itself out using different file names. It also creates the file \Windows\System\Kdll.dll. It uses functions from this file to log keystrokes"

    There is an explicit description how to remove it.


    Bernd Kuerbs
  3. Trader01


  4. I also use NAV. My understanding is that if you don't need the quarantined file, you can simply delete it. The fact that the file was quarantined indicates that NAV was unable to repair it. Quarantine prevents the file from spreading and damaging your computer and allows users to send the file to SARC for analysis or possible repair.
  5. Eldredge


    Thanks for the help.