Win2000 prevents the deletion of any file it considers a system file, and obviously part of the trojan was to not only plant various files but to have Win2000 "see" them as system files. In that case, assuming you didn't setup a dual-boot system, you will need to boot your computer from a boot floppy to a DOS command prompt. Hopefully you have a boot floppy left over from Win98 or WinMe, if not maybe a friend does. If your harddrive is formatted with FAT32 you will need a version of DOS that supports FAT32 (like OSR2, Win98, WinMe) so that the utilities will function properly. The trick once you're booted from the floppy will be to work your way around to the various folders (or directories as they used to be called) so that you can delete the files that you've determined are causing the problem. You may need the DOS attrib.exe file to first remove the hidden or the system "bit" so that the delete command will work. If you do not have a dual-boot setup (i.e., Win2000 and W98), and are not familiar with DOS, you will need someone who is comfortable there, as this is not the time to attempt to learn DOS. Assuming you are able to delete the files you will later need to go into the Win2000 registry and remove all references to those files. [later edit:] Just read Macal's post. If these processes are running in the background hit Ctrl-Alt-Del, click Task Manager, click Processes. Then fish thru the processes and click End Process. Of course, make sure you are deleting a trojan process.
"If these processes are running in the background hit Ctrl-Alt-Del, click Task Manager, click Processes. Then fish thru the processes and click End Process. Of course, make sure you are deleting a trojan process." Thank you for some advice that actually works! So I assume I have to do this every time I reboot? Or every time I get on the net? That was quick and easy and simple, unlike anything else I have tried so far. I just downloaded and used the "finnish kid's" program, but it did nothing to the virus. This has been such a PIA! McAfee, after all the trouble to download and register it, just told me I had the virus, but could do nothing to fix it. The two anti-trojan programs I downloaded told me I had no trojans. Thanks again.
Once the process is ended you can then delete the file. After that however, you will get error messages when you start windows saying "can't locate file ***.exe". This is where I had to go into the registry and delete everything with the infected files name. It's probably best if you got someone to walk you through that part.
TL after you delete the files, the registry will point to invalid location, this is where clean program from Finish kid go to work, it will wipe out invalid reference from registry file, good luck.
Many thanks to Magna and Tom_P who took their time to help me in the chat room. (And thanks to Baron for setting up the chat room). It looks like I have to wipe everything and reinstall Win 2k. No big deal, as when I bravely (stupidly?) downloaded that e-book I knew that it might come to this. Baron - PM me with his IP. (Pahleeese!!!!)
Baron once called me out for posting under separate user names. Based upon this, I am assuming he knows the IP, and it would be useful. Even if it is not optimally useful, I am curious to know if the IP comes from Russia.
This is pretty interesting and scary stuff. The grc.com story was actually pretty interesting as well. My question is what is the best way to protect yourself from this sort of trojan horse program? I mean what is the best combination of hardware and software to use, since most of us use wideband connections and leave the computers running 24/7.
In this case, as with most viruses, the best protection is common sense. Never download and run a file from someone you don't know. And if it is someone you know, make sure that they actually sent it. A lot of today's viruses hijack the address book of the infected computer. Then it sends itself out to everyone in the book. So, it will seem like a friend, colleague, etc. is sending you the file. That's why you should confirm it first. As for programs in general, get a firewall and anti-virus software. And keep the anti-virus software up to date. At least once a week you should update the virus definitiions.