Norton found a virus it's "unable to ...

Log Out | Lost Password? | Topics | Search Contact | Register | My Profile | SO home | MOL home

Thread Originator Last Poster Posts Pages Last Post   Closed: New threads not accepted on this page

Author Message   Soulful Mr T Citizen Username: Howardt Post Number: 975 Registered: 11-2004 Posted on Wednesday, October 19, 2005 - 6:48 am:        HIGH RISK, it says. Trojan.Elitebar at pokapoka76.exe What can I do? The Virus Alert window won't go away when I click "OK" or try to close the window. This page has Symantic's description. http://securityresponse.symantec.com/avcenter/venc/data/trojan.elitebar.html,htt p://securityresponse.symantec.com/avcenter/venc/data/trojan.elitebar.html   Network & PC Care Citizen Username: Npccare Post Number: 113 Registered: 5-2005 Posted on Wednesday, October 19, 2005 - 7:11 am:        Did you try running a scan in safe mode?   Soulful Mr T Citizen Username: Howardt Post Number: 976 Registered: 11-2004 Posted on Wednesday, October 19, 2005 - 7:33 am:        How do I do that? And will it do more than just identify the threat?   Soulful Mr T Citizen Username: Howardt Post Number: 977 Registered: 11-2004 Posted on Wednesday, October 19, 2005 - 7:39 am:        Also, how do I get the Norton message to close?   Bailey Citizen Username: Baileymac Post Number: 35 Registered: 3-2005 Posted on Wednesday, October 19, 2005 - 8:48 am:        You should be able to just quit Norton - if not, type control-alt-delete, task manager window pops up, just end task. To start in safe mode - Restart the computer. Some computers have a progress bar that refers to the word BIOS. Others may not let you know what is happening. As soon as the BIOS loads, begin tapping the F8 key on your keyboard. Do so until the Windows Advanced Options menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. If this happens, restart the computer and try again. Using the arrow keys on the keyboard, select Safe mode and then press Enter. Once in Safe Mode, you should try running Norton again.   Earlster Supporter Username: Earlster Post Number: 1345 Registered: 8-2003 Posted on Wednesday, October 19, 2005 - 3:45 pm:        You DON'T WANT PokaPoka on your machine. I never had it myself, but I've seen it. Make sure not to run the executable, and then delete the file. If you still can't get rid of it, I might be able to get you in touch with somebody who went through it.   Case Citizen Username: Case Post Number: 424 Registered: 2-2005 Posted on Wednesday, October 19, 2005 - 5:11 pm:        Yep, that's a bad one. Here's some background: http://securityresponse.symantec.com/avcenter/venc/data/trojan.elitebar.html http://www.atribune.org/forums/index.php?showtopic=773&hl=pokapoka Here's the program you'll need to download for me: http://www.majorgeeks.com/download3155.html When you get "hijack this" downloaded (the last link above), PM me and I'll walk you through the removal.   Case Citizen Username: Case Post Number: 425 Registered: 2-2005 Posted on Wednesday, October 19, 2005 - 5:16 pm:        Incidentally, the program "Hijack This" is really not something most of us want to play with... it can have extremely negative results if not handled properly. Here's a good online trojan hunter: http://www.trendmicro.com/cwshredder/ And this is an excellent resource for scanning (sometimes.... if your PC is infected the malware knocks out your antivirus software - an online scanner like this doesn't have that problem): http://housecall.trendmicro.com/   Gatica Citizen Username: Katracho Post Number: 155 Registered: 11-2002 Posted on Thursday, October 20, 2005 - 9:14 am:        I hate it when Norton does that. Because it could not repair it, then it has to be removed manually. Doable, but it just takes time. If I did not know any better, I'd say it defeats the purpose of having the anti-virus program to begin with. Then again, I don't want to get any of my computers infected with any of the less harmful stuff. Removing spyware: Try using Spybot Search and Destroy and LavaSoft's Ad-Aware. You can get free copies at http://www.download.com. If these two can't clean the spyware, then you may need to run Hijackthis and CWShredder.   Tom Reingold Supporter Username: Noglider Post Number: 10214 Registered: 1-2003 Posted on Thursday, October 20, 2005 - 10:57 am:        Gatica, it's not necessarily Norton's fault. Windows doesn't let you remove a file that is "open" and some viruses are designed to keep the files open all the time. When you are in safe mode, there are few or no irremovable files.   Gatica Citizen Username: Katracho Post Number: 156 Registered: 11-2002 Posted on Thursday, October 20, 2005 - 11:03 am:        Ah... right.   Case Citizen Username: Case Post Number: 430 Registered: 2-2005 Posted on Thursday, October 20, 2005 - 1:12 pm:        The "good" trojans are actually self-replicating, even in the registry. What that means is you can go into the registry and remove the entry... and the damned thing re-appears at the next boot. Incidentally, that can even occur in Safe mode (but Tom, you're absolutely right that Safe mode will fix 'easier' file issues).