trojan virus, pls help me

[koenVDB]

hi

I have got a huge problem, i found out some days age that my norton AV 2003 wasnt working, I could only get it open for about 5 seconds and then it crashed, i used several internet virus scanners and one of them(symantec) found out that i had the Backdoor.OptixPro.13 have on my computer.
This is why my NAV didn't work in the first place. I tried everything to get it off my system, but nothing seems to work...

first of all, these are the files symantec say are infected ,46 in total:

C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011587.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011588.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011623.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011624.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011629.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011725.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011726.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0012722.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0012723.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013722.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013723.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013731.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013732.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013768.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013769.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013813.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013815.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013823.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013824.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014823.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014824.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014862.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014863.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014908.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014909.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014945.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014946.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014955.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014956.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014961.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014962.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015046.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015047.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015081.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015082.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015336.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015337.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015382.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015383.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015442.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015443.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015483.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015484.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015520.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015521.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015522.dll is infected with Backdoor.Assasin.Gen

it also said somthing about a thing called BKDR_ASSASIN20.B, but its been so long that i started working on this problem, that I don't even remember what it was or what it did

I followed all the instructions they gave me on the NAV site, and did all of them(I have win XP home edition)

they can be found here

http://securityresponse.symantec.com...tixpro.13.html

as you will see they tell you to edit the registery, i did that but somthing was strange, because the second and third thing I needed to change were already changed

what I mean is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

where i was suposed to delete the value in default, there was nothing there(or in any of the other keys)

same thing for the third, with the first thing i had to change however, their was a directory of some sort in front of the
"%1" %*

i deleted that, but when I went to normal mode again, my NAV still didnt wor(norton anti virus)

I tried to uninstal it, but that wont work either.

I have been working on this now for 2 whole days, withoud any results, I have followed other more simply ways to remove it, but since my NAV doesnt work, they are useles to me.

I realy hope sombudy can help me, or else i may have to format my pc, and mre then a year of hardwork that is on it will be lost...

thanks

you disabled system restore when you did this correct?


i would download this, and run it. one of the best trojan removers

http://www.moosoft.com/

[John Prophet]

also you can try going here www.antivirus.com and running the free virus scan

also, have u simply tried to restore to before u got the virus??

[M_Six]

Stinger has been working pretty well for me.

[Theophylact]

HouseCall (free online scan at Trend Micro) is good too.

[koenVDB]

wow, thank you all for posting so soon, but I tried all of your ideas, and none worked

1. I didnt get restore up and running, because it was never active, you see I haven'd had this system for to long.
2. i tried the cleaner, i realy hoped it would work, but its the same as with norton, just shuts down after just a litle while
3. the stinger i checked to, but thats only for a certain number of trojans, thats still scanning but I dont expect any results from that.
4.the online scans i tryd eralyer, i did symantec, panda, the one you mentioned, en several others, only symantec gave results, but then i trefered to the explenation on the symantec website, wich didnt work

since the virus is constantly active, it shuts down any atempts to remove it, so I should probably focus on getting it shut down for just a litle while, by editing the registry, but as I said earlyr, that didn't work.

still thanks for your efforts, if you have any new ideas, pls let me know verry soon

thanks all

try booting into safe mode and run moo

[koenVDB]

ok, I just tryd that to, no affect, it shuts down after a few secs, like NAV

[koenVDB]

ok, I have decided I don't have the time nor the skill to fix the problem, since i have a big task due to on wednesday, im gonna format and reinstall XP

thanks all anyway for you help