Here is some information about the trojan you are having problems with. I doubt it is related to Sygate, unless your friend got it from a 'questionable' source. More than likely the trojan was contracted through a MS Word document or delivered via e-mail. Aliases: NETLOG.WORM , NETWORK.VBS Description: This Trojan when run searches for a computer in the network where c:\ is shared with full control and accesses files. This virus does not run on Windows NT environment. Solution: Please delete the file "network.vbs" located in directories where it was added. You may also disconnect mapping of the network drive to ensure complete safety. Details: Upon execution, this Trojan checks for the file "network.log" in the c:\ drive, then it writes the text "Log file Open" to this file. It then writes in this log file random addresses with the text: " Subnet : ...0 " where: Random number 1 is the number between 199 to 214 Random number 2 and Random number 3 is the number between1 to 254 Then the malware picks a random address for it to scan. After this, the virus checks for a computer in a network wherein the shared format of c:\ is full control. It then maps the c:\ of the infected computer as j:\. The Trojan also adds the following line to the log file "network.log" for every drive it has mapped: "Copying files to : and checks the first network.vbs file it copies and then writes to the log: "Successful copy to : " if copy is successful. After mapping c:\ to j:\, it copies the file network.vbs to the following locations: J:\windows\startm~1\programs\startup\ J:\windows\ J:\windows\start menu\programs\startup\ J:\win95\start menu\programs\startup\ J:\win95\ startm~1\programs\startup\ J:\win95\ When the infected computer reboots, the virus runs because it is at the startup directory. With this the hacker can access all the files in c:\. The form of lookup by this worm can also act as a Distributed Denial of Service (DDOS) attack since the queries the virus performs can overwhelm a server until all requests cannot be serviced anymore, thereby crashing the system. ----- Original Message ----- From: "Rita" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Saturday, January 27, 2001 2:56 PM Subject: * informant * Needing some advice on Nortons Last week, I had Sygate installed. That's when my problems began. Immediately Nortons discovered a virus. As soon as I deleted the virus another popped up and on and on. I was never able to get a clean registry and just reformatted. I also added a new HD at that time so there was no virus on the computer. I did however, leave in my old 10 GB as a backup. I was forced to reformat and as soon as Sygate was added I received another virus alert. And another as soon as I quarantined that file. I am beginning to think it was a false positive or something is wrong with the CD Sygate was on. The program belongs to a tech friend who uses it on other computers as well. I am listing the information I received from Nortons. Can someone tell me if I should delete these files and is it possible they are indeed from Sygate and not some system file. I also installed Win 98 on my computer so if I need a file I am certain it will just grab what it needs and update itself .. I hope. In order to get back online and get my cable working I also had the network neighborhood deleted, removed the nic card and reinstalled it again. Now the computer is fine. Do I delete these files or what? All of the network is gone, with new installed from my disks. Here is what Norton says: Date: 1/24/01, Time: 20:00:42, Default on RITA The file C:\WINDOWS\STARTM~1\PROGRAMS\STARTUP\network.vbs is infected with the Bloodhound.Unknown virus. Unable to repair this file. Date: 1/24/01, Time: 20:01:38, Default on RITA The file C:\WINDOWS\STARTM~1\PROGRAMS\STARTUP\network.vbs was infected with the Bloodhound.Unknown virus. The file was quarantined. Date: 1/24/01, Time: 20:02:38, Default on RITA Date: 1/26/01, Time: 14:23:22, Default on RITA The file C:\WINDOWS\Start Menu\Programs\StartUp\Net-Enh.vbs is infected with the VBS.Network.D virus. Unable to repair this file. Date: 1/26/01, Time: 14:23:24, Default on RITA The file C:\WINDOWS\Start Menu\Programs\StartUp\Net-Enh.vbs was infected with the VBS.Network.D virus. The file was quarantined. Rita /=-=-=-=-Click Here & Support Our Sponsor-=-=-=-=-=-=-=-=-=\ Buy Shoes Online at Zappos.com: 1. Fast, Reliable Site 2. Devoted Customer Service 3. Great Shoe Selection 4. Price, Fit, and Satisfaction Guaranteed. http://click.topica.com/aaabe7b1dhsJb1Ao4Rc/Zappos \=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=/ ---- post: [EMAIL PROTECTED] url: http://theMezz.com/informant forum: http://theMezz.com/bbs subscribe: [EMAIL PROTECTED] unsubscribe: [EMAIL PROTECTED] digest: [EMAIL PROTECTED] notDigest: [EMAIL PROTECTED] ____________________________________________________________ T O P I C A -- Learn More. Surf Less. Newsletters, Tips and Discussions on Topics You Choose. http://www.topica.com/partner/tag01 ============================================================ GET A NEXTCARD VISA, in 30 seconds! Get rates as low as 2.9% Intro or 9.9% Fixed APR and no hidden fees. Apply NOW! http://click.topica.com/aaabh5b1dhsJb1LEkec/NextCard ============================================================ ---- post: [EMAIL PROTECTED] url: http://theMezz.com/informant forum: http://theMezz.com/bbs subscribe: [EMAIL PROTECTED] unsubscribe: [EMAIL PROTECTED] digest: [EMAIL PROTECTED] notDigest: [EMAIL PROTECTED] ____________________________________________________________ T O P I C A -- Learn More. Surf Less. Newsletters, Tips and Discussions on Topics You Choose. http://www.topica.com/partner/tag01
