Problem posted by a user
Recently there was a problem, my Norton anti-virus found a Trojan, but it couldn’t remove it. The Trojan on my system was Generic!Artemis.
It said the Trojan was at C:\Documents and Settings\Owner\Application Data\Google\vgwsn871850.exe
I failed when I manually tried to delete it. McAfee’s Virtual Technician said my Security Center was missing a file, because of which it could not operate properly, but also says it can’t be fixed. (wtf?)
The Norton people could not help me, all they could do was instruct me to uninstall and re-install the product. There was no change in the result. Then later I was instructed to download and extract a new set of DAT files and run a full scan in DOS mode with System Restore Turned off. That too didn’t help.
This was what, was happening :
(1) If I try opening a web browser, I’d be redirected me to a page that would say “Insecure Internet Activity. Threat of Virus Attack.” I would have two options, either “click to get full advanced real-time protection” or “continue to website unprotected ( which obviously was not recommended)”. The additional spyware program(Spyware Doctor) I had on my system blocked the site and redirected me away from the site saying it is unsafe.
(2) Other problems were, a pop-up would welcome me as soon as I restart the computer, and a few pop-ups would pop up randomly which would say, “Security Center Alert, Windows firewall has blocked some features of this program. Do you want to block?”. It gave the following info: “Name: Win32.Zafi.B, Risk: High, Description: worm trojan that records keystrokes & takes screen shots of computer, stealing personal financial information.” Then, it gives what appears to be 3 options: “keep blocking, unblock, or enable protection”, but the first two options were disabled, so there you go, I’d be left with no choice but choose “enable protection”. Kinda very fishy :).
(3) Browser windows occasionally will just randomly close out totally
First thing what I’d recommed is not to use McAfee or Norton anti-virus, not atleast in the this situation as they hog down the resources and the protection they offer is very minimal. I’ve had good results with which is light weight and free.
Start your computer in the safe mode. To start the compter in safe mode, press F8, when the windows loads up, i.e. you need to do this before the Windows splash screen comes up. It’s a bit difficult to press F8 at the right time, so better is as soon as you re-start your computer, keep pressing F8, you’ll end up in safe mode. A menu pops up, once the menu comes up choose the option for safe mode. Once Windows is loaded in safe mode scan the system.
What is likely happening is that the Trojan is loaded and running, the Windows operating system can not delete a file that is currently in use, so the Anti-Virus is useless when the virus file is in use. But running in safe mode will likely prevent the trojan from loading.
Depending on the trojan it could be reload on the next boot–even if you have disable system restore. In those cases it takes a bit more work to delete the virus.