trojan virus, pls help me

[koenVDB]

hi

I have got a huge problem, i found out some days age that my norton AV 2003 wasnt working, I could only get it open for about 5 seconds and then it crashed, i used several internet virus scanners and one of them(symantec) found out that i had the Backdoor.OptixPro.13 have on my computer.
This is why my NAV didn't work in the first place. I tried everything to get it off my system, but nothing seems to work...

first of all, these are the files symantec say are infected ,46 in total:

C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011587.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011588.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011623.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011624.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011629.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011725.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0011726.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0012722.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0012723.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013722.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013723.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013731.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013732.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013768.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013769.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013813.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013815.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013823.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0013824.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014823.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014824.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014862.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014863.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014908.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014909.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014945.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014946.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014955.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014956.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014961.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0014962.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015046.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015047.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015081.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015082.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015336.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015337.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015382.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015383.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015442.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015443.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015483.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015484.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015520.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015521.dll is infected with Backdoor.OptixPro.13
C:\System Volume Information\_restore{833E7666-D4EE-4EB3-9B76-66948FABFCE9}\RP78\A0015522.dll is infected with Backdoor.Assasin.Gen

it also said somthing about a thing called BKDR_ASSASIN20.B, but its been so long that i started working on this problem, that I don't even remember what it was or what it did

I followed all the instructions they gave me on the NAV site, and did all of them(I have win XP home edition)

they can be found here

http://securityresponse.symantec.com...tixpro.13.html

as you will see they tell you to edit the registery, i did that but somthing was strange, because the second and third thing I needed to change were already changed

what I mean is:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run

where i was suposed to delete the value in default, there was nothing there(or in any of the other keys)

same thing for the third, with the first thing i had to change however, their was a directory of some sort in front of the
"%1" %*

i deleted that, but when I went to normal mode again, my NAV still didnt wor(norton anti virus)

I tried to uninstal it, but that wont work either.

I have been working on this now for 2 whole days, withoud any results, I have followed other more simply ways to remove it, but since my NAV doesnt work, they are useles to me.

I realy hope sombudy can help me, or else i may have to format my pc, and mre then a year of hardwork that is on it will be lost...

thanks

[GroundZero3]

you disabled system restore when you did this correct?


i would download this, and run it. one of the best trojan removers

http://www.moosoft.com/

[John Prophet]

also you can try going here www.antivirus.com and running the free virus scan

also, have u simply tried to restore to before u got the virus??

[M_Six]

Stinger has been working pretty well for me.

[Theophylact]

HouseCall (free online scan at Trend Micro) is good too.

[koenVDB]

wow, thank you all for posting so soon, but I tried all of your ideas, and none worked

1. I didnt get restore up and running, because it was never active, you see I haven'd had this system for to long.
2. i tried the cleaner, i realy hoped it would work, but its the same as with norton, just shuts down after just a litle while
3. the stinger i checked to, but thats only for a certain number of trojans, thats still scanning but I dont expect any results from that.
4.the online scans i tryd eralyer, i did symantec, panda, the one you mentioned, en several others, only symantec gave results, but then i trefered to the explenation on the symantec website, wich didnt work

since the virus is constantly active, it shuts down any atempts to remove it, so I should probably focus on getting it shut down for just a litle while, by editing the registry, but as I said earlyr, that didn't work.

still thanks for your efforts, if you have any new ideas, pls let me know verry soon

thanks all

[GroundZero3]

try booting into safe mode and run moo

[koenVDB]

ok, I just tryd that to, no affect, it shuts down after a few secs, like NAV

[koenVDB]

ok, I have decided I don't have the time nor the skill to fix the problem, since i have a big task due to on wednesday, im gonna format and reinstall XP

thanks all anyway for you help