I'm getting about 100 Norton Alerts every 30 minutes -

backdoor.trojan found in  Windows/System32/sqladmb.dll

Norton will say "can't fix," "can't quarantine", "denied

access".

I'm so frustrated!  I've scanned, I've gone to Symantec

and tried their solution, I've just plain hunted it down

and I can't delete it!!

Does anyone have some suggestions, please?

Thanks!!!

Carolyn,



OK, step back and take a deep breath for a moment. Go back to the Symantec

page for the exact name of the virus that it is reporting, and follow those

instructions. Chances are it will want you to disable System Restore (for

the time being), and will need to have you do a virus scan from Safe Mode.

This is pretty standard fare, and most AV products can't knock out something

that is active in memory, and /or residing in the System Restore files.



Ron Chamberlin

MS-MVP





> I'm getting about 100 Norton Alerts every 30 minutes -

> backdoor.trojan found in  Windows/System32/sqladmb.dll

> Norton will say "can't fix," "can't quarantine", "denied

> access".

> I'm so frustrated!  I've scanned, I've gone to Symantec

> and tried their solution, I've just plain hunted it down

> and I can't delete it!!

> Does anyone have some suggestions, please?

> Thanks!!!

I am working to resolve the same situation only my file is named logboje.dll  When you follow the instructions from Symantec to scan in safe mode, the file does not exist.  I can browse the system32 folder and see that it is not there and run a full scan and finds nothing.  Log back in to Normal mode and its back!   Still working on it.






	
Quote:
	

	

		

			
				Originally posted by Ron Chamberlin 

Carolyn,



OK, step back and take a deep breath for a moment. Go back to the Symantec

page for the exact name of the virus that it is reporting, and follow those

instructions. Chances are it will want you to disable System Restore (for

the time being), and will need to have you do a virus scan from Safe Mode.

This is pretty standard fare, and most AV products can't knock out something

that is active in memory, and /or residing in the System Restore files.



Ron Chamberlin

MS-MVP





> I'm getting about 100 Norton Alerts every 30 minutes -

> backdoor.trojan found in  Windows/System32/sqladmb.dll

> Norton will say "can't fix," "can't quarantine", "denied

> access".

> I'm so frustrated!  I've scanned, I've gone to Symantec

> and tried their solution, I've just plain hunted it down

> and I can't delete it!!

> Does anyone have some suggestions, please?

> Thanks!!! 
			
		
	
	

I have the same problem, this is what norton pops up with:



Scan type:  Realtime Protection Scan

Event:  Virus Found!

Virus name: Backdoor.Trojan

File:  C:\WINDOWS\System32\winkdp.dll

Location:  C:\WINDOWS\System32

Computer:  Irrelevant 

User:  Irrelevant

Action taken:  Clean failed : Quarantine failed : Access denied

Date found: Sat Jul 24 17:30:45 2004



It pops up everytime an application is started and the .dll is deleted before norton can respond (i think) - i'm guessing it is a windows service. but i don't know how to terminate it.  I also can't find the original file causing the infection.  



Any help would be nice. Thanks.