I have been fighting this Backdoor.Trojan for over a

week. I have tried everything I know to get rid of it,

but can't. Norton says there is nothing wrong when I do a

complete scan in safe mode, but I get a virus warning

constantly. Should I dump the whole system? If so, how do

I do it. Living where I do, there is not any computer

gurus around.

Hi Keith,



This link might help.

http://www.pchell.com/virus/sdbot.shtml



HTH, JAX



"Keith" <anonymous@discussions.microsoft.com> wrote in message

news:1e5a01c46fd0$4159a050$a501280a@phx.gbl...

> I have been fighting this Backdoor.Trojan for over a

> week. I have tried everything I know to get rid of it,

> but can't. Norton says there is nothing wrong when I do a

> complete scan in safe mode, but I get a virus warning

> constantly. Should I dump the whole system? If so, how do

> I do it. Living where I do, there is not any computer

> gurus around.

Ok, well, a little research finds the following



http://securityresponse.symantec.com...or.trojan.html



"Backdoor.Trojan is a generic detection for a group of Backdoor Trojan

Horses. All the Trojans detected as Backdoor.Trojan have one thing in

common: they allow unauthorized access to an infected computer."



This really isn't an MS issue but ...



If you can figure out the actual name of the virus or trojan, that would

really help to resolve your issue.



When you say you have done everything you know to resolve this, what exactly

have you tried?



Usually, the trojans that I have seen normally appear in the temp internet

folder. So what you can do is the following and see if the error comes up

again.



Open Internet Explorer --> then click on "Tools" then "Internet Options"

then in the "Temporary Internet files" section, click on "Delete Files" and

"Delete Cookies". Then click on "Settings" then "View Objects" then select

all files and delete. Close that window and click OK twice. Restart your

machine as per normal and see if the error message comes up again.



Hope this helps.





Cheers,

Franksta.

>-----Original Message-----

>Ok, well, a little research finds the following

>

>http://securityresponse.symantec.com...er/venc/data/b

ackdoor.trojan.html

>

>"Backdoor.Trojan is a generic detection for a group of

Backdoor Trojan

>Horses. All the Trojans detected as Backdoor.Trojan have

one thing in

>common: they allow unauthorized access to an infected

computer."

>

>This really isn't an MS issue but ...

>

>If you can figure out the actual name of the virus or

trojan, that would

>really help to resolve your issue.

>

>When you say you have done everything you know to

resolve this, what exactly

>have you tried?

>

>Usually, the trojans that I have seen normally appear in

the temp internet

>folder. So what you can do is the following and see if

the error comes up

>again.

>

>Open Internet Explorer --> then click on "Tools"

then "Internet Options"

>then in the "Temporary Internet files" section, click

on "Delete Files" and

>"Delete Cookies". Then click on "Settings" then "View

Objects" then select

>all files and delete. Close that window and click OK

twice. Restart your

>machine as per normal and see if the error message comes

up again.

>

>Hope this helps.

>

>

>Cheers,

>Franksta.

>

> What i have done so far is:



Been to symantic's page and followed there advice....no

help



check my registrys and cannot find it



ran all my spyware programs is safe mode...nothing





I am lost!!

>.

>

#1 rule for working on viruses is to get out of normal mode. 99% of the

time, the bugs are active in normal mode making detection and removal

difficult if not impossible.



If you know the name of your trojan (has been identified by AV software),

look it up (googling is the easiest way) and get removal instructions. Then

print them off. Restart the system and hit F8 at boot to load safe mode.

Logon as administrator, then follow the removal instructions.



--

Best of Luck,



Rick Rogers, aka "Nutcase" - Microsoft MVP

http://mvp.support.microsoft.com/

Associate Expert - WindowsXP Expert Zone

www.microsoft.com/windowsxp/expertzone

Windows help - www.rickrogers.org



"Keith" <anonymous@discussions.microsoft.com> wrote in message

news:1e5a01c46fd0$4159a050$a501280a@phx.gbl...

> I have been fighting this Backdoor.Trojan for over a

> week. I have tried everything I know to get rid of it,

> but can't. Norton says there is nothing wrong when I do a

> complete scan in safe mode, but I get a virus warning

> constantly. Should I dump the whole system? If so, how do

> I do it. Living where I do, there is not any computer

> gurus around.

Ok Keith,





Which registry settings have you checked? Did you try my previous

suggestion?



Try the following locations:



HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/

HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/



Any of the keys that say "Run" in it. These are apps that are scheduled to

run at startup.



Check if any of these look "funky". Export them and delete then test.





Let me know,

Franksta.

>-----Original Message-----

>#1 rule for working on viruses is to get out of normal

mode. 99% of the

>time, the bugs are active in normal mode making

detection and removal

>difficult if not impossible.

>

>If you know the name of your trojan (has been identified

by AV software),

>look it up (googling is the easiest way) and get removal

instructions. Then

>print them off. Restart the system and hit F8 at boot to

load safe mode.

>Logon as administrator, then follow the removal

instructions.

>

>--

>Best of Luck,

>

>Rick Rogers, aka "Nutcase" - Microsoft MVP

>http://mvp.support.microsoft.com/

>Associate Expert - WindowsXP Expert Zone

>www.microsoft.com/windowsxp/expertzone

>Windows help - www.rickrogers.org

>

>"Keith" <anonymous@discussions.microsoft.com> wrote in

message[vbcol=seagreen]

>news:1e5a01c46fd0$4159a050$a501280a@phx.gbl... 

do a[vbcol=seagreen] 

do 

>

>

>.

> When I boot up in safe mode, I cannot find the bug.

Norton says nothing infected. But when  I get a warning

from Norton, it says::



Object Name: C:\WINDOWS\SYSTEM32\SQLFLP.DLL

Virus Name: Backdoor.Trojan





I found the .dll but cannot delete it. Cannot find it

when in safe mode.

Boot to Safe mode, logon as your regular user (not administrator) look at

these registry keys:



HKEY_CURRENT_USER\Software\Microsoft\Windows\Curre  ntVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr  entVersion\Run

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg



See if there is a string there that loads that file. If so, delete the

string (not the key).



--

Best of Luck,



Rick Rogers, aka "Nutcase" - Microsoft MVP

http://mvp.support.microsoft.com/

Associate Expert - WindowsXP Expert Zone

www.microsoft.com/windowsxp/expertzone

Windows help - www.rickrogers.org



"Keith" <anonymous@discussions.microsoft.com> wrote in message

news:1ee701c46fd9$86b6a680$a501280a@phx.gbl...

> 

> mode. 99% of the 

> detection and removal 

> by AV software), 

> instructions. Then 

> load safe mode. 

> instructions. 

> message 

> do a 

> do 

> Norton says nothing infected. But when  I get a warning

> from Norton, it says::

>

> Object Name: C:\WINDOWS\SYSTEM32\SQLFLP.DLL

> Virus Name: Backdoor.Trojan

>

>

> I found the .dll but cannot delete it. Cannot find it

> when in safe mode.

>-----Original Message-----

>Boot to Safe mode, logon as your regular user (not

administrator) look at

>these registry keys:

>

>HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr  entVersi

on\Run

>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Cur  rentVers

ion\Run

>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared

Tools\MSConfig\startupreg

>

>See if there is a string there that loads that file. If

so, delete the

>string (not the key).

>

>--

>Best of Luck,

>

>Rick Rogers, aka "Nutcase" - Microsoft MVP

>http://mvp.support.microsoft.com/

>Associate Expert - WindowsXP Expert Zone

>www.microsoft.com/windowsxp/expertzone

>Windows help - www.rickrogers.org

>

>"Keith" <anonymous@discussions.microsoft.com> wrote in

message[vbcol=seagreen]

>news:1ee701c46fd9$86b6a680$a501280a@phx.gbl... 

identified[vbcol=seagreen] 

removal[vbcol=seagreen] 

to[vbcol=seagreen] 

it,[vbcol=seagreen] 

warning[vbcol=seagreen] 

how[vbcol=seagreen] 

computer 

>

>

>.Rick,



Went through everything and there is nothing there that

is related to this trojan. It has to loading from

somewhere, just not sure where.

>

>-----Original Message-----

>Ok Keith,

>

>

>Which registry settings have you checked? Did you try my

previous

>suggestion?

>

>Try the following locations:

>

>HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersi

on/

>HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVers

ion/

>

>Any of the keys that say "Run" in it. These are apps

that are scheduled to

>run at startup.

>

>Check if any of these look "funky". Export them and

delete then test.

>

>

>Let me know,

>Franksta.

>

>

>.

>Franksta,



Been through is all, no luck. This is driving me nuts



the Norton warning say:



Object Name: C:\Windows\System32\sqlflp.dll

Virus Name:  Backdoor.Trojan



When I do a search of my computer, it says it can't find

it