I've managed to somehow or other get infected with this, there now seems to be two of them ! The 2nd one is not too surprising seeing as one of the things this viruse does is download other malware.
It's hidden itself inside a system driver, Norton picked it up but does not remove or quarentine it as its a system file and when I follow the help link it takes me here http://securityresponse.symantec.com/se ... 99&tabid=3
This looks like more of a fix for ME/XP I'm running vista home premium. I think that if you do a system re-install it will get rid of it but I'm kind of concerend about doing that as I've only ever done complete re-installs that have reformated drives. I've got about 200gigs of data files and progs on this HDD with about 120 gigs free so you'll hopefully understand why I'm rather nervous about doing a system re-instal!
This is what I'm getting from Norton (Unresolved security risks)
(quotes added by me to identifiy the text within each layer from Norton)
activity: "infected file C:\Windows\System32\drivers\netbt.sys
manual removal required"
The second iteration of it has
Manual removal required
Automatically run driver C:\Windows\System32\drivers\netbt.sys
no fix attempted"
Other things that this viruse does that I can see: turns off themes in Vista making the OS look like an older version of windows - it's easy enough to re-start themes but these should be auto start so it may have turned off other things I haven't noticed.
Every so often I get two pop-ups one saying "host process stopped working windows will notifiy you if a solution is found, the other saying server has stoped working.
Also if I shut down my comp when I restart from cold after I enter my password I get a long wait with the windows "welcome" word being displayed then it says "windows log in failed" the next attempt either starts windows normally or it starts it with most of my desktop missing - I then have to resart it again to get my normal desktop back.
I know it's a system file (from properties of the file) the creasted, modified & access date are all 2nd Nov 2006, which is around when I bought the comp new.
From reading up a little this would be classed as a rootkit, whilst some of them are harmless and needed to run progs e.g. Alcohol120% others can operate to copy passwords and log in info and send them off to whoever wrote the virues
Just wondering if I download these drivers from microsoft and copy them in to the same folders as the infected drivers can I then just delete the infected drivers ? Something is telling me that is too simple and obvious a solution for it to work. I'm pretty shit at this kind of stuff and only learning on here so dont laugh (too long and hard) at my thought of a solution other than doing a re-install.
If I re-install I'll have to download a myriad of windows updates as well seeing as my install disk is from when I bought the comp 3+years back.
Any advice and help greatlly appreciated.
Hopefully I can see a audio-visual media comp technician at work tomorrow - not too sure how up he is on these things and I value the reponses of quite a few of you more.