Questions, Questions, a Trojan and a Chocolate Bar



Sandal
07-10-2005, 01:14 AM
I have 2 PCs one for home one for the office both running Windows XP home
it is the home one in question.
I have over the last few days decided to get to grips with this PC with
excellent support from Windows help & support.

Installed for some time among other things are
Zone-Alarm, Spy-Bot, Norton anti-virus and Ad-Ware
all are kept bang up-to-date and used religiously.

As an exercise I decided to look for and install a free trojan
scan & remover and found one at irsoftware.org on a 30 day trial.

Much to my surprise it found some spy-ware and a trojan called Nemog,
I ran the scan again but this time all it found was the spyware, no Nemog,
where has it gone ,I had done nothing to remove it?

With Nemog firmly planted in my head I went looking for help and
came across rickrogers.org useful site on starting in safe mode
and his advice on how to remove a Trojan.

Question, after starting in safe mode and then start/search/files&folders,
then typing in Nemog the search came up with nothing, does this mean I have
no trojan or do I still have to search the registry?

Question, is there any benefit to be gained when running a weekly virus scan
to do it in safe mode, is it more thorough?

Question, can anybody direct me to a site where I can download a free
no trial trojan scan & remover that can be updated or should my
Norton anti-virus be doing a trojan check for me?

This is probably not for here but what the hell, while surfing I came across
this story.
With incredulity firmly in place I checked it out and stone me if it doesn't
have some meat to it.

Recently, in the UK, 280 people out of 500 were persuaded either
face to face or on the phone to part with their NI Num and their
banking and password details, the bribe,
a bar of chocolate, F---ME!
--
Sandal

DL
07-10-2005, 01:14 AM
> Installed for some time among other things are
> Zone-Alarm, Spy-Bot, Norton anti-virus and Ad-Ware
> all are kept bang up-to-date and used religiously.

These apps should suffice, many of the payfor trojan apps give false
positives - helps persuade people to buy!
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.html

Wesley Vogel
07-10-2005, 01:14 AM
Nemog

Info on Backdoor.Nemog
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.html

Info Backdoor.Nemog.D
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.d.html

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:CABA3BC5-B6CB-4E02-B8EE-199CFAD412FE@microsoft.com,
Sandal <Sandal@discussions.microsoft.com> hunted and pecked:
> I have 2 PCs one for home one for the office both running Windows XP home
> it is the home one in question.
> I have over the last few days decided to get to grips with this PC with
> excellent support from Windows help & support.
>
> Installed for some time among other things are
> Zone-Alarm, Spy-Bot, Norton anti-virus and Ad-Ware
> all are kept bang up-to-date and used religiously.
>
> As an exercise I decided to look for and install a free trojan
> scan & remover and found one at irsoftware.org on a 30 day trial.
>
> Much to my surprise it found some spy-ware and a trojan called Nemog,
> I ran the scan again but this time all it found was the spyware, no
> Nemog, where has it gone ,I had done nothing to remove it?
>
> With Nemog firmly planted in my head I went looking for help and
> came across rickrogers.org useful site on starting in safe mode
> and his advice on how to remove a Trojan.
>
> Question, after starting in safe mode and then start/search/files&folders,
> then typing in Nemog the search came up with nothing, does this mean I
> have no trojan or do I still have to search the registry?
>
> Question, is there any benefit to be gained when running a weekly virus
> scan to do it in safe mode, is it more thorough?
>
> Question, can anybody direct me to a site where I can download a free
> no trial trojan scan & remover that can be updated or should my
> Norton anti-virus be doing a trojan check for me?
>
> This is probably not for here but what the hell, while surfing I came
> across this story.
> With incredulity firmly in place I checked it out and stone me if it
> doesn't have some meat to it.
>
> Recently, in the UK, 280 people out of 500 were persuaded either
> face to face or on the phone to part with their NI Num and their
> banking and password details, the bribe,
> a bar of chocolate, F---ME!
> --
> Sandal

Sandal
07-10-2005, 01:14 AM
DL,
Many thanks for your reply, yes indeed they do, hopefully what I have will
suffice.
Going back to my question of starting in safe mode, did I do enough or
should I have explored further, I just feel a tad uneasy.
--
Sandal


"DL" wrote:

> > Installed for some time among other things are
> > Zone-Alarm, Spy-Bot, Norton anti-virus and Ad-Ware
> > all are kept bang up-to-date and used religiously.
>
> These apps should suffice, many of the payfor trojan apps give false
> positives - helps persuade people to buy!
> http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.html
>
>
>

Sandal
07-10-2005, 01:14 AM
Wesley,
Thankyou for your reply, I had already been to Symantec but strangly their
removal tool for m-doom was not availaible now it is, I have just ran it, it
found nothing.
Is it the same trojan as Nemog.

Going back to my question of starting in safe mode, did I do enough or
should I have explored further, I just feel a tad uneasy?
--
Sandal

"Wesley Vogel" wrote:

> Nemog
>
> Info on Backdoor.Nemog
> http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.html
>
> Info Backdoor.Nemog.D
> http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.d.html
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:CABA3BC5-B6CB-4E02-B8EE-199CFAD412FE@microsoft.com,
> Sandal <Sandal@discussions.microsoft.com> hunted and pecked:
> > I have 2 PCs one for home one for the office both running Windows XP home
> > it is the home one in question.
> > I have over the last few days decided to get to grips with this PC with
> > excellent support from Windows help & support.
> >
> > Installed for some time among other things are
> > Zone-Alarm, Spy-Bot, Norton anti-virus and Ad-Ware
> > all are kept bang up-to-date and used religiously.
> >
> > As an exercise I decided to look for and install a free trojan
> > scan & remover and found one at irsoftware.org on a 30 day trial.
> >
> > Much to my surprise it found some spy-ware and a trojan called Nemog,
> > I ran the scan again but this time all it found was the spyware, no
> > Nemog, where has it gone ,I had done nothing to remove it?
> >
> > With Nemog firmly planted in my head I went looking for help and
> > came across rickrogers.org useful site on starting in safe mode
> > and his advice on how to remove a Trojan.
> >
> > Question, after starting in safe mode and then start/search/files&folders,
> > then typing in Nemog the search came up with nothing, does this mean I
> > have no trojan or do I still have to search the registry?
> >
> > Question, is there any benefit to be gained when running a weekly virus
> > scan to do it in safe mode, is it more thorough?
> >
> > Question, can anybody direct me to a site where I can download a free
> > no trial trojan scan & remover that can be updated or should my
> > Norton anti-virus be doing a trojan check for me?
> >
> > This is probably not for here but what the hell, while surfing I came
> > across this story.
> > With incredulity firmly in place I checked it out and stone me if it
> > doesn't have some meat to it.
> >
> > Recently, in the UK, 280 people out of 500 were persuaded either
> > face to face or on the phone to part with their NI Num and their
> > banking and password details, the bribe,
> > a bar of chocolate, F---ME!
> > --
> > Sandal
>
>

Wesley Vogel
07-10-2005, 01:14 AM
Sandal,

Nemog, Backdoor.Nemog and Backdoor.Nemog.D are names made up by Symantec.

To add to the confusion, McAfee calls it BackDoor-CHR, Sophos calls it
Troj/Bdoor-CHR

Try this first...
Malicious Software Removal Tool
http://www.microsoft.com/security/malwareremove/default.mspx

Click on
Skip the details and run the tool
---

Sophos: Instructions for disinfecting W32/MyDoom-A, W32/MyDoom-B,
W32/MyDoom-F, W32/MyDoom-N, W32/MyDoom-O, W32/MyDoom-S and Troj/Bdoor-CHR
http://www.sophos.com/support/disinfection/mydooma.html

BackDoor-CHR
http://vil.nai.com/vil/content/v_127617.htm

Scroll down to...
Removal Instructions

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:55D45F6C-DD37-4DEF-8F82-F54449897E2C@microsoft.com,
Sandal <Sandal@discussions.microsoft.com> hunted and pecked:
> Wesley,
> Thankyou for your reply, I had already been to Symantec but strangly their
> removal tool for m-doom was not availaible now it is, I have just ran it,
> it found nothing.
> Is it the same trojan as Nemog.
>
> Going back to my question of starting in safe mode, did I do enough or
> should I have explored further, I just feel a tad uneasy?
> --
> Sandal
>
> "Wesley Vogel" wrote:
>
>> Nemog
>>
>> Info on Backdoor.Nemog
>>
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.html
>>
>> Info Backdoor.Nemog.D
>>
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.d.html
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:CABA3BC5-B6CB-4E02-B8EE-199CFAD412FE@microsoft.com,
>> Sandal <Sandal@discussions.microsoft.com> hunted and pecked:
>>> I have 2 PCs one for home one for the office both running Windows XP
>>> home it is the home one in question.
>>> I have over the last few days decided to get to grips with this PC with
>>> excellent support from Windows help & support.
>>>
>>> Installed for some time among other things are
>>> Zone-Alarm, Spy-Bot, Norton anti-virus and Ad-Ware
>>> all are kept bang up-to-date and used religiously.
>>>
>>> As an exercise I decided to look for and install a free trojan
>>> scan & remover and found one at irsoftware.org on a 30 day trial.
>>>
>>> Much to my surprise it found some spy-ware and a trojan called Nemog,
>>> I ran the scan again but this time all it found was the spyware, no
>>> Nemog, where has it gone ,I had done nothing to remove it?
>>>
>>> With Nemog firmly planted in my head I went looking for help and
>>> came across rickrogers.org useful site on starting in safe mode
>>> and his advice on how to remove a Trojan.
>>>
>>> Question, after starting in safe mode and then
>>> start/search/files&folders, then typing in Nemog the search came up
>>> with nothing, does this mean I have no trojan or do I still have to
>>> search the registry?
>>>
>>> Question, is there any benefit to be gained when running a weekly virus
>>> scan to do it in safe mode, is it more thorough?
>>>
>>> Question, can anybody direct me to a site where I can download a free
>>> no trial trojan scan & remover that can be updated or should my
>>> Norton anti-virus be doing a trojan check for me?
>>>
>>> This is probably not for here but what the hell, while surfing I came
>>> across this story.
>>> With incredulity firmly in place I checked it out and stone me if it
>>> doesn't have some meat to it.
>>>
>>> Recently, in the UK, 280 people out of 500 were persuaded either
>>> face to face or on the phone to part with their NI Num and their
>>> banking and password details, the bribe,
>>> a bar of chocolate, F---ME!
>>> --
>>> Sandal

Sandal
07-10-2005, 01:14 AM
Wesley,
My thanks to you for the info and the help, I never realised about diffrent
names gosh do I have a lot to learn.
Many Thanks
--
Sandal


"Wesley Vogel" wrote:

> Sandal,
>
> Nemog, Backdoor.Nemog and Backdoor.Nemog.D are names made up by Symantec.
>
> To add to the confusion, McAfee calls it BackDoor-CHR, Sophos calls it
> Troj/Bdoor-CHR
>
> Try this first...
> Malicious Software Removal Tool
> http://www.microsoft.com/security/malwareremove/default.mspx
>
> Click on
> Skip the details and run the tool
> ---
>
> Sophos: Instructions for disinfecting W32/MyDoom-A, W32/MyDoom-B,
> W32/MyDoom-F, W32/MyDoom-N, W32/MyDoom-O, W32/MyDoom-S and Troj/Bdoor-CHR
> http://www.sophos.com/support/disinfection/mydooma.html
>
> BackDoor-CHR
> http://vil.nai.com/vil/content/v_127617.htm
>
> Scroll down to...
> Removal Instructions
>
> --
> Hope this helps. Let us know.
>
> Wes
> MS-MVP Windows Shell/User
>
> In news:55D45F6C-DD37-4DEF-8F82-F54449897E2C@microsoft.com,
> Sandal <Sandal@discussions.microsoft.com> hunted and pecked:
> > Wesley,
> > Thankyou for your reply, I had already been to Symantec but strangly their
> > removal tool for m-doom was not availaible now it is, I have just ran it,
> > it found nothing.
> > Is it the same trojan as Nemog.
> >
> > Going back to my question of starting in safe mode, did I do enough or
> > should I have explored further, I just feel a tad uneasy?
> > --
> > Sandal
> >
> > "Wesley Vogel" wrote:
> >
> >> Nemog
> >>
> >> Info on Backdoor.Nemog
> >>
> http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.html
> >>
> >> Info Backdoor.Nemog.D
> >>
> http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.d.html
> >>
> >> --
> >> Hope this helps. Let us know.
> >>
> >> Wes
> >> MS-MVP Windows Shell/User
> >>
> >> In news:CABA3BC5-B6CB-4E02-B8EE-199CFAD412FE@microsoft.com,
> >> Sandal <Sandal@discussions.microsoft.com> hunted and pecked:
> >>> I have 2 PCs one for home one for the office both running Windows XP
> >>> home it is the home one in question.
> >>> I have over the last few days decided to get to grips with this PC with
> >>> excellent support from Windows help & support.
> >>>
> >>> Installed for some time among other things are
> >>> Zone-Alarm, Spy-Bot, Norton anti-virus and Ad-Ware
> >>> all are kept bang up-to-date and used religiously.
> >>>
> >>> As an exercise I decided to look for and install a free trojan
> >>> scan & remover and found one at irsoftware.org on a 30 day trial.
> >>>
> >>> Much to my surprise it found some spy-ware and a trojan called Nemog,
> >>> I ran the scan again but this time all it found was the spyware, no
> >>> Nemog, where has it gone ,I had done nothing to remove it?
> >>>
> >>> With Nemog firmly planted in my head I went looking for help and
> >>> came across rickrogers.org useful site on starting in safe mode
> >>> and his advice on how to remove a Trojan.
> >>>
> >>> Question, after starting in safe mode and then
> >>> start/search/files&folders, then typing in Nemog the search came up
> >>> with nothing, does this mean I have no trojan or do I still have to
> >>> search the registry?
> >>>
> >>> Question, is there any benefit to be gained when running a weekly virus
> >>> scan to do it in safe mode, is it more thorough?
> >>>
> >>> Question, can anybody direct me to a site where I can download a free
> >>> no trial trojan scan & remover that can be updated or should my
> >>> Norton anti-virus be doing a trojan check for me?
> >>>
> >>> This is probably not for here but what the hell, while surfing I came
> >>> across this story.
> >>> With incredulity firmly in place I checked it out and stone me if it
> >>> doesn't have some meat to it.
> >>>
> >>> Recently, in the UK, 280 people out of 500 were persuaded either
> >>> face to face or on the phone to part with their NI Num and their
> >>> banking and password details, the bribe,
> >>> a bar of chocolate, F---ME!
> >>> --
> >>> Sandal
>
>

Wesley Vogel
07-10-2005, 01:14 AM
We all do, Sandal, we all do. :-)


--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In news:A20DA181-8979-4195-B6C1-1D630D715DF9@microsoft.com,
Sandal <Sandal@discussions.microsoft.com> hunted and pecked:
> Wesley,
> My thanks to you for the info and the help, I never realised about
> diffrent names gosh do I have a lot to learn.
> Many Thanks
> --
> Sandal
>
>
> "Wesley Vogel" wrote:
>
>> Sandal,
>>
>> Nemog, Backdoor.Nemog and Backdoor.Nemog.D are names made up by Symantec.
>>
>> To add to the confusion, McAfee calls it BackDoor-CHR, Sophos calls it
>> Troj/Bdoor-CHR
>>
>> Try this first...
>> Malicious Software Removal Tool
>> http://www.microsoft.com/security/malwareremove/default.mspx
>>
>> Click on
>> Skip the details and run the tool
>> ---
>>
>> Sophos: Instructions for disinfecting W32/MyDoom-A, W32/MyDoom-B,
>> W32/MyDoom-F, W32/MyDoom-N, W32/MyDoom-O, W32/MyDoom-S and Troj/Bdoor-CHR
>> http://www.sophos.com/support/disinfection/mydooma.html
>>
>> BackDoor-CHR
>> http://vil.nai.com/vil/content/v_127617.htm
>>
>> Scroll down to...
>> Removal Instructions
>>
>> --
>> Hope this helps. Let us know.
>>
>> Wes
>> MS-MVP Windows Shell/User
>>
>> In news:55D45F6C-DD37-4DEF-8F82-F54449897E2C@microsoft.com,
>> Sandal <Sandal@discussions.microsoft.com> hunted and pecked:
>>> Wesley,
>>> Thankyou for your reply, I had already been to Symantec but strangly
>>> their removal tool for m-doom was not availaible now it is, I have just
>>> ran it, it found nothing.
>>> Is it the same trojan as Nemog.
>>>
>>> Going back to my question of starting in safe mode, did I do enough or
>>> should I have explored further, I just feel a tad uneasy?
>>> --
>>> Sandal
>>>
>>> "Wesley Vogel" wrote:
>>>
>>>> Nemog
>>>>
>>>> Info on Backdoor.Nemog
>>>>
>>
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.html
>>>>
>>>> Info Backdoor.Nemog.D
>>>>
>>
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.nemog.d.html
>>>>
>>>> --
>>>> Hope this helps. Let us know.
>>>>
>>>> Wes
>>>> MS-MVP Windows Shell/User
>>>>
>>>> In news:CABA3BC5-B6CB-4E02-B8EE-199CFAD412FE@microsoft.com,
>>>> Sandal <Sandal@discussions.microsoft.com> hunted and pecked:
>>>>> I have 2 PCs one for home one for the office both running Windows XP
>>>>> home it is the home one in question.
>>>>> I have over the last few days decided to get to grips with this PC
>>>>> with excellent support from Windows help & support.
>>>>>
>>>>> Installed for some time among other things are
>>>>> Zone-Alarm, Spy-Bot, Norton anti-virus and Ad-Ware
>>>>> all are kept bang up-to-date and used religiously.
>>>>>
>>>>> As an exercise I decided to look for and install a free trojan
>>>>> scan & remover and found one at irsoftware.org on a 30 day trial.
>>>>>
>>>>> Much to my surprise it found some spy-ware and a trojan called Nemog,
>>>>> I ran the scan again but this time all it found was the spyware, no
>>>>> Nemog, where has it gone ,I had done nothing to remove it?
>>>>>
>>>>> With Nemog firmly planted in my head I went looking for help and
>>>>> came across rickrogers.org useful site on starting in safe mode
>>>>> and his advice on how to remove a Trojan.
>>>>>
>>>>> Question, after starting in safe mode and then
>>>>> start/search/files&folders, then typing in Nemog the search came up
>>>>> with nothing, does this mean I have no trojan or do I still have to
>>>>> search the registry?
>>>>>
>>>>> Question, is there any benefit to be gained when running a weekly
>>>>> virus scan to do it in safe mode, is it more thorough?
>>>>>
>>>>> Question, can anybody direct me to a site where I can download a free
>>>>> no trial trojan scan & remover that can be updated or should my
>>>>> Norton anti-virus be doing a trojan check for me?
>>>>>
>>>>> This is probably not for here but what the hell, while surfing I came
>>>>> across this story.
>>>>> With incredulity firmly in place I checked it out and stone me if it
>>>>> doesn't have some meat to it.
>>>>>
>>>>> Recently, in the UK, 280 people out of 500 were persuaded either
>>>>> face to face or on the phone to part with their NI Num and their
>>>>> banking and password details, the bribe,
>>>>> a bar of chocolate, F---ME!
>>>>> --
>>>>> Sandal


Questions, Questions, a Trojan and a Chocolate Bar