Results 1 to 5 of 5

Thread: "Backdoor.Win32.Nuclear.ax" Trojan Problem: ZA Caught it but...

  1. #1
    jasonpotter Guest

    Default "Backdoor.Win32.Nuclear.ax" Trojan Problem: ZA Caught it but...

    I have two trojans that recently appeared on my computer, one of which is named in the subject line of this message.
    The other is "Backdoor.Win32.Zapchast".
    These have been quarantined at bootup but when I attempt to delete them, the ZA (Version 7.0.337.000 with Anti-Virus Engine Version 3, Dat file version #20070906105001) says "Delete on Reboot" and when I reboot they reappear, this time quarantined but not deleted.
    If I attempt to manually delete them, I have the same problem.
    I have searched for information about these two trojans.
    Anyone know what I can do here?


    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    jdoliver Guest

    Default Re: "Backdoor.Win32.Nuclear.ax" Trojan Problem: ZA Caught it but...

    If they reappear after reboot, they may be in the system restore files. You could try turning off System Restore. (Start/accessories/system tools/system restore/system restore settings).
    Then boot to safe mode and run the virus scan again. You'll have to do it manually because the firewall won't start in safe mode.

  3. #3
    jasonpotter Guest

    Default Re: "Backdoor.Win32.Nuclear.ax" Trojan Problem: ZA Caught it but...

    Thanks for the advice.
    Would this come up even at boot
    up, without running a Scan of the computer (supposing, as you wisely suggested, that the file was in some Restore files on the computer)?
    The message I get comes up immediately upon reloading Windows, not following a disc scan.
    Just curious.

  4. #4
    jasonpotter Guest

    Default Re: "Backdoor.Win32.Nuclear.ax" Trojan Problem: ZA Caught it but...

    For those that might be interested, here's how I got rid of this one:
    1. Since deleting from quarantine produced a reinfection (always detected at bootup by ZA and quarantined again), and the two Trojans (Backdoor.Win32.Nuclear.ax and Backdoor.Win32.Zapchast) were always in the "c:windows\windows" directory, one identified as "protection.nrp" file (associated with Zapchast) and the other as "install.sys", I rebooted to the Recovery Console.2. To do that, boot to CD-Rom (you may need to change your Boot Order in the BIOS to accomplish this) with XP Install Disc in place, choose "R" when offered the Recovery Console option, then select the operating system location.3. Went to the "C:\windows\windows" directory.
    Found two suspect files, one with only an extension (i.e., ".nrp&quot the other called "install.exe".
    I renamed each of these.4. Reboot to hard drive as normal (modify BIOS to change Boot Order back to the way it was originally).5. Delete all quarantined files in ZoneAlarm.6.
    Reboot.
    Viruses gone!

  5. #5
    davehen Guest

    Default Re: "Backdoor.Win32.Nuclear.ax" Trojan Problem: ZA Caught it but...

    I'm at the C:/WINDOWS at the recovery console, but am unsure what to do next. How to I repair the C:WINDOWS/WINDOWS directory? how to I change file names? and what do I change them to?

    Thanks for your help! I'm a noob when it comes to the recovery console.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •