Deborah...
According to the Symantec (who make Norton AV) site,
removal is fairly easy:
======================================================
NOTE: These instructions are for all current and recent
Symantec antivirus products, including the Symantec
AntiVirus and Norton AntiVirus product lines.
1. Update the virus definitions.
2. Restart the computer in Safe mode.
3. Run a full system scan, and delete all files that are
detected as Backdoor.Kaitex.B.
4. Delete the value
Service <the Trojan file path and name>
[e.g. C:\comand.exe or C:\Windows\comand.exe or C:\autorun.inf]
from the registry key
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
http://securityresponse.symantec.com/avcenter/venc/data/backdoor.kaitex.b.html
======================================================
There are extended instructions on the page above to
walk you through each of the steps above, such as how
to start Windows in Safe Mode, and how to open the
Registry Editor and delete the entry noted above.
Hummer-ga's suggestion to use Trend Micro's free online
virus scan is normally something with which I would agree,
however I searched their site for this virus, under several
aliases as well, and it didn't turn up on their site.
You can try to use their scan, but it may not work.
Their free online scan is here:
http://housecall.trendmicro.com/housecall/start_corp.asp
Another such site, with a free online scan is Bit Defender.
I also searched their site for the virus and its aliases,
with no results. Their free online scan is here:
http://www.bitdefender.com/scan/licence.php
If you successfully use either of the above online scans,
you would still need to remove the entry in your registry
by hand, using the extended instructions available on the
page above.
The file 'comand.exe' is certainly a file created by the
virus, which mimics the Windows file 'command.exe' or
'cmd.exe', depending on your version of Windows. This is
intended to make you afraid to delete it, since it so
closely resembles a legitimate Windows system file.
I ran a search for 'comand.exe' in conjunction with this
virus' name and its aliases, and came up blank. This just
means that the user of this virus has created his own name
for the active file.
In searching for 'comand.exe' by itself, I located one
entry where this file is associated with an 'autorun.inf'
file, which calls the comand.exe file. The registry entry
therefore referred to the autorun.inf file rather than the
comand.exe file itself. 'Autorun.inf' is another common
name, used to cause CDs to load and play automatically.
It is normally located on the CD itself, and there should
not be such a file on your computer. In this case the file
was placed in the root directory - C:\autorun.inf
It might be wise to run a search for this file on your
computer, as well, and delete it. This instance of 'comand.exe'
was in conjunction with a virus called ICQpass:
http://www.camsoftpartners.co.uk/bugs.htm
I believe this will resolve your situation, however,
resoving computer issues often requires some dialogue
to reach a successful conclusion.
Please do not rate this answer until you are satisfied that
the answer cannot be improved upon by means of a dialog
established through the "Request for Clarification" process.
sublime1-ga
Searches done, via Google:
Backdoor.Kaitex.B
://www.google.com/search?q=Backdoor.Kaitex.B
Backdoor.Kaitex.B comand.exe
://www.google.com/search?q=Backdoor.Kaitex.B+comand.exe
comand.exe
://www.google.com/search?q=comand.exe
W32.Ircbot
://www.google.com/search?q=W32.Ircbot
W32.Ircbot comand.exe
://www.google.com/search?q=W32.Ircbot+comand.exe |
