I have fully updated Norton firewall and virus protection on my computer, and so thought I was safe. I thought I had paid for my safety (or should I say the safety of my computer and its contents). However last week when the virus checker ran it found backdoor.ryknos and irc.backdoor.trojan viruses.

I was alarmed - these were the first viruses I had ever had. I phoned Norton and got through to someone in India who told me I'd have to pay £70 for them to remove it remotely (unless I could follow their instructions over the phone - which seemed unlikely as we both had to repeat every sentence several times in order to understand each other).

So I paid my money and then waited. Listening to absolutely awful crackly music (it was  a terrible line) for 45 minutes - with no one at any point confirming my position in the queue or anything. If I hadn't just parted with £70 I'd have hung up.

Anyway, finally someone came on the phone, took control of my computer for half an hour, and then told me it was fixed.

The following day I turned my computer back on and it didn't work. I had to phone India again for them to take me through the process of getting my computer back in a working state. The fixing chap had obviously forgotten to do this.

All was well until last night when the virus checker runs into a major haul of viruses, and after running all night tells me it has detected 79 threats, removed 25 of them,left 54 things requiring attention, including backdoor.ryknos and irc.backdoor.trojan again.

Now most of these threats seem to be cookies, some others have just been deleted, but these 2 viruses remain.

What I don't understand is: why aren't I protected when I've paid my money? These viruses aren't new and are known about. This isn't good enough. And why should I pay Norton extra when THEIR systems fail? They should pay me!

Also why has this happened to me twice now when its never happened before?

And importantly what do I do now?!! I'm not techy and this is a scary nightmare for me!

I have fully updated Norton firewall and virus protection on my computer, and so thought I was safe. I thought I had paid for my safety (or should I say the safety of my computer and its contents). However last week when the virus checker ran it found backdoor.ryknos and irc.backdoor.trojan viruses.

I was alarmed - these were the first viruses I had ever had. I phoned Norton and got through to someone in India who told me I'd have to pay £70 for them to remove it remotely (unless I could follow their instructions over the phone - which seemed unlikely as we both had to repeat every sentence several times in order to understand each other).

So I paid my money and then waited. Listening to absolutely awful crackly music (it was  a terrible line) for 45 minutes - with no one at any point confirming my position in the queue or anything. If I hadn't just parted with £70 I'd have hung up.

Anyway, finally someone came on the phone, took control of my computer for half an hour, and then told me it was fixed.

The following day I turned my computer back on and it didn't work. I had to phone India again for them to take me through the process of getting my computer back in a working state. The fixing chap had obviously forgotten to do this.

All was well until last night when the virus checker runs into a major haul of viruses, and after running all night tells me it has detected 79 threats, removed 25 of them,left 54 things requiring attention, including backdoor.ryknos and irc.backdoor.trojan again.

Now most of these threats seem to be cookies, some others have just been deleted, but these 2 viruses remain.

What I don't understand is: why aren't I protected when I've paid my money? These viruses aren't new and are known about. This isn't good enough. And why should I pay Norton extra when THEIR systems fail? They should pay me!

Also why has this happened to me twice now when its never happened before?

And importantly what do I do now?!! I'm not techy and this is a scary nightmare for me!

Please post the log also by using the add attachment line below this repy box. Unfortunately, the malware writers seem to be able to stay like a step ahead of any antivirus program. The name of the virus may be the same, but the payload and the make up of the virus is constantly changing which makes it harder to keep up with also.

It's like the flu virus that people get. It's constantly changing which is why people who get flu shots need to get a new flu shot every year. It's like the common cold. The virus or bacteria is never the same when it attacks you and you end up with a cold.

Thanks for this, and sorry about the rant. I’ve done as you suggested. Malwarebytes has just finished a 3 hour + trawl of my hard drive. It found 5 registry keys infected with adware minibugs and one file infected with the same thing. It’s now removed them. No mention of the nasties that Norton found though. I don’t know if this means I’m in the clear now or not. What should I do? I’m scared to even use my computer in case anything nasty spreads, but there are things I need to get on with!

Symantec has a special removal tool for the first trojan you mentioned.

http://www.symantec.com/business/security_response/writeup.jsp?docid=2005-111016-4134-99

As for irc.backdoor.trojan, here are removal instructions:

http://www.symantec.com/security_response/detected_writeup.jsp?name=IRC.Backdoor.Trojan

Norton should be able to remove that one on its own, but you need to disable system restore, or Norton will not be able to remove it. Perhaps that was where it was found, do you know? If so, that could be the reason why it wasn't removed in the first place.

Thanks Floplot I didn't see your post before my last post. I didn't know computer viruses changed over time. How do I get the log to post? I can see an export button on the bottom of my security history screen, but is it the recent history that you mean, because that seems to scroll on forever.

I think I've managed to attach the Malware report, but that's probably not what you mean.

Thanks for the removal info Bombastus. Sounds a bit daunting. Or rather very daunting.

I have now (with help) managed to do the two things you suggested Bombastus. The results aren't all so straighforward though:

The Backdoor.Ryknos removal tool ran for ages and then said it couldn't find Backdoor.Ryknos.

We then turned off 'system restore' and ran Norton again. It ran for many hours - I think it must have gone through it all several times. It found both viruses four times over. I assume this was re-discoveries, rather than 4 sets of the same thing?

It finally said it had 'fully resolved' them both once. But then when I went to close down itsaid: 'Your system still has unresolved threats. Are you sure you want to close?'

I'm attaching the report it gave. From this it looks to me like there may have been 2 sets of the 2 viruses, and one set of each has gone, but not the other? I don't really know how to read this.

It looks as if they were both in the trash basket of Firefox, so I've deleted everything in this, and I guess need to find and empty the main trash basket too. Then maybe run Norton yet again???

Hi prudence

Those removal instructions are over 4 years old. I don't know how effective it would be to try that method since I'm sure the malware has changed many times since.

Hi prudence

Btw what version of Norton product are you using and which product.? Do you have it set to clean inside of compressed files? It seems that these infected files are coming from your email program and various stationeries or cards that were sent to you. Have you tried deleting these emails that are mentioned and contain various zips.? Have you also deleted your temp files and cookies and history?

These threats do seem to exist in your Thunderbird email.  Thanks to SendofJive, Thunderbird apparently makes a copy of every deleted file which it saves until the inbox is compacted.  Check your Thunderbird options for a setting to compact files over a certain size.  It will then properly clean deleted emails from your system.

I had a similar situation where Norton reported a cluster of trojans in emails that I knew, or thought I did, had been removed.

Try scanning again afterward to see if the warnings are gone.

Well I THINK IVEI'VE NOW MANAGED TO IDENTIFY AND DELETE tHE FILES. IVE ALSO EMPTIED MY RECYCLE BIN. IVEI'VE GOT COMPRESSED FILES SCAN ON, DATA EXTRACTION LIMIT ON, AND REMOVE INFECTED COMPRESSED FILES ON (NOW).

IVE

I'VE SET THUNDERBIRD TO COMPACT FOLDERS WHEN IT WILL SAVE OVER 100 KB.

I HOPE THIS IS ALL OK.

NOW IMI'M GOING TO RUN THE SCAN AGAIN. ITSIT'S NORTON INTERNET SECURITY BY THE WAY, AND FULYDULY UPDATED.

THANKS FOR ALL YOUR HELP, AND SORRY ABOUT THE CAPS. MY IPHONE HATES WRITING ON THIS FORUM FOR SOME RESON AND IVEI'VE STILL GOT THE PC DISCONNECTED FROM THE NET!

[edit: Resized font.]

Ooops - sorry about that last post!

I'm glad to report that I've just run a full virus check and my computer has been announced clean!

It seems as if there were several copies of IRC.Backdoor.Trojan and also Backdoor.Ryknos, as well as the other viruses that Norton dealt with initially. Rather scary. At least I know a bit more about getting rid of them now. I suspect they were in email attachments I didn't open, so I don't know if they were therefore impotent anyway?

Something in this forum doesn't work properly on the iPhone by the way. I've logged in several times and been unable to call up the keyboard, sometimes Orange won't even let me view the site, and then when I did manage to get in and type, the text behaviour was wildly uncontrollable.

Thank you for your support everyone!

Hi prudence

Glad to read that your computer is now clean. If you consider your problem as solved, would you please mark the post which solved your problem? This way everyone will know the thread has been solved and will be able to get to the solution quickly. Thanks.

If you have any more problems in the future, don't hesitate to come back and open up  a new thread. Stay safe and enjoy your computer.

Hi prudence,

Just to elaborate a bit on delphinium's comments, when you move or delete a message in Thunderbird the message is not actually removed from your Inbox because that would require the Inbox file to have to be rewritten, which would take some time.  So, instead the message stays in the inbox but is set so that it is no longer visible.  And, of course, you now also have a copy of the message in your Trash folder, as well.  Even emptying the trash does not actually remove the messages.  Messages are only removed by compacting the folders in your account.  You can set Thunderbird to compact folders automatically, as you have done.  But you can also do so manually from the File option on the menu bar.  This MozillaZine article on Compacting Folders gives some background on the process and some tips to follow for best results:

http://kb.mozillazine.org/Compacting_folders