Ok, rebooted into safe mode & decided to try & manually delete the amee file & it worked.
Must have been some kind of trojan?
Thanks for all your help with this folks, much appreciated :)
Printable View
Ok, rebooted into safe mode & decided to try & manually delete the amee file & it worked.
Must have been some kind of trojan?
Thanks for all your help with this folks, much appreciated :)
COMPLETELY uninstall norton and all it's affiliates, and delete all the files left over from it, then reinstall norton from scratch. It sounds like Norton probably got corrupted, hence you might still be infected.
graemejaxx, normally I would recommend that you backup any data that you need, wipe the hard drive, and do a complete re-install. That is pretty much a "best practice" kind of thing to do after an attack, theory being that the attacker may have installed or done something that at this time you can not detect. However, I understand that this may not be an option for everyone, including your self...
So, assuming that you are on a home network I would recommend that you run a sniffer such as tcpdump or ethereal this should give you a good idea of what is being broadcast from or sent to your box. Next, I would recommend that you take a visit to http://www.rootkit.com. Download the windows rootkit detection utility, and let it run. I say this, because I recall hearing about a rootkit that infected Norton's various utilities. I hope this helped a little.
P.S. Just because you deleted a file, and no longer see a process when you "Ctrl-Alt-Del" does not mean you dont have a hidden process still running at kernel level.
-Shell_Coder
is he running 2 personal FW or am i wrong?
NIS and Kerio?
if i am correct, is there any kind of potential conflict, besides performance?
l
Hmm, probably is making some sort of conflict... maybe thats how he got the trojan/spyware/WTF ever it is...
of course all i could find of a file named amee.exe is search bars so it could be spyware related. If all else fails try running an updated copy of spybot search and destroy.
(edit) and just out of curiosity, Do you remeber what folder it was in? The directory that it was in could be a real clue as to what it was(/edit)
Hi, it was in Application Data.
Norton actually picked up the 'amee' prob prior to me installing Kerio and i don't appear to have had any conflicts from the two.
I've actually compeltely uninstalled Norton now anyway as my sub was up.
I'll try the rootkit program and see if that throws anything up.
Will keep you guys updated.
Regards
G :)