NAV found trojan but can't access it

I'm trying to get rid of the trojan that Norton found on my son's computer (after his roommate ran up a $1400 phone bill in one month by visiting every porn site he could find). The popup from NAV only comes up once in a while (and I can't close that popup!) with a message that it's found a trojan & can't access it. It gives the file name of: windows/system32/H3SB4.exe.

Do you guys have any suggestions of what I can do to get RID of it? Here's what I've tried so far...

I searched Microsoft Knowledge Base & Google, but found nothing on the .exe file.
I ran SpyBot S&D and that got rid of a lot of stuff, but not the trojan NAV found.
I downloaded SpyHunter (and paid the $30 to get the full version), but it didn't get it. It DID get rid of all the extra toolbars, desktop icons & links tho :O)
That trojan doesn't come up when I run the full system scan in NAV, by the way.
I ran HijackThis! (that one's a little over MY head), but I didn't see the trojan file.
I FOUND & SEARCHED Major Geeks (save the kittens!)
I found a link on your site to download Trojan Remover, but it didn't find anything more.

Here's his system information (let me know if I left out important info you need!):
Win2000 Pro
300 mhz AMD K6-2
3.2 gig HD
224 mb RAM (this used to suck as hard as the REST of the machine but I upgraded it)
Norton Antivirus
Zone Alarms Pro

Any suggestions you have about how to clean up his system (in addition to this trojan) would be appreciated. I'm afraid to jack in to the internet for fear there's still a dialer to the porn sites and/or fear of what the trojan does. You WILL let me know if I'm being a dumbass about that, won't you?

Thanks for your help.
I found your site in the PC Magazine I just subscribed to!
Melly

 

Now that you have done all of that, go to system tools and undo system restore, you will lose your restore points but this may be the only way to get rid of it. Reboot the puter then run your anti virus scan again. then you can reboot and resett your restore again.

 

Does NAV give you the name of the trojan itself? It would be best to know that.

Another good spyware/adware remover is Ad-aware. I don't think it'll clean that trojan, but it's always good to have, esp on a machine that's not-so-new. Make sure you update it and Spybot to the latest reference files.

This program just might catch it: http://www.a-2.org/en/software/download

And you can try this online scan: www.trojanscan.com

Welcome to MajorGeeks


[Edit] Greyhound, unfortunately no System Restore in Win2k.

[Edit #2] If all else fails you can use DelLater to delete that stubborn file.

 

I must commend this user for searching before asking.. Good show!!

Let us know if any of the above fix your problem.

 

Try the following,

1. Start a Dos session (Start | Run | type cmd | click OK.
2. Open your Task Manager (Right-click on your taskbar | Left-click on Task Manager).
3. End your explorer.exe process.
4. Alt-Tab to bring up your DOS session window.
5. Change directory to the folder where the file is stored .(the command is cd and you can get all the options by typing cd /?).
6. delete the file in question (the command is del and you can get all the options by typing del /?).
7. Alt-Tab to your Task Manager session, click on file, New Task (RUN) and then type explorer click OK.

Seems like a big hassle, but it should do the trick.

 

You guys ROCK--Thanks!

You guys ROCK! Thanks for all the awesome response!
I ended up using Kaotic's suggestion:
<snippit>

It was a new experience for me, being in DOS. You would have gotten a kick out of it! The Task Manager was over the top of the DOS session I brought up, so I clicked the X to get rid of it....then I see the directions to Alt+Tab back to it later...."holy F!" I just tried Help & read what I could to learn HOW to navigate in DOS....I eventually got it switched back to Task Manager & followed the rest of your directions.

THE FILE IS GONE!!! (did I mention that you ROCK??!)

Thanks Greyhound. I'd forgotten about disabling System Restore. I can use that when (godfabbid) I have a problem with my WinME.

Bow to Kodo for the "good show" comment :O)

Alanc, nope, there was no name of the TROJAN....just the FILE name. I had tried TrojanScan, but it was JUST a scan (not the fix) & it didn't pick MINE up. I downloaded the DelLater dealyo but either it couldn't find it OR I wasn't typing it in right. Did I understand it right that you type in RUN the path of dellater.exe with the WHOLE path of the file you're trying to delete in <brackets> AFTER that? Also, I didn't use the a2 dealyo cuz I quit trying to get it after 3 floppies. I had to GET it on my computer & transfer it to sonnyboy's, so I gave up.

 

No <brackets>, just dellater path\filename, then reboot and the file will be gone.