I went to do the backups on the server today and was greeted with a message that mcafee found a "stealth trojan" in run.exe located in c:\WINNT\java\

I scanned the server with trend micro's online scanner and found nothing.

I scanned with mcafee and got the warning again. Weird thing is that the file is "run.exe.vir" and has a date of 6/15/03. Surely this would have been picked up earlier this summer.

So is it or is it not a virus? Mcafee's virus info turned up nothing and searching google didn't give much.

:confused:

Try doing a scan from : http://www.trojanscan.com/ and see if it catches it, if not, I don't have a solid answer.

Thanks, Blebs. I'll try this in the morning.

I'm thinking if it's not caught, you might want to watch netstat every now and then and see if somethings open that shouldn't be. I've never known for your program to bark an alert if there isn't something there. I'm sure it's possible, just not too likely.

Thanks I'll keep that in mind as well. Unfortunatley I had no time to look into anything today.

Let me know when you do have time to play with it.

I did the netstat thing. Didn't see anything out of the ordinary. I'll try trojanscan.com tomorrow.

What I've found:

http://www.pestpatrol.com/PestInfo/s/stealth_batch_1_00.asp

I do not have "stealthbatch.exe" running as a process.

I do not have the other three files listed in the above link.

:confused:

If they aren't there, your getting a false positive. I'd like to think your perfectly safe, but McAfee doesn't just bark for no reason, at least not that I've ever seen. I'm thinking to be safe, download and run The Cleaner. I can't find where anything about the 30 day trial not removing trojans, so give it a go. As I remember it, it is fully functional for 30 days.

http://www.moosoft.com/thecleaner/download.php

if you are using xp turn off system restore because when u find the virus, worm, or Trojan System Restore may back up the virus, worm, or Trojan on the computer.........

Originally posted by cygnusx4033
if you are using xp turn off system restore because when u find the virus, worm, or Trojan System Restore may back up the virus, worm, or Trojan on the computer......... Good point. I completely forgot about that! ;)

Originally posted by blebs99
If they aren't there, your getting a false positive. I'd like to think your perfectly safe, but McAfee doesn't just bark for no reason, at least not that I've ever seen. I'm thinking to be safe, download and run The Cleaner. I can't find where anything about the 30 day trial not removing trojans, so give it a go. As I remember it, it is fully functional for 30 days.

http://www.moosoft.com/thecleaner/download.php

Yeah, Blebs that's were I was headed next. :) Didn't get to do anything with it today.

BTW it's NT 4 server with SP 6. So no system restore point. ;)

Just a thought but just send it to one of the vendors they love to look at stuff :)

Send it to me I'll shoot it off to NAV tonight.