I know this is a bit late for a follow up but i just saw the post. The
stuff you mentioned, like trickler.exe (which is GAIN/Gator) and
bundle.exe (which is SAHAgent) are spyware, not viruses, and NAV isn't
likely to be of any help. Hopefully by now you have resolved the
issue. To thoroughly clean a drive i use WipeDrive but it can take all
day just to wipe a 40 gig drive, and just formatting shoud be enough.
Also, you can't see an NTFS partition from DOS, but i recommend a free
program from SysInternals (they have some really great free tools!) at
http://www.sysinternals.com/ntw2k/fr.../ntfsdos.shtml

Peace, out

On Thu, 25 Mar 2004 06:43:12 -0000, "Hugh Garse"
<sameoldnonexistantip@customerofplusnet.com.not> wrote:

"Optional" <yes@no.org> wrote in message <big fat smelly snip>

Thanks for all the responses - it was nasty and never identified and
possibly the work of multiple bits of code being executed (I suspect coming
in through msn messnger by a child in the house of the owner).

It had infected the boot sector and encrypted it so it was impossible to do
a scan of C:\ from a cd rom drive (even trying to re-write the
partition/mount sector was fruitless). A fresh install became re-infected on
startup so all I could do was zero write the hdd and start again - which to
me is defeat.

The extras like trickler and bundle were a side effect of security being
breached. I will have a better idea how it was done when the second infected
machine comes in from the owner. I have a hunch it was spread accross a
local home network by a win 98 machine (with NAV) via messenger. It was a
bastard of a thing to deal with and the first time Ive been beaten by
malicious code!

Thanks all.