backdoor problems

[jon1117]

Ok...this is getting alittle more than just frustrating. My NT server keeps getting infected with Backdoor.Ranky trojan virus. It spews all kinds of wierdly named processes into the registry and starts them up so I have them listed as running in taskmanager and cannot kill them. I found this via Norton about a month ago, when it had about 4 or 5 wierd processes running (with names like gkit.exe, thue.exe, dgnpdp.exe). Symantecs site tells me to goto the registry and remove the keys under HKEY_LOCALMACHINE....however last time I did this It also added keys under currentuser and user. Last time the removal was successful and everything was gone. Now 3 weeks later (without even a reboot) I have 8 wierd processes running with some running 2 or 3 instances, one of them i googled and said the same Backdoor.Ranky but this time the virus scan didn't find it. The server is connected to DSL and is behind a Nortell Networks Connetivity 100 firewall/VPN switch, is fully upgraded to all servicepacks and critical updates and we open NO unknown emails. Can anyone give me a suggestion on how to keep this thing out for good?

 

[cmeagan656]

If you're allowing users to VPN in then you're opening your system up to anything on their machine. A VPB connection bypasses your firewall.

We user terminal services and users connect over the internet.

Cheers.

 

[rtichnor]

Check for other systems on your network which may be infected.

 

[AKPolarBear]

Use a different virus scanner than Norton. Look into something like TrendMicro ServerProtect for protecting all your servers. I would also suggest their OfficeScan product for all the desktops.