Jump to content


Photo

BackDoor CFB


  • Please log in to reply
1 reply to this topic

#1 matjes

matjes

    Member

  • New Member
  • Pip
  • 1 posts

Posted 08 July 2004 - 05:10 PM

Hi

I'm new here and from germany, sorry for my bad english. Anyway, now my problem:

I use Windows XP and my anti virus program (MCAfee) found a virus BackDoor CFB in c:\windows\system32\sqlh.dll. McAfee told me that quarantine, repair and deleting is not possible.

The McAfee site describes that trojan, but no hint for deleting it. Searching the web was not successfully, only links to McAfee.

I have tried to delete that file in many ways inclusively KILLBOX. Killbox told me "deleting successfull", but the file is still present. All action to that file (load in editor, hex-editor, etc.) will be denied. Also with a linux apllication (linux from CD, Knoppix 3.4) it was not possible to delete that file.

#2 helpyouout

helpyouout

    Member

  • New Member
  • Pip
  • 1 posts

Posted 20 July 2004 - 12:44 PM

Hi I work for McAfee and here is our current resolution to this trojan. It is very tricky to remove. Please follow instructions exactly to solve your issue.

BackDoor-CFB (Trojan) Manual Removal


BackDoor-CFB

Summary
Using the ‘read-only’ attribute and the ‘read only’ permission technique, this Trojan prevents anti-virus software from accessing or deleting infected ‘dll’ files. To remove this Trojan, further steps need to apply:

Write down all infected files detected earlier.
Boot the computer in safe mode.
Click Start > Run, type CMD or COMMAND, and click ok.
Change the ACCESS PERMISSION & ATTRIBUTE by typing the following commands below. Press ENTER to execute each command.

CACLS C:\WINDOWS\SYSTEM32\Infected.dll /G ADMINISTRATOR:F
ATTRIB C:\WINDOWS\SYSTEM32\Infected.dll -R
DEL c:\windows\system32\Infected.dll /P
If prompted, press ‘Y’ to delete infected file.
Note: Repeat step 4 to delete more infected files.

Verify whether the computer is cleaned by running scan.

Good Luck




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button