Jump to content


Photo

Please help with Backdoor.trojan


  • This topic is locked This topic is locked
56 replies to this topic

#51 Y2Ken119

Y2Ken119

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 19 July 2004 - 09:42 PM

YES!!!! After the additional advice by Nip and the original from EJosh, the virus is gone! I processed in normal mode and then tried to delete to no avail. I restarted in safe mode and repeated process but this time it deleted successfully! Thanks for all the advice guys. I know it's a been a long process for us. Thanks Pomp for all the attempts to rid us of this pesky problem. I hope this post will help all the people with similar problems!

#52 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 19 July 2004 - 10:06 PM

Y2Ken119 - I guess this means I can close your own thread?

Note - when the original owner here is cured, this thread will be closed.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#53 Y2Ken119

Y2Ken119

    Member

  • Full Member
  • Pip
  • 18 posts

Posted 19 July 2004 - 10:15 PM

Yes my thread can be closed. Thank you.

#54 klombard

klombard

    Member

  • Full Member
  • Pip
  • 4 posts

Posted 19 July 2004 - 10:22 PM

Y2Ken119:
I do not fully understand how you enter the commands you are refering to. Can you help?

#55 wapj

wapj

    Member

  • New Member
  • Pip
  • 1 posts

Posted 19 July 2004 - 11:12 PM

ejosh87,
Iíve been struggling with this about:blank problem unsuccessfully for the past three weeks. Yesterday, my updated Norton Antivirus 2003, as you have described, finally flagged this problem as a ďBackdoor TrojanĒ - over and over and over again. Although it identified the culprit file (in my case, wina.dll), it could not locate the file when I proceeded to run a system scan. I could not see the file either.
Following is how I eliminated the file and so far (keeping my fingers crossed) is how I expunged about:blank from my system.
First, Iím running Windows 2000. Second, everything that follows is taken from other membersí contributions. What follows is reasonably accurate and I havenít hosed my system but it might be best if one of the Site Experts helps you through this.
In short, I went to the registry and killed the key that launches the culprit, wina.dll, then I changed security permissions for system32 files to uncover/control the file, wina.dll, renamed the file and deleted it. Then I used HijackThis to clean a few more random BHOís and also CWShredder to clean out some more junk. Of course, I use SpyBot and Ad-aware regularly in addition to Surf Secret.
It appears that the AppInit_DLLs registry key launches the 57,344 B, wina.dll.
Go to HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs. I removed this key by first renaming the Windows folder to Windows2 and then deleted AppInit_DLLs. If you donít rename it, it will continue to reappear (Try deleting the key before renaming it, press F5, and you will see AppInit_DLLs return.). After I deleted AppInit_DLLs, I renamed the Windows2 folder back to Windows.
Now to delete wina.dll, I went to Start-Settings-Control Panel-Administrative Tools-Local Security Policy-Security Settings-Local Policies-Security Options and changed the Recovery Console options (2) to enable from disable. I then went to my system32 folder and changed the file permissions to allow Full Control for Administrators to Modify, Read & Execute, List Folder Contents, Read and Write. I removed all controls from file Creator Owner. I then rebooted in Safe Mode and the file, wina.dll, appeared under system32. I had to first rename the file to wina.junk and then I deleted it and emptied the Recycle Bin.
I then used AboutBuster and HijackThis to clean up remaining remnants of this very annoying problem; also used CWShredder.
About:Blank has now been totally gone for the past two days. Good luck and thanks to the many contributors to this fantastic site.
wapj

#56 pomp

pomp

    Forum Deity

  • Helper
  • PipPipPipPipPip
  • 1,163 posts

Posted 19 July 2004 - 11:44 PM

Glad I was to be of assistance to you. Congrats ejosh and the others to have their problem cured, and cnm you can close the topic because ejosh87 is the owner of the topic and he's cured.




PLEASE DON'T PM ME OR EMAIL ME WITH HELP ON LOGS :). POST IN THE FORUM INSTEAD

#57 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,317 posts

Posted 19 July 2004 - 11:52 PM

Glad we could help, ejosh87. :)

If you need this topic reopened, please request this by sending the moderating team an email with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button