Jump to content


Photo

--- Virus backdoor ---


  • Please log in to reply
2 replies to this topic

#1 juvestruga

juvestruga

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 20 July 2004 - 01:32 PM

I have a virus BACKDOOR.TROJAN IN MY MACHINE:

1 - i run spysweeper FULL VERSION not delete

2 - i have a norton antivirus
2-1 - I run in safemode and nothing apper
2-2 - i run in noirmal mode nothing too

3 - I run Spyboot search and destroy and nothing

4 - i get all fix tools of symantec to remove backdoor.trojan, but nothing

5 - i try delet the file in safe mode and the file not exist (i thing only exist because the file backdoor.trojan only apper in initialization of windows whit some .EXE)

6 - i try to rename and ACCESS DENIED

anybody knows a tool to remove this backdoor

Thansk in advanced and i put i little print screen of virus backdoor.trojan:

Posted Image

THANKS A LOT!!! :wave:

Edited by juvestruga, 20 July 2004 - 01:33 PM.


#2 dave38

dave38

    Devout Murphyite!

  • Emeritus
  • PipPipPipPipPip
  • 8,508 posts

Posted 20 July 2004 - 01:52 PM

We need a closer look at what's happening.
Please download Hijack this
Copy it into its own folder, doubleclick HijackThis.exe, and hit "Scan".

When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, do Ctrl-A to Select All, and copy its contents here. Most of what it lists will be harmless or even essential, don't fix anything yet.
Be wary of strong drink. It may make you shoot at tax collectors, and miss!
Please support SWI forum

#3 juvestruga

juvestruga

    Member

  • Full Member
  • Pip
  • 7 posts

Posted 20 July 2004 - 02:17 PM

Logfile of HijackThis v1.97.7
Scan saved at 16:16:57, on 07/20/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\NavNT\defwatch.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger2\messenger2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Macromedia\HomeSite 5\HomeSite5.Exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\mmc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\HijackThis.exe

O2 - BHO: (no name) - {A5366673-E8CA-11D3-9CD9-0090271D075B} - (no file)
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macr...director/sw.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupd...8139.2909606481
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button