Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor Generic7.usl


  • Please log in to reply
9 replies to this topic

#1 technophobe

technophobe

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:27 PM

Posted 12 August 2007 - 07:26 PM

windows XP SP2
AVG 7.5
Zonealarm pro
Spybot S&D
Spyware blaster

Hi Guys
I have had this Virus for a few weeks now and just cant get rid of it.
My AvG keeps detecting it and deletes / heals it but it just keeps coming back.
I have turned off System restore.
Tried a dirty install of XP (repair)
Run AVG (always detects the virus)
Spybot (didnt find anything)
It seems to be infecting a file called ip6fw.sys which I think is a valid windows file ???
Posted Image
I did a search in the Registery and found 12 instances of ip6fw but didnt know which ones to leave and which to delete, so I left them all.
I ran HJT and used the on-line analizer (Nothing bad was found.)
Could you please help me remove this virus, it seems to be hindering my Booting up and im sure having a Trogan on my system is not good for security.
Thank you for your time, I know you are Busy helping others so I will be patient. :thumbsup:

PS. I have found this but dont really understand it.
http://www.file.net/process/ip6fw.sys.html

Edited by technophobe, 12 August 2007 - 07:36 PM.


BC AdBot (Login to Remove)

 


#2 buddy215

buddy215

  • Moderator
  • 13,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:57 PM

Posted 12 August 2007 - 08:28 PM

Install Super Antispyware. Run it in safe mode. Allow it to quarantine whatever it finds.
http://www.superantispyware.com/

Run the online scan for Bit Defender in normal mode. Allow it to quarantine whatever it finds.
http://www.bitdefender.com/scan8/ie.html

--------------------------------------------------------------------------------

Post a Hijack This log in the Hijack This Forum by following the directions in the link below if the programs above have not removed ALL malware. DO NOT post the log in this forum.
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
--------------------------------------------------------------------------------

How to Start Windows in Safe Mode:
http://www.bleepingcomputer.com/tutorials/how-to-start-windows-in-safe-mode/
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#3 technophobe

technophobe
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:27 PM

Posted 12 August 2007 - 08:32 PM

Ok, Thank you, I'll be back

#4 buddy215

buddy215

  • Moderator
  • 13,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:57 PM

Posted 12 August 2007 - 08:55 PM

Super Antispyware should take care of the Backdoor Trojan. "Backdoor" implies that your computer was completely compromised. After removing the malware you should change ALL passwords, check any financial accounts--banks, paypal, credit cards, etc.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#5 oldf@rt

oldf@rt

  • Members
  • 2,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Avondale, Arizona USA
  • Local time:08:57 PM

Posted 12 August 2007 - 11:19 PM

PS. I have found this but dont really understand it.
http://www.file.net/process/ip6fw.sys.html


If the file is located in C:\windows\system32, it is probably safe, however to be sure you can do a scan on Jotti or Virustotal
The name says it all -- 59 and holding permanently

**WARNING** Links I provide might cause brain damage

#6 technophobe

technophobe
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:27 PM

Posted 14 August 2007 - 06:48 PM

Jeez this must be a busy forum, leave it for a day and I find my topic halfway down page 2 :inlove:
Thanks for the other two web sites oldf@rt (now in my favorites.

Buddy215
I scanned with Bitdefender and it found a trogan but it was in an old profile I thought I had deleted in outlook express (pretty well buried in identities) :huh:
I ran Super Antispyware and it only found 36 Tracking cookies.
GOOD NEWS
I no longer have ip6fw.sys on my computer
I have run all scans again today and ...............
AVG, found nothing
Spybot, found nothing
Bitdefender, No problems were found.
Super Antispyware, found 16 tracking cookies.
So I think I'm ok now. :flowers:

My PC is running much better now although still hanging a bit at "windows is starting up" But I guess thats another thread :thumbsup:
Thank you all very much for your help. :trumpet:

#7 buddy215

buddy215

  • Moderator
  • 13,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:57 PM

Posted 14 August 2007 - 07:06 PM

Glad you don't have any malware.
In reference to slow start--Have you ever tried "Hibernate"? It takes about 15 to 20 seconds to go into hibernation and about the same or less to come out. Unlike "Standby", if you have a power failure it will still boot from Hibernate without a complete restart.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#8 technophobe

technophobe
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:27 PM

Posted 14 August 2007 - 08:01 PM

Thanks Buddy, No have never tried Hibernate, does that mean you can leave your PC on 24/7 (the wife always worries about things like that)
Booting up and shutting down is the biggest pain in the butt for me.
Sometimes I have to press the power button 10/20 times before anything will show on the screen, but once it boots it is flawless, never a problem once windows loads.
then shutting down the monitor goes off and all seems shut down But I still have lights on the tower and I can hear the Fan. So I have to power down by holding the power button in for 5 seconds.
So Hibernate sounds pretty good :thumbsup: how do I do it and is it safe to leave it in this state over night.
Is there any settings I can change here to improve start up speed?
Posted Image

Thanks, sorry for taking this thread off topic :flowers:

#9 buddy215

buddy215

  • Moderator
  • 13,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Tennessee
  • Local time:10:57 PM

Posted 14 August 2007 - 08:48 PM

What hibernate does is it writes whatever is in memory to your harddrive. Then the computer completely shuts down. When you start back up, whatever was open on your desktop or programs you have open will be just like it was before hibernating. I always clean out the temporary files (cache and history) and only leave Firefox Browser open. You start up by pressing the power button.
The way to get to hibernate is by clicking on "start" then click on "turn off computer". While holding down the left shift key you will see the standby button change to "hibernate". then click on hibernate.
I think though you should get the shut down problem resolved though before trying this.
The reason I say that is because you may already have problems with some corrupt files in your OS or other program that is causing you to have to hard shutdown. This isn't good for the computer. Then again, it might work just perfect while you find the fix. Your call.
You will get more attention to your problem by posting in the XP forum.

As far as the image you posted, I leave the automatic restart unchecked.
“Every atom in your body came from a star that exploded and the atoms in your left hand probably came from a different star than your right hand. It really is the most poetic thing I know about physics...you are all stardust.”Lawrence M. Krauss
A 1792 U.S. penny, designed in part by Thomas Jefferson and George Washington, reads “Liberty Parent of Science & Industry.”

#10 technophobe

technophobe
  • Topic Starter

  • Members
  • 92 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Australia
  • Local time:01:27 PM

Posted 14 August 2007 - 10:01 PM

Thank you Buddy, I will see how brave I feel tomorrow.

Thanks for all your help with the Trojan, much appreciated.
My pc is much faster. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users