Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, Backdoor Trojans & I Can't Login To Yahoo, Aol, Msn


  • Please log in to reply
10 replies to this topic

#1 Passion4Muzik

Passion4Muzik

  • Members
  • 152 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 29 September 2007 - 01:05 AM

I have downloaded several things over the last few days, but I don't know what caused this. There are also two other people who use the computer under another account. I ran a microsoft scan and it said there were two trojans, but it only removed one of them.

Backdoor:Win32/Zonebac.gen!B

Backdoor:Win32/Zonebac.gen!E

What can I do to solve this problem? System restore was turned off so no luck there.... PLEASE HELP!

~Mod Edit: Topic moved to more appropriate forum and edited Title~ TMacK

Edited by TMacK, 29 September 2007 - 01:48 AM.


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 PM

Posted 29 September 2007 - 07:04 AM

What OS (Win XP/2000, etc) are you using? What type of anti-virus are you using? Have you performed any anti-spyware scans? Have you tried doing your scans in "SAFE MODE"? Are you doing scans while logged into the Administrator's account or an account with administrator privileges?

You need to start there first. If you don't have any anti-virus or anti-malware programs see BC's list of Freeware Replacements For Common Commercial Apps. I would also recommend that you download and scan with SUPERAntiSpyware Free in "SAFE MODE".
Please update the defintions before performing a scan. If you encounter any problems while downloading the updates, manually download them from here and unzip into the program's folder.

Download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "safe mode".

Then perform this online Virus scan: BitDefender Online Scanner. <- Add a check by "Autoclean".
(Requires Internet Explorer to work. Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component.)

Post back if your still having problems afterwards.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Passion4Muzik

Passion4Muzik
  • Topic Starter

  • Members
  • 152 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 30 September 2007 - 02:48 PM

Okay, I looked at a list of startup items and unchecked a few things. I deleted every program/file I downloaded except those I knew were safe. I don't have any anti-virus software right now, but we will be getting it soon. Now, I am able to login to those sites again, but I just ran a scan and this one is still on my computer:

Malicious Software Encyclopedia: Backdoor:Win32/Zonebac.gen!B

This threat is classified as a Trojan - Backdoor. A backdoor trojan provides remote, usually surreptitious, access to affected systems. A backdoor trojan may be used to conduct distributed denial of service (DDoS) attacks, or it may be used to install additional trojans or other forms of malicious software. For example, a backdoor trojan may be used to install a downloader or dropper trojan, which may in turn install a proxy trojan used to relay spam or a keylogger trojan which monitors and sends keystrokes to remote attackers. A backdoor Trojan may also open ports on the affected system and thus potentially lead to further compromise by other attackers. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

At this time, what should I do?

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 PM

Posted 30 September 2007 - 02:57 PM

Run the scans I mentioned in my previous post.

Backdoor/IRCBot Trojans are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

Although the backdoor Trojan has been identified and may be removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Many experts in the security community believe that once infected with this type of Trojan, the best course of action is to reformat and reinstall the OS - "When should I re-format?".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Passion4Muzik

Passion4Muzik
  • Topic Starter

  • Members
  • 152 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 30 September 2007 - 03:13 PM

Okay, so once I do everything as you instructed and change the passwords on another computer, if I get an anti-virus program installed can I feel safe using this computer again? For my bank account and debit card sites, the only thing I can see when I log in is my balance. The full number doesn't show and I don't have to enter the number to get in. By the way, I'm using XP. Norton had expired and it was uninstalled because we got a disc from a friend that was supposed to have norton on it, but it was just an update. Now, there's no anti-virus. I am using the administrator's account. How do I get to safe mode?

Edited by Passion4Muzik, 30 September 2007 - 03:15 PM.


#6 Passion4Muzik

Passion4Muzik
  • Topic Starter

  • Members
  • 152 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 10 October 2007 - 07:47 AM

hello

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 PM

Posted 10 October 2007 - 09:37 AM

... can I feel safe using this computer again? For my bank account and debit card sites...

As I said, there is no way to be absolutely sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Ample reasons are given in the link I provided above: "When should I re-format?"

...Norton had expired and it was uninstalled...Now, there's no anti-virus. ...

You need to replace it ASAP.

Free Antivirus programs: (choose and install only one)
AVG Anti-Virus Free - AVG Anti-Virus Free User Manual
Avast - How to Install, Configure, and Use
AntiVir PersonalEdition Classic

"Safe Mode Instructions"
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 Passion4Muzik

Passion4Muzik
  • Topic Starter

  • Members
  • 152 posts
  • OFFLINE
  •  
  • Local time:01:28 PM

Posted 11 October 2007 - 11:52 PM

... can I feel safe using this computer again? For my bank account and debit card sites...

As I said, there is no way to be absolutely sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because the backdoor Trojan has been removed the computer is now secure. Ample reasons are given in the link I provided above: "When should I re-format?"

...Norton had expired and it was uninstalled...Now, there's no anti-virus. ...

You need to replace it ASAP.

Free Antivirus programs: (choose and install only one)
AVG Anti-Virus Free - AVG Anti-Virus Free User Manual
Avast - How to Install, Configure, and Use
AntiVir PersonalEdition Classic

"Safe Mode Instructions"


We have Symantec anti-virus which a relative got on a disc and said it was norton, but it's not. It's just "symantec". It didn't detect the virus. When I do the malicious software removal scan from microsoft, it still detects zonebac B without removing it, but it doesn't detect it in safemode. Can I manually remove it?

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 PM

Posted 12 October 2007 - 08:35 AM

Norton products are made by Symantec Corp.

The Malicious Software Removal Tool only scans for and removes a limited number of specific malware variants. See here.

It is not a comprehensive solution. You need an anti-virus program installed and up to date with all definitions for that. You can either renew the Norton AV on your disk (its probably an older version) or install one of the free programs I listed above.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 drwfan

drwfan

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:28 PM

Posted 12 October 2007 - 10:00 PM

So is this

Backdoor:Win32/Zonebac.gen!B

one of those Backdoor/IRCBot Trojans ??

Thanks.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:28 PM

Posted 13 October 2007 - 07:01 AM

Backdoor.Win32.Zonebac.gen!B
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users