Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Bitdefender Online Scanner


  • This topic is locked This topic is locked
3 replies to this topic

#1 skyfuser

skyfuser

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:03:01 PM

Posted 23 November 2007 - 03:38 PM

I got infected so I'm removing all the malicious software I can before I post a HijackThis log. I was using BitDefender, and it said it finished scanning 61314 out of 61314 objects, but then it suddenly went "overtime" and started doing an in-depth scan on C:\WINDOWS\system32 and found 1 virus (backdoor) it could not delete. Then after about 100 entries after the undeletable backdoor, BitDefender just stopped. The built-in green light loader wasn't even flashing. So... anyone have any suggestions on what to do? I'd appreciate it :thumbsup:
Notes: If it's any additional info, according to BitDefender, the backdoor is found C:\WINDOWS\system32\__c00425C6.dat and the name is Backdoor.Hupigon.6497


Mod Edit:Moved from AntiVirus, Firewall and Privacy Products and Protection Methods~ TMacK

Edited by TMacK, 23 November 2007 - 04:26 PM.

"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:01 PM

Posted 23 November 2007 - 10:24 PM

Try another Online Virus Scans.

Download FileASSASSIN.zip and save to your desktop (this tool is compatible with Win 2000/NT/XP/Vista only).
  • Create a new folder on your C:\ drive called FileASSASSIN and extract (unzip) the file to that folder. (Click here for information on how to do this if not sure. Win 9x/2000 users click here.)
  • Open the folder and double-click on FileASSASSIN.exe.
  • Select the following file(s) to delete by dragging it onto the text area or select it using the (...) browse button.
    • __c00425C6.dat <-- C:\Windows\system32\ folder
  • Select a removal method. Start with "Attempt FileASSASSIN's method of file removal."
  • Click delete and the removal process will begin.
  • If that did not work, start the program again, select the file(s) the same way as before and this time check "Use delete on reboot function from windows."
Note: If you cannot find the file(s), you may have to Reconfigure Windows XP to show hidden files, folders. (We are doing this so we can look for and delete hidden files if necessary but don't delete anything other than what I ask you to delete. After your system is clean, follow the same procedure to hide these files and folders again to protect them from accidental deletion).

Then download and scan with Dr.Web CureIt. Follow the instructions here for performing a scan in "Safe Mode".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 skyfuser

skyfuser
  • Topic Starter

  • Members
  • 470 posts
  • OFFLINE
  •  
  • Location:California
  • Local time:03:01 PM

Posted 24 November 2007 - 04:14 PM

Ok, I tried using FileASSASSIN's method of deleting, and it did everything except for delete the file. I have already downloaded CureIt but did not scan. So do I choose "delete on next reboot function from Windows," press F8 and choose reboot, then press F8 again when it's rebooting to pick SafeMode?
Sorry if I didn't understand, I just want to make sure I'm doing this right.
Thanks for helping :D
"If a man is offered a fact which goes against his instincts, he will scrutinize it closely, and unless the evidence is overwhelming, he will refuse to believe it. If, on the other hand, he is offered something which affords a reason for acting in accordance to his instincts, he will accept it even on the slightest evidence. The origin of myths is explained in this way." - Bertrand Russell

#4 TMacK

TMacK

  • Members
  • 4,672 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:B.C. Canada
  • Local time:03:01 PM

Posted 24 November 2007 - 04:21 PM

I see you have a HJT log posted in the HijackThis Logs and Malware Removal forum.

You shouldn't make any changes to your system, while your HJT log is posted, as that could change the results of the posted log, making it difficult to properly clean your system.
At this point, the HJT Team should be the only members that you take advice from, until they have verified your log as clean.

I'm closing this topic until you are cleared by the HJT Team.
If, after your log has been cleaned, you still need help, please PM a Moderator and we will re-open this topic.
Chaos reigns within.
Reflect, repent, and reboot.
Order shall return.

aaaaaaaa a~Suzie Wagner




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users