Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Infected By Backdoor Trojan And Something Else

  • Please log in to reply
1 reply to this topic

#1 Mr Jack

Mr Jack

  • Members
  • 1 posts
  • Local time:04:39 AM

Posted 18 May 2008 - 05:09 PM

Hi all, i´m a new user of this forum. And i have some problems with my computer, i got these problems 5 days ago when i was opening my Windows Live Messenger, i got an message that told me i have received one message from a close and dear friend, when i was not logged in. And the question was if i want to open that message and see what my friend want to tell me. I open the message , but there was no text at all it was whole clear, i closed that window, but it was to late. After that my computer remind me that i have an very bad program in my computer, with pop-ups. I have scan my computer with this programs: NOD32 Antivirus, ZoneAlarm Security Suite, Ad-Aware 2007 and Spyware Doctor, but my computer is still infected with this:

C:\system volume information\_restore{63ddc2b2-ec7c-4075-aee3-d127376d5416}\rp496\a012380.exe

I use Windows XP Home Edition with SP2.

Please help me somebody.

BC AdBot (Login to Remove)


#2 ruby1


    a forum member

  • Members
  • 2,375 posts
  • Local time:10:39 AM

Posted 18 May 2008 - 05:53 PM

Hi; and a sad welcom :thumbsup:

you say you have both

NOD32 Antivirus, ZoneAlarm Security Suite,

this I beleive means you have TWO antivirus programs on board ; so neither will have been able to protect you

if you ARE right and do HAVE a backdoor trojan on there you need to tell us if you do any banking etc on there as your computer security and privacy are in jepoardy
can you please run this scan to see what IT flags up
then find a DIFFERENT KNOWN CLEAN computer to communicate with us and keep THIS one OFF line
Superantispyware; guide on how to install and run

If you have not already got a Downloads folder , I suggest you create a new folder in My Documents, and name it Downloads ;

Installing superantispywareSuperantispyware is found here


Download to the Downloads folder the free exe to superantispyware from here


you install superantispyware by clicking on the icon in the downloads folder ;
it will launch the installation process;
follow the instructions and I suggest you ask for a default installation ;
ensure it creates a desktop icon for you ;
once the program has been installed it should ask you if you wish to update the program ; say YES

if it does not ask you , you need TO fully update the definitions by opening the program and find the ‘check for updates ‘tab in the bottom left of the menus you see; click on it and it will do the update for you ;
I suggest you ask it to check for updates again once the first update is complete just to be sure

please then reboot your computer ; it is preferable to run the scan in your computers safe mode;

please open this program from the desktop icon
please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

go to the preferences tab on the right
on the General tab I suggest you disable the scan on start up

on the Hijack protection tab I suggest you tick BOTH items; this enables the program to give you a Hijack home page alert if your home page gets changes ; if you DO get a home page hijack, when you boot up the computer superantispyware will open and tell you the home page has changed and will ask you if this is a legitimate change;

in statistics/logs- go to the bottom and you will see two boxes asking about keeping a log of scanning results and saving empty logs?

Tick both of them

Then go back to the main screen and see the tab that says scan your computer? Do you see that ?

Click on it

A screen will open ;on the left hand side ensure your FIXED drive ( most probably the C drive) is ticked;
Also tick in there any other section that is used and attached .
On the right had side you see three scanning options?; please click the Complete scan option

OK; you are now set to scan

Please then click on the ‘next’ tab and let the scan run please run the scan while you are OFF line and do not have the computer doing any other work while the scan runs

From my experience running this program the complete full scan CAN take many hours to run depending on how much is on your computer so be patient and let it run; maybe go for a cuppa or watch a favourite program while this one runs

Once the scan IS complete you will be presented with a box telling you what the scan has found ( if anything); if harmful objects have been found click on the OK button ; on the next screen all the harmful objects should have a check mark beside them, ; click ‘next’

A notification should appear that

‘quarantine and removal is complete’

click ‘ok’
and then the Finish button to get returned to the main menu

If you have run the scan in computers safe mode you will need to reboot to computer normal mode

If you have run in computer’s normal mode I suggest you reboot to enable the ‘fix’ the program has performed to consolidate

You then need to retrieve the scan result

Open the program and return to the statistics /logs section ; locate the most recent log ; left mouse click on it to highlight it and click the ‘view log’ tab

The log should appear in maybe note pad ; you need to copy and paste that log for examination
Once you have posted the log please close the superantispyware program

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users