Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus and backdoor detected. MalwareBytes not functioning


  • Please log in to reply
2 replies to this topic

#1 Ichben Einberliner

Ichben Einberliner

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nevada
  • Local time:02:11 PM

Posted 16 March 2009 - 12:58 PM

NOD32 detected the folowing:

TIME - 3/16/2009 6:05:31 AM
SCANNER - Real-time file system protection
OBJECT - file
NAME - C:\DOCUME~1\SUER\LOCALS~1\Temp\tmp690C.tmp
THREAT - Win32/Patched.Y virus
ACTION - deleted (after the next restart) - quarantined NT AUTHORITY\SYSTEM
INFORMATION - Event occurred on a file modified by the application: C:\DOCUME~1\USER\LOCALS~1\Temp\DigitalHQ.exe.

Rebooted and attempted to run MalwareBytes. MBAM would not run. Also could not connect to MBAM site to download.
Booted into safe mode and ran DrWEB. It found the folowing:

s-3-6-46-100022859-100025358-100030246-4397.com;c:\recycler;BackDoor.Tdss.82;Deleted.;
s-3-6-46-100022859-100025358-100030246-4397.com;d:\recycler;BackDoor.Tdss.82;Deleted.;
s-3-6-46-100022859-100025358-100030246-4397.com;g:\recycler;BackDoor.Tdss.82;Deleted.;
s-3-6-46-100022859-100025358-100030246-4397.com;h:\recycler;BackDoor.Tdss.82;Deleted.;
s-3-6-46-100022859-100025358-100030246-4397.com;i:\recycler;BackDoor.Tdss.82;Deleted.;
tmp1F.tmp;C:\Documents and Settings\USER\Local Settings\Temp;BackDoor.Tdss.106;Deleted.;
tmp690B.tmp;C:\Documents and Settings\USER\Local Settings\Temp;BackDoor.Tdss.106;Deleted.;
flash_player_v10[1].exe\data002;C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\QCGPU6OC\flash_player_v10[1].exe;BackDoor.Tdss.82;;
flash_player_v10[1].exe;C:\Documents and Settings\USER\Local Settings\Temporary Internet Files\Content.IE5\QCGPU6OC;Archive contains infected objects;Moved.;
294765.tmp;C:\WINDOWS\Temp;BackDoor.Tdss.82;Deleted.;
S-8-6-45-100000333-100013570-100005959-3107.com;D:\RECYCLER;BackDoor.Tdss.82;Deleted.;
S-8-6-45-100000333-100013570-100005959-3107.com;G:\RECYCLER;BackDoor.Tdss.82;Deleted.;
S-8-6-45-100000333-100013570-100005959-3107.com;H:\RECYCLER;BackDoor.Tdss.82;Deleted.;
S-8-6-45-100000333-100013570-100005959-3107.com;I:\RECYCLER;BackDoor.Tdss.82;Deleted.;

rebooted. removed and reinstalled MBAM. but still would not run.


Any suggestions on next step would be helpfull

BC AdBot (Login to Remove)

 


#2 Ichben Einberliner

Ichben Einberliner
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Nevada
  • Local time:02:11 PM

Posted 16 March 2009 - 04:16 PM

Im going to be doing a format and re-install. too many bad things going on and I dont think fixing a backdoor virus is as completely safe as formating and going fresh hehe.

now to decide what to run. XP, vista ult. 64, win7 beta lol hmm

#3 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,740 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:11 PM

Posted 16 March 2009 - 04:31 PM

Not an unwise decision to make. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. Wiping your drive, reformatting, and performing a clean install of the OS or doing a factory restore removes everything and is the safest action but I cannot make that decision for you.

Reformatting a hard disk deletes all data. If you decide to reformat, you can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware may disguise itself by adding and hiding its extension to the existing extension of files so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to your hard drive.

The best proceedure is a low level format. This completely wipes the drive. Then reinstall the OS.
Use the free version of Active@ KillDisk.
Or Darik's Boot And Nuke

The best sources of Information on this are
Reformatting Windows XP
Michael Stevens Tech

Of course also feel free to ask anything on this in the XP forum. They'd be glad to help.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users