Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Urgent! Please help!


  • Please log in to reply
3 replies to this topic

#1 Uraiser

Uraiser

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:08:09 AM

Posted 12 June 2005 - 09:53 PM

hxxp://pictures.msn.com/vib/f/current/soldier.jpg DO NOT CLICK LINK, This link was given to me from a close friend, I do know better about malacious links but not to this degree.. My friend sent me this link, it took her exact font and the same way she typed.. I clicked it, trusting her, and the file came up as a readable by my hex editor.. anyway, the file disapeared and i dont know what happend, i know for a fact that its more than likely a worm, so i need your help once again. Im scanning my comp as we speak..

Mod edit: Edited link so it won't be active.

Edited by Papakid, 12 June 2005 - 10:06 PM.


BC AdBot (Login to Remove)

 


m

#2 TEB

TEB

  • Banned
  • 449 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 12 June 2005 - 10:07 PM

steps to take:

1. you should always check task manager processes for anything you dont recognize........

2. Run hijack this, if you dont know to interpret logs post it in a hijack this analyzation forum found here or practically any other tech support forum

3. Scan with your antivirus as you are now so you can identify the virus.....then do some research about its behavior so you know what to do.

Ive seen this link before, msn virus i believe.....you should do a system search on the filename you found before it disappeared.

#3 Uraiser

Uraiser
  • Topic Starter

  • Members
  • 254 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:San Antonio, TX
  • Local time:08:09 AM

Posted 12 June 2005 - 10:13 PM

I've done some research, and this came up "Backdoor.Doyorg". Im looking at it right now. Thanks for the help this far, im running mcafee's stinger, then im going to do trendmicro's housecall

#4 TEB

TEB

  • Banned
  • 449 posts
  • OFFLINE
  •  
  • Local time:08:09 AM

Posted 12 June 2005 - 10:42 PM

Did some research and found this from symantec security response and mcafee enterprises

"Backdoor.Doyorg is a back door Trojan which allows unauthorized remote access. The Trojan may arrive via an instant message received in AOL Instant Messenger (AIM)."

Heres how to remove it:

1. Update the virus definitions.
2. Restart the computer in Safe mode (How to start windows in safe mode)
3. Reverse the changes made to the registry.
4. Run a full system scan and delete all the files detected

Heres the changes it makes to the registry:

Click Start > Run.
Type regedit

Then click OK.

Navigate to the this key

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon

In the right pane, double click the key shell, and then in the box delete whatever is there and type Explorer.exe

MAKE SURE YOU EDIT THE REGISTRY WHILE IN SAFE MODE OR THE THREAT WILL NOT BE REMOVED!!

After doing this your main antivirus should take care of the rest.....to make sure your clean after you think its removed post a hijack this log in the hijack this analyzation forum.

Good luck :thumbsup:

Edited by Techsomething, 12 June 2005 - 10:45 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users