Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible backdoor trojan??


  • Please log in to reply
18 replies to this topic

#1 Ali Foley

Ali Foley

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 11 May 2009 - 05:49 PM

Hi - so I'm having - and have been having a ton of issues lately - I finally decided I should just come to you guys instead of trying to figure it out for myself. I have been having a whole bunch of issues - my computer is running slower than usual, it's been crashing with the stop error 100000d1, it keeps giving me a pop-up at startup from the taskbar that says that my virus software is not updated (but I've been updating -its VirusScan), and now my internet explorer won't start (I'm on firefox) and I can't run Spybot or Malwarebytes. So tons of problems. I'm studying abroad this semester so I don't have my backup harddrives to backup my files (lots of new pictures) so I dont want to erase anything if possible. I also am having problems downloading and opening applications, but we'll cross that bridge when we come to it. Please help!!!

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 11 May 2009 - 05:52 PM

What happens when you try to run Malwarebytes?
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#3 Ali Foley

Ali Foley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 11 May 2009 - 07:12 PM

It wouldn't even open - it would try but the application could never actually open up. I actually uninstalled it to try and reinstall and run it again, but now the downloaded setup file won't even run. Very frustrating.

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 11 May 2009 - 07:16 PM

Try renaming the setup file to something else such as:

abcde.bat

Then double-click it to see if it will install.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Ali Foley

Ali Foley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 11 May 2009 - 07:26 PM

Ugh, nothing. Were you saying I should try changing the .exe to a .bat? (By the way, thank you thank you!!!)

#6 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 11 May 2009 - 07:31 PM

Yes. The setup file is called mbam-setup.exe.

I wanted you to rename this file to:

abcde.bat
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#7 Ali Foley

Ali Foley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 11 May 2009 - 09:16 PM

So I did it and it worked! So Malwarebytes is now installed but I still can't open it. I still cannot open Spybot either...

Edited by Ali Foley, 11 May 2009 - 09:17 PM.


#8 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 11 May 2009 - 10:08 PM

Now you need to do the renaming trick on this file:

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#9 Ali Foley

Ali Foley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 11 May 2009 - 11:06 PM

Thank you! Sorry to have you walking me through the dumb baby steps, but it really helped! I was able to run Malwarebytes and it found 2 infected files (trojan.agent) system32\uacinit.dll and (rootkit.trace) hkey_local_machine\software\uac . I'm gonna go ahead and remove them, yeah? I mean I can see what happens, but do those sound familiar? Sound like they could have been doing the harm?

#10 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 11 May 2009 - 11:11 PM

Can you post the log please.

And then, reboot your computer, run the Malwarebytes Full-Scan and post that log also when the scan is finished.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#11 Ali Foley

Ali Foley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 11 May 2009 - 11:14 PM

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

5/12/2009 12:14:09 AM
mbam-log-2009-05-12 (00-14-03).txt

Scan type: Quick Scan
Objects scanned: 80266
Time elapsed: 6 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\UAC (Rootkit.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\uacinit.dll (Trojan.Agent) -> No action taken.

#12 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 11 May 2009 - 11:17 PM

Remove these items, reboot, run the Full-Scan and then post that log.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#13 Ali Foley

Ali Foley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 12 May 2009 - 10:13 PM

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

5/12/2009 11:10:19 PM
mbam-log-2009-05-12 (23-10-19).txt

Scan type: Full Scan (C:\|)
Objects scanned: 161877
Time elapsed: 37 minute(s), 55 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Yup, should be good! I'm gonna keep running some antivirus scans to check - but thank you thank you thank you!

#14 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:14 AM

Posted 12 May 2009 - 10:19 PM

If you’re clean, you should create a new Restore Point to prevent possible re-infection from an old one.

Go Start > Programs > Accessories > System Tools and click System Restore. Choose the radio button marked Create a Restore Point on the first screen then click Next. Give the Restore Point a name and then click Create. Then use Disk Cleanup to remove all but the most recently created Restore Point. Go Start > Run and type: "Cleanmgr" (without the quotes). Click Ok > More Options tab > Clean Up in the System Restore section to remove all previous restore points except the newly created one.

Also, go Start > Control Panel and double-click Add or Remove Programs. Post back and report any Java entries that you have.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#15 Ali Foley

Ali Foley
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 25 May 2009 - 07:22 PM

Hmm... thought everything was fine, but there's definitely still something very wrong. My computer will freeze up randomly, not open programs, be unable to browse the internet (though very obviously connected), and now I have no sound unless I use headphones (corrupt driver?). So I'm running a full scan with Malwarebytes and Virus scan again, but they haven't been able to find anything lately... help!!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users