Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

had BSODs, saw could be backdoor or sbot(similar) so


  • This topic is locked This topic is locked
38 replies to this topic

#1 Nickpctj

Nickpctj

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 01 July 2009 - 01:17 AM

Hi, recently the computer had 5 BSODs so I checked the Windows XP event viewer and the Microsoft report indicated it was possible there could be a Backdoor something or a SBot or SPot or something like that.
I did not complete the Housecall scan because I had to install Java then I found the Hijacthis there and remembered what it was so ran it and from there and noticed BleepingComputer could analyse the Hijackthis report so here I am.
The computer is using a wired connection to a Belking N1 wireless router and there is 2 wired pcs and 2 wireless laptops and sometimes a PS3 using the router.

EDITED: I try to use the TrendMicro free online scanner and it closes the IE8 webpage after 30 seconds of loading. Also the latest version of Jav does not install. Java downloads for about 2 minutes then seem to download something quickly then closes saying installing, I think it was "install" failed.

Attached Files

  • Attached File  DDS.txt   14.99KB   14 downloads

Edited by Nickpctj, 01 July 2009 - 02:31 AM.


BC AdBot (Login to Remove)

 


#2 Guest_superbird_*

Guest_superbird_*

  • Guests
  • OFFLINE
  •  

Posted 04 July 2009 - 08:29 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 Nickpctj

Nickpctj
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  

Posted 05 July 2009 - 02:57 AM

Thankyou for notifying me. I did think after I posted this may be a popular website.
I copied and pasted my original post and edited it .

Recently pc had 5 BSODs, checked Windows XP event viewer and the Microsoft report indicated it was possible there could be a Backdoor something or a SBot or SPot or something like that.
I did not complete the Housecall scan because I had to install Java then I found the Hijacthis there and ran it and from there and noticed BleepingComputer could analyse the Hijackthis report so here I am.
The computer is using a wired connection to a Belking N1 wireless router and there is 2 wired pcs and 2 wireless laptops and sometimes a PS3 using the router.

EDITED: I try to use the TrendMicro free online scanner and it closes the IE8 webpage after 30 seconds of loading. Also the latest version of Jav does not install. Java downloads for about 2 minutes then seem to download something quickly then closes saying installing, I think it was "install" failed.
I try to use WIndows Live One Care Online scanner and it will not let me install, the webpage freezes and I have to logoff and then pc is ok.
Symantec free online Antivirus scan stops, like One Car.
So I reinstalled XP Home SP3 and all the online scanners work ok and Trend Micro finds TROJ_Gen.8V400 . Presumably Housecall found it in the backup partition I used to store softwares for easy reinstalling favorite applications.
So, TrendMicro removes it and I try all the online scanners again and Trend Micro behaves as it did before I reinstalled Windows XP. THe webpage half lods then seems to stop.

TROJ_Gen.8V400

Attached Files


Edited by Nickpctj, 05 July 2009 - 03:00 AM.


#4 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:57 AM

Posted 07 July 2009 - 04:24 PM

Howdy, my name is Hoov, and I will be helping you with your dilemma.

Please make sure you watch this thread for responses. If you click the options tab at the top of your first post, you can select to track this thread.

Here is what I am asking you to do during the repair of your computer

*Tell me everything that you have done, if anything, to try and fix this problem.

*Please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

*Follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go. Don't install anything, even other programs that have nothing to do with security or malware, it could cause things to change, and I would never know it.

*Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

*Stick with me to the end. My aim is to fix your problems, and give you the tools and knowledge to keep this from happening again.

Now onto trying to fix your computer.

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Download and scan with CCleaner
1. Starting with v1.27.260, CCleaner installs the Yahoo Toolbar as an option which IS checkmarked by default during the installation. IF you do NOT want it, REMOVE the checkmark when provided with the option OR download the toolbar-free or Slim versions instead of the Standard Build.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:
  • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
  • Clean all the entries in the "Windows Explorer" section.
  • Clean all entries in the "System" section.
  • Clean all entries in the "Advanced" section.
  • Clean any others that you choose.

In the Applications Tab:
  • Clean all except cookies in the Firefox/Mozilla section if you use it.
  • Clean all in the Opera section if you use it.
  • Clean Sun Java in the Internet Section.
  • Clean any others that you choose.
4. Click the "Run Cleaner" button.
5. A pop up box will appear advising this process will permanently delete files from your system.
6. Click "OK" and it will scan and clean your system.
7. Click "exit" when done.

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#5 Nickpctj

Nickpctj
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 07 July 2009 - 06:50 PM

Hi, I have no more BSOD's since the reformat of the harddrive and the scan of Housecall which found the TROJ_Gen.8V400 .
Since then I can not get online Housecall to work again but One Care online does work but the Java 6 v 14 does not seem to be atting the graphics work in the One Care scan which has not happened before.
Tren Micro always tells me to update Java from SUn but it is updated to Version 6 Update 14 build 1.6.0_14-b08
The few times I have used Trend Micro Housecall after experiencing problems it has not begun the scanning process, only after the hdd reformat did the scan begin to find the trojan TROJ_Gen.8V400 . So I am still quite concerned.
Now after reading your post I have run CC and Malwarebytes' Anti-Malware and they worked ok and no malware was found.

Edited by Nickpctj, 07 July 2009 - 07:09 PM.


#6 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:57 AM

Posted 07 July 2009 - 07:28 PM

Ccleaner wouldn't find the problem, it only gets rid of temporary files that slow down the computer and scanners. Try uninstalling Java and then reinstalling it. Make sure all the other versions of Java are uninstalled before reinstalling the newest version. Sometimes they stick around confusing scanners. Can you post the Malwarebytes' Anti-Malware log, there is more info there than just that it didn't find anything. Do you know what file that TROJ_Gen.8V400 has been found in?

Let me know that, and about if there were older versions of Java installed.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#7 Nickpctj

Nickpctj
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 08 July 2009 - 02:53 AM

I had the previous version to the Java Version 6 Update 14 build 1.6.0_14-b08 , I can remember version 6 build 13 ,

Here is the Malwarebytes log.

I think I have the results of the TrendMicro Housecall sccan that found the trojan. Do you want me to upload that?

I do not know what file TROJ_Gen.8V400 was found in.

Attached Files



#8 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:57 AM

Posted 08 July 2009 - 10:50 AM

Go ahead and give me the TrendMicro log as well.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#9 Nickpctj

Nickpctj
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 08 July 2009 - 09:21 PM

Hi Hoov, the log file I have is not of th scan done that found the trojan. The log I have is of a SIC scan I did after using a trendmicro download with the latest file definitions in it.
This is the last thing I had done to get rid of anything. One Care works but TrendMicro housecall still hangs.
A flatmate said 2 days ago there is a Windows XP world wide virus. Have you heard of that? I have not seen any headlines in the news about a world wide virus.
:thumbup2: I have a Hijack this scan also which may have been before trendmicro removed the trojan. I am guessing you would like to see that also :)

I see the SIC file can not upload. It is 1.56MBs, but I do not see why this small text file can be that size?? The name of the file is.... SICLOG00001TRENDMICRO .

ah hah...so I edited it a bit...here is the first parts of the tmicro scan...let me know how much more of this file you need :)

Attached Files


Edited by Nickpctj, 08 July 2009 - 09:29 PM.


#10 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:57 AM

Posted 08 July 2009 - 10:08 PM

Lets forget old scans for now.

Please perform a BitDefender Online Virus and Malware Scan here:
http://www.bitdefender.com/scan8/ie.html
* Click on I Agree.
* An ActiveX warning box will appear, click on Install.
* Under Select What You Want To Check For Viruses.
* Please Check My Computer and Click Ok
* Now Click On Click Here To Scan
* Next, Click on Click here to export the scan report
* Save it to your Desktop.
* In your next reply, please include the BitDefender log and a fresh HijackThis log.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image

#11 Nickpctj

Nickpctj
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:01:57 PM

Posted 09 July 2009 - 02:20 AM

Hi, I am running the scan now. The engine update failed but virus base is loading. it seems it will run ok. I will post as soon as the scan is finished.
Thankyou.

EDITED:

Hi, the scan will not start , probably because the engine update fails.

Now I see the scan may have loaded ok, but I did see the engine failed to update and a message came up it may be able to scan although the scan may not be accurate so I clicked ok and the scan did not start. I am trying the BitDefender scan again.

I have just remembered the mouse cursor was behaving oddly before Trend Micro found the TROJ_Gen.8V400 was found after the clean install previously.

Now when I try the Bit Defender scan the operation stops at the engine updating to 100%. I will try the scan again.

Also I am finding now I have to click the right mouse button twice before it does what it supposed to do.

Edited: I am trying to run the Bit Defender scan again but now nothing is happening when I click on the green start the scan button. I refreshed the webpage and opened a new webpage but the click on the green start the scan is now not working.

Edited by Nickpctj, 09 July 2009 - 03:07 AM.


#12 Nickpctj

Nickpctj
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 09 July 2009 - 03:12 AM

This is what happens when I try to start the scanner now.....

edited: I even tried to start the bit defender scan with Avast Home Edition scanners disabled.

Attached Files


Edited by Nickpctj, 09 July 2009 - 04:07 AM.


#13 Nickpctj

Nickpctj
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 09 July 2009 - 04:04 AM

This last picture is what happened on the last attempt to run the scan. The operation stopped during Cancelling. Now I have to close that down using TaskManager, which I did just now and that caused all IE8 webpages to close down.
I have tried the scan with only that one scan webpage open, same result.

Attached Files


Edited by Nickpctj, 09 July 2009 - 04:12 AM.


#14 Nickpctj

Nickpctj
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 09 July 2009 - 04:25 AM

Wow, what could be going here with this computer...? I clicked on the Cancel button on the bit Defender scan that hanging and the scan started. I will follow the instructions and post the scan log.

Hijackthis log coming up....

Attached Files


Edited by Nickpctj, 09 July 2009 - 05:09 AM.


#15 Hoov

Hoov

  • Malware Response Team
  • 3,519 posts
  • OFFLINE
  •  
  • Location:Mikado Michigan
  • Local time:06:57 AM

Posted 09 July 2009 - 12:06 PM

Do you have an XP installation disk? Not a system restore disk, but a windows installer. Even if it is an OEM disk.
Visiting From SpywareHammer.com and DonHoover.net

Tilting at windmills hurts you more than the windmills.
-From the Notebooks of Lazarus Long
Senior of the Howard Families

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users