Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor .VB virus


  • Please log in to reply
3 replies to this topic

#1 wish2learn

wish2learn

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 20 April 2010 - 02:06 PM

Hi,

I have a few times discovered a hackers virus called Backdoor.VB that has been secretly installed on my PC.
Thanks to the excellent security advice on this forum I was able to quickly locate and remove it.

But should I be concerned? How serious is this virus, and could it possibly be linked to my IP address - which means it will be out there ready-and-waiting every time i go on line?
Or is it more likely linked to a particular web site, or is it something that is randomly floating throughout the Web?

Thanks for your help.

Edited by Orange Blossom, 20 April 2010 - 03:48 PM.
Move to AII as no logs posted. ~ OB


BC AdBot (Login to Remove)

 


#2 wish2learn

wish2learn
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 20 April 2010 - 04:26 PM

The reason I did not post any logs is because I am not actually asking how to remove the virus - the malwarebytes program has already done this for me.
Malwarebytes located the virus, and this is how I discovered its presence and its name.

I did a search on the Web and discovered that there a a few kinds Backdoor.VB viruses around, and that each one serves as a sort of 'administrative tool' to enable hackers to access private information from your PC.

Here is the basic information that I found:

Malware Type : Backdoor (A Backdoor is a program that uses a secret and/or undocumented means of getting into a computer system. Some software programs have backdoors for programmers to troubleshoot or change the program. Some backdoor programs test the system and phone home to allow for future attacks.)

Executable File(s) : -++d+˜+-.exe , 00[sub]7.exe , -1856815584.exe , -2007611468.exe , 315657059.exe , a50bdf03361b341d7682e0ea41c5

DLL File(s) : msn-plugin.dll , msstdfmt.dll

(Backdoor is created by Evolution).

Evolution Description:
This is a Remote Administration Tool, that is used by hackers to control the victim's machine remotely. The possibilities of such application depend on the needs of the attacker. This particular RAT has the ability to manipulate the file structure of the infected PC, it also includes some functions, designed to annoy the victim It was created by a group called Five-Times Productions. The applicationing language is Visual Basic. This virus originated in January 2002.


I would like to know how to avoid this sort of thing happening in the future, and I seek your advice and opinion on the matter.

Thanks.

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,961 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:05:15 AM

Posted 22 April 2010 - 12:18 PM

I would like to know how to avoid this sort of thing happening in the future, and I seek your advice and opinion on the matter.

Tips to protect yourself against malware and reduce the potential for re-infection:

Keep Windows and Internet Explorer current with all critical updates from Microsoft which will patch many of the security holes through which attackers can gain access to your computer. If you're not sure how to do this, see Microsoft Update helps keep your computer current.

Avoid gaming sites, porn sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs (i.e. Limewire, eMule, uTorrent). They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Malicious worms, backdoor Trojans IRCBots, and rootkits spread across P2P file sharing networks, gaming, porn and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans, and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. Porn sites can lead to the Trojan.Mebroot MBR rootkit and other dangerous malware. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.Beware of Rogue Security software as they are one of the most common sources of malware infection. They infect machines by using social engineering and scams to trick a user into spending money to buy a an application which claims to remove malware. For more specific information on how these types of rogue programs and infections install themselves, read:Keeping Autorun enabled on USB (pen, thumb, jump) and other removable drives has become a significant security risk as they are one of the most common infection vectors for malware which can transfer the infection to your computer. To learn more about this risk, please read:Many security experts recommend you disable Autorun asap as a method of prevention. Microsoft recommends doing the same.

...Disabling Autorun functionality can help protect customers from attack vectors that involve the execution of arbitrary code by Autorun when inserting a CD-ROM device, USB device, network shares, or other media containing a file system with an Autorun.inf file...

Microsoft Security Advisory (967940): Update for Windows Autorun
How to Maximize the Malware Protection of Your Removable Drives

Other security reading resources:Browser Security resources:• Finally, if you need to replace your anti-virus, firewall or need a reliable anti-malware scanner please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 wish2learn

wish2learn
  • Topic Starter

  • Members
  • 72 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 24 April 2010 - 04:46 AM

Thank you.
Alas, I am fairly certain now that I have been hacked - even though the backdoor virus no longer shows up in scans.

I also think I know where the virus came from. This had nothing to do with a Gaming site, Porn or Pirating anything at all.
Regrettably, I belonged to a well known forum where the professed function is to encourage open, honest debate in all manner of ordinary topics. I believed this was the order of the day, however I and another member took a different view of things to the forum administrator, and things got really ugly from his side - it was quite unexpected and unjustified imo.

The site actually encourages honest debate, but in reality I found out that if you dare to hold an alternate view to this guy he gets very, very angry - to the point of lashing back (and he subsequently made posts of completely unjustifiable hate speech concerning me and another member), and on that same day I mysteriously got the virus!

Now this site obviously has access to personal details such as email and IP address, and for a week now I am out-of-the-blue being sent malware and emails that attempt to lure me to click on suspicious links. Also my web browser is acting very strange indeed.
I regret my membership and participation with the aforementioned forum, and I pm'd the administrator with an apology but he has ignored me and appears only intent on causing me to crash and burn.

Its been a painful lesson, but what can I do??
People do hold differing opinions in life - and I believed debate was a reasonable method of challenging such opinions, and I am genuinely baffled by the degree of vitriol that has resulted.

Naturally my participation on this site has ended, but what remains is all this unsolicited mess, and the question of how to get myself un-hacked again. :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users