Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help trojans and backdoor.bot.


  • Please log in to reply
5 replies to this topic

#1 livelifeloud247

livelifeloud247

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 08 September 2010 - 02:55 PM

Hi there, i'm scott, i'm a novice at this spyware removal so you'r my best help. my computer here, not currently running antivirus software seems to have a reoccuring hiloti.D! trojan and bredolabb.aa. These were found by windows defender, i run spydoctor but to no removal prevail. i am currently doing a system scan with SUPERantispyware. which has found backdoor.bot (zbot). two trojan.agent/CDesc[generic]. unclassified.unknown origin and 771 adware.tracking cookie's. the scan is still continuing, my operating system is windows vista. i have windows defender removing found viruses and seem to be gone but then they reoccur with a full system scan. also on startup in my user account i always have a notepad open first wiht the file name of ~tm followed by some number. i am very worried about my system. You'r help would be greatly appreciated. thankyou in advance, scott
Also found now is trojan.dropper/Gen.nv.... full system scan still in progress.

Edited by hamluis, 08 September 2010 - 03:56 PM.
Moved from Am I Hacked to Am I Infected ~ Hamluis.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:01 AM

Posted 08 September 2010 - 04:00 PM

Hello and welcome.. First what is your operating System,XP ,Vista etc...?
You cannot survive on the internet with out least an Antivirus, an Antipyware and firewall. I will give these later.

Now about this backdoor. One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do.

Even if you decide to reinstall ...
You will need to install a free AV.. Avira Antivir
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 livelifeloud247

livelifeloud247
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 08 September 2010 - 04:12 PM

hi, thaks for getting back so quick, i am runing windows vista, oh that doesn't sound good but i would like to try to remove it to attempt to make my computer run as normal, not many things are not running as normal, just the notepad opening on startup with random lettering and windows defender finding a reoccuring tojan. thanks

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:01 AM

Posted 08 September 2010 - 04:18 PM

can you install and run the Antivir and post back the log?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 livelifeloud247

livelifeloud247
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:01:01 PM

Posted 08 September 2010 - 04:29 PM

since my last post i used superaintspy to quarantine the bot but after reboot my whole desktop is just orange, however the other user account is working as normal, do you think it;s a case of backup what you can and reinstall the os? will the bot still come thru even after reinstalling the os? is safety back if i do that?

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:01 AM

Posted 08 September 2010 - 06:10 PM

In your case it may be the quickest and best. As you have no AV and we do not know what is infecting you.

If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Vista users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Windows XP Home and Professional forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users