Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cycbot.B is owning me


  • Please log in to reply
1 reply to this topic

#1 cycbot.bistrollingme

cycbot.bistrollingme

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 16 November 2010 - 12:30 AM

Ok, so i wont go into too much detail, but i hit up a site that i check out when ever i need stuff done.
Well this time i get on, and it hangs for a second, i see the Java icon come up on the bottom of the taskbar,
and i ctrl alt delete to see some adobe thing using like 200k+ memory. I close it and then my anti virus breaks out saying Cycbot.b (backdoor trojan) has infected me.
IM using MSE btw. So i quarantine it because it wouldnt let me remove. Then i couldnt log on to the internet, and i assumed that it just was making use a proxy server and i was right. So i had to edit my lan settings on google chrome to not use proxy servers.

K so i restart and bam it comes back again, this time i remove.
Fix internet then restart. Again.
So far happened 12 times.
Im raging guys.
Im a noob at this. Why are malwares so douchey. I ran full scan found nuthin but it comes back.
Please help. I love yall.

Idk how to post logs so sorry, if yall need me to fix/add any information...im here...fighting till my last breathe.

K read more rules:

My Specs - Windows Vista 32bit Home PRemium.

I read this somewhere in MSE:
When checking out details -

process:pid:160
process:pid:4744
process:pid:5880
process:pid:4884
process:pid:5036
process:pid:5744
process:pid:1736
process:pid:4224
process:pid:4500
process:pid:4952
process:pid:4376
process:pid:5460
process:pid:1900
process:pid:2900
process:pid:5220
file:C:\Users\HELLJUMPER\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UAYUZ6QS\fqiwkudzdlg1[1].exe
file:C:\Users\HELLJUMPER\AppData\Roaming\Microsoft\svchost.exe
regkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\svchost
runkey:HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\\svchost



Its like aids everytime i come online more stuff is infected.
Sorry for language grammar issues, i am 15, my dad dont speak english. And i thought i was computer genius.
I understand what you guys will tell me to do though...please help

Edited by cycbot.bistrollingme, 16 November 2010 - 12:37 AM.


BC AdBot (Login to Remove)

 


#2 bwat47

bwat47

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:04:38 AM

Posted 17 November 2010 - 11:47 AM

I just dealt with this same infection.
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Backdoor%3AWin32%2FCycbot.B&ThreatID=-2147328481
The infected files are listed there. The latest malwarebytes with updated definitions will remove all of these files and registry entries. Download and Install malwarebytes and run a scan and reboot. Then I recommend deleting all system restore points and running atf cleaner to prevent reinfection.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users