Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Please help, surely infected.

  • Please log in to reply
1 reply to this topic

#1 ironbomb


  • Members
  • 1 posts
  • Local time:03:57 PM

Posted 06 December 2010 - 02:40 PM

Windows defender keeps picking up the virus, Backdoor:win32/cycbot.b, removing/quaratining it but it always returns.
Spybot keeps on detecting win32.autorun.tmp and colewwwsearch.olehelp and returns if I open IE.
I have ran DrWeb CureIt app as well, but unable to save a log of it, dont know why and it usually picks up java.downloader 1.18 and/or java.downloader 1.19 or something like that , stating it moved it into quaratine but always return each time I run it.
Heres what I return with running MBAM, the two "fixes" keep returning as well:

Malwarebytes' Anti-Malware 1.50

Database version: 5247

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/6/2010 1:27:05 PM
mbam-log-2010-12-06 (13-27-05).txt

Scan type: Full scan (C:\|D:\|E:\|J:\|)
Objects scanned: 281685
Time elapsed: 31 minute(s), 12 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
c:\Users\ironbomb\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 2844 -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Value: svchost -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\ironbomb\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\ironbomb\AppData\Roaming\microsoft\conhost.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\Users\ironbomb\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.

e/ Using windows7

Edited by ironbomb, 06 December 2010 - 05:45 PM.

BC AdBot (Login to Remove)


#2 williamx


  • Members
  • 8 posts
  • Local time:02:57 PM

Posted 08 December 2010 - 03:24 AM

Had same problem here, I suggest you reformat your hard drive. Log on to a clean computer and change all your login information you had on the infected computer. Pay close attention to your bank, watching for new accounts popping up or someone trying to get a credit card in your name, or withdrawals from your account you did not make, if you do see that activity call your bank ASAP. Then make sure you place a fraud alert on your credit score. Never store any information vital on a computer, there's too many ways for people to steal information throught the internet.

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users