Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Backdoor.bot found by Malware bytes


  • Please log in to reply
5 replies to this topic

#1 Toony

Toony

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 24 June 2011 - 12:30 AM

Well I did a malware bytes scan today and it came back with one infected file. MIRC612.EXE which it claimed was infected with backdoor.bot

It said it has quarrantined and deleted the file but what else should I do? Are there further precautions I need to take?

BC AdBot (Login to Remove)

 


#2 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:04:01 PM

Posted 24 June 2011 - 07:37 AM

Hi Toony.

You should scan your pc with a online scanner, as ESET Online Scanner, following this steps:

  • Disable your Antivirus and other security software
  • Hold down Control and click on the above link to open ESET Online Scanner in a new window
  • Click the Posted Image button
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer and Save it to your desktop
    • Double click on the Posted Image icon on your desktop
  • Check Posted Image
  • Click Posted Image
  • Accept any security warnings from your browser
  • Under scan settings, check Posted Image and Uncheck Remove found threats
  • Click Advanced settings and select:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will download updates and install itself, then begin the scan. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Click Posted Image, and save the file to your desktop using a unique name, such as ESETScan
  • Click Posted Image
  • Click Posted Image
then clean temp files with Temp File Cleaner:

  • Double click on TFC.exe to run the program
  • Click on Start button to begin cleaning process
  • TFC will close all running programs, and if ask you to restart computer allow it
and next download Security Check, save it to your Desktop and:

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box
  • A Notepad document should open automatically called checkup.txt; save it to you desktop
Finally, rember to re enable the protections that you have disabled .

Include the contents of the reports in your reply.

Edited by Clairvoyant, 24 June 2011 - 03:50 PM.


#3 Toony

Toony
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 24 June 2011 - 05:43 PM

Okay, now what?


ESETSCAN
C:\Users\Toony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10\6b1e720a-7dfe1ecb Java/Agent.BV trojan deleted - quarantined
C:\Users\Toony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\2ef758e6-51cf07a9 Java/Agent.BV trojan deleted - quarantined
C:\Users\Toony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\d126230-4e74e16f Java/Agent.BV trojan deleted - quarantined
C:\Users\Toony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\384ba27d-15ebed8b a variant of Java/Agent.AF trojan deleted - quarantined
C:\Users\Toony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8\1d87cc08-1631d5cb probably a variant of Java/Agent.BR trojan deleted - quarantined
C:\Users\Toony\Desktop\Toons Stuff\flv_to_mp3_1.0n.exe multiple threats deleted - quarantined
C:\Users\Toony\Desktop\Toons Stuff\Minecraft-Beta-1.3_01-Trainer-Plus-4.zip a variant of Win32/HackTool.CheatEngine.AB application deleted - quarantined
C:\Users\Toony\Desktop\Toons Stuff\Minecraft.Alpha.v1.2.1_01.Plus.6.Trainer.zip a variant of Win32/HackTool.CheatEngine.AB application deleted - quarantined
C:\Users\Toony\Desktop\Toons Stuff\ChiiTrans\agth\agth.dll probably a variant of Win32/AGTH.A application cleaned by deleting - quarantined



checkup
Results of screen317's Security Check version 0.99.7
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
AVG 2011
ESET Online Scanner v3
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner
Java™ 6 Update 24
Java™ SE Runtime Environment 6 Update 1
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Adobe Reader 8.2.0
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

AVG avgwdsvc.exe
AVG avgtray.exe
AVG avgrsx.exe
AVG avgnsx.exe
``````````End of Log````````````

#4 Toony

Toony
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 24 June 2011 - 07:08 PM

I also don't know if it's related or if it's a misc bug of firefox but I recently started getting an error that stated "Firefox was unable to update securely" and now I just got one that stated "Something is trying to trick Firefox into an insecure update".

Again I have no idea if this is related to the trojans or an unrelated bug with firefox entirely. I just figured I should mention it.

#5 Clairvoyant

Clairvoyant

  • Malware Response Team
  • 1,564 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:somewhere in time
  • Local time:04:01 PM

Posted 25 June 2011 - 07:46 AM

Hi Toony,

now you should enabling UAC and update the JRE:

  • Go here
  • Read the License Agreement, and then check the box that says: "Accept License Agreement"
  • From the list, select your OS and Platform
  • Download for an Offline Installation and save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Uninstall JRE from Start => Control Panel => Programs and Features => click on Java => click on Unistall
  • Double click on downloaded file and install it
I suggest even to update IE at the last version ( even you not use it ), install a better Firewall, like Comodo ( if you choose Comodo DO NOT install the Antivirus during installation process ) or Online Armor and next use again TFC.

About the Firefox warning, was it already saw before infection?
You can try to reinstall FireFox to exclude any software corruption, but seems it may be caused even by Google Updater.
For this issue you should try in this section.

Edited by Clairvoyant, 25 June 2011 - 08:09 AM.


#6 Toony

Toony
  • Topic Starter

  • Members
  • 117 posts
  • OFFLINE
  •  
  • Local time:07:01 AM

Posted 25 June 2011 - 09:14 AM

I'm getting some help else where. Thank you for your time.

Edited by Toony, 25 June 2011 - 01:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users