Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Are Some "backdoor/system32.cybot trojans..." Worse Than Others?


  • Please log in to reply
No replies to this topic

#1 deandome

deandome

  • Members
  • 65 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:01 PM

Posted 23 August 2011 - 04:27 PM

I'm running Windows 7 Home 64-bit, and today an Ad-Aware scan found: backdoor.win32.cycbot.cfg, which it then quarantined. I think this might have been left over from a google redirect problem I had about a month ago. I seem to have killed that problem, as I haven't had any 'infection symptoms' that I know of...it was a normal scan I do every week or so. BTW, I know Ad-Aware gets slammed a lot for being to hoggish, but I gotta say, it seems to root out more baddies than my Malwarybytes and/or Spybot S&D. (both of which were run before AA, and neither found anything.

I've read up on backdoor trojans & have seen a lot of "...to be able to totally trust your computer, you really need to re-format" advice, but that's always kind of 'generic' for all backdoors; I have yet to see anything specific to the different 'species'. And in the "When should I reformat? How should I reinstall?" link I found in one of those advice threads here @ bleepingcomputer, it said:

If the computer was connected to the Internet for a long time with the backdoor installed, or if the malware used ICQ to actively contact hackers, then it is more likely the backdoor was used. Therefore there is a high risk if re-formatting and re-installing is not done.

If the backdoor merely opens a port to listen the risk is slightly lower.

If the backdoor merely opens a port to listen and the computer was behind a working firewall or NAT router, then the risk of the backdoor being used is greatly reduced. Therefore there is probably a much lower risk if re-formatting and re-installing is not done.

Most search hijackers and pop-up producing adware contain a capability for the maker to automatically update them and to add additional adware. In other words, most of them install backdoors of some sort.

In a case where only search hijackers and pop-up producing adware are found we should not automatically recommend re-formatting provided the malware can be removed another way, and providing the computer requires only normal levels of security. Hijackers and adware are written for advertising money, and their authors are not normally interested in anything more malicious than getting click-through payments from advertisers. Seldom is a backdoor in adware used by the maker to install anything other than more hijackers and ad-ware.


That tells me some backdoors are worse than others...right? Is there a way to determine if the backdoor "merely opened a port" vs. doing more evil things?

Can you tell anything by the extension at the end of the trojan's name (mine being ".cfg")? My computer is for home use (games, email, etc), but we pay do bills on it, buy things via amazon/paypal, etc. I've always had a firewall & AV protection running.

What do you think...reformat or not?

Thanks!

Edited by deandome, 23 August 2011 - 05:13 PM.


BC AdBot (Login to Remove)

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users