Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cycbot / Backdoor Activities


  • Please log in to reply
4 replies to this topic

#1 Nafie

Nafie

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 28 February 2012 - 08:15 PM

Good evening.

I have two laptops, one that I use for gaming, and one for personal use. My gaming laptop is currently the infected one, and it won't let me access the internet at all, so I must use my personal to do all of this.

I have attempted to remove it (meaning Cycbot and all that it has downloaded) twice now by running Windows 7 in Safe Mode with Microsoft Security Essentials and have attempted to use HijackThis to help myself. Malwarebytes is not currently working for me in Safe Mode, otherwise I'd use it before all else.

Any assistance would be appreciated -- I'd really like to get back to playing World of Warcrack today.

Edited by Nafie, 28 February 2012 - 08:18 PM.


BC AdBot (Login to Remove)

 


#2 Nafie

Nafie
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 28 February 2012 - 08:21 PM

I would also like to note that I have performed a System Restore in the hopes that it would work. Still wrong.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 28 February 2012 - 08:35 PM

Try this: http://www.bleepingcomputer.com/virus-removal/remove-tdss-tdl3-alureon-rootkit-using-tdsskiller
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#4 Nafie

Nafie
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:09:29 PM

Posted 28 February 2012 - 08:49 PM

Thank you. I used TDSSKiller and it found two problems and promptly removed them and restarted my computer. Now I'm using MalwareBytes' in non-safe-mode (since that seems to be the only way I can use it at the moment) and hopefully that will help to resolve the issue.

**EDIT**
Finally got MalwareBytes to work in Safe Mode. It found about 6 other problems, all of them Trojans or backdoor irritations, and it quarantined and removed them. I am running the scan a second time to make sure that everything has been removed. I sincerely wish that I could copy and paste the logs here so that the moderators may see them; but I do not believe I will be able to, even after everything is "fixed".

**EDIT 2**

Still says "Firefox is configured to use a proxy server that is refusing connections."

Edited by Nafie, 28 February 2012 - 10:12 PM.


#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:29 PM

Posted 28 February 2012 - 11:44 PM

Please download Farbar Service Scanner and run it on the computer with the issue.
Make sure the following options are checked:

  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center
  • Windows Update

Press "Scan".

It will create a log (FSS.txt) in the same directory the tool is run. Post the log in your next reply.

Note: you will need to copy the FSS.exe file over to the other computer on a thumb drive (or similar) and then copy the FSS.txt log back so you can post it here.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users