Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan And Backdoor Virus Problems


  • Please log in to reply
5 replies to this topic

#1 dc3

dc3

    Bleeping Treehugger


  • Members
  • 29,991 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:33 PM

Posted 16 March 2006 - 11:05 AM

Yesterday AVG found a trojan and a backdoor virus, it quarantined them, and today Ewido found backdoor.agobat.afk and sent it to the vault.

Should I run and submit a hijack this log here?

The following is what I'm running, it's all activated and up to date.

AVG
Adaware
Ewido (freeware version)
A-squared
Spybot search and destroy
OS W2k Pro SP4

Edited by jgweed, 16 March 2006 - 11:38 PM.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:33 AM

Posted 16 March 2006 - 12:14 PM

HJT logs are posted in the HijackThis Logs and Analysis Forum, not here.

Are you experiencing any problems other than the two trojans that were found and removed from your system by AVG and Ewido?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 dc3

dc3

    Bleeping Treehugger

  • Topic Starter

  • Members
  • 29,991 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:33 PM

Posted 16 March 2006 - 12:40 PM

I realize that this isn't the proper forum to post a hijack log, but you do have to start somewhere, and this seemed to fit the bill. After all, it does say " Am I infected? What do I do?".

I just dwonloaded and ran a scan with XoftSpy and it found two files infected with Alexa which I understand is a mild threat, my other scans were clean this morning.

My main concern is having used the same protection for a year, why all of a sudden am I getting infections? I haven't deviated from my usual sites, and will always look at my email through my ISP before I download it to my computerand I have the programs set up for automatic updates.

My second concern is why did two different programs detect the backdoor on two different days, did I have two different attacks? And what can I do to further protect myself?

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,560 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:02:33 AM

Posted 16 March 2006 - 01:39 PM

Sorry dc3, I misunderstood you about the posting. SInce your using the same protection and have not deviated from usual sites & habits I would suspect that your current protection is not stopping these infections. Without seeing the ewido log and not knowing what trojan avg found, it could be a separate infection or it could be that ewido detected it in avg's quarantine.

I would add the following for more protection:
SpywareGuard [protects your homepage from being hijacked]: How to Use Tutorial
SpywareBlaster [blocks known malware sites by adding them to IE's restricted sites zone]: How to Use Tutorial
IE-SPYAD [blocks even more malware sites by adding hem to IE's restricted sites zone]: Install-Uninstall Tutorial

Read "Simple and easy ways to keep your computer safe".
Read "Safer Settings for IE SP1 & SP2" and "How to Configure Enhanced Security Features for IE in XP SP2".

What type of firewall are you using?

If your not using a firewall, then its time to get one. The following are all free.

Zone Alarm Free for Personal Use
ZoneAlarm FAQs

Kerio Personal Firewall [available in a full and limited free edition].
Kerio Personal Firewall 2.1.5 [last freeware version that was strictly a firewall and not bundled with extra features that hog resources and slow down your system performance].

Outpost Firewall Free
Jetico Personal Free

Edited by quietman7, 16 March 2006 - 01:44 PM.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 dc3

dc3

    Bleeping Treehugger

  • Topic Starter

  • Members
  • 29,991 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sierra Foothills of Northern Ca.
  • Local time:11:33 PM

Posted 16 March 2006 - 11:29 PM

Thanks quietman7, Ewido seeing AVGs virus vault is an interesting thought, not real comforting though as it could make things confusing. I belive what happened wasn't a failure of my protection, it looks like it infact worked, there are no more signs of virus, spyware, trojan horse... I ran all my scans again this evening and found nothing, this makes me a little happier.

AVGs log list the event as being a Trojan Horse Back Door. Small.31.AE, I didn't find anything at google or yahoo, at least not in the English language.

I did forget to list my firewall, Sygate.

Family and loved ones will always be a priority in my daily life.  You never know when one will leave you.

 

 

 

 


#6 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:02:33 AM

Posted 18 March 2006 - 06:33 AM

Install Windows Defender
Microsoft Windows Defender
http://www.microsoft.com/athome/security/s...re/default.mspx
This also provides realtime protection.

And also
Microsoft Malicious Software Removal Tool (Win XP and Win 2000):
http://www.microsoft.com/security/malwareremove/default.mspx

Do you have SP2 and all subsequent critical upgrades? If not, even though they are CRITICAL, do not install them until after you run your HJT log and are certain your computer is clean. Then install them immediately.

Run both Adaware and Spybot Search and Destroy from safe mode, updating each program before you scan and setting both to fix what they find.

*AdAware SE: http://www.majorgeeks.com/download506.html

*Spybot S&D: http://www.safer-networking.org/en/index.html
Make sure Teatimer is enabled and your system Immunized after you update the malware definitions file.

Following that that I suggest you post a “HijackThis” log for expert assistance with your problem.

Read the pinned post in our “HijackThis” forum, here
http://www.bleepingcomputer.com/forums/t/34773/preparation-guide-for-use-before-using-malware-removal-tools-and-requesting-help/
Carefully read and follow all directions explicitly.

Following instructions run a log, and post it in following HJT forum,
at this link. Include a brief description of your computer (ie, processor, amount of RAM, brand or motherboard, etc, and the problem you are experiencing.)
http://www.bleepingcomputer.com/forums/posthjtlog.html

Do not as yet attempt to fix anything by yourself using Hijack This as even what may seem to be a small mistake can render your op system inoperable.
Some files when in one folder may be fine while in another may be malware.


A member of our HJT Team will analyze your log, make recommendations and offer assistance.

It may take a period of time to get a response to the log you posted because the members of our HJT Team are kept very busy.
Please be patient as this team is manned by volunteers. They will help you in order received as soon as possible.

NOTE
Once you have posted your HJT log, please DO NOT make any additional posts in the HJT forum thread you created until you get a response from a member of our HJT expert team, and do not make any changes to your system (changes, including any attempted repairs, will make it different than displayed in the log you posted and therefore make your log inaccurate).

The first criteria they have when looking for logs that need replies are posts showing 0 replies. If you make an additional post, it will show as having 1 reply.
A team member, looking to see if a reply has been made might well assume another HJT Team member is already assisting you and might not open the thread to respond.

So, make your post and wait for a response from a team member.

Edited by Enthusiast, 18 March 2006 - 06:34 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users