Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse (a Couple Variations I Think)


  • Please log in to reply
7 replies to this topic

#1 Baphometa

Baphometa

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:In the Basement at a Desk
  • Local time:11:09 AM

Posted 22 June 2006 - 10:01 PM

Ok so heres my thing I have a pretty good understanding of computers I know my way around but i just cant seem to get rid of this trojan



I believe there to be different variations or mabe just different horses all together files names are as follows:
(avg found these so hers what it says there names are)

(file paths and virus name are case sensitive just incase that helps at all)

1.)Trojan Horse IRC/Backdoor.SdBot2.ANP file path: C:\windows\system32\eraseme_43743.exe size:40kb

2.)Trojan Horse IRC/Backdoor.SdBot2.BCC file path: C:\WINDOWS\System32\fdhbe_76865.exe size:47.98

3.)Trojan Horse IRC/Backdoor.SdBot2.BCC file path: C:\WINDOWS\System32\fdhbe_74585.exe size:110.5

4.)Trojan Horse IRC/Backdoor.SdBot2.BCC file path: C:\WINDOWS\System32\fdhbe_67072.exe size:110.5

I have tried removing the files my self and with avg 7.1 but the keep reinstalling i am currently getting around 3 virus alerts a day on average all of which are the above any others i might have had i dont know i deleted them and avg takes them off the list when you do

I am running Win Xp sp1

Some of the problems I am noticing are:

Reduced computer speed
Task manager will not open it just stays in the system tray (ctrl-alt-delete)
internet explorer will not open and if it does it opens a ton of windows which continue to come for about 3-5 mins depending on how much of a a-hole it wants to be (sry this issue gets under my skin i hate pop ups)


ANY Help would be of much appreciation Thank You for atleast reading my problem i tried to make this as through as i could if you need anything else just ask.

Edited by Baphometa, 22 June 2006 - 10:02 PM.


BC AdBot (Login to Remove)

 


#2 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:09 AM

Posted 22 June 2006 - 10:42 PM

I suggest you post a HijackThis log for examination.
A member of the HijackThis Team will walk you through, step by step, how to disinfect your computer.
Once you post your log, don't make any changes to your system, as that could change the results of the posted log, making it difficult to properly clean your system.

Read Preparation Guide for use before posting a HijackThis Log.
Please read, and follow, all directions carefully!!!

Then, run a log, and post it in the HijackThis forum, at this link. Do not, fix anything, yet.
A member, of the HJT Team, will help you out.
It may take a while to get a response, because the HJT Team are very busy. Please, be patient, as these people are volunteers. They will help you out, as soon as possible.

NOTE:
Once you have made the post, please, DO NOT make another post in the HJT forum, until it has been responded to by a member of the HJT Team. The first thing they look for, when looking for logs to reply to, is 0 replies. If you make another post, there will be 1 reply. The team member, glancing over the replies, might assume someone is already helping you out, and will not respond. So, just make your post, and let it sit there, until a team member responds. This way you will be taken care of, in the most timely manner.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#3 Baphometa

Baphometa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:In the Basement at a Desk
  • Local time:11:09 AM

Posted 23 June 2006 - 02:26 AM

Ok first off i would like to thank you for replying to my post

i also have a update on my newest member of my virus family im building up hehe

Trojan horse IRC/Backdoor.SdBot2.LF <------- GAY LIL SET OF TROJANS!!!

yet again it is my system32 windows folder file name is: eraseme_46653.exe


im also working on the prep guide for hijack this alot of downloads i need
and i dont have cable anymore im down to a 26k modem and it takes a LOOOOONNG time

so if there would be another way besides the hijack this i would appreciate it if not i will probly have the log up within 2 days lol about how long its gonna take to dl some of those programs

#4 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:09 AM

Posted 23 June 2006 - 02:49 AM

Do you have a buddy you could get to download them for you, and then burn them to a disc for transfer to your computer?
Posting a HijackThis log would be your best bet.
These are also some good tools to have, and use regularly.
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#5 Baphometa

Baphometa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:In the Basement at a Desk
  • Local time:11:09 AM

Posted 23 June 2006 - 06:36 PM

Ok i thought i would return here to tell of the solution to my virus problem just incase anyone else happened to get infected with this

before i had noticed a new startup item E_FATI9EA.exe now when i searched for this file it came back with i think two or three different results different file extensions though

i changed the filename of the .exe file thinking that was it well it continued to come i guess i wasn't thinking

today i decided to get to the bottom of the startup item it turned out the little son of a gun had cleverly disguised itself as one of my printer files with ONE exception


the file name was E_FATI9EA.exe-pf or something along those lines and in the search all it showed was the .exe well i inspected both files a lil closer this time to discover it was a .pf file not a exe i deleted it and now my computer appears to be running back at normal pace and no wierd bugs

iunno if it does this only with this kind of printer or just that file name but if anyone has these trojans check your startup for any wierd new .exe files search and kill the .pf file it worked for me maybe it'll work for you


Thank you tg for your time in trying to help me with this problem it was much appreciated

#6 tg1911

tg1911

    Lord Spam Magnet


  • Members
  • 19,274 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:SW Louisiana
  • Local time:10:09 AM

Posted 23 June 2006 - 09:56 PM

You're welcome, Baphometa.
Glad you were able to figure out what the problem was.
I would still download those programs, and use them.
Those programs, updated and used regularly, will do a lot to keep your computer clean of spyware, trojans, keyloggers, browser hijackers, etc...
MOBO: GIGABYTE GA-MA790X-UD4P, CPU: Phenom II X4 955 Deneb BE, HS/F: CoolerMaster V8, RAM: 2 x 1G Kingston HyperX DDR2 800, VGA: ECS GeForce Black GTX 560, PSU: Antec TruePower Modular 750W, Soundcard: Asus Xonar D1, Case: CoolerMaster COSMOS 1000, Storage: Internal - 2 x Seagate 250GB SATA, 2 x WD 1TB SATA; External - Seagate 500GB USB, WD 640GB eSATA, 3 x WD 1TB eSATA

Become a BleepingComputer fan: Facebook

#7 Baphometa

Baphometa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:In the Basement at a Desk
  • Local time:11:09 AM

Posted 23 June 2006 - 11:22 PM

i sure will download those programs i alrdy have most of them im not taking anymore chances with viruses ive had them before they were easy to get rid of but this one has showed me how much of a pain they can really be and this one wasnt really destructive just REALLY ANNOYING

Edited by Baphometa, 23 June 2006 - 11:22 PM.


#8 Baphometa

Baphometa
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Location:In the Basement at a Desk
  • Local time:11:09 AM

Posted 26 June 2006 - 11:27 PM

i realize this is a done and over thread but more info on what this piticular virus does:


I am a player of half life: counter strike 1.6 and this virus took my cd key or signed on my name or something or other along those lines and got me banned from the vac servers so if you do get this i would watch out

Stupid virus was my favorite game too




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users