Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

W32.dbit


  • Please log in to reply
6 replies to this topic

#1 JTullFan

JTullFan

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 15 December 2006 - 12:44 PM

Hello! I have one of the dreaded trojans on my system, and after several scans with different programs the trojan was identified, in my registry, as W32.Dbit. How should I proceed with removing this?

Thanks for any help.

Steve
If it smells bad, don't eat it!

BC AdBot (Login to Remove)

 


m

#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 72,214 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:04 AM

Posted 15 December 2006 - 08:48 PM

Hello JTullFan, Glad you found the forum. ( Hope you don't mind my puns)

It seems you've got a "Cross-eyed Mary" there and she'll go jumping in again if you don't send her on the "Slipstream."
I'm "Thick as a Brick" as to what you ran so I'm recommending you try these:

Download and scan with AVG Anti-Spyware 7.5 Free in "SAFE MODE". How to start Windows in Safe Mode
Print out the AVG Install and Scan Instructions. HERE
Be sure to check for the any updates to all these programs after you install them.
Download and run SUPERAntiSypware, free version Home User
Also run the online scan here and quarantine the results.
TrendMicro online Scan

Post back with results or questions as we still have a "Minstral in the Gallery" (HJT) team to use if needed.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 JTullFan

JTullFan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 16 December 2006 - 08:37 AM

Hello JTullFan, Glad you found the forum. ( Hope you don't mind my puns)

It seems you've got a "Cross-eyed Mary" there and she'll go jumping in again if you don't send her on the "Slipstream."
I'm "Thick as a Brick" as to what you ran so I'm recommending you try these:

Download and scan with AVG Anti-Spyware 7.5 Free in "SAFE MODE". How to start Windows in Safe Mode
Print out the AVG Install and Scan Instructions. HERE
Be sure to check for the any updates to all these programs after you install them.
Download and run SUPERAntiSypware, free version Home User
Also run the online scan here and quarantine the results.
TrendMicro online Scan

Post back with results or questions as we still have a "Minstral in the Gallery" (HJT) team to use if needed.

LOL, Love those puns.... :thumbsup:

I did a system scan in safe mode using Norton AV 2006, and it did not pick up the virus. I downloaded a program called NoAdware and run a "free" scan (not in safe mode). This program identified the W32.Dbit, and I found it in my registry under HKEY_LOCAL_MACHINE\SYSTEM\CURR. However, I am not sure if this is a "bogus" scan by the software to make you buy it to fix the problem. But I did locate the W32 in my registry after a manual search. I wondered if I just deleted it from the registry that would fix the problem? I also ran scans using Spybot and Adaware, and AVG (not in safe mode), but none of those picked up the virus! I contacted Norton and they said they would fix it remotely for a fee. :flowers:


If it smells bad, don't eat it!

#4 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:02:04 PM

Posted 16 December 2006 - 09:13 AM

Here you can find the way to remove it.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:04 AM

Posted 16 December 2006 - 09:13 AM

W32/Dbit-B is a backdoor Trojan that attempts to infect .exe files and allows unauthorized remote access to the infected computer.

IMPORTANT NOTE: Keyloggers and backdoor Trojans are very dangerous. When infected by either of them you should disconnect the computer from the Internet until your system is cleaned. If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately. You should consider them to be compromised They should be changed by using a different computer and not the infected one. Banking and credit card institutions should be notified of the possible security breech. Because your computer was compromised please read How to report ID theft, fraud, drive-by installs, hijacking and malware.

Follow Symantec's manual removal instructions found here. This involves making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 JTullFan

JTullFan
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:04 AM

Posted 16 December 2006 - 10:59 AM

Here you can find the way to remove it.


Thanks


W32/Dbit-B is a backdoor Trojan that attempts to infect .exe files and allows unauthorized remote access to the infected computer.

IMPORTANT NOTE: Keyloggers and backdoor Trojans are very dangerous. When infected by either of them you should disconnect the computer from the Internet until your system is cleaned. If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately. You should consider them to be compromised They should be changed by using a different computer and not the infected one. Banking and credit card institutions should be notified of the possible security breech. Because your computer was compromised please read How to report ID theft, fraud, drive-by installs, hijacking and malware.

Follow Symantec's manual removal instructions found here. This involves making changes in the registry. Always back up your registry before making any changes. If you are not familiar with working in the registry, then you should NOT attempt to make any changes on your own. Improper changes to the registry could adversely affect your computer and render it inoperable.

Thanks for the info.


If it smells bad, don't eat it!

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,597 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:04 AM

Posted 16 December 2006 - 11:39 AM

Your welcome and good luck.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users