Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

How To Remove Backdoor.glupzy On A Pc With No Internet!


  • Please log in to reply
6 replies to this topic

#1 NAC

NAC

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 18 December 2006 - 06:19 PM

Hi!

I am new to this forum but in need of urgent assistance.

We have a work computer running Windows XP that now has flashy.exe (backdoor.glupzy) appearing all the time and it is a pc we use in connection with our Digital printer. It has no internet connection, unable to run antivirus or spyware due to the fact you need the net to run these programs.

We use this computer for burning customers memory cards to cds but this flashy.exe appears on their cards which is no good so we are unable to to use this pc at the moment. The pc was infected by a customers memory card.

We were advised at the time of obtaining this pc and printer not to connect to the internet due to viruses etc which is quite funny now since we now have a trojan.

Is there a way to remove this trojan with a program that doesn't need net access, or a tutorial to delete/remove this annoyance?

Can anyone help?

Thanks!

Regards,

Nicky

Moderator Edit: Moved topic to more appropriate forum. ~ Animal

Edited by Animal, 18 December 2006 - 07:41 PM.


BC AdBot (Login to Remove)

 


#2 Dreads

Dreads

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 18 December 2006 - 10:12 PM

Your on the internet now, you should be able to save most downloaded spyware/antivirus onto a disk and run it from the disk on the appropriate computer. There is other ways to get rid of this however I want you to try and get a program such as Ad-aware SE onto a disk and run it on the computer (IF THIS IS DONE MAKE SURE YOU ALSO PUT THE LATEST DEFINITION FILES ON THE DISK). If you are unable to do this then I will talk you through the registry entries you will have to delete.

http://www.lavasoft.de/software/adaware/ -Ad-Aware
http://www.safer-networking.org/ -Spybot Search & Destroy

Both of these programs should be able to get rid of the adware, however make sure you also put the current definitions on the same disk.

Edited by Dreads, 18 December 2006 - 10:14 PM.


#3 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:12:46 AM

Posted 19 December 2006 - 04:06 AM

Do you have any antivirus programm on this computer?

#4 NAC

NAC
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:46 AM

Posted 02 January 2007 - 07:43 PM

Hi!

Happy New Year!

Have been really busy sorry for not replying sooner with the holidays and all.

I tried what you advised Dreads and no luck it is still there so if you can be so kind as to give me the step by step instructions on what I need to delete to get rid of this annoyance as it spreads when placing a card in the card reader so we are unable to use this pc at the moment. :thumbsup:

Answer to Fozzie no we don't have an antivirus program on that pc as I tried when we got it. The pc needed to access to the internet to activate the antivirus program. If you can tell me a program I can use that doesn't need updates or need the internet at all that would be good. But I think that most if not all need the internet for one purpose or another. This pc is used in conjunction with a photographic printer so there has been no need to have it connected to the net.

I would appreciate the instructions on what i need to do to remove this pest.

Thankyou so much.

Regards,

Nicky :flowers:

#5 rajantwr

rajantwr

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:46 AM

Posted 11 January 2007 - 06:47 AM

hi nicky it is not a great problem that u have to fear
Just click Ctrl+Alt+Delete then in task manager go to the process tab
click f until u find flashy.exe
right click and select end process
Now delete the file in the memory card
the problem is solved
Enjoy
Rajan

Edited by rajantwr, 11 January 2007 - 06:48 AM.


#6 fozzie

fozzie

    aut viam inveniam aut faciam


  • Members
  • 3,516 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ossendrecht/The Netherlands
  • Local time:12:46 AM

Posted 11 January 2007 - 07:10 AM

hi nicky it is not a great problem that u have to fear
Just click Ctrl+Alt+Delete then in task manager go to the process tab
click f until u find flashy.exe
right click and select end process
Now delete the file in the memory card
the problem is solved
Enjoy
Rajan

If life would be that simple.... :thumbsup:

Some info
IMPORTANT NOTE: Backdoor Trojans are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge. If your computer was used for online banking or has credit card information on it, all passwords should be changed immediately to include those used for email, eBay and forums. You should consider all your passwords to be compromised. They should be changed by using a different computer and not the infected one. Do not change passwords or do any transactions while using the infected computer because an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breech.

and klick

First do the online scan with Microsft here

This should solve most of your issues.


Download and scan with SUPERAntiSypware Free for Home Users

* Double-click SUPERAntiSypware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Udates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* When done, select "Scan for Harmful Software".
* There are three scanning options. Choose "Perform Complete Scan" and click "Next".
* When done, a Scan Summary will appear with potentially harmful items that were detected. Click "OK".
* Make sure they all have a checkmark next to them and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* Click Preferences and then click the statistics/logs tab.
* Click the dated log and press View log. A text file will appear so you can see the results.
* Select close to exit the program.


After that, download DrWeb-CureIt & save it to your desktop. DO NOT perform a scan yet.

Reboot your computer in SAFE MODE using the F8 method.

Scan with DrWeb-CureIt as follows:

* Double-click on drweb-cureit.exe to start the program. An "Express Scan of your PC" notice will appear.
* Under "Start the Express Scan Now", Click "OK" to start. This is a short scan that will scan the files currently running in memory and when something is found, click the Yes button when it asks you if you want to cure it.
* Once the short scan has finished, Click Options > Change settings
* Choose the "Scan tab" and UNcheck "Heuristic analysis"
* Back at the main window, click "Select drives" (a red dot will show which drives have been chosen)
* Then click the "Start/Stop Scanning" button (green arrow on the right) and the scan will start.
* When done, a message will be displayed at the bottom advising if any viruses were found.
* Click "Yes to all" if it asks if you want to cure/move the file.
* When the scan has finished, look if you can see the icon next to the files found. If so, click it, then click the next icon right below and select "Move incurable".
(This will move it to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if it can't be cured)
* Next, in the Dr.Web CureIt menu on top, click file and choose save report list.
* Save the DrWeb.csv report to your desktop.
* Exit Dr.Web Cureit when done.
* Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.

Download AVG Antivirus from my sig including latest database. Install it under free option and run it

After everything is solved

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

1. Turn off System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* CHECK Turn off System Restore.
* Click Apply, and then click OK.
2. Restart your computer.
3. Turn ON System Restore.
* On the Desktop, right-click My Computer.
* Click Properties.
* Click the System Restore tab.
* UN-Check Turn off System Restore.
* Click Apply, and then click OK.


System Restore will now be active again.

Edited by fozzie, 11 January 2007 - 07:20 AM.


#7 whintersby

whintersby

  • Members
  • 29 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 11 January 2007 - 07:52 AM

Here's some detailed information on the Flashy.exe file (BAD):
http://spywarefiles.prevx.com/RRAGFD218339...hy%252Eexe.html

Prevx1 claim to remove this, and offer a free trial which will scan your PC and remove any infections free of charge.
http://www.prevx.com

[EDIT] Just realised you'd need an internet connection in order to activate Prevx1 prior to cleanup - therefore this wouldn't work :thumbsup:

Edited by whintersby, 11 January 2007 - 09:15 AM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users