Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan Horse


  • Please log in to reply
5 replies to this topic

#1 sexgod3009

sexgod3009

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 22 December 2006 - 11:05 AM

i did a virus scan and found i had a 'Trojan Horse IRC/BackDoor.SdBot2.MPL i did the scan again in safe mode and didn't remove it, i did a spyware scan and no good, i did spyware Blaster but no good, i did another kind of scan bu again no good. I went into the details on the virus scan and it told me that it was in the folder
'Business Logic, UWC, Backup and there was a about a dozen folders none of which i could open all ranging in size from 1kb to the troubled one of 51,935kb, so i deleted this one. This seemed to of got rid of it, wondered whether you could tell how the Trojan got there and what the back up is as im not computer minded at all as when i ran the cursor over it it said not been modified since nov 2005

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:58 PM

Posted 26 December 2006 - 07:23 AM

Hey there, welcome to BleepingComputer.

This is quite a broad question, and it would be very hard to pinpoint exactly where this came from.
You could have contracted it from the internet/P2P/email/messaging as examples.
Best things to do are to keep your antimalware programs up-to-date and to run them regulary.

You did appear to have a backdoor on your system. Here is a description:
A back door is a means of access to a computer program that bypasses security mechanisms. A programmer may sometimes install a back door so that the program can be accessed for troubleshooting or other purposes. However, attackers often use back doors that they detect or install themselves, as part of an exploit. In some cases, a worm is designed to take advantage of a back door created by an earlier attack.

As a precautionary measure, I recommend that you do the following immediately. Disconnect the infected computer from the internet until the computer can be cleaned. From a clean computer, change your online passwords-- for email, for banks, eBay, forums etc.... Do not change passwords or do any transactions while using the infected computer because a possible attacker may get the new passwords and transaction information. I want to stress that you shouldn't get worried, these kind of attacks are very rare, but I guess it is better to be safe than sorry.

I hope this helps you somewhat in trying to find the source of this problem.
Have a read of this excellent post by Quietman7:
http://www.bleepingcomputer.com/forums/t/69440/the-ten-most-dangerous-things-users-do-online/

Also I recommend that you take a read here:
http://www.bleepingcomputer.com/forums/t/2520/how-did-i-get-infected/
It's excellent info that's not too time consuming to read. It'll boost the safety on your computer to make sure that nothing like this happens again.

David

#3 sexgod3009

sexgod3009
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 27 December 2006 - 02:28 PM

thanks for the reply i will certiainly look into those links, any idea what the 'backup' file is and whether i should delete the other files in there. the largest one that i have deleted has seemed to of got rid of the infection but just wondering what this file is

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:58 PM

Posted 27 December 2006 - 06:38 PM

It could be anything, but it sounds like it could be added by malware.
On the other hand it could be a store of your AV's quarantined files.
Do you recognise and of these backups? Where is this backup folder located?

#5 sexgod3009

sexgod3009
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:58 AM

Posted 31 December 2006 - 01:03 PM

i deleted the backup file and have not got rid of the virus. i have installed now on my computer

avg antivirus and firewall (paid version)

Spyware Doctor
Adaware
Spyware Blaster
and as suggested going to install spybot - search and destroy aswell, could havin all of these together conflict with each other or is it advised to have all of these

Edited by sexgod3009, 31 December 2006 - 02:23 PM.


#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:58 PM

Posted 01 January 2007 - 05:05 AM

That sounds like a healthy combination, it's good you only have one AntiVirus.
Conflicts normally arise when you have more than on AntiVirus running.
I think you should be protected well, as long as you keep the programs up to date.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users