Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

SD.bot and R.bot Gen on NT 4.0 Server


  • Please log in to reply

#1
OmniWeb

OmniWeb

    New Member

  • Member
  • Pip
  • 1 posts
This from Spy Doctor below, and although
I belive I got it once running cleaners, it is picked up in the registry, still.
I know I need the service to sill be there but I need to edit, not delete entries
and making a regfix won't seem to take on this 'ol server.
Below Hijack posted too.
Thank you in advance!
Don

Spydoctor:
Infection Name Location Risk
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV## High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV##NextInstance High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000 High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000## High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000##BaseDevicePath High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000##Class High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000##ClassGUID High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000##DeviceDesc High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000##FoundAtEnum High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000##Problem High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000##Service High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000##StatusFlags High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV## High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV##NextInstance High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV\0000 High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV\0000## High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV\0000##BaseDevicePath High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV\0000##Class High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV\0000##ClassGUID High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV\0000##DeviceDesc High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV\0000##FoundAtEnum High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV\0000##Problem High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV\0000##Service High
Backdoor.Sdbot.AAD HKLM\SYSTEM\ControlSet003\Enum\Root\LEGACY_RDRIV\0000##StatusFlags High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS## High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS##NextInstance High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS\0000 High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS\0000## High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS\0000##BaseDevicePath High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS\0000##Class High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS\0000##ClassGUID High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS\0000##DeviceDesc High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS\0000##FoundAtEnum High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS\0000##Problem High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS\0000##Service High
Backdoor.Rbot.Gen HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_LSASS\0000##StatusFlags High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV## High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV##NextInstance High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000 High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000## High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000##BaseDevicePath High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000##Class High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000##ClassGUID High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000##DeviceDesc High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000##FoundAtEnum High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000##Problem High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000##Service High
Backdoor.Sdbot.AAD HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000##StatusFlags High



Hijack This:
Logfile of HijackThis v1.99.1
Scan saved at 2:59:34 AM, on 10/16/2006
Platform: Windows NT 4 SP6 (WinNT 4.00.1381)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\spoolss.exe
C:\WINNT\system32\RpcSs.exe
C:\WINNT\System32\msdtc.exe
C:\Program Files\Remote Data Backups\AgentSrv.EXE
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINNT\System32\llssrv.exe
C:\mailmax\mailmax.exe
C:\Program Files\Norton Personal Firewall\NISUM.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\mailmax\popmax.exe
C:\WINNT\System32\pstores.exe
C:\mailmax\quemax.exe
C:\WINNT\System32\LOCATOR.EXE
C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\50\bin\OWSTIMER.EXE
C:\WINNT\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton Personal Firewall\NISSERV.EXE
C:\WINNT\System32\ddhelp.exe
C:\WINNT\System32\nddeagnt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Remote Data Backups\CBSysTray.exe
C:\Program Files\Norton Personal Firewall\IAMAPP.EXE
C:\Program Files\CPU\acpu.exe
C:\mailmax\Exmail.exe
C:\Program Files\Hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.raridon.com/omni/index.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
F2 - REG:system.ini: UserInit=userinit,nddeagnt.exe
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [iamapp] "C:\Program Files\Norton Personal Firewall\IAMAPP.EXE"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [Windows DLL Configuration] dllconf32.exe
O4 - HKLM\..\Run: [Windows Xeon Registry Protector] winxrp.exe
O4 - HKLM\..\RunServices: [Windows DLL Configuration] dllconf32.exe
O4 - HKLM\..\RunServices: [Windows Xeon Registry Protector] winxrp.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Remote Data Backups TaskBar Icon.LNK = C:\Program Files\Remote Data Backups\CBSysTray.exe
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O16 - DPF: {ADB880A6-D8FF-11CF-9377-00AA003B7A11} (HHCtrl Object) - http://localhost/iis...common/i386.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI Registry Information Class) - http://security.syma...n/bin/cabsa.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = hemetonline.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = hemetonline.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 209.150.84.1 209.150.75.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 209.150.84.1 209.150.75.1
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O23 - Service: Adminmax (adminmax) - Excalibur Communications, Inc. - C:\mailmax\adminmax.exe
O23 - Service: Connected Agent Service (AgentSrv) - Connected Corporation - C:\Program Files\Remote Data Backups\AgentSrv.EXE
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: Content Index (cisvc) - Unknown owner - C:\WINNT\System32\cisvc.exe (file missing)
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: dllz (dlldz32) - Unknown owner - C:\WINNT\dllz32.exe (file missing)
O23 - Service: MailMax SE - ImapMax IMAP4 (ImapMax) - SmartMax Software, Inc. - C:\mailmax\imapmax.exe
O23 - Service: MailMax SE - MailMax SMTP (MAILMAX) - SmartMax Software, Inc. - C:\mailmax\mailmax.exe
O23 - Service: Norton Personal Firewall Service (NISSERV) - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISSERV.EXE
O23 - Service: NISUM - Symantec Corporation - C:\Program Files\Norton Personal Firewall\NISUM.EXE
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: MailMax SE - PopMax POP3 (POPMAX) - SmartMax Software, Inc. - C:\mailmax\popmax.exe
O23 - Service: MailMax SE - QueMax (QueMax) - SmartMax Software, Inc. - C:\mailmax\quemax.exe
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP