Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

help trojan collected .5.l;IRC/backdoor.sdBot.DJR


  • Please log in to reply

#1
virus help

virus help

    New Member

  • Member
  • Pip
  • 1 posts
Please help us get rid of these ugly viruses...
trojan horse IRC/backdoor.sdbot.djr
trojan horse IRC/backdoor.sdbot.166.n
trojan horse IRC/backdoor.sdbot.djs
trojan horse collected.5.L
I read through some of the other answers with help..so i went ahead and downloaded the hijack this and will post the log here..hopefully that will help you some..
I ran AVG antivirus and found these. Also downloaded Adware SE and updated it and cleaned out the spyware...we had Norton antivirus when this happened but wasnt updated often enough to prevent this...Now run AVG, and AdwareSe..Please advise what to do now??here is the log from hijack this..
Logfile of HijackThis v1.99.1
Scan saved at 4:05:11 PM, on 6/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\BMUpdate.exe
C:\WINDOWS\System32\wuauclt.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

F2 - REG:system.ini: UserInit=userinit.exe,setup32.exe
O4 - HKLM\..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\evntsvc.exe -osboot
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKLM\..\Run: [PP8 Reminder] "C:\Program Files\Scansoft\PaperPort\WebEreg\NAVBrowser.exe" -r "C:\Program Files\Scansoft\PaperPort\WebEreg\navLoad.ini"
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [InstantAccess] C:\PROGRA~1\TEXTBR~1.0\Bin\INSTAN~1.EXE /h
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\Scansoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\TEXTBR~1.0\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [BMUpdate] C:\WINDOWS\System32\BMUpdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
  • 0

Advertisements


#2
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Hi virus help and Welcome!

Looks like Ad Aware and AVG did a pretty good job for ya! :tazz:

Download Ewido Security Suite, install then from within the program check for updates BUT dont scan yet
Ewido Security Suite:
http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK.
We will fix this in a moment.

From the main Ewido screen, Click on Update in the left menu, then click the Start Update button.

After the Update finishes (the status bar at the bottom will display "Update successful"), Now close the program.

If you have problems updating see here
http://www.ewido.net...wnload/updates/

Download Pfind:
http://www.bleepingc...r/pfind-new.zip

Right Click the Zip Folder and Select "Extract All"
So make sure all those files remain in the same folder.

Don't use it yet!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!

Here is a link to help with that
http://www.bleepingc...showtutorial=62

Be sure to follow the directions that apply to your Operating System!

Open the Search Assistant(Click Start>>Click Search)
Select All Files and Folders,
Select Advanced Options,
Make sure there is a check by these 3:

Search System Folders
Search hidden files and folders
Search Subfolders

Now under All Files and Folders,enter this into the text box:

setup32.exe<< Delete All Exact Matches!

Scan with Ewido>when prompted>Select to clean and place a check by the box to use this action for all infections!

Once it completes,Click the tab to Save the report and Save it to your Desktop for easy access!

From the Pfind folder, Doubleclick pfind.bat
It will scan for a while, so please be patient.

Wait till the doswindow closes.

Post the contents of C:\pfind.txt in your next reply along with the Report from Ewido and a fresh HijackThis log!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP