backdoor.trojan

Packin' Heat · 07-21-2004, 07:25

I cant rid my computer of this horrible thing!!!! I've been all up and down the street over at Symantec Security Response, but their procedure didn’t work. Now the virus hasn’t done anything "bad" per se, its just slowing me down a lot. What’s nuts is that I keep on getting a warning from my Symantec telling me I have the virus, but when I run the antivirus, it comes up empty. Live update has been compromised, and the manual update via symantec "intelligent installer" seems to be ineffective.....ie. ITS STILL HERE!!!!

;U ^9

SamBuca · 07-21-2004, 07:53

Disable Norton and use a freebie scanner from http://housecall.trendmicro.com or http://www.mcafee.com

Once you get the system clean you can repair Norton.

David_G17 · 07-21-2004, 13:41

it may help to do it from safe mode.

lomfs24 · 07-21-2004, 22:16

Quote:

Originally posted by David_G17
it may help to do it from safe mode.

Agreed. Alot of times you will find stuff in safe mode that you will not find otherwise. If all else fails you could pull the HD and put it in another machine that is clean and scan the HD as though it were just another drive.

I have never used them but doesn't Norton have or you can make rescue disks that you can boot from and scan before anything else starts? I suppose though that you would have to make those rescue disks before you have an infected machine. And I suppose you would have to remake those disks everytime an update was downloaded.

Blast · 07-22-2004, 00:01

Quote:

Originally posted by David_G17
it may help to do it from safe mode.

I agree. I recently had a nasty CoolWebSearch variant which was well embedded and prevented me from running CWShredder. It also locked up computer when I tried to open My Computer or control panel. Hi-Jack This and Spybot would run okay, but couldn't fix.
I booted to safe mode, ran CWShredder and got rid of problem.

tna55 · 07-23-2004, 04:00

If you are using ME or Xp, disable system restore, reboot then run your anti-virus. The virus or trojan may be in your restore directory.

Packin' Heat · 07-23-2004, 07:09

safe mode and norton dosent work. sigh. gonna try the other stuff now.

***HerrGlock*** · 07-23-2004, 07:14

Find someone with the same OS you're running and an anti-virus program.

Make boot disks (NOT rescue disks) from their computer.

Boot with those disks and scan like that.

This takes your hard drive out of the picture and you are not using an infected drive to scan. It also goes one step beyond the booting in safe mode. Safe mode is the best idea if you cannot boot with boot/scan disks from another, clean, computer.

DanH

Moprine · 07-23-2004, 07:35

NORTON IS NOT GOOD FOR MOST TROJANS!
What is the name of the trojan you have?
Do you run any spyware removers...such as spybot or ad-aware?
If it isn't average spyware i like moosoft for trojan removal..free trial available: http://www.moosoft.com/products/cleaner/download/

i would do all in safe mode~~

www.pcpitstop.com always a great place to visit in addition to housecall

Locke · 07-23-2004, 21:58

Take a look at BartPE - a slick way of creating a bootable CD which you can add antivirus and antispyware apps to.

This *does* require a clean machine to download the PEBuilder app to (PEBuilder creates the boot disk image from software you already have or can download, thus avoiding legal trouble from redistributing code)

Then burn the bootable CD image it creates and use the CD to start thr infected computer. You can then run apps like Ad-Aware, McAfee Stinger, etc. against the hard drive without any hostile code active.

aspartz · 07-23-2004, 22:28

I got backdoor agent on my win2k box. It sucked to try and remove. I finally had to boot in windows recovery console and use a command line to delete the offending file (kbde.dll IIRC). Even booting from another win2k disk would not allow me to delete the file, only the recovery console would allow me to delete. Even in RC, I had to change the perm on the file.

ARS