|
|
|
TROJAN HORSE IRC/Backdoor
|
Original Message
|
Name: Steph
Date: September 1, 2004 at 06:36:03 Pacific
Subject: TROJAN HORSE IRC/Backdoor
OS: Win2000P
CPU/Ram: no idea
|
Comment: Hello, I am getting hysterical over this blasted virus - AVG says it's found a Trojan Horse IRC/BackDoor.SdBot.47.J virus in my WINNT\system32\systesms.exe file - ran the Windows Trojan virus finder but it would not report on the System volume file - says access was denied. Have run numerous anti-virus programmes but as far as i'm aware i can't get rid of it. The AVG Resident Shield keeps popping up telling me to run AVG and it's driving me crazy! Any help would be really, really appreciated. Thanks.
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: yankanuk
Date: September 1, 2004 at 14:04:55 Pacific
Subject: TROJAN HORSE IRC/Backdoor |
Reply: (edit)Spybot S&D
Should do the trick for you If you need a simple solution, try mine. I try to give advise on things that have happened to my PC. Changes in registry can be FATAL! Glad to have a chance to help you.
 Report Offensive Follow Up For Removal
|
|
Response Number 2
|
Name: micheleflynn
Date: September 5, 2004 at 11:02:45 Pacific
Subject: TROJAN HORSE IRC/Backdoor
|
Reply: (edit)I have had this nasty trojan that you are speaking about. First, understand I am the most computer illiterate person around!
I have read various posts and unless every detail of removing it is explained (in numerical sequence) I cant seem to do it right.
Yes, I have AVG. I also ran antivir. I have zone alarm fire wall and adaware. I also ran a trojan scanner. They all say Im free and clear. Heres the funny thing- the last time the tojan showed it was in the C: systemvolumeinformation/-restore......
When I run everything it says Im fine. The trojan scanner says free and clear but unable to check or access the systemvolumeinformation.....
Since I know this is where it was last seen I would venture to bet it is still there.
Please Help!!!! I need to get this bugger gone- Im connected to a home network and keep infecting others.
I need step by step instructions PLEASE:)
Michele
Report Offensive Follow Up For Removal
|
|
Response Number 3
|
Name: feelippo
Date: September 6, 2004 at 00:17:52 Pacific
Subject: TROJAN HORSE IRC/Backdoor
|
Reply: (edit)My pc was infected too but AVG clean the trojan Try this :
As you can see in the Symantec Bullettin
( http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html )
Click Start > Run.
Type regedit, and then click OK.
Navigate to each of the following keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\
RunServices HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
In the right pane, delete any of the following values that you find, or any value that refers to the file, which is detected as the Trojan:
"Configuration Manager"="Cnfgldr.exe"
"System Monitor"="Sysmon16.exe"
"MSSQL"="Mssql.exe"
"Configuration Loader" = "aim95.exe"
"Internet Config" = "svchosts.exe"
"System33" = "%System%\FB_PNU.EXE"
"Configuration Loader"="cmd32.exe"
"Windows Explorer"="Explorer.exe"
"Configuration Loader"="IEXPL0RE.EXE"
"Configuration Loader"="%System%\iexplore.exe"
"Sock32"="sock32.exe"
"Configuration Loader"="MSTasks.exe"
"Windows Services"="service.exe"
"Registry Checker" = "%System%\Regrun.exe"
"Internet Protocol Configuration Loader" = "ipcl32.exe"
"syswin32" = "syswin32.exe"
"MachineTest"="CMagesta.exe"
"Yahoo Instant Messenger" = "Yahoo Instant Messenger"
"Fixnice" = "vcvw.exe"
"Windows Configuration" = "spooler.exe"
"Microsoft Video Capture Controls" = "MSsrvs32.exe"
"Microsoft Synchronization Manager" = "svhost.exe"
"Microsoft Synchronization Manager" = "winupdate32.exe"
"Quick Time file manager" = "quicktimeprom.exe"
Exit the Registry Editor.
Are you Italian ?
Report Offensive Follow Up For Removal
|
|
Response Number 4
|
Name: alcaponey82
Date: September 13, 2004 at 13:59:48 Pacific
Subject: TROJAN HORSE IRC/Backdoor
|
Reply: (edit)Try this from another post. I did this and it worked great!! let's try this:
disable your system restore, get your latest virus defs, also if you have your latest anti-trojan defs, adaware and spybot defs.
reboot into safe mode. go to the registry and do a search for scrgrd.exe when found in the registry delete value wherever found. exit the registry. still in safe mode, scan your computer with all your tools, delete all files they come up with.
clean your cache, temp files, history and cookie folders, recycle bin.
also look for these in your list of processes and delete them.
returning to anti-trojan software, if you don't have an anti-trojan software go to www.thepublicworks.com, payware section, link to trojan hunter, download free 30 day trial of it and get latest defs, scan in safe mode. a good anti-trojan will delete files, disinfect them, and repair the registry, so that you don't have to go in and do it manually.
all the best,
Alan
Report Offensive Follow Up For Removal
|
|
Response Number 5
|
Name: sidscottsimmons
Date: October 27, 2004 at 08:30:49 Pacific
Subject: TROJAN HORSE IRC/Backdoor |
Reply: (edit) help i'm also getting this message of systen volume information restore .
could someone help me to correct it i never had the problem until are downloaded sevrvice pack two. now this things going cary
Report Offensive Follow Up For Removal
|
Use following form to reply to current message:
|
|
|
