|
Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
![]() |
|
Topic Tools |
#1
|
|||
|
|||
HELP with TROJAN Backdoor-bac.dll, please?
Hello,
Please, could someone help me? My McAfee VirusScan in telling me that I have a trojan. I am told that C:\WINDOWS\system32\e012d.dll is infected by the BackDoor-BAC.dll trojan and cannot be deleted. I have the windows XP home edition. I have tried manually deleting the file e012d.dll, but with no joy. I would appreciate any help. Thank you. ![]() |
#2
|
|||
|
|||
Hi,
Could you run this online antivirus scan. At the end, it generates a report. Copy/paste it in this thread. Download HijackThis from: http://www.cybertechhelp.com/html/do...load.php/id/40 Create a new folder only for HijackThis (Example : C:\HJT). Unzip it to this folder. Click "Scan", after click "Save Log". Save the log, and copy/paste it into your response to this thread. Dont check or fix anything yet. Cheers. |
#3
|
|||
|
|||
Backdoor-BAC.dll trojan.
Evening,
![]() Thank you for the reply. I ran noadware, pcdoctor and spybot several times, and then I visited the online anti-virus, after which I download and ran the HijackThis programme. The reports are below. Report of the online anti-virus; Scan started at 22/12/2004 15:03:40 Scanning memory... Scanning boot sectors... Scanning files... C:\Documents and Settings\Owner\Local Settings\Temp\tempchngr.exe - Backdoor:Win32/Small.AQ -> Suspicious C:\Program Files\WindUpdates\Comm.dll - TrojanDownloader:Win32/Winupdt.A -> Infected C:\Program Files\WindUpdates\WinKA.exe - Trojan:Win32/KeepAlive.A -> Infected C:\WINDOWS\Downloaded Program Files\BridgeX.dll - TrojanDownloader:Win32/Briss.A -> Infected C:\WINDOWS\Downloaded Program Files\iEBINST2.dll - Backdoor:Win32/Delf.QF -> Infected C:\WINDOWS\system32\TFTP1992 - Win32/HLLW.Nachi.A.dam#2 -> Infected Scanned ============================ Objects: 130039 Directories: 8297 Archives: 19257 Size(Kb): 490289 Infected files: 5 Found ============================ Viruses found: 5 Suspicious files: 1 Disinfected files: 0 Mail files: 1341 Report of HijackThis; Logfile of HijackThis v1.98.2 Scan saved at 16:45:03, on 22/12/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\STOPzilla!\szntsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\dslagent.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\STOPzilla!\Stopzilla.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\spydoctor.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\AOL 8.0b\aoltray.exe C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Documents and Settings\Owner\Desktop\hjt\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/NA/newreg/0/4.../00000809/3/1/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = 127.0.0.1 O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\mcupdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden O4 - HKLM\..\Run: [Upsfctl] C:\DOCUME~1\Owner\LOCALS~1\Temp\gpginst.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0b\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipview.com/fvlite/fvliteY.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.173.198.178/activex/AxisCamControl.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...16/mcgdmgr.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.zillabar.com/toolbar/bin/dwnldr.cab Once again, thank you for all your help. I really appreciate it. Take Care, Karen ![]() |
#4
|
|||
|
|||
Ok. Then, reboot in safe mode and make sure that you can see the hidden files and folders.
Delete: C:\Program Files\WindUpdates<-the folder C:\WINDOWS\system32\TFTP1992 Empty this folder: C:\Documents and Settings\Owner\Local Settings\Temp\ (Don't delete the folder itself, but all the files it contents)/ Empty the recycle bin. ------- Reboot in normal mode. Download : PocketKillBox In "Paste full path of file..", copy/paste : C:\WINDOWS\Downloaded Program Files\BridgeX.dll Then, click "Delete file" (the white cross). Do it again with : C:\WINDOWS\Downloaded Program Files\iEBINST2.dll --------- Run HijackThis and check: O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O4 - HKLM\..\Run: [Upsfctl] C:\DOCUME~1\Owner\LOCALS~1\Temp\gpginst.exe click "Fix checked". Reboot. Verify on RAV if the computer is clean and post a new HijackThis log, please, Karen. |
#5
|
|||
|
|||
Good Morning,
![]() Thank you for the reply. I did as instructed, but ran into a hiccup. After several attempts, I discovered that HiJack This could not delete the following; O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) Everything else was downloaded and appears to have worked wonderfully. Thank you. ![]() Report of Hijack This; Logfile of HijackThis v1.98.2 Scan saved at 09:18:31, on 23/12/2004 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\STOPzilla!\szntsvc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\System32\drivers\CDAC11BA.EXE C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe C:\WINDOWS\System32\snmp.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\fxssvc.exe C:\WINDOWS\system32\gsicon.exe C:\WINDOWS\system32\dslagent.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\STOPzilla!\Stopzilla.exe C:\WINDOWS\ALCXMNTR.EXE C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Spyware Doctor\spydoctor.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\AOL 8.0b\aoltray.exe C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe C:\Program Files\AOL\Broadband CheckUp\bin\mpbtn.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\McAfee.com\Agent\mcupdui.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wuauclt.exe C:\Documents and Settings\Owner\Desktop\hjt\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.lexmark.com/NA/newreg/0/4.../00000809/3/1/ O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - (no file) O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [GSICONEXE] gsicon.exe O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun O4 - HKLM\..\Run: [AnyDVD] "C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe" O4 - HKLM\..\Run: [DVD43] "C:\Program Files\DVD Region+CSS Free\DVDRegionFree.exe" /hidden O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\spydoctor.exe" /Q O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0b\aoltray.exe O4 - Global Startup: AOL Broadband Check-Up.lnk = C:\Program Files\AOL\Broadband CheckUp\bin\matcli.exe O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = C:\Program Files\FotoStation Easy\FotoStation Easy AutoLaunch.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {2A32B14F-4D29-4EA3-AC54-E9B19F436CE7} (Scanner Class) - http://www.windowsecurity.com/trojanscan/TDECntrl.CAB O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab O16 - DPF: {768D513A-C75B-4FAA-8452-E906CDAB6545} (FVLiteLoad Class) - http://flipview.com/fvlite/fvliteY.cab O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://195.173.198.178/activex/AxisCamControl.cab O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://bin.mcafee.com/molbin/shared/...16/mcgdmgr.cab O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - http://www.zillabar.com/toolbar/bin/dwnldr.cab Report of the online anti-virus; Scan started at 23/12/2004 14:24:24 Scanning memory... Scanning boot sectors... Scanning files... Scanned ============================ Objects: 102360 Directories: 8647 Archives: 19239 Size(Kb): -161654 Infected files: 0 Found ============================ Viruses found: 0 Suspicious files: 0 Disinfected files: 0 Mail files: 1298 I look forward to your advice and, as ever, thank you for all your help. I really appreciate it. Take Care, ![]() Karen |
#6
|
|||
|
|||
Ok! Good job, Karen.
![]() This O2 line is an old entry of Stopzilla, then it's not a true problem. But you can try to fix it with the new version of HijackThis (1.99): http://www.spywareinfo.com/~merijn/downloads.html Does McAfee VirusScan still find something? |
#7
|
|||
|
|||
Thank You
Good Evening
![]() Everything's working great. McAfee found no infections, and my PC is no longer flashing warning signs at me. Thank you sooooo much for all your help. Take care and have a great Christmas and New Year. Karen ![]() |
![]() |
Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
![]() |
||||
Topic | Topic Starter | Forum | Replies | Last Post |
Trojan-backdoor-cyn | DOUBLE TROUBLE | Malware Removal | 1 | November 16th, 2007 08:21 AM |
Backdoor.Trojan.... plz plz help | DsL | Malware Removal | 6 | May 1st, 2006 12:55 PM |
backdoor.trojan | ficnet | Internet / Browsers | 1 | July 21st, 2005 03:36 PM |
Backdoor Trojan help, please. | crymeariver | Malware Removal | 5 | May 4th, 2005 01:20 AM |
Backdoor Trojan that won't go away | kevinpowell499 | Malware Removal | 3 | July 20th, 2004 03:24 AM |
All times are GMT +1. The time now is 10:53 PM.