Backdoor.Trojan

[Keith]

I have the Backdoor.trojan virus. Norton will not touch
it. I went to Symantic home page on how to remove it, But
can't get rid of it. Now I can't get on the internet
unless I change users. I can access my email and icq, but
internet explorer will not work unless I change users.
Any idea on how to remove the virus??
THANKS

 

[httpd.confused]

I have the Backdoor.trojan virus. Norton will not touch
it. I went to Symantic home page on how to remove it, But
can't get rid of it. Now I can't get on the internet
unless I change users. I can access my email and icq, but
internet explorer will not work unless I change users.
Any idea on how to remove the virus??
THANKS

Backdoor trojans are NOTHING to mess with. I would strongly recommend
disconnecting the affected system(s) from the Internet immediately, and
then dealing with it by whatever means you have to.

Seriously, UNPLUG the system NOW. If you have no other computer to
connect out with, oh well, bring the system in for service somewhere.
Twiddle your thumbs until a knowledgable friend can help you (WITHOUT
plugging the computer in).

That's better than having personal, private, sensitive information going
out. You are at risk of having your computer controlled remotely, and
having things--ANYTHING--being done without your notice. Bank passwords
can be sent out by the trojan to a cracker who has connected to it.
PayPal passwords. Email messages. ANYTHING you type, or read, or store
on your computer.

But you need to provide more details. "Backdoor.Trojan" isn't specific,
it's really a whole category of malware (and not a "virus").

Ultimately, you very well may be better off wiping the entire system and
starting fresh.

 

[Kelly]

Hi Keith,

Follow the steps provided. Only one is listed. What seems to be the
problem?

The loading feature will normally be in the right pane of the following keys
and will usually refer to the file name of the threat. Check these keys for
suspicious entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

However, in this case: Delete the entry from here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

 

[Kelly]

Backdoor.Trojan isn't specific.......

Yes, it is.

 

[Guest]

-----Original Message-----
Hi Keith,

Follow the steps provided. Only one is listed. What seems to be the
problem?

The loading feature will normally be in the right pane of the following keys
and will usually refer to the file name of the threat. Check these keys for
suspicious entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi on\Run
HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
ion\RunOnce
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon

However, in this case: Delete the entry from here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers ion\Run

--
All the Best,
Kelly

Microsoft-MVP Windows® XP
2004 Windows MVP "Winny" Award

Troubleshooting Windows XP
http://www.kellys-korner-xp.com
http://www.kellys-korner-xp.com/xp_tweaks.htm

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm





.

Kelly,

What exactly do I delete? I can see nothing the those
keys that has anything to do with Backdoor. Trojan.

 

[Plato]

I have the Backdoor.trojan virus. Norton will not touch
it. I went to Symantic home page on how to remove it, But
can't get rid of it. Now I can't get on the internet
unless I change users. I can access my email and icq, but
internet explorer will not work unless I change users.

Did you already try disabling system restore, rebooting into safe mode
and either running norton or their specific fix?

 

[Plato]

Ultimately, you very well may be better off wiping the entire system and
starting fresh.

Novice advice.

 

[httpd.confused]

Novice advice.

More like "advice for a novice", smart-ass.

 

[httpd.confused]

No, it isn't.

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan.html

"Backdoor.Trojan is a GENERIC detection for a GROUP of Backdoor Trojan
Horses. All the Trojans detected as Backdoor.Trojan have one thing in
common: they allow unauthorized access to an infected computer."

Please don't make me waste my time with a correction to one of your
assertions again.

 

[httpd.confused]

Did you already try disabling system restore, rebooting into safe mode
and either running norton or their specific fix?

A "specific fix" for a GROUP of trojans? Oh, that's wonderfully-helpful
advice when you don't even know what he's infected with. Yeah, keep him
online while you shoot at more ghosts in the dark. And yes, no trojans
know how to hide themselves, and a simple removal tool will always
suffice to totally rid yourself of it. No, really. /sarcasm

 

[httpd.confused]

I have the Backdoor.trojan virus. Norton will not touch
it. I went to Symantic home page on how to remove it, But
can't get rid of it. Now I can't get on the internet
unless I change users. I can access my email and icq, but
internet explorer will not work unless I change users.
Any idea on how to remove the virus??
THANKS

Look, don't listen to people who think this can be solved over the
Internet. You need to, at the very LEAST:

1) Disconnect the affected system from the Internet, NOW.

2) Forget about Symantec products; they are not telling you what
SPECIFIC trojan is on your system. It may even be a false positive.
Try Trojan Defence Suite at http://www.diamondcs.com.au/ for
more-reliable detection and removal.

3) Don't get back online until you've either (A) Verified that it is a
false positive, or (B) Verified what the EXACT trojan name and variant
is, and removed it for certain. If you can't do this yourself, find
someone who can help you.

4) Don't listen to idiots in newsgroups like this who ask you if you've
run a "specific removal" tool, when such a thing probably doesn't exist,
and especially when you don't even know what specific malware you have
(if any). This problem may not be amenable to online, impersonal
resolution.

5) Consider Kaspersky Anti-Virus: http://www.kaspersky.com/

 

[sgopus]

How bout if I waste your time, telling you to calm down
and quit telling others to ignore helpful advice offered
on this forum.

You're the one being arrogant!
Yes you did offer some helpful advice, check on if it's a
false positive!.

 

[Plato]

A "specific fix" for a GROUP of trojans? Oh, that's wonderfully-helpful
advice when you don't even know what he's infected with. Yeah, keep him

Often your anti-virus can ID a trojan but cant remove it. At least with
the ID you can often find a specific removal tool.

 

[Kelly]

Hi,

Run the XP Startup Tracker from here and email me the logfile:
http://www.kellys-korner-xp.com/xp_u.htm#xp_util

/xp_tweaks.htm

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm

-----Original Message-----
Hi Keith,

Follow the steps provided. Only one is listed. What seems to be the
problem?

The loading feature will normally be in the right pane of the following keys
and will usually refer to the file name of the threat. Check these keys for
suspicious entries:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi on\Run
NT\CurrentVersion\Winlogon

However, in this case: Delete the entry from here:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVers ion\Run

/xp_tweaks.htm

Taskbar Repair Tool Plus!
http://www.kellys-korner-xp.com/taskbarplus!.htm





.

Kelly,

What exactly do I delete? I can see nothing the those
keys that has anything to do with Backdoor. Trojan.

 

[Li'l Roberto]

I have the Backdoor.trojan virus. Norton will not touch
it. I went to Symantic home page on how to remove it, But
can't get rid of it. Now I can't get on the internet
unless I change users. I can access my email and icq, but
internet explorer will not work unless I change users.
Any idea on how to remove the virus??
THANKS

Keith
Here is my experience with Backdoor.trojan, hope this will be of
assistance to you.
I had to remove this little nasty from a client's PC yesterday, he was
getting a virus alert on system start-up. Norton named the infected
file as C:\windows\system32\comga.dll, but was unable to repair/delete.
None of my usual spyware programs identified it either, nor did it
show up using search or browsing to the folder where it was
located - strange ?.

Anyway I used a bootable CD containing BartPE and FPROT's NTFS command
based AV scanner [FPCMD.EXE] , sure enough it detected two suspicious
files :

1. C:\windows\system32\comga.dll !!
2. C:\windows\downloaded program files\ami120z2sm_adult.exe

I was able to delete both from the cmd window, upon rebooting to
windows and running NAV it reported the system was clean.

rgds
Li'l Roberto

 

[Envo]

Look, don't listen to people who think this can be solved over the
Internet. You need to, at the very LEAST:

1) Disconnect the affected system from the Internet, NOW.

2) Forget about Symantec products; they are not telling you what
SPECIFIC trojan is on your system. It may even be a false positive.
Try Trojan Defence Suite at http://www.diamondcs.com.au/ for
more-reliable detection and removal.

SNIP

Puzzle:

If one has disconnected from the Internet, NOW, as per Instruction 1 above,
how does one then follow Instruction 2, which involves connecting to a
Website! Or am I missing something????

Envo

 

[Guest]

Where do I get a bootable CD to fix the trojan backdoor virus ?

I have the Backdoor.trojan virus. Norton will not touch
it. I went to Symantic home page on how to remove it, But
can't get rid of it. Now I can't get on the internet
unless I change users. I can access my email and icq, but
internet explorer will not work unless I change users.
Any idea on how to remove the virus??
THANKS

Keith
Here is my experience with Backdoor.trojan, hope this will be of
assistance to you.
I had to remove this little nasty from a client's PC yesterday, he was
getting a virus alert on system start-up. Norton named the infected
file as C:\windows\system32\comga.dll, but was unable to repair/delete.
None of my usual spyware programs identified it either, nor did it
show up using search or browsing to the folder where it was
located - strange ?.

Anyway I used a bootable CD containing BartPE and FPROT's NTFS command
based AV scanner [FPCMD.EXE] , sure enough it detected two suspicious
files :

1. C:\windows\system32\comga.dll !!
2. C:\windows\downloaded program files\ami120z2sm_adult.exe

I was able to delete both from the cmd window, upon rebooting to
windows and running NAV it reported the system was clean.

rgds
Li'l Roberto

 

[Guest]

I have the Backdoor.trojan virus. Norton will not touch
it. I went to Symantic home page on how to remove it, But
can't get rid of it. Now I can't get on the internet
unless I change users. I can access my email and icq, but
internet explorer will not work unless I change users.
Any idea on how to remove the virus??
THANKS

Keith
Here is my experience with Backdoor.trojan, hope this will be of
assistance to you.
I had to remove this little nasty from a client's PC yesterday, he was
getting a virus alert on system start-up. Norton named the infected
file as C:\windows\system32\comga.dll, but was unable to repair/delete.
None of my usual spyware programs identified it either, nor did it
show up using search or browsing to the folder where it was
located - strange ?.

Anyway I used a bootable CD containing BartPE and FPROT's NTFS command
based AV scanner [FPCMD.EXE] , sure enough it detected two suspicious
files :

1. C:\windows\system32\comga.dll !!
2. C:\windows\downloaded program files\ami120z2sm_adult.exe

I was able to delete both from the cmd window, upon rebooting to
windows and running NAV it reported the system was clean.

rgds
Li'l Roberto

 

[Hilary Karp]

http://www.nu2.nu/pebuilder/

Where do I get a bootable CD to fix the trojan backdoor virus ?

:

I have the Backdoor.trojan virus. Norton will not touch
it. I went to Symantic home page on how to remove it, But
can't get rid of it. Now I can't get on the internet
unless I change users. I can access my email and icq, but
internet explorer will not work unless I change users.
Any idea on how to remove the virus??
THANKS

Keith
Here is my experience with Backdoor.trojan, hope this will be of
assistance to you.
I had to remove this little nasty from a client's PC yesterday, he was
getting a virus alert on system start-up. Norton named the infected
file as C:\windows\system32\comga.dll, but was unable to repair/delete.
None of my usual spyware programs identified it either, nor did it
show up using search or browsing to the folder where it was
located - strange ?.

Anyway I used a bootable CD containing BartPE and FPROT's NTFS command
based AV scanner [FPCMD.EXE] , sure enough it detected two suspicious
files :

1. C:\windows\system32\comga.dll !!
2. C:\windows\downloaded program files\ami120z2sm_adult.exe

I was able to delete both from the cmd window, upon rebooting to
windows and running NAV it reported the system was clean.

rgds
Li'l Roberto