Dump The System

[Keith]

I have been fighting this Backdoor.Trojan for over a
week. I have tried everything I know to get rid of it,
but can't. Norton says there is nothing wrong when I do a
complete scan in safe mode, but I get a virus warning
constantly. Should I dump the whole system? If so, how do
I do it. Living where I do, there is not any computer
gurus around.

 

[JAX]

Hi Keith,

This link might help.
http://www.pchell.com/virus/sdbot.shtml

HTH, JAX

 

[Franksta]

Ok, well, a little research finds the following

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.trojan.html

"Backdoor.Trojan is a generic detection for a group of Backdoor Trojan
Horses. All the Trojans detected as Backdoor.Trojan have one thing in
common: they allow unauthorized access to an infected computer."

This really isn't an MS issue but ...

If you can figure out the actual name of the virus or trojan, that would
really help to resolve your issue.

When you say you have done everything you know to resolve this, what exactly
have you tried?

Usually, the trojans that I have seen normally appear in the temp internet
folder. So what you can do is the following and see if the error comes up
again.

Open Internet Explorer --> then click on "Tools" then "Internet Options"
then in the "Temporary Internet files" section, click on "Delete Files" and
"Delete Cookies". Then click on "Settings" then "View Objects" then select
all files and delete. Close that window and click OK twice. Restart your
machine as per normal and see if the error message comes up again.

Hope this helps.


Cheers,
Franksta.

 

[Keith]

-----Original Message-----
Ok, well, a little research finds the following

http://securityresponse.symantec.com/avcenter/venc/data/b ackdoor.trojan.html

"Backdoor.Trojan is a generic detection for a group of Backdoor Trojan
Horses. All the Trojans detected as Backdoor.Trojan have one thing in
common: they allow unauthorized access to an infected computer."

This really isn't an MS issue but ...

If you can figure out the actual name of the virus or trojan, that would
really help to resolve your issue.

When you say you have done everything you know to resolve this, what exactly
have you tried?

Usually, the trojans that I have seen normally appear in the temp internet
folder. So what you can do is the following and see if the error comes up
again.

Open Internet Explorer --> then click on "Tools" then "Internet Options"
then in the "Temporary Internet files" section, click on "Delete Files" and
"Delete Cookies". Then click on "Settings" then "View Objects" then select
all files and delete. Close that window and click OK twice. Restart your
machine as per normal and see if the error message comes up again.

Hope this helps.


Cheers,
Franksta.

What i have done so far is:

Been to symantic's page and followed there advice....no
help

check my registrys and cannot find it

ran all my spyware programs is safe mode...nothing


I am lost!!

 

[Rick \Nutcase\ Rogers]

#1 rule for working on viruses is to get out of normal mode. 99% of the
time, the bugs are active in normal mode making detection and removal
difficult if not impossible.

If you know the name of your trojan (has been identified by AV software),
look it up (googling is the easiest way) and get removal instructions. Then
print them off. Restart the system and hit F8 at boot to load safe mode.
Logon as administrator, then follow the removal instructions.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Franksta]

Ok Keith,


Which registry settings have you checked? Did you try my previous
suggestion?

Try the following locations:

HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersion/
HKEY_LOCAL_MACHINE/Software/Microsoft/Windows/CurrentVersion/

Any of the keys that say "Run" in it. These are apps that are scheduled to
run at startup.

Check if any of these look "funky". Export them and delete then test.


Let me know,
Franksta.

 

[Keith]

-----Original Message-----
#1 rule for working on viruses is to get out of normal mode. 99% of the
time, the bugs are active in normal mode making detection and removal
difficult if not impossible.

If you know the name of your trojan (has been identified by AV software),
look it up (googling is the easiest way) and get removal instructions. Then
print them off. Restart the system and hit F8 at boot to load safe mode.
Logon as administrator, then follow the removal instructions.

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org




.
When I boot up in safe mode, I cannot find the bug.

Norton says nothing infected. But when I get a warning
from Norton, it says::

Object Name: C:\WINDOWS\SYSTEM32\SQLFLP.DLL
Virus Name: Backdoor.Trojan


I found the .dll but cannot delete it. Cannot find it
when in safe mode.

 

[Rick \Nutcase\ Rogers]

Boot to Safe mode, logon as your regular user (not administrator) look at
these registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg

See if there is a string there that loads that file. If so, delete the
string (not the key).

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org

 

[Keith]

-----Original Message-----
Boot to Safe mode, logon as your regular user (not administrator) look at
these registry keys:

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersi on\Run
Tools\MSConfig\startupreg

See if there is a string there that loads that file. If so, delete the
string (not the key).

--
Best of Luck,

Rick Rogers, aka "Nutcase" - Microsoft MVP

Associate Expert - WindowsXP Expert Zone

Windows help - www.rickrogers.org




.Rick,

Went through everything and there is nothing there that
is related to this trojan. It has to loading from
somewhere, just not sure where.

 

[Guest]

-----Original Message-----
Ok Keith,


Which registry settings have you checked? Did you try my previous
suggestion?

Try the following locations:

HKEY_CURRENT_USER/Software/Microsoft/Windows/CurrentVersi on/
ion/

Any of the keys that say "Run" in it. These are apps that are scheduled to
run at startup.

Check if any of these look "funky". Export them and delete then test.


Let me know,
Franksta.


.
Franksta,

Been through is all, no luck. This is driving me nuts

the Norton warning say:

Object Name: C:\Windows\System32\sqlflp.dll
Virus Name: Backdoor.Trojan

When I do a search of my computer, it says it can't find
it

 

[Abel]

Try another virus scanner if all else fails. This is a
free online scanner:
http://housecall.trendmicro.com/

 

[tallyman]

Are you following the full instructions for removal? - as well a
running in safe mode you usually have to disable System Restor
otherwise it will keep coming back. (This will delete your previou
restore points


-
tallyma

 

[XS11E]

I have been fighting this Backdoor.Trojan for over a
week. I have tried everything I know to get rid of it,
but can't. Norton says there is nothing wrong when I do a
complete scan in safe mode, but I get a virus warning
constantly. Should I dump the whole system? If so, how do
I do it. Living where I do, there is not any computer
gurus around.

Do an online scan here:

http://www.pandasoftware.com/activescan/com/activescan_principal.htm

See if it will find something.

 

[Andy]

Went through everything and there is nothing there that
is related to this trojan. It has to loading from
somewhere, just not sure where.

Just to check have you emptied the system restore folder as I have heard of
cases (sorry I do not use XP) where the virus/trojan is removed from the
system but the AV package still detects it in the system restore folder.

Just a thought.

Also try something like

http://netez.com/xplorer2/

(just use the trial) as this will let you see all the files that Windows
Explorer will try and hide from you. This may allow you to see the file you
want to delete when you boot to safe mode

Hope this helps

Andy

 

[Guest]

I fixed mine, and I was one step from wiping the system.
For those of you who keep geting backdoor trojan virus warnings from Symantec's real time monitor, but run scans that come up clean, read on:

We've been running on On-Track system suite on this computer since it was new. However, I have rarely used it. In fact, I pretty much forgot what it would do. I ran it to see if it had a utility that would allow me to access hidden dll files. It didn't, but it did have a registry cleanup tool, so I used it. I didn't think it would work, because I didn't see any specific kbdn references. (I had an apparant kbdn.dll file identified as a backdoor trojan that couldn't be cleaned.)

I've launced my fifth or sixth window, and no virus alerts. I also ran HijackThis, and found no reference to kbdn.

I realize that HijackThis is not designed to find viruses, but in spite of that, it's the only program besides the Symantec real time monitor that would indicate anything meaningfull about the kbdn.dll file.

To make a long story short, for situations like mine, run a registry clean utility.

So, get this:
Since ontrack is so old, I clicked on automatic update, and what happens? I get two virus files instead! However, Symantec grabbed them, quarantined them, and I deleted them. Watch what you click.

 

[Keith]

Tom,

What would you suggest I run? I have registry Mechanic 4.
When I run it, it finds no problem. I have Hijackthis,
but not sure what I can delete. I have run Ad-Aware and
spybot also. Have been doing research on this and have
tried everything that I have been told or read with no
success.


Keith

-----Original Message-----
I fixed mine, and I was one step from wiping the system.
For those of you who keep geting backdoor trojan virus

warnings from Symantec's real time monitor, but run scans
that come up clean, read on:

We've been running on On-Track system suite on this

computer since it was new. However, I have rarely used
it. In fact, I pretty much forgot what it would do. I
ran it to see if it had a utility that would allow me to
access hidden dll files. It didn't, but it did have a
registry cleanup tool, so I used it. I didn't think it
would work, because I didn't see any specific kbdn
references. (I had an apparant kbdn.dll file identified
as a backdoor trojan that couldn't be cleaned.)

I've launced my fifth or sixth window, and no virus

alerts. I also ran HijackThis, and found no reference to
kbdn.

I realize that HijackThis is not designed to find

viruses, but in spite of that, it's the only program
besides the Symantec real time monitor that would
indicate anything meaningfull about the kbdn.dll file.

To make a long story short, for situations like mine, run a registry clean utility.

So, get this:
Since ontrack is so old, I clicked on automatic update,

and what happens? I get two virus files instead!
However, Symantec grabbed them, quarantined them, and I
deleted them. Watch what you click.

 

[VernMan]

Tom,

What would you suggest I run? I have registry Mechanic 4.
When I run it, it finds no problem. I have Hijackthis,
but not sure what I can delete. I have run Ad-Aware and
spybot also. Have been doing research on this and have
tried everything that I have been told or read with no
success.


Keith

One suggestio I can offer is to run "The cleaner" from www.moosoft.com
It's a free 30 day trial version. It's fully functional but will cease
after 30 days unless you pay. But at least it will let you scan and
remove anything that it finds for free.
Norton is not very good at removing backdoors. The cleaner is
especially designed to do just that. It's not an anti-virus, but a
trojan removal tool.
I had a friend run it on his plagued PC and it found in excess of 200
trojans. None of them were detected by Norton.

It's worth a try I would say.

Good luck!