Trojan

[Ian]

my AVG resident shield pops up a message saying trojan backdoor.wootbot.f
found in C:\System Volume Information\_restore .... \A0001127.exe
and tells me to scan with AVG to remove it.

So I scan and AVG comes up with the all clear. I also scanned with
housecall, which gave me the all clear.

anyone know anything about Backdoor.Wootbot.F??

I also cant figure out how to access that location on my computer to check
to see if that file A0001127.exe is there and if so, delete it.


Also, can anyone tell me what "Iassd.exe" does? - or what it is? seemed to
freeze my internet connection after a while whatever it is, until I shut the
process down and quarantined it with Security Task Manager. Always kept
asking for permission to access the net. didnt seem to make any difference
if i allowed it to or not. connection became completely unresponsive.

bought this computer brand new less than a week ago and am still trying to
iron these problems out - pretty pissed off that I'm having these probslems
to begin with!!!



cheers!
Ian

 

[Beauregard T. Shagnasty]

Quoth the raven Ian:

my AVG resident shield pops up a message saying trojan
backdoor.wootbot.f found in C:\System Volume Information\_restore
.... \A0001127.exe and tells me to scan with AVG to remove it.

It's in your system restore. You'll have to shut that down, reboot and
scan again. Then turn it back on.

....

bought this computer brand new less than a week ago and am still
trying to iron these problems out - pretty pissed off that I'm
having these probslems to begin with!!!

Have you read this yet?
http://cyberforge.com/weblog/aniltj/archive/2003/11/20/183.aspx

Do you have a firewall? [most important]

 

[David H. Lipman]

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (personal free version)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt192.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
10) Please report back your results

Dave






|
| my AVG resident shield pops up a message saying trojan backdoor.wootbot.f
| found in C:\System Volume Information\_restore .... \A0001127.exe
| and tells me to scan with AVG to remove it.
|
| So I scan and AVG comes up with the all clear. I also scanned with
| housecall, which gave me the all clear.
|
| anyone know anything about Backdoor.Wootbot.F??
|
| I also cant figure out how to access that location on my computer to check
| to see if that file A0001127.exe is there and if so, delete it.
|
|
| Also, can anyone tell me what "Iassd.exe" does? - or what it is? seemed to
| freeze my internet connection after a while whatever it is, until I shut the
| process down and quarantined it with Security Task Manager. Always kept
| asking for permission to access the net. didnt seem to make any difference
| if i allowed it to or not. connection became completely unresponsive.
|
| bought this computer brand new less than a week ago and am still trying to
| iron these problems out - pretty pissed off that I'm having these probslems
| to begin with!!!
|
|
|
| cheers!
| Ian
|
|

 

[Ian]

Quoth the raven Ian:


It's in your system restore. You'll have to shut that down, reboot and
scan again. Then turn it back on.

I just did that as you suggested, didnt find anything!!
hmmm

...

Have you read this yet?

no,
I've never really had this sort of problem before, hardly ever got a virus
on my other computer that I updated from, and that was running XP.

since I didnt build the system, and have hardly had any sort of problem like
this before, im wondering if some of these problems didnt originate with the
supplier.

checkout some of this stuff i've found on it and got rid of:
avgserv.exe
iassd.exe
msbb.exe
syncroad.exe
winsync.exe

http://cyberforge.com/weblog/aniltj/archive/2003/11/20/183.aspx

Do you have a firewall? [most important]
yes

 

[Beauregard T. Shagnasty]

Quoth the raven Ian:

I just did that as you suggested, didnt find anything!!
hmmm

You mean the re-scan didn't find anything. That's good, it worked.

I've never really had this sort of problem before, hardly ever got a virus
on my other computer that I updated from, and that was running XP.

since I didnt build the system, and have hardly had any sort of problem like
this before, im wondering if some of these problems didnt originate with the
supplier.

Could be, if the supplier went on the 'net without a condom.

checkout some of this stuff i've found on it and got rid of:
avgserv.exe AVG Anti-virus Application
iassd.exe ?
msbb.exe MSBB Web3000 Spyware Application
syncroad.exe http://forums.majorgeeks.com/showthread.php?t=43504
winsync.exe (ditto)

http://home.rochester.rr.com/bshagnasty/tips.html

 

[Ian]

Quoth the raven Ian:


You mean the re-scan didn't find anything. That's good, it worked.


Could be, if the supplier went on the 'net without a condom.

thats what i thought.

duh me. how self evident now. i'll put the sucker back on.

cant find much on iassd.exe either, however ... seemed to make my net
connectivity nonfunctional/dysunctional. pages wouldnt open at all ect -
report dns error. killing the process killed that problem - immediately.

 

[Gabriele Neukam]

On that special day, Ian, ([email protected]) said...

cant find much on iassd.exe either, however ... seemed to make my net
connectivity nonfunctional/dysunctional. pages wouldnt open at all ect -
report dns error. killing the process killed that problem - immediately.

That name does sound like something that tries to appear as if it did
belong to XP, but in fact doesn't.

Did your vendor install Service Pack2 on your system? He should, as it
has been out for at least four weeks.

As this computer is only a week old, I hope it doesn#t contain many
important files already (I often am quite slow with moving my activities
from one machine to another, just in case the new one might be botched)

If it is still possible, I would first obtain the service pack 2, and
the JPEG patches, then repartition the hard disk of this new computer,
install XP from scratch, apply the SP", install all drivers, and
activate the internet "firewall" of XP.

And only then, I would visit pages with it. There are too many trapped
web sites and too many exploitable messengers out there, so better have
your PC bolted, before you are driving into Downtown.

Just my 2 Eurocent


Gabriele Neukam

(e-mail address removed)