virus backdoor.ciadoor.dd

[Guest]

so nortorn calls it backdoor.ciadoor and microsoft detects it as ciadoor.121,
the infection is located in D:\WINDOWS\system32\wsock32.sys (since i have a
dual boot sys, xp is in d drive)
originally a .rar file which i downloaded from the net scaned it wid nortorn
system works 2006 ,dint manage to detect it then ,after installation
nortorn was corrupted and task manager disabled.nortorn cannot delete it
cause access is denied by admin.live one (microsoft) detects and deletes it
but it sucessfully but it seems to return.think it has somthng to do wid
system restore.
also cmd prompt has been disabled by admin,and registry edit has been
disabled by admin
finally managed to un install nortorn as their website stated the software
was malfunctioning
cudnt find the right tool so applied most of the backdoor.xyz
tools ,non of them tho seemed to even detect it, also had ran their online
scan to figure out what bitdefender called it well they happen to call it '
backdoor.ciadoor.dd ' realease date not mentioned and they seem 2 have no
furthur info on their site , or even a mention.also cannot re install norton
as registry changes are supposedly disabled by admin.nortorn has a 2nd
solutionto go through cmd prompt but that again has been disabled.also tried
runnin mccafee wid da same results dat access is denied.ran a search on da
net figures only jap/ chinese av companies have a solution and no online scan
so thought wud be a scam .thought wud be beter to consult u before doin any
thing,also considering da nature of the virus wud it be alright to continue
its usage n downloadin in da mean time?
was wondering if i cud attack it frm windows 98 ,which is safe on da c drive
,however d drive again happens to have a ntfs partition.so might not be
accessible

 

[Malke]

so nortorn calls it backdoor.ciadoor and microsoft detects it as
ciadoor.121,

(snip long, unreadable post)

No, you can't remove the malware from Win98.
Go through these general malware removal steps systematically -
http://www.elephantboycomputers.com/page2.html#Removing_Malware

Include scanning with either Sysclean or Multi_AV, plus AVG Anti-Spyware
(formerly Ewido - http://www.ewido.net/en/) and follow instructions to do
all scans in Safe Mode.

When all else fails, run HijackThis and post your log in one of the
specialty forums listed at the link above (not here, please).

If the procedures look too complex - and there is no shame in admitting this
isn't your cup of tea - take the machine to a professional computer repair
shop (not your local version of BigStoreUSA). The only alternative to going
through the malware removal tediously and systematically, probably with
online help from an HJT forum, and taking the machine to a real
professional is to back up your data and do a clean install of Windows.
It's your call. Please be aware that not all local shops are skilled at
removing malware and even if they are, your computer may be so infested
that Windows will need to be clean-installed. Have all your data backed up
before you take the machine into a shop.

Malke

 

[David H. Lipman]

From: "nosferatu" <[email protected]>

| so nortorn calls it backdoor.ciadoor and microsoft detects it as ciadoor.121,
| the infection is located in D:\WINDOWS\system32\wsock32.sys (since i have a
| dual boot sys, xp is in d drive)
| originally a .rar file which i downloaded from the net scaned it wid nortorn
| system works 2006 ,dint manage to detect it then ,after installation
| nortorn was corrupted and task manager disabled.nortorn cannot delete it
| cause access is denied by admin.live one (microsoft) detects and deletes it
| but it sucessfully but it seems to return.think it has somthng to do wid
| system restore.
| also cmd prompt has been disabled by admin,and registry edit has been
| disabled by admin
| finally managed to un install nortorn as their website stated the software
| was malfunctioning
| cudnt find the right tool so applied most of the backdoor.xyz
| tools ,non of them tho seemed to even detect it, also had ran their online
| scan to figure out what bitdefender called it well they happen to call it '
| backdoor.ciadoor.dd ' realease date not mentioned and they seem 2 have no
| furthur info on their site , or even a mention.also cannot re install norton
| as registry changes are supposedly disabled by admin.nortorn has a 2nd
| solutionto go through cmd prompt but that again has been disabled.also tried
| runnin mccafee wid da same results dat access is denied.ran a search on da
| net figures only jap/ chinese av companies have a solution and no online scan
| so thought wud be a scam .thought wud be beter to consult u before doin any
| thing,also considering da nature of the virus wud it be alright to continue
| its usage n downloadin in da mean time?
| was wondering if i cud attack it frm windows 98 ,which is safe on da c drive
| ,however d drive again happens to have a ntfs partition.so might not be
| accessible

Man that was HARD to read !

I "cudnt " figure out all you were trying to convey.


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * * Please report back your results * * *

 

[Guest]

so nortorn calls it backdoor.ciadoor and microsoft detects it as ciadoor.121,
the infection is located in D:\WINDOWS\system32\wsock32.sys (since i have a
dual boot sys, xp is in d drive)

Hi ! Download The Avenger
http://swandog46.geekstogo.com/avenger.zip
Download that file
http://pandaman.my.contact.bg/trrem.txt

Unzip The Avenger and run the EXE file . Choose "Load Script From File" and
browse to trrem.txt
Press the glass icon. Now press on the traffic light icon.
The computer will boot, and the program will run the script file before all
the exe and the dll files of the malware . After the restart the program will
generate a log which will tell you the malware is gone


Now I would suggest you disable System Restore , completely remove Norton
and perform some cleaning .

Instructions can be found here (Malware Removal Instructions)
http://pandaman.my.contact.bg

In order to completely remove Norton , goto Control Panel -> Add/Remove
programs . Uninstall System Works , reboot ,
Uninstall Live update , reboot ,
uninstall other Symantec related things in Add/Remove programs , reboot .

At the end , use Symantec's Norton removal too
http://service1.symantec.com/SUPPOR...sf&view=docid&dtype=&prod=&ver=&osv=&osv_lvl=

After you remove that trojan , use Spybot Search and Destroy to restore your
Task Manager and CMD .
http://www.safer-networking.org/microsoft.en.html


After you perform the instructions and clean your computer , get something
better than Norton : Kaspersky , NOD32 ... I strongly recommend you eset
NOD32 www.eset.com

Happy Holidays !