[H]Huge BackDoor Trojan Problem

Mickey

United States2606 Posts

June 18 2009 05:14 GMT

I never thought I'd say this, but I seriously need help getting rid of the nastiest malware infection I've ever had.

This infection not only slows down my computer, crashes firefox, redirects search results, it also doesn't let certain antispyware programs install/turn on.

+ Show Spoiler +

I tried researching how to get rid of it ,and I just found this link.
LINK

I've tried booting up in Safe Mode and using both Antivir/Super Antispyware it found about 50 Trojans. Antivir finds that specific Trojan, but won't let me remove it. A squared found it, but won't let me remove it.

Malwarebytes/Spybot install, but won't run. I tried changing the .exe file like I did with super Antispyware, but it still won't run.

Does anyone know anything that will FUCKING kill this? If worst comes to worst I'll have to reformat.

GOD THIS IS THE SMARTEST VIRUS EVER!

RaGe

Belgium9947 Posts

June 18 2009 05:20 GMT

You couldn't run Malwarebytes in Safe Mode? I find that hard to believe.

jimminy_kriket

Canada5498 Posts

June 18 2009 05:22 GMT

Does hijack this run? Try posting a hijackthis log on a tech forum

Mickey

United States2606 Posts

June 18 2009 05:23 GMT

On June 18 2009 14:20 RaGe wrote:
You couldn't run Malwarebytes in Safe Mode? I find that hard to believe.

It won't run. It takes forever to install(probably the virus/trojan is doing it's mischief).

On June 18 2009 14:22 jimminy_kriket wrote:
Does hijack this run? Try posting a hijackthis log on a tech forum

First, thing I did was run hijackthis, and post it on a site that analyzes malicious processes. The problem is that Hijackthis can't detect these. All the ones it did detect I deleted.

My LOG(WARNING LONG)
+ Show Spoiler +

Logfile of HijackThis v1.99.1
Scan saved at 12:23:38 AM, on 6/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Mike\My Documents\asddadw.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Shrimp\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O15 - Trusted Zone: http://*.att.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SP\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c912faf57de5c4) (gupdate1c912faf57de5c4) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe

I'm currently using the online scanner Housecall.

Kentor

United States5784 Posts

June 18 2009 05:28 GMT

Dude just reformat.

Mickey

United States2606 Posts

June 18 2009 05:31 GMT

On June 18 2009 14:28 Kentor wrote:
Dude just reformat.

No. I'm fucking sick of people always just saying "Reformat!". Do you know how much a pain in the ass it is, also I've always been a pretty knowledgeable person on ad ware/viruses. My Brother has fucked up the comp tons of tons of times doing dumb shit/looking at porn. I've always fixed the infection. Reformatting is like excepting defeat in my opinion.

God why do I always have stress/shit happened to me. I'm a nice guy!

ZoW

United States3983 Posts

June 18 2009 05:32 GMT

Have you tried combofix?

Bac

United States53 Posts

June 18 2009 05:32 GMT

Anyone else do a double-take after reading the thread title, and then after clicking on the thread feel ashamed and dirty for your thoughts?

evanthebouncy!

United States12796 Posts

June 18 2009 05:34 GMT

I was gonna say why you need to wear condoms while fucking in the anus.

Reason

United Kingdom2770 Posts

June 18 2009 05:35 GMT

#10

Nasty processes you got there :o

Kentor

United States5784 Posts

June 18 2009 05:35 GMT

#11

On June 18 2009 14:31 Mickey wrote:

Show nested quote +

Well next time put all your shit in another partition different from the OS. You only need at most about 60GB for your OS.

Deleted User 3420

24492 Posts

June 18 2009 05:38 GMT

#12

Try downloading "trojan defense suite"

u can get a trial of the newest version for free, probably

here

http://tucows.menanet.net/preview/195501.html

jimminy_kriket

Canada5498 Posts

June 18 2009 05:40 GMT

#13

Well only advice i can give really is to wait for people on the tech forum you posted at to give you further instructions and in the meantime try running every online scanner known to man. F secure, eset, panda, bitdefender all have good scanners if i recall correctly

Grobyc

Canada18410 Posts

June 18 2009 05:53 GMT

#14

Stop downloading so much porn?

and this:

On June 18 2009 14:34 evanthebouncy! wrote:
I was gonna say why you need to wear condoms while fucking in the anus.

kekeke

Mickey

United States2606 Posts

June 18 2009 05:56 GMT

#15

On June 18 2009 14:32 ZoW wrote:
Have you tried combofix?

I'm not really knowledgeable on this software. I've read it in the threads, but I also found out that it can do some damage to your OS if not used properly.

Would you care to explain how it works?

On June 18 2009 14:38 travis wrote:
Try downloading "trojan defense suite"

u can get a trial of the newest version for free, probably

here

http://tucows.menanet.net/preview/195501.html

Thanks will do although this seems really old.

On June 18 2009 14:53 Grobyc wrote:
Stop downloading so much porn?

I don't download porn I'm smarter than that. I stream it on Redtube with adblocker making that window look clean.

Honestly another thing that is bothering me is how I got the trojan to begin with. I have to 2 possibilities. A MP3 I downloaded, or a Antivirus suit torrent I downloaded and ran. I think it was the MP3.

I knew it looked shady. Chains of Love by Erasure is now my least favorite song ever.

Deleted User 3420

24492 Posts

June 18 2009 06:00 GMT

#16

It is old, but the trojan/virus lists are up to date afaik

pretty sure it's the best there is

Mickey

United States2606 Posts

June 18 2009 06:02 GMT

#17

Travis you are my boy. I owe you man.

Deleted User 3420

24492 Posts

June 18 2009 06:07 GMT

#18

did you get it fixed?
glad I could help

MamiyaOtaru

United States1687 Posts

June 18 2009 07:07 GMT

#19

On June 18 2009 14:56 Mickey wrote:
Honestly another thing that is bothering me is how I got the trojan to begin with. I have to 2 possibilities. A MP3 I downloaded, or a Antivirus suit torrent I downloaded and ran. I think it was the MP3.

Hahaha are you serious? Your choices are a music file and a warezed app suite containing presumably at least one executable, and you suspect the music file??

Admit defeat. Reformat. Once you've been back doored you can never be sure it is gone. That's the nature of rootkits. And next time don't download warez antivirus apps. Wasn't your brother "doing dumb shit" this time.

I mean, it's cool if it seems like Trojan Defense Suite worked, but all the programs you tried previously either couldn't detect or remove something. You can't be %100 sure that TDS got everything, that there isn't something there it couldn't find. I mean if there are no symptoms continue merrily on your way or whatever. Hope you're not part of a botnet.

Etherone

United States1898 Posts

June 18 2009 07:34 GMT

#20

TL > tech forums

well for further reference i would love to know how you got rid of it.

1 2 Next All

Please or register to reply.

[H]Huge BackDoor Trojan Problem

Completed

Ongoing

Upcoming