• Log InLog In
  • Register
Liquid`
Team Liquid Liquipedia
EDT 07:54
CEST 13:54
KST 20:54
  • Home
  • Forum
  • Calendar
  • Streams
  • Liquipedia
  • Features
  • Store
  • EPT
  • TL+
  • StarCraft 2
  • Brood War
  • Smash
  • Heroes
  • Counter-Strike
  • Overwatch
  • Liquibet
  • Fantasy StarCraft
  • TLPD
  • StarCraft 2
  • Brood War
  • Blogs
Forum Sidebar
Events/Features
News
Featured News
Code S RO4 & Finals Preview: herO, Rogue, Classic, GuMiho0TL Team Map Contest #5: Presented by Monster Energy4Code S RO8 Preview: herO, Zoun, Bunny, Classic7Code S RO8 Preview: Rogue, GuMiho, Solar, Maru3BGE Stara Zagora 2025: Info & Preview27
Community News
Classic & herO RO8 Interviews: "I think it’s time to teach [Rogue] a lesson."1Rogue & GuMiho RO8 interviews: "Lifting that trophy would be a testament to all I’ve had to overcome over the years and how far I’ve come on this journey.3Code S RO8 Results + RO4 Bracket (2025 Season 2)12BGE Stara Zagora 2025 - Replay Pack2Weekly Cups (June 2-8): herO doubles down1
StarCraft 2
General
Code S RO8 Results + RO4 Bracket (2025 Season 2) Code S RO4 & Finals Preview: herO, Rogue, Classic, GuMiho Classic & herO RO8 Interviews: "I think it’s time to teach [Rogue] a lesson." Rogue & GuMiho RO8 interviews: "Lifting that trophy would be a testament to all I’ve had to overcome over the years and how far I’ve come on this journey. I have an extra ticket to the GSL Ro4/finals
Tourneys
Sea Duckling Open (Global, Bronze-Diamond) SOOPer7s Showmatches 2025 RSL: Revival, a new crowdfunded tournament series [GSL 2025] Code S: Season 2 - Ro8 - Group A [GSL 2025] Code S: Season 2 - Ro8 - Group B
Strategy
[G] Darkgrid Layout Simple Questions Simple Answers [G] PvT Cheese: 13 Gate Proxy Robo
Custom Maps
[UMS] Zillion Zerglings
External Content
Mutation # 477 Slow and Steady Mutation # 476 Charnel House Mutation # 475 Hard Target Mutation # 474 Futile Resistance
Brood War
General
BGH Auto Balance -> http://bghmmr.eu/ Recent recommended BW games BW General Discussion FlaSh Witnesses SCV Pull Off the Impossible vs Shu StarCraft & BroodWar Campaign Speedrun Quest
Tourneys
[Megathread] Daily Proleagues [BSL 2v2] ProLeague Season 3 - Friday 21:00 CET Small VOD Thread 2.0 [BSL20] ProLeague Bracket Stage - Day 4
Strategy
I am doing this better than progamers do. [G] How to get started on ladder as a new Z player
Other Games
General Games
Path of Exile Nintendo Switch Thread Stormgate/Frost Giant Megathread Beyond All Reason What do you want from future RTS games?
Dota 2
Official 'what is Dota anymore' discussion
League of Legends
Heroes of the Storm
Simple Questions, Simple Answers Heroes of the Storm 2.0
Hearthstone
Heroes of StarCraft mini-set
TL Mafia
TL Mafia Community Thread Vanilla Mini Mafia
Community
General
Things Aren’t Peaceful in Palestine US Politics Mega-thread UK Politics Mega-thread Russo-Ukrainian War Thread Vape Nation Thread
Fan Clubs
Maru Fan Club Serral Fan Club
Media & Entertainment
Korean Music Discussion [Manga] One Piece
Sports
2024 - 2025 Football Thread NHL Playoffs 2024 TeamLiquid Health and Fitness Initiative For 2023 Formula 1 Discussion
World Cup 2022
Tech Support
Computer Build, Upgrade & Buying Resource Thread
TL Community
The Automated Ban List
Blogs
A Better Routine For Progame…
TrAiDoS
StarCraft improvement
iopq
Heero Yuy & the Tax…
KrillinFromwales
I was completely wrong ab…
jameswatts
Need Your Help/Advice
Glider
Trip to the Zoo
micronesia
Customize Sidebar...

Website Feedback

Closed Threads



Active: 27577 users

[H]Huge BackDoor Trojan Problem

Blogs > Mickey
Post a Reply
1 2 Next All
Mickey
Profile Blog Joined July 2005
United States2606 Posts
Last Edited: 2009-06-18 05:20:59
June 18 2009 05:14 GMT
#1
I never thought I'd say this, but I seriously need help getting rid of the nastiest malware infection I've ever had.

This infection not only slows down my computer, crashes firefox, redirects search results, it also doesn't let certain antispyware programs install/turn on.

+ Show Spoiler +
[image loading]


I tried researching how to get rid of it ,and I just found this link.
LINK

I've tried booting up in Safe Mode and using both Antivir/Super Antispyware it found about 50 Trojans. Antivir finds that specific Trojan, but won't let me remove it. A squared found it, but won't let me remove it.

Malwarebytes/Spybot install, but won't run. I tried changing the .exe file like I did with super Antispyware, but it still won't run.

Does anyone know anything that will FUCKING kill this? If worst comes to worst I'll have to reformat.

GOD THIS IS THE SMARTEST VIRUS EVER!

RaGe
Profile Blog Joined July 2004
Belgium9947 Posts
June 18 2009 05:20 GMT
#2
You couldn't run Malwarebytes in Safe Mode? I find that hard to believe.
Moderatorsometimes I get intimidated by the size of my right testicle
jimminy_kriket
Profile Blog Joined February 2007
Canada5499 Posts
June 18 2009 05:22 GMT
#3
Does hijack this run? Try posting a hijackthis log on a tech forum
life of lively to live to life of full life thx to shield battery
Mickey
Profile Blog Joined July 2005
United States2606 Posts
Last Edited: 2009-06-18 05:27:37
June 18 2009 05:23 GMT
#4
On June 18 2009 14:20 RaGe wrote:
You couldn't run Malwarebytes in Safe Mode? I find that hard to believe.

It won't run. It takes forever to install(probably the virus/trojan is doing it's mischief).
On June 18 2009 14:22 jimminy_kriket wrote:
Does hijack this run? Try posting a hijackthis log on a tech forum

First, thing I did was run hijackthis, and post it on a site that analyzes malicious processes. The problem is that Hijackthis can't detect these. All the ones it did detect I deleted.

My LOG(WARNING LONG)
+ Show Spoiler +

Logfile of HijackThis v1.99.1
Scan saved at 12:23:38 AM, on 6/18/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16850)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Mike\My Documents\asddadw.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Shrimp\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.21.0\gears.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (file missing)
O15 - Trusted Zone: http://*.att.net
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SP\SASWINLO.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Google Update Service (gupdate1c912faf57de5c4) (gupdate1c912faf57de5c4) - Unknown owner - C:\Program Files\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe


I'm currently using the online scanner Housecall.
Kentor *
Profile Blog Joined December 2007
United States5784 Posts
June 18 2009 05:28 GMT
#5
Dude just reformat.
Mickey
Profile Blog Joined July 2005
United States2606 Posts
Last Edited: 2009-06-18 05:31:44
June 18 2009 05:31 GMT
#6
On June 18 2009 14:28 Kentor wrote:
Dude just reformat.

No. I'm fucking sick of people always just saying "Reformat!". Do you know how much a pain in the ass it is, also I've always been a pretty knowledgeable person on ad ware/viruses. My Brother has fucked up the comp tons of tons of times doing dumb shit/looking at porn. I've always fixed the infection. Reformatting is like excepting defeat in my opinion.

God why do I always have stress/shit happened to me. I'm a nice guy!
ZoW
Profile Blog Joined January 2009
United States3983 Posts
June 18 2009 05:32 GMT
#7
Have you tried combofix?
the courage to be a lazy bum
Bac
Profile Joined January 2009
United States53 Posts
June 18 2009 05:32 GMT
#8
Anyone else do a double-take after reading the thread title, and then after clicking on the thread feel ashamed and dirty for your thoughts?
evanthebouncy!
Profile Blog Joined June 2006
United States12796 Posts
June 18 2009 05:34 GMT
#9
I was gonna say why you need to wear condoms while fucking in the anus.
Life is run, it is dance, it is fast, passionate and BAM!, you dance and sing and booze while you can for now is the time and time is mine. Smile and laugh when still can for now is the time and soon you die!
Reason
Profile Blog Joined June 2006
United Kingdom2770 Posts
June 18 2009 05:35 GMT
#10
Nasty processes you got there :o
Speak properly, and in as few words as you can, but always plainly; for the end of speech is not ostentation, but to be understood.
Kentor *
Profile Blog Joined December 2007
United States5784 Posts
Last Edited: 2009-06-18 05:36:38
June 18 2009 05:35 GMT
#11
On June 18 2009 14:31 Mickey wrote:
Show nested quote +
On June 18 2009 14:28 Kentor wrote:
Dude just reformat.

No. I'm fucking sick of people always just saying "Reformat!". Do you know how much a pain in the ass it is, also I've always been a pretty knowledgeable person on ad ware/viruses. My Brother has fucked up the comp tons of tons of times doing dumb shit/looking at porn. I've always fixed the infection. Reformatting is like excepting defeat in my opinion.

God why do I always have stress/shit happened to me. I'm a nice guy!

Well next time put all your shit in another partition different from the OS. You only need at most about 60GB for your OS.
Deleted User 3420
Profile Blog Joined May 2003
24492 Posts
Last Edited: 2009-06-18 05:41:18
June 18 2009 05:38 GMT
#12
Try downloading "trojan defense suite"

u can get a trial of the newest version for free, probably

here

http://tucows.menanet.net/preview/195501.html
jimminy_kriket
Profile Blog Joined February 2007
Canada5499 Posts
June 18 2009 05:40 GMT
#13
Well only advice i can give really is to wait for people on the tech forum you posted at to give you further instructions and in the meantime try running every online scanner known to man. F secure, eset, panda, bitdefender all have good scanners if i recall correctly
life of lively to live to life of full life thx to shield battery
Grobyc
Profile Blog Joined June 2008
Canada18410 Posts
June 18 2009 05:53 GMT
#14
Stop downloading so much porn?

and this:
On June 18 2009 14:34 evanthebouncy! wrote:
I was gonna say why you need to wear condoms while fucking in the anus.

kekeke
If you watch Godzilla backwards it's about a benevolent lizard who helps rebuild a city and then moonwalks into the ocean.
Mickey
Profile Blog Joined July 2005
United States2606 Posts
Last Edited: 2009-06-18 06:00:30
June 18 2009 05:56 GMT
#15
On June 18 2009 14:32 ZoW wrote:
Have you tried combofix?

I'm not really knowledgeable on this software. I've read it in the threads, but I also found out that it can do some damage to your OS if not used properly.

Would you care to explain how it works?
On June 18 2009 14:38 travis wrote:
Try downloading "trojan defense suite"

u can get a trial of the newest version for free, probably

here

http://tucows.menanet.net/preview/195501.html

Thanks will do although this seems really old.
On June 18 2009 14:53 Grobyc wrote:
Stop downloading so much porn?

I don't download porn I'm smarter than that. I stream it on Redtube with adblocker making that window look clean.

Honestly another thing that is bothering me is how I got the trojan to begin with. I have to 2 possibilities. A MP3 I downloaded, or a Antivirus suit torrent I downloaded and ran. I think it was the MP3.

I knew it looked shady. Chains of Love by Erasure is now my least favorite song ever.
Deleted User 3420
Profile Blog Joined May 2003
24492 Posts
June 18 2009 06:00 GMT
#16
It is old, but the trojan/virus lists are up to date afaik

pretty sure it's the best there is
Mickey
Profile Blog Joined July 2005
United States2606 Posts
June 18 2009 06:02 GMT
#17
Travis you are my boy. I owe you man.
Deleted User 3420
Profile Blog Joined May 2003
24492 Posts
June 18 2009 06:07 GMT
#18
did you get it fixed?
glad I could help
MamiyaOtaru
Profile Blog Joined September 2008
United States1687 Posts
Last Edited: 2009-06-18 07:09:40
June 18 2009 07:07 GMT
#19
On June 18 2009 14:56 Mickey wrote:
Honestly another thing that is bothering me is how I got the trojan to begin with. I have to 2 possibilities. A MP3 I downloaded, or a Antivirus suit torrent I downloaded and ran. I think it was the MP3.

Hahaha are you serious? Your choices are a music file and a warezed app suite containing presumably at least one executable, and you suspect the music file??

Admit defeat. Reformat. Once you've been back doored you can never be sure it is gone. That's the nature of rootkits. And next time don't download warez antivirus apps. Wasn't your brother "doing dumb shit" this time.

I mean, it's cool if it seems like Trojan Defense Suite worked, but all the programs you tried previously either couldn't detect or remove something. You can't be %100 sure that TDS got everything, that there isn't something there it couldn't find. I mean if there are no symptoms continue merrily on your way or whatever. Hope you're not part of a botnet.
Etherone
Profile Blog Joined November 2008
United States1898 Posts
June 18 2009 07:34 GMT
#20
TL > tech forums

well for further reference i would love to know how you got rid of it.
1 2 Next All
Please log in or register to reply.
Live Events Refresh
WardiTV Invitational
11:00
WardiTV June Playoffs
ByuN vs MaNaLIVE!
MaxPax vs Solar
Reynor vs Creator
Gerald vs Spirit
WardiTV927
IndyStarCraft 173
Rex144
TKL 144
LiquipediaDiscussion
CranKy Ducklings
10:00
Sea Duckling Open #135
CranKy Ducklings58
LiquipediaDiscussion
[ Submit Event ]
Live Streams
Refresh
StarCraft 2
Lowko267
IndyStarCraft 173
TKL 144
Rex 144
Livibee 96
ProTech72
BRAT_OK 61
trigger 52
MindelVK 12
StarCraft: Brood War
Britney 27263
Sea 7162
Calm 6428
Rain 3433
Horang2 2077
Bisu 1477
Hyuk 796
BeSt 462
Mini 306
Zeus 294
[ Show more ]
Nal_rA 252
Last 227
Light 168
Soulkey 124
Mind 68
ToSsGirL 44
HiyA 25
sSak 25
NaDa 21
ajuk12(nOOB) 15
Noble 11
IntoTheRainbow 8
scan(afreeca) 6
Icarus 3
Dota 2
XcaliburYe538
Counter-Strike
flusha368
allub156
Super Smash Bros
Westballz36
Heroes of the Storm
Khaldor226
Other Games
singsing1816
B2W.Neo606
Happy454
C9.Mang0342
DeMusliM271
Fuzer 246
XaKoH 144
Trikslyr28
FunKaTv 20
Organizations
Dota 2
PGL Dota 2 - Main Stream9006
PGL Dota 2 - Secondary Stream3708
Other Games
gamesdonequick486
StarCraft: Brood War
UltimateBattle 18
CasterMuse 16
StarCraft 2
Blizzard YouTube
StarCraft: Brood War
BSLTrovo
sctven
[ Show 14 non-featured ]
StarCraft 2
• Adnapsc2 7
• AfreecaTV YouTube
• intothetv
• Kozan
• IndyKCrew
• LaughNgamezSOOP
• Migwel
• sooper7s
StarCraft: Brood War
• BSLYoutube
• STPLYoutube
• ZZZeroYoutube
Dota 2
• WagamamaTV260
League of Legends
• Nemesis714
• Stunt627
Upcoming Events
Cheesadelphia
3h 6m
CSO Cup
5h 6m
BSL: ProLeague
6h 6m
Hawk vs UltrA
Sziky vs spx
TerrOr vs JDConan
GSL Code S
20h 6m
Rogue vs herO
Classic vs GuMiho
Sparkling Tuna Cup
22h 6m
WardiTV Qualifier
1d 4h
BSL: ProLeague
1d 6h
Bonyth vs Dewalt
Cross vs Doodle
MadiNho vs Dragon
Replay Cast
1d 12h
Wardi Open
1d 23h
Replay Cast
2 days
[ Show More ]
Replay Cast
2 days
RSL Revival
2 days
Cure vs Percival
ByuN vs Spirit
RSL Revival
3 days
herO vs sOs
Zoun vs Clem
Replay Cast
4 days
The PondCast
4 days
RSL Revival
4 days
Serral vs SHIN
Solar vs Cham
Replay Cast
5 days
RSL Revival
5 days
Reynor vs Scarlett
ShoWTimE vs Classic
uThermal 2v2 Circuit
6 days
Liquipedia Results

Completed

CSL Season 17: Qualifier 2
BGE Stara Zagora 2025
Heroes 10 EU

Ongoing

JPL Season 2
BSL 2v2 Season 3
BSL Season 20
KCM Race Survival 2025 Season 2
NPSL S3
Rose Open S1
CSL 17: 2025 SUMMER
2025 GSL S2
Murky Cup #2
BLAST.tv Austin Major 2025
ESL Impact League Season 7
IEM Dallas 2025
PGL Astana 2025
Asian Champions League '25
BLAST Rivals Spring 2025
MESA Nomadic Masters
CCT Season 2 Global Finals
IEM Melbourne 2025
YaLLa Compass Qatar 2025
PGL Bucharest 2025

Upcoming

Copa Latinoamericana 4
CSLPRO Last Chance 2025
CSLPRO Chat StarLAN 3
K-Championship
SEL Season 2 Championship
Esports World Cup 2025
HSC XXVII
Championship of Russia 2025
BLAST Open Fall 2025
Esports World Cup 2025
BLAST Bounty Fall 2025
BLAST Bounty Fall Qual
IEM Cologne 2025
FISSURE Playground #1
TLPD

1. ByuN
2. TY
3. Dark
4. Solar
5. Stats
6. Nerchio
7. sOs
8. soO
9. INnoVation
10. Elazer
1. Rain
2. Flash
3. EffOrt
4. Last
5. Bisu
6. Soulkey
7. Mini
8. Sharp
Sidebar Settings...

Advertising | Privacy Policy | Terms Of Use | Contact Us

Original banner artwork: Jim Warren
The contents of this webpage are copyright © 2025 TLnet. All Rights Reserved.