Backdoor.Servu Virus - help anyone? 1

[Accessdabbler]

My friend had a virus called IRC/Backdoor.Flood according to AVG6 by Grisoft but I can't find any information about this virus on the internet. I think I've seriously hobbled it but I can't be sure it is gone.

However, after getting this virus under control, AVG6 found ANOTHER virus (after updating the DAT file) and called it Backdoor.Servu (or something like that). Again, I can't find anything out about this one either.

Some of the strange things happening on the system include:

1. No "Windows Update" shortcut on the Start Menu.

2. Going to Windows Update website, it won't show me the available updates available (starts the scan process but is stuck at 0%).

3. IROFFER.EXE program is insistent at running (I believe this is an FTP-type program).

4. Some process called FireDaemon is running.

Anybody with suggestions?

 

[KimberTech]

http://www.firedaemon.com/

Unless you need this running you should dis it.

As far as the windows update problem, if you are using IE6 I have run into this recently .....you may need the service patch. Check it out after you get the trojans dealt with.

Check the following in the windows registry:

HKLM\Software\Microsoft\Windows\CurrentVersionRun "LASS"="C:\\WINDOWS\\JAVA\\TRUSTLIB\\COM\\LASS.exe

HKEY_LOCAL_MACHINE\Software\MicrosoftWindows\CurrentVersion\RunServices

If they exist....delete them.

***Always back up the registry before modifying it.***


Then go to Start, Run, and type
msconfig

Check for anything running that should not be there on the startup tab that refers to anything you are not running.
If you arent sure, post back and we can advise you what is safe to turn off.

REBOOT.

Run AVG again and see if you can repair completely.

The details for the trojan you have described can be found at the link below.

http://securityresponse.symantec.com/avcenter/venc/data/backdoor.irc.flood.html

If you have another virus or trojan listed, you need to identify it exactly so we can direct you as far as removal.

GOOD LUCK!
Kimber

The more I learn,I realize how much more there is to know!

 

[Accessdabbler]

Thanks for the firedaemon link Kimber!

Will try and dismantle FireDaemon ASAP in the morning.

The LASS.EXE program is not there. All of the entries in the RUN key are supposed to be there.

I think FireDaemon is the key program that is running some weird background processes. Hopefully removing it will get the computer back to normal.

However, I don't know how to fix the Windows Update problem. I can't get a list of updates in order to update! I do have SP3 installed. Maybe removing FireDaemon will solve this too, I'll let you know...

 

[KimberTech]

DO let me know for sure.
I have downloaded the service patch for use onsite so if you need it I am sure I can get it to you one way or another.

Look forward to hearing from you....and you are MOST welcome. Kimber

The more I learn,I realize how much more there is to know!

 

[Accessdabbler]

I was able to hobble FireDaemon by moving it and all the other rogue programs to another directory in safe mode. The registry can't find the files now so the daemon has been exorcised.

However, Windows Update still won't proceed. I forgot to mention that other strange things are going on (ie. Running the NetStat command pops up the control panel?).

Anyway, going to give the hard drive an enema and start all over. The worst part is my friend's computer is business computer setup by their IT department. Why they didn't put a firewall and antivirus scanner on the system is beyond my comprehension....

 

[KimberTech]

Sounds like you have a mess.You are probably best off starting from scratch and getting a clean start. If you do have probs with IE (using 6) and the update after you finish let me know and I can get you the patch file.

Careful judging IT departments these days my friend....
It would absolutely blow your mind how many credible companies have non technical people heading up IT. The budgets have been cut so radically, or the equipment deemed non essential, that people who admittedly know very little are setting up?!! and managing company networks. They are quite often people who are already with the company, and are handed the responsibility with non existent paperwork and told to "figure it out" themselves.

I feel for them, because by the time I get to them I have a real mess to clean up, and they are in a lot of hot water.

Those of us who are really technical most of the time can't convince management that these things are necessary. That is to say, until it all messes up and they have no backup or the network gets slammed with a virus.

My only consolation is that they have to pay me to fix it.

Good luck! Kimber

The more I learn,I realize how much more there is to know!

 

[Accessdabbler]

Hmm, you hiring? Need help? I have the urge to fix these computers for hefty fees too....

Thanks for your assistance!

 

[KimberTech]

welcome, anytime.
Nope, not hiring right now....budget cuts ya know..hehe Kimber

The more I learn,I realize how much more there is to know!