Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Backdoor Trojan 1

Status
Not open for further replies.
petermeachem

petermeachem

Programmer
Aug 26, 2000
2,270
GB
I've got a funny file called kb something .dll in c:\winnt\system32 (pc uses nt4 workstation). Avg says this is a backdoor trojan. In fact it says this every time a programme is opened (I've uninstalled the thing, makes the pc difficult to use). It detects it on a scan, but helpfully then says it can't fix it. Trouble is I can't see the file, explorer, file manager, dos window, none can see it. According to what I have read, some files are 'super hidden', and this seems to be one of these. Also according to what I have read super hidden files came in with win2k. I'm supposed to boot to safe mode, then I can see it. The nt4 equivalent is, I think, vga mode, still couldn't see the file. Can't use a dos boot disc as I use ntfs.
Does anyone know how I can rid of this?

 
Sort by date Sort by votes
can you show me where you read this from ?

have you done a online scan for virus ? try:



also you may want to download a software called spysweeper
see if you find anything in your registry
 
Upvote 0 Downvote
If you have the file name and location and you are sure it is one you want to be rid of- I've seen copylock and moveonboot suggested for that situation.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Try sysclean from Trend micro - you will have to also download the lastest pattern file in order to run the program. This along with spybot & adaware clean most things - the stuff they don't clean, they at least make you aware of so that you can search the registry and delete from there
 
Upvote 0 Downvote
I have fould in most system's when looking for bad files booting up in dos ntfsdos or using CMD windows I do a
attrib filename.* /s Files have a had time hiding from dos attrib.
 
Upvote 0 Downvote
Sorry not to reply, I've been busy.
The exact name is, according to avg
Trojan Horse Backdoor Agent.ba

This seems to think they are exaggerating. It does mean I can't use avg as it pops a message up every time you open a programme.

Spybot and adaware don't see it, neither does hijack this, nor attrib and the file is not in the registry. Certainly well hidden.
Trendmicro won't run on my pc. Probably some java thing, IE bombs out.

Look for "Trojan Horse Backdoor Agent.ba" on google, lots of problems. No applicable solutions, they all involve being able to see the file!

 
Upvote 0 Downvote
First I would make a backup in case I made the situation worse.
Then I would look at hijackthis and see if it showed up there and if there were other issues too. I would probably then try hijackthis to fix things. (Would also check hjt log to be sure av sites are not being blocked by host file modifications.)
(As an alternative analysis tool to hijackthis, carrr has suggested bazooka.)
If that didnt work I would look at my situation and look at copylock, moveonboot, killbox, and processview (these are all apps I've seen suggested for recalcitrant file removal) and see if I could use one of those to fix my situation.

Smah has posted several on-line scanners in faq760-3862.
You could try a different one than trendmicro. You could also cross check avg on the individual file with Kaspersky.

This advertises itself as ntfs reader for dos, perhaps it could help in finding the problem.

You could also try the hijackthis scan with newest version 1.98 and see if you have anything in the o20 line

Regards.








-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Instead of trying an online sweep, try downloading a trial version including latest updates, from a a Major AV company, such as Sophos, Trend, etc you may like it so much that you wish to purchase it!
AVG is ok for a freebie, but nowhere near as good as the big boys.

Stu..

Oh course I'll come back at lunchtime. When is it? Oh thats a shame, so's mine.
 
Upvote 0 Downvote
Star for diogenes10 , glass of wine for me.
Found and fixed by hijackthis new version. I can't think why I didn't see it in the registry, loaded in appinit. The file is still there presumably, just not doing anything.

Stu, I've not tried Sophos, but Norton doesn't detect it as a problem. I agree about avg.

 
Upvote 0 Downvote
Thanks Peter. Glad I could help.

-------------------------------------
It's 10 O'Clock ( somewhere! ).
Are your registry and data backed up?
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

BionicJohn
  • Locked
  • Question
URUASY.A Ransomware Trojan - Help needed with removal
Replies
6
Views
197
BionicJohn
BionicJohn
BadBigBen
  • Locked
  • News
Crossplatform Trojan...
Replies
2
Views
126
kjv1611
kjv1611
KornFuse
  • Locked
  • Question
IE browser opening automatically. Registry infected with Trojan; recre 1
2
Replies
22
Views
337
kjv1611
kjv1611
jlockley
  • Locked
  • Question
What's the story behind this malware/virus/trojan/whatever
Replies
7
Views
133
jlockley
jlockley
skihouse
  • Locked
  • Question
Trend Micro Pc-Cillin Trojan
Replies
1
Views
92
BadBigBen
BadBigBen

Part and Inventory Search

Sponsor

Back
Top