Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Here's a nasty one - Backdoor.Win32.Aimbot.aj 1

Status
Not open for further replies.
cdogg

cdogg

Technical User
Jul 30, 2001
7,785
US
OS: Windows XP

I'm working on a co-worker's PC and can't get rid of this bad boy. I've done full scans in safe mode with Norton Antivirus 2005, Spybot 1.4, Ad-aware SE, and eTrust PestPatrol 5.0.

All 4 apps are updated and found items that the others didn't. However, this backdoor trojan will not leave. PestPatrol is actually the only one that detects it. It is unable to quarantine or delete it. It says to run another scan after rebooting, which of course has not helped.

From what I've found on the net, it appears to be a bad one to have. But since it's still fairly new (less than 6 months), there's not much out there about manually removing it. Any ideas?

~cdogg
"Insanity: doing the same thing over and over again and expecting different results." - Albert Einstein
[tab][navy]For general rules and guidelines to get better answers, click here:[/navy] faq219-2884
 
Sort by date Sort by votes
Post a hijack this log, I have dealt with this one many times if it is lock.exe?

Make sure that ewido security guard, adwatch in adaware, spybot's teatimer and spysweepers real time protection are disabled and Microsoft's antispyware as they will interfere with the fixes, re-enable them when finished!





put these files throught the killbox, amend the files per hijack this log!

go to add/remove and uninsrall these programmes if there, delte their folders from c;\program files!


SearchMiracle
180Solutions
Maxsearch
Zango
Media Gateway


Download the pocket killbox




Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill.
In the Full Path of File to Delete box, copy and paste each of the following
lines one at a time then click on the button that has the red circle with the
X in the middle after you enter each file. It will ask for confirmation to
delete the file. Click Yes. Continue with that same procedure until you have
copied and pasted all of these in the Paste Full Path of File to Delete box.



Note: It is possible that Killbox will tell you that one or more files do not
exist. If that happens, just continue on with all the files. Be sure you
don't miss any.


c:\xz.bat
C:\windows\system32\lockx.exe

Member of ASAP Alliance of Security Analysis Professionals

under the name khazars
 
Upvote 0 Downvote
Thanks for the suggestion guys, I'll be on site to try them out in the next couple days.

~cdogg
"Insanity: doing the same thing over and over again and expecting different results." - Albert Einstein
[tab][navy]For general rules and guidelines to get better answers, click here:[/navy] faq219-2884
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

iambob
  • Locked
  • Question
Avast Anti-Virus is.. a virus?! 3
Replies
5
Views
284
Oorde
Oorde
shivajiboss
  • Locked
  • Question
I am getting a problem while opening up my windows
Replies
1
Views
260
2ffat
2ffat
2ffat
  • Locked
  • News
Audacity is Spyware?
Replies
2
Views
236
2ffat
2ffat
ChrisOfOz
  • Locked
  • Question
Lenovo startup problem please any ideas? 2
Replies
10
Views
768
Yoko Littner
Yoko Littner
CDIV
  • Locked
  • Question
port 8080 monitoring -Trend micro deep security agent
Replies
0
Views
201
CDIV
CDIV

Part and Inventory Search

Sponsor

Back
Top