Trojan horse IRC/BackDoor.SdBot2.YLE HELP!!!!!!

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by sunhead, Apr 7, 2007.

  1. sunhead

    sunhead Private E-2

    HI

    I have been reading your forums for months and havent had any problems, but just recently i ran AVG free scan. and it found 2 viruses:

    Trojan horse IRC/BackDoor.SdBot2.YLE (LOCATION BELOW)

    C:WINDOWS\system32\setup_07301.exe

    Trojan horse IRC/BackDoor.SdBot2.YLE (LOCATION BELOW)

    C:\System Volume Information\_restore(E83A72D4-1E39-45D9-8885-07C27492326C)\RP18\A0005189.exe

    these 2 files are currently in my virus vault and it says there infected. but im not sure if they are removed n they seem to come back.

    i run zone alarm firewall n spy bot n have adaware n spywaredocter too. zone alarm security doesnt pick this virus up but avg does too. i have turned of system restore now. but this was after i found this.

    do you want me to post a HI jack this log

    PLEASR HELP!!!!!!! ASAP thank you
     
    sunhead, Apr 7, 2007
    #1
  2. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Hi and Welcome :)

    No we dont want you to post just a hijackthis log, Most people are under the very mistaken misconception that HijackThis is a malware removal tool. It is not! HijackThis is simply a tool that is used to identify browser hijackers and in some cases it will show entries for some malware that is for instance running at startup. All it does is list a few of the thousands of registry keys that exist, and it makes no inferences to whether anything being shown is good or bad. That decision is left a person with significant Windows and malware cleaning experience. HijackThis does not come close to showing all malware that could be hiding on a PC. Anyone who has an infected computer and is relying on HijackThis without the benefit of running other scans such as Spybot, Windows Defender, BitDefender & Panda, CCleaner, etc. are more than likely still infected. In most cases, where there is one virus/trojan there are more. The goal of this forum is to remove all malware, and this cannot be done properly by just seeing a HijackThis log.

    You will need to complete the below guide and attach the requested logs for our malware experts to look over and then post some removal instructions for you.


    Our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments.
    • Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support
    • Make sure you check version numbers and get all updates.
    • Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.
    • After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:
    Downloading, Installing, and Running HijackThis

    Make sure you also rename HijackThis.exe as suggested in the procedures. Use analyse.exe for the new name. This is very important due to some new infections going around.




    • When you return to make your next post, make sure you attach the following logs and that you have run these scans in the following order too:
      • CounterSpy
      • AVG Antispyware log - ONLY IF NEEDED you were not able to run CounterSpy
      • Bitdefender - from step 6
      • Panda Scan - from step 6
      • runkeys.txt - the log from GetRunKey.bat
      • newfiles.txt - the log from ShowNew.bat
      • HijackThis
    NOTE: You can only attach 3 files in a single message so it will require that you use two messages to attach all of these logs!
     
    DavidGP, Apr 7, 2007
    #2
  3. sunhead

    sunhead Private E-2

    can i ask though if both of these are in my virus vault then what do i do with them do i leave them in there(will that affect me) or do i delete them from that vault

    because i just wiped my computer n reinstalled xp again so my hardrive contains hardly anything, i have run scans like ad-aware, spyware docter, avg virus zone alarm spyware n virus n spybot too.

    these are not finding nothing at all.. so if them 2 files are in the avg virus volt am i safe?? or do u want me too still post logs from programs,

    sorry for the trouble
     
    sunhead, Apr 7, 2007
    #3
  4. DavidGP

    DavidGP MajorGeeks Forum Administrator - Grand Pooh-Bah Staff Member

    Delete from vault, once deleted run scans again and yes even run our guide too and if nothing is found then you should be fine, but if you wish one of our experts too look over your logs then they will be happy to do so.

    Only reason I mention running the guide is these days malware comes in multiples, you may get an alert to one or two, but the main malware or trojan will most likely have downloaded some other more sneeky components.

    One is also housed in your System Restore points, but its best to get all clear on malware before turning off System Restore to purge the restore points.


    HEY its no trouble, so never worry about that :)
     
    DavidGP, Apr 7, 2007
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds