Backdoor trojan????

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by Dareal, Dec 21, 2004.

  1. Dareal

    Dareal Private E-2

    I ran my Yahoo Anti Spyware when I noticed popups of screens and couldn't get out. It found a 'backdoor trojan'. I removed it. I scanned a few times and after the third scan it somehow appeared again. I did a system restore, but it still popped up after a few scans. I then went into my files and deleted unknown files from the time I felt I picked up the pest. I would run it 2 or 3 times and it wouldn't come on. BUT after I run Adware 6.0, it would automatically show it! Then if I restarted the computer and didn't run Adware, it wouldn't show it. I downloaded Adware SE which did find malware. But low and behold when I run Yahoo Anti Spyware after running Adware, the 'backdoor trojan' shows up again. Then I deliberately tested to see if it only appears after running Adware. Sure enough when I don't run Adware, it does not show up. As soon as I run Yahoo Spyware after Adware (6.0, SE), the 'backdoor trojan' shows up. It does not show up on Spybot or Norton. This is driving me crazy because I delete it and it is not there until I run Adware, then it says it is there. Could this just be a glitch with the Yahoo Anti Spyware?? What should I do?
     
    Dareal, Dec 21, 2004
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Sounds like a case of false positives. Your Yahoo Anti-Spyware may be detecting items in a quarantine folder. Exactly what file and where is it located.
     
    chaslang, Dec 21, 2004
    #2
  3. Dareal

    Dareal Private E-2

    It won't say where it is. It just says "Backdoor Trojan" C Drive Your Documents...., and then it cuts off. Yahoo Anti Spyware does not give you any real info on what it catches. I restored my system to three weeks ago and have not run adware again. Now, when I run yahoo anti spyware it is fine and nothing pops up. But I am sure that if I run Adware, it would show up right after. The funny thing is, there was nothing quarantined in Adware! Since everything seems ok now, I won't worry. But I have noticed that whenever Yahoo catches something, it always would show that it was still there a few times afterwards and then eventually would go away. What could cause this, and if this was just a false positive, what could cause that if there is nothing quarantined? Could it just show up because it once found it and the name is in some kind of memory bank?
     
    Dareal, Dec 21, 2004
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    If Yahoo does not give better information than that, perhaps it is time for a better anti-spyware/virus tool.

    I would like to see a HijackThis log but first please follow ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    If you already have any of the programs linked in the tutorial please double check your version to make sure you have the latest one and that you have any/all updates for the programs.

    NOTE: In order to resolve the issues you are having it is very important that you at least try to perform all the steps as outlined. If you have any difficulty please post back letting us know what steps you have completed, what you found while doing the scans if anything and details about any problems you have encountered in completing the steps. The more details you can provide the better.


    After doing ALL of the above:

    Make sure you have HijackThis 1.99 and follow the guidelines on where to install it and how to post a log as an attachment. This is all covered in the sticky thread NO HIJACK THIS LOG FILES BEFORE READING THIS: HJT Tutorial & LOG File Posting

    Now post a HijackThis as a .txt file attachment to your message. All running programs should be closed, including your web browser, e-mail. Close before running Hijack This!

    To repeat: Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file. Place it in its own folder, for example C:\Program Files\HJT
     
    chaslang, Dec 22, 2004
    #4

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds