Backdoor_CDZ

Discussion in 'Malware Help (A Specialist Will Reply)' started by c145hoo, May 30, 2005.

  1. c145hoo

    c145hoo Private E-2

    Hi, on Windows XP I have Backdoor_cdz which is infecting the internet connection 'SVCHOST' and deleting the connection.
    I acn't get on the internet long enough to download the software to proceed through the four stages before logging an issue.

    Windows System Restore won't allow a restore back to a previous point, which indicates that the registry is naff or being blocked from being replaced by 'backdoor' Can I reame the registry from a .exe to a .com extension and then run Registry Restore to cure the virus?

    Alternatively, the anti virus software and scans all find the error in SVCHOST.exe and delete the file, but it just comes back next time the internet connection is recreated, indicating that ''backdoor' is hiding in the registry. Advice appreciated so I can follow the steps outlined in how to clear the virus - preferably without having to completely restore the system
    Thanks
     
    c145hoo, May 30, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Note that depending on your OS and where the file is running from, svchost.exe can be a valid process. It should normally be in c:\windows\system32\svchost.exe or possibly c:\winnt\system32\svchost.exe

    Please follow the steps below:

    - Run ALL the steps in this Sticky thread READ ME FIRST BEFORE ASKING FOR SUPPORT: Basic Spyware, Trojan And Virus Removal

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.

    After doing ALL of the above you still have a problem:

    - Download HijackThis 1.99.1

    - Unzip the hijackthis.exe file to a folder you create named C:\Program Files\HJT

    - Do NOT run Hijack This from the Desktop, a temp folder, or a sub-folder of C:\Documents and Settings, or choose to run it directly from the downloaded ZIP file.

    - Before running HijackThis: You must close each of the following:your web browser, e-mail client, instant messenger, and programs like notepad, wordpad, MS Word etc. And any other unnecessary running programs.

    - Run HijackThis and save your log file.

    - Post your log as an ATTACHMENT to your next message. (Do NOT copy/paste the log into your post).
     
    chaslang, May 30, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds