HackTool Shutdown.A

On a weekly basis I always use on-line scanners to double check my resident protection for viruses etc. When using E-Trust today it was reporting that I have something called "HackTool/Shutdown.A". I have scanned with my updated Trend resident, and used all the on line others such as Symantec, Panda, A2 Sq, and all show everythings clean. Spybot and AdWare Se all show clean as well as CW Shredder. All appears well but am not happy with the report from E-Trust. Of course I have done all that one should do first before posting here as per the instructions for removals listed in the start of the Forum, and found nothing.
Still I am always concerned when I do not have a squeeky clean report all around from secondary scanners.
Question is, is there any info to manually check for and remove this "HackTool/Shutdown.A". Its supposed to be a hacking tool that came out on June 22nd this year, and manifests itself by port scanning...launching denial of service attacks...mass e-mailings, etc.
I would like to find out if anyone has info on where this may sit in the registry or otherwise to verify and remove if its is in fact here.

 

Hello Chaslang,
Yes I ran all that was available, and only the E-Trust showed this "Shutdown.A". I have again run E-Trust today and for the first time the virus has not shown to be present. Very strange as no scanners reported finding and removing anything at all. As for you wanting to see the report here is what it says:
Common Name: Shutdown.A
Technical Name: HackTool/Shutdown.A
Threat Level: Low
Alias: Reboot-AD
Type: Hacking Tool
Effects: It allows to carry out dangerous actions for the victims of attacks.
Affected Platforms: Windows 2003/XP/2000/NT/ME/98/95.
First Detected: June 22, 2004
In Curculation: No
Brief Description: Shutdown.A is a hacking tool. THese programs allow hackers to carry out any of the following actions: port scanning, launching denial of service attacks, mass mailing of e-mail messages, Etc.

Anyway, it no longer appears to be here even though I have done nothing to remove it. That also concerns me. If I had info that would allow me to manually check in the reg to verify its presence that I could confirm if it still resides or not. All very strange if you ask me. Question is, am I clear or do I have something hiding?

 

Thanks for all your help Chaslang,
I will go through the drill one more time to be sure. Maybe you are right and the computer required a restart to finish clearing. If anything is found after the second look over I will post back here shortly.
Thanks Again....

 

Re: HackTool/Shutdown.A - EWIDO Security Suite should be able to remove this.

PP

 

Well, I ran through the whole scan deal one more time all in safe mode. Shocked to find that this time a virus called IRC.Flood came up, but no sign of Hacktool/shutdown.A anywhere. This IRC.Flood thing was around last year, yet the updated scanners still do not stop its arrival. That sucks

So all scans have been completed as follows:
Bit Defender, RAV, E-Trust, Symantec, Trend Micro resident on computer, Panda, A2-Squared, Stinger, AdWare SE, Spybot, and CW Shredder.
Am I safe to think that what was found this time is all cleaned up?? I am hoping so, or do I need to do it all over again one more time to triple check?
Thanks Again....

 

Hello Chaslang,
Well, I have run through the full list of what is posted to do...four times...in safe mode. Each time the results are the same. So, nothing is being cleaned at all as the results never vary. I want to do the HiJack posting to you but cannot figure out how to post the file as an attachment. Dumb question but can you tell me how to do it so I may have you review my log.
Thanks for being patient......Ace

 

Hello Chaslang,
I watch the board often and see that you must be going crazy just trying to keep up with all the traffic in this Forum. I don't know how you do it all. Anyway, thanks for helping me to post my Hijack file. I have it saved under programs in its own folder just as you specify in the instructions.
Anyway, please have a look at your convenience. I am only experiencing isssues with the computer slowing down from time to time, which is not too critical at this point, only annoying, so I can hang in there until you get a chance to look things over.
Geeks Rule

 

Hello Chaslang,
Nice to here that I am clean. I am experiencing internet slowdowns only, so I will place a call in to my cable provider to see whats going on. Still puzzled me as to why I cannot achieve a clean bill of health from RAV or Bit Defender. Wonder what gives with that

I am on a cable modum system running through a Linksys router for the firewall. If I do not need this Proxy Server setting I am willing to delete it. I just don't know if I need it or not. Can you help with that question?? Is this port a risk??

Look forward to hearing from you

Ace

 

Hello Chaslang,
Here are my two reports, one from RAV and one from Bit Defender. I recieve the same conclusions every time I do the scans. You would think that you should get a clean report after the second scan, but I am not. Both scanners report the same conclusions after a second scan and even a third scan. Hope you can help me figure it out, I am stumped.

Also my browser is starting to act up. IE will not fully open a second window when surfing. Example, when I go to a site and click a link that opens another window, it will always come up reduced. It always came up full screen before today. I have changed nothing to my knowledge so I am confused.

I will delete the Proxy Server if advised to do so. I have no idea if I need it or not. How do I determine if I need it?

Thanks...Ace

 

Hello Chaslang,
I guess I was misunderstanding the reports. Stupid me Anyway, I have followed the instructions and went in manually to remove the file in safe mode. That appears to have done the trick. CCleaner would not get it out, even in safe mode. I did run everything in READ ME in safe mode to the letter but I guess this one was not giving it up. Just for info purposes I ran the following in the typed order in safe mode:
CCleaner, Adware SE, Spybot, Stinger, CW Shredder, Kill2me, BitDefender, RAV. I ran them a total of 4 times and still could not get to the problem. I do not get how you knew where to look for that file but it worked. You are a virus killing master. My hats off to you. I have no idea where the original issue with this HackTool thing went to but it served to lead us to this Flood.exe and take care of business. I think everything is squeeky clean at this moment.

One final question. I am willing to delete the Proxy Server, however I have no idea if I need it or not. How do I determine if I need it? I know, stupid question but I have to ask and learn.
Thanks for being so patient...Ace

 

Thanks for everything Chaslang.
All is well at this end with no sign of any infections. I used Hijack This to repair the RO line you have highlighted and have had no adverse effects at all. So I would say this issue and thread is closed.
Another successful virus kill to add to your belt and another happy fellow Geek goes on his way.
Again, thanks for your time, patience and skills, they are very very much appreciated.

Ace.