I think I have a working "back door"

Discussion in 'Malware Help (A Specialist Will Reply)' started by dmustane, Feb 20, 2007.

  1. dmustane

    dmustane Private E-2

    I down loaded malware using a bit torrent client. I've seen the zlob trojan on some of my scans. My internet connection disconnects every 5-10 minutes.

    Ive completed the Malware Removal Guide preliminary and secondary clean up and set up procedure. I'm currently in the process of uploading the following logs:

    CounterSpy
    BitDefender
    PandaActiveScan.
    GetRunKey
    ShowNew
    Hijackthis
     

    Attached Files:

    dmustane, Feb 20, 2007
    #1
  2. dmustane

    dmustane Private E-2

    additional logs
     

    Attached Files:

    dmustane, Feb 20, 2007
    #2
  3. dmustane

    dmustane Private E-2

    hijackthis log
     

    Attached Files:

    dmustane, Feb 20, 2007
    #3
  4. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    You did not rename HijackThis.exe as requested in step 7 of the READ ME. You need to do this now so that it is correct for any possible future use.

    Also please do not have Task Manager open when you run HijackThis.

    Note you do not show any obvious signs of malware but I do question one folder.
    The below folder is highly suspicious! What is in this recently created folder?
    C:\Program Files\Common Files\System32

    I do see that you ran SmitRemove and Roguescanfix, so they probably cured your Zlob problems.


    You do need to get Sun Java updated! Uninstall the below old versions of software:
    J2SE Runtime Environment 5.0 Update 2

    Make sure you reboot after uninstalling the above!

    After reboot, now install the current version of Sun Java from: Sun Java Runtime Environment

    Now Copy the bold text below to notepad. Save it as fixME.reg to your desktop. Be sure the "Save as" type is set to "all files" Once you have saved it double click it and allow it to merge with the registry.
    Are you having any current malware symptoms?
     
    chaslang, Feb 21, 2007
    #4
  5. dmustane

    dmustane Private E-2

    Updated hijackthis log

    I attached an updated hijackthis log.

    There was an FTP folder in the:

    C:\Program Files\Common Files\System32

    I deleted the System32 folder.

    I completed the fixme.reg task.

    "Are you having any current malware symptoms?"

    I'm still having the same symptoms, Internet connection (Sprint, Pantech) use to load in about 5 secsonds, now it takes 1-2 minutes. Once logged on to ISP, connection speed shows the same in my connection manager (115 Kbps) but explorer browser working very slow, I see admt, tribulfusion constantly loading with pages as I open them. Browser logs off constantly after a few minutes. So as of now if I want work online. I constantly opening and closing ISP connection software, because when my connection is lost I can't always refresh browser to re-establish conection, sometimes I have to close browser, close ISP connection software and strart over. As of right now I can barely work online. It really suckss
     

    Attached Files:

    dmustane, Feb 21, 2007
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Re: Updated hijackthis log

    I don't see any malware in your logs. I will give you a few other things to do (further down) just to be sure but I suspect your problems are not malware. They may be due to things you are running (i.e, Bigfix is a huge waste of system resources. )

    Not a problem. These are cookies and you will get them on any website including Majorgeeks!

    Sounds like an issue with your ISP connection or software. Have you tried a different browser like FireFox just as an experiment? Have you checked with your ISP to make sure there are no problems in their end? What are you using? Is it DSL?


    Uninstall the Sunbelt CounterSpy trial since we are finished with it now!

    Now try disabling your firewall and see if you still have problems connecting to the internet?

    Now just to did a little deeper (but I don't expect we will find anything), run the below.

    Now please download Blacklight Beta
    • Download blbeta.exe and save it to the Desktop.
    • Once saved... double click blbeta.exe to install the program.
    • Click accept agreement and Click scan
      This app too may fire off a warning from antivirus. Let the driver load.
      Wait for it to finish.
    • If it displays any items...don't do anything with them yet. Just hit exit (close)
    • It will drop a log on Desktop that starts with fsbl....big number
    Please attach the BlackLight log.




    Note: I will be out of town until next Monday evening! So unless another malware helper is around to pick this up, you will have to wait until I return.
     
    chaslang, Feb 21, 2007
    #6
  7. dmustane

    dmustane Private E-2

    Turns out there was an issue with my ISP (billing issue) My connection now seems better than ever. I'm using a cellular broadband card from sprint.
    I appreciate your help.
     
    dmustane, Feb 28, 2007
    #7
  8. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    No problem! Glad I could help!
     
    chaslang, Mar 1, 2007
    #8

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds