URGENT: irc/backdoor.sbdot

Discussion in 'malware problems & news' started by pin, Nov 5, 2002.

Thread Status:
Not open for further replies.
  1. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    i need some info on this trojan. any help would be appreciated!
     
    pin, Nov 5, 2002
    #1
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Is your listing a possible typo? Would it be Backdoor.sdbot

    http://securityresponse.symantec.com/avcenter/venc/data/backdoor.sdbot.html

    Regards
    CrazyM
     
    CrazyM, Nov 5, 2002
    #2
  3. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    my friend detected this in AVG with the slash and everything, so it's probably an AVG specific name.

    thanks for the link so quickly, i am thankful.

    he found a strange file ms_vxd (not sure of extension), and he got rid of it. no idea if it's related. and he cleaned some stuff in his registry.

    apparently he detected that he DOSing his university mail server (?). i told him to run tds3.
     
    pin, Nov 5, 2002
    #3
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Was your friend running a firewall that detected and blocked this outbound traffic to the mail server?

    Your suggesting they run TDS3 was a good one and it should find anything suspicious.

    Regards
    CrazyM
     
    CrazyM, Nov 5, 2002
    #4
  5. snowy

    snowy Guest

    Pin

    I am not absolute certain.....perhaps CM could comment further....however..that particular trogan may infect the system restore feature.....an therefore hang around even once its been cleaned........TDS may well detect/clean all of it.
    normally I don't comment on this subject....so please excuse me if I am in-correct.

    snowman
     
    snowy, Nov 5, 2002
    #5
  6. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    he's not even sure his firewall was running. but sounds like no.

    he also found a file RAT.Net-Devil 1.4b from tds
     
    pin, Nov 5, 2002
    #6
  7. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Sounds like he has his work cut out for him cleaning his system. Trojans are not my area of expertise, but as snowman commented, hopefully TDS will clean it all. Hopefully someone more familiar with these particular trojans will jump in with further suggestions. You may want to suggest he check some of the online sites for removal tools and/or manual removal instructions (registry keys).

    As for the firewall, your friend may want to check and make sure it has not been corrupted in anyway by these trojans and is functioning properly.

    Regards
    CrazyM
     
    CrazyM, Nov 5, 2002
    #7
  8. snowy

    snowy Guest

    Note: BitDefender (anti-virus) offers several free anti-virus programs for messengers..irc....etc.........I've no idea of their abilities regarding prevent since I never used the products.....but sure would be worth looking into for anyone using such programs.......an the price is right....hey,,,may even clean the trogan mentioned.


    snowman
     
    snowy, Nov 5, 2002
    #8
  9. pin

    pin Registered Member

    Joined:
    Nov 4, 2002
    Posts:
    116
    thx for all the help. i have given him the advice presented here.
     
    pin, Nov 5, 2002
    #9
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...