Backdoor.Win32.Small.bq on my PC, and help needed

Discussion in 'malware problems & news' started by Elliot, Nov 12, 2004.

Thread Status:
Not open for further replies.
  1. Elliot

    Elliot Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    41
    A backdoor causes some annoying problems to my PC.
    I've been using Windows 2000 Professional with Kaspersky Personal 5.0.142(Standard Base), Zone Alarm Pro 5.1.011.000, and with all Microsoft patches installed.

    That backdoor made my system restart within 1 min just after I logged in. The phenomenon was exactly the same as those infected with the Sasser worm. But I've all the MS patched installed along with KAV and ZA, it couldn't be Sasser. I really didn't know how it sneaked into my computer with KAV and ZA never turned off. Before the computer was forcedly shutdown, KAV reported that C:\WINNT\system32\comsock.dll was infected with Backdoor.Win32.Small.bq but cannot delete it. So I booted Windows into Safe Mode and did a Full Computer Scan with KAV, but nothing was found this time! I updated KAV to Extended Base (before which I was using Standard base of yesterday) and reboot to normal mode. That backdoor back again, and this time before reboot automatically, KAV reported 3 files, which were all Backdoor.Win32.Simple.bq, but still couldn't delete. Again, I rebooted into Safe Mode and did a Full System Scan. This time, KAV found all the 3 files and deleted them (in Safe Mode). Then the whole system seemed to be ok again.

    I wonder how this backdoor sneaked into my system and why it could not be detected under Safe Mode, or maybe this backdoor cannot be fully detected with yesterday's Standard Base?

    At last night, I thought everything was ok, but I was wrong. This morning, after a normal operation for about 1 hour, the whole system began to reboot automatically again. And once more I found this backdoor by Full System Scan in safe mode. I thought there may be some parts of this backdoor still remain in my system and couldn't be detected by Kaspersky (I've adjusted the On-Demand scan level to Maximum Protection). I don't know how I could find them. Or may be they were bounded to some normal exe file.

    Looking forward to your suggestion. Thanks.
    I tried NOD32 also, but nothing could be detected yet.
     
  2. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Can you try following the steps found here: https://www.wilderssecurity.com/showthread.php?t=50662 this should get your system clean again.

    Hope this helps...

    Let us know how you go...

    Cheers :D
     
  3. Elliot

    Elliot Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    41
    Blackspear, thanks for your rapid responce, I'll try.
     
  4. Elliot

    Elliot Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    41
    I wonder why the System Restore should be turned off?
     
  5. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    If an infection gets in System Restore, it generally needs to be turned off in order to clean the system.

    Hope this helps...

    Cheers :D
     
  6. Elliot

    Elliot Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    41
    I've submitted the samples I found in my system to ESET, and they promised an update.

    There must be some backdoors remained in my system, which could not be detected by Kaspersky. Hope ESET would go further.
     
  7. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Have you tried running Ewido Anti-Trojan software?

    Cheers :D
     
  8. Elliot

    Elliot Registered Member

    Joined:
    Nov 5, 2004
    Posts:
    41
    After another KAV Full Clean in Safe Mode (again 2 backdoor/trojan found), my system seems to be ok now.

    I've tried ewido and TDS-3, but nothing was found.

    I'm waiting for the Backdoor.Win32.Small.bq to back again.... Don't know how they sneak into my system.
     
Loading...
Thread Status:
Not open for further replies.