Backdoored

Discussion in 'malware problems & news' started by FukenFooser 007.5, Dec 21, 2003.

Thread Status:
Not open for further replies.
  1. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    o_O :'( :mad:
    HELP, I think I've been backdoored. I can't get to my two most used Email's (Hotmail's). I DLed "avast" and it found "Win95:Matyas". A search on internet showed me it is a backdoor. A search on my system only showed me it in temp (deleted) & the internet search. Were did "avast" put it? Do most antiV's start a file to lock up stuff that look's something like "$_____$" using the ($) ? there seem's to be a bunch of them in "WINDOWS" and are blue letters? I'm in the deep end again and feeling like I'm drowning. I could try to post anything that might me of help for "TEAM Wilders" to look at, If you are able to explane how to do it that is.
    Please take a look @ and give me a helping hand here. I would like to get to hotmail.

    Happy holiday to all regaurdless.!
    ff
     
  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi FukenFooser 007.5,

    Have a look at this thread for the files you are describing:
    http://www.wilderssecurity.com/showthread.php?t=17919

    As for the Hotmail problem, did you install any Windows updates just before this started?

    Regards,

    Pieter
     
  3. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Thanks Pieter
    This what i get trying to get to Email. And no updates my system seems to be unreconized by microsoft for some reason.
    "The New MSN Hotmail is Here!

    Mail, Calendar and Contacts together--learn about the great new changes to Hotmail.




    .NET Passport Unavailable at This Site Help


    The .NET Passport service is currently unavailable at this Web site for one of these reasons:


    • The site may contain an error or be experiencing a problem that affects the .NET Passport service.
    • The site may not be an official .NET Passport-participating site.


    You can:


    • Return to this site later and try to sign in or register again.
    • Sign in or register for a .NET Passport at another .NET Passport participating site. .NET Passport Site Directory "
     
  4. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,332
    Location:
    Netherlands
    Hi FukenFooser 007.5,

    Are you using anything that blocks akamai servers in any way?
    A hosts file or any other means of blocking ads?

    Regards,

    Pieter
     
  5. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Running=
    AntiVir
    ZoneAlarm
    avast
    avast (VRDB)
    AVG (when not Using avast)
    eScan toolkit ( sometimes as an extra test)
    In the last week or so something has crashed and/or
    locked-up each of my Anti-Virus's
    Trying avast now with simular results, "can't seem to finish a scan", and show's "currant scanner status: Infected"
    scan before this showed "Win95:Matyas"
    In "C:\WINDOWS\system32\ActiveScan\PAV.NEW"
    This scan = "C:\SystemVolume Information\_restore{0733930d-1904-46AF-AD3F-169573900B37}\RP65\A0018876.NEW"
    Just about has me locked off-line now?
    Any ideas
    Am going to reboot and shut down all and check again.
    thanks again
    ff

    (PS: "AntiVir", show's other scanners test for the "NewLove" as a Virus if left on while using other scanner. For Everybodies Info. !)
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    I got those exact same messages two days ago while useing blackdiamond firebird. I went right back to hotmail useing opera 7.50 and it worked fine, so i went back useing firebird and it worked fine that time. I wonder if the server they use might be experiencing some problems o_O
     
  7. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    o_O
    Could check Email from brothers puter in next room no problem! All scans now show clean?
    After turning all in the "tools" (internet) back to default, I can again check my Email'so_O?
    Did have to uninstall and reinstall Zone again today??

    Darn "Elf's" all caught up for Santa and just messing with me maybe?

    Still feel's like something running in back-ground, I do a lot of what I call "heating things up", multi-tasking so to say. And it's not letting me do the normal things I usually do (together)o_O?
    Like = playing ms media player (music)
    while DL ing from "winMX"
    And Kicking some major BOT behinds (masterful) on "Unreal tournament"
    System can still do it but I see some lag's in the 3D that arn't supposed to be there. o_Oo_Oo_Oo_O?

    Is my system just getting old or worn out maybe? (Have killed the HD already)o_Oo_Oo_O

    Happy Holidays to ALL


    ff
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    \ActiveScan\PAV.NEW = Panda Antivirus ?

    This is notorious for causing false alarms due to cross database scanning. One AV finds signatures in another AV's database. This shoud be ignored of course, so I would say you were never infected with that virus
     
  9. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    Merry X-mas.
    Thanks for the opinion.
    I do know the diff. between false pos and an AntiV getting shut down and turned off while trying to update it.
    Infected maybe not backdoored? that is a diff subject.
    After an os repair a month or so ago my os is now unreconized by the M$ update page? Any thoughts here?
    Just try to re-repair the os and pray?
    I am willing to try any thing that sounds allmost reasionable.

    HoHo 2 all

    ff
     
  10. controler

    controler Guest

    Hello

    On some of the Athlon - Asus systems I have installed Windows XP Pro on, I have seen the same thing. You can't updates Windows.
    What I found was the date was way off on the computers after installing XP. In once case it was the year 65000 lol .
    If your computer date is wrong, Windows Update will not work either.
    Just a hint :D

    con
     
  11. spy1

    spy1 Registered Member

    Joined:
    Dec 29, 2002
    Posts:
    3,139
    Location:
    Clover, SC
  12. FukenFooser 007.5

    FukenFooser 007.5 Registered Member

    Joined:
    Sep 28, 2003
    Posts:
    118
    Location:
    High Mnt West. Idaho
    :oops:

    I finly figured it out!!
    I had moved the cookie bocking slide bar in windows up to high.
    At least when I lower'd it down two spots, I could finaly get back into Emails.

    So sorry for my stupid questions.

    And got tired of windows not up-dating and also had a bunch of bad files errors in OS. when putting the "REAL" disc back in it reported wrong disc. Tried a few copies, not work either.
    Reinstall windows and am back to the resetting up (again).

    Also got a VIRUS report!
    1-2-04
    virus = "Suela-1042"
    "C:\WINDOWS\MEMORY.DMP"

    don't remember what found it.
    I do think that the DMP is a trash can dump. But I never have it right and don't know much. Darn activation told me "Over the limit"
    So I had to borrow a cell phone and confuse the computerized answering machine @ M$ untill I could tell a human what a joke this was and get it reactivated. If they had a better product I wouldn't have gone over their "limit" so easly. (Am sure I would get there with my skills anyway).


    All scans were clean after first report about virus.
    Have yet to scan again.

    Thanks
    ff

    :cool:
     
Loading...
Thread Status:
Not open for further replies.