Problems. problems.

Discussion in 'malware problems & news' started by tigerbiter, Aug 19, 2006.

Thread Status:
Not open for further replies.
  1. tigerbiter

    tigerbiter Registered Member

    Jul 18, 2006
    Hello. My name is Jerry Cass.

    I installed a new 80 GB hard drive and installed W2KPro on it, and added the SP2 update on my Compac Presario, with a 1.19 GHz CPU and 128 MG of RAM.

    Ewido found this:
    C:\WINNT\system32\newexe.exe -> Backdoor.Rbot.aeu,
    and ALL the following IN THE SAME DIRECTORY:
    eraseme_01787.exe -> Backdoor.SdBot.qm
    eraseme_30426.exe -> Backdoor.SdBot.qm
    eraseme_54821.exe -> Backdoor.SdBot.qm
    eraseme_67564.exe -> Backdoor.SdBot.qm
    eraseme_67681.exe -> Backdoor.SdBot.qm
    eraseme_73278.exe -> Backdoor.SdBot.qm
    eraseme_78107.exe -> Backdoor.SdBot.qm
    eraseme_80162.exe -> Backdoor.SdBot.qm

    and. in C:\WINNT\system\
    svchost.exe -> Backdoor.SdBot.qm
    svchost.exe_tobedeleted -> Backdoor.SdBot.qm
    All were cleaned with backup (quarantined).

    C:\WINNT\system32\porky.pig -> Proxy.Ranky : Cleaned with backup (quarantined).
    "Porky.pig", is a file that I renamed from "105.tmp", so it would quit loading.

    In safe mode, McAfee AVERT Stinger Version 2.6.0. found these:
    Found the W32/Sdbot.worm!ftp virus. It has been deleted.

    Found the W32/Nachi!tftpd virus. It has been deleted.

    Found the W32/Sdbot.worm.gen virus. It has been deleted.

    Found the W32/Sdbot.worm.gen virus. It has been deleted.

    Found the W32/Sdbot.worm.gen virus. It has been deleted.

    Trend Micro VSCAN found:
    Success Clean [ WORM_SDBOT.RD]( 1) from C:\Winnt\system32\eraseme_30037.exe

    Adaware found Alexa

    Spybot S&D found:

    --- Report generated: 2006-08-16 16:13 ---

    Smitfraud-C.: Executable (File, fixing failed)

    Microsoft.WindowsSecurityCenter_disabled: Settings (Registry change, fixed)

    Windows Security Center.SP2Update: Settings (Registry change, fixed)

    Windows Security Center.AntiVirusOverride: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride!=dword:0

    Windows Security Center.FirewallDisabled: Settings (Registry change, fixed)

    Windows Security Center.FirewallDisabled: Settings (Registry change, fixed)

    Windows Security Center.FirewallDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify!=dword:0

    Windows Security Center.FirewallOverride: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride!=dword:0

    Windows Security Center.AntiVirusDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify!=dword:0

    Windows Security Center.UpdateDisableNotify: Settings (Registry change, fixed)
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify!=dword:0

    Alexa Related: Link (Replace file, fixed)

    --- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

    Now, I keep running into Sygate32.exe viruses, which AVG says that it has healed, when I tell it to.

    I downloaded a new Zone Alarm (Free) and it caused my system to crash when I connected to my dialup ISP, so I uninstalled it, until I could find the reason.

    (After seeing what S&D found in my registry, I can see why it behaved that way.)

    SpybotS&D keeps finding Smitfraud-C
    I can't seem to shake it off.

    Any help will be appreciated.
    Thank you for reading this.
    Last edited: Aug 22, 2006
Thread Status:
Not open for further replies.