Spybot S&D reporting BackOrifice B

Discussion in 'other anti-malware software' started by Manticmeister, Oct 27, 2004.

Thread Status:
Not open for further replies.
  1. Manticmeister

    Manticmeister Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    18
    Hello all,- My copy of Spybot is reporting an "error during scanning," saying that it cannot examine C:\Windows\wininit.ini because it is being used by another process, which it says is BackOrifice B. None of my other scanners reports any problems. I am using McAfee virusscan, Ewido Security Suite, Ad-Aware SE, TDS-3, Bazooka and also running the Sygate Firewall. Spybot does not remove this. Should I regard this report as definitive? I recall that the firewall has reported that "ntoskernal has changed since the last time you used it" a couple of times. My understanding was that BackOrifice was application level malware and I expected that one of these scanners would remove it. Is it a rootkit? Must I now re-install -and if so should I wipe the drive or anything like that?
    Thanks a bunch,
    Manticmeister
     
  2. snowbound

    snowbound Retired Moderator

    Joined:
    Feb 18, 2003
    Posts:
    8,723
    Location:
    The Big Smoke
  3. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
  4. Manticmeister

    Manticmeister Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    18
    Thank you all for responding! I subsequently did another update today (10/27) and downloaded somthing called "advanced detection" routines or some such, and the BackOriface B flag went away. However, I find it strange that the scan routine, which used to take some 17 minutes or so now took only seven. Sure, I de-fragged recently- but it seems strange. Can anyone inform me how to go about checking the integrity of my Spybot updates? For instance, I just went to the home page and there was no mention of the update that I just made on it. No reference to the "advanced detection" business. I have seen references in various places to MD5 checksums and such, but I don't know how to use them really. Does anyone know of a tutorial regarding them? Again, thanks to all for responding.
    Manticmeister
     
  5. Tassie_Devils

    Tassie_Devils Global Moderator

    Joined:
    May 8, 2002
    Posts:
    2,514
    Location:
    State Queensland, Australia
    Hi Manticmeister

    I only updated new defs a few mins ago myself and did a full scan, it used to take around 10 mins but only took around 4-5 now, it sure seems to have speeded up I also reckon like you. :)

    So, I think it's probably correct. :doubt:

    Cheers, TAS
     
  6. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    what ever the update did it sure shortened up the scan time.
     
  7. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    I was worried about the 'Advanced detection library' update I have just downloaded as it was dated 14.10.04. Thankfully I have found this post as when I ddin't see it in updates I thought something had gone wrong with my install of Spybot :rolleyes: I haven't scanned as yet but so relieved the update was genuine.
     
  8. scott lang

    scott lang Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    211
    Location:
    claremore,ok
    also go to major geeks and get the last version of spybot. you have to have 1.3 already installed the download is for 1.3.1 TX the final one. it has updated configurations for the dso exploits i kept getting. i'd remove them and they just came back. was given the link info from pcpitstop. it fixed my dso exploits. i only mention this cause it was mentioned about spybot updates. oh, and dont worry, after you down load it just click it to install like you normally would, and it installs right over the 1.3 version therefore updating 1.3 to 1.3.1 TX after install go to the immunize and immunize it should have a few more ones to guard against. make sure you immunize first. then run your scans, if your updates are already current.
     
  9. Robyn

    Robyn Registered Member

    Joined:
    Feb 1, 2004
    Posts:
    1,189
    Thanks scott I downloaded and installed the one from Major Geeks when it was issued but I appreciate the reminder and the fact that immunisation was necessary after the update ;) thanks again.
     
  10. Manticmeister

    Manticmeister Registered Member

    Joined:
    Apr 16, 2004
    Posts:
    18
    Thanks to all again for your responses. I feel better about the radically shortened scan time knowing that others are experiencing the same thing. Additionally, don't make the mistake I did of un-installing your old Spybot before installing the update to 1.3.1 TX. Had to use GoBack to straighten that out. Although no one has mentioned it, I still wonder if there is a method to check the validity/integrity of downloaded updates. I did stumble across a freeware MD5 checksum program today at www.2BrightSparks.com. I haven't checked it out yet but I think I'll add it or something similar to my defense arsenal.
    Manticmeister
     
  11. scott lang

    scott lang Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    211
    Location:
    claremore,ok
    i had told someone else in another thread about the 1.3.1 TX version and told them it installed right over the old 1.3 guess i forgot to say it here. sorry. might of saved you a bito hassel.
     
Thread Status:
Not open for further replies.