Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: What is a backdoor? help

06 Jan 2010   #21
Ryan2320

Windows Seven x64
 
 

I would turn off System Restore...Virus have the potential to store the infected file in the System Restore folder.. Thats why you were getting that Notification from Norton. System Restore restores the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer. Causing the virus or Trojan to reappear, every time it gets removed.

I would run Malwarebytes and see the results. (with System Restore on)
If nothing shows up I would disable System Restore and run the scan again..

Hope this Helps..


My System SpecsSystem Spec
.
06 Jan 2010   #22
Zidane24

Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
 
 

Quote   Quote: Originally Posted by Corrine View Post
It depends on which backdoor trojan is on your computer. There are some that are not easily removed. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. If the trojan is easily removed, keep an eye on any bank/credit card statements. Otherwise, it would be wise to contact those same financial institutions to apprise them of your situation.

As to the Symantec instructions, I do not agree with the recommendation that you disable System Restore. Clean the computer first, then create a fresh restore point and use Disk Cleanup to remove all but the last restore point.

If you have an anti-malware software installed, I suggest updating and scanning with that as well. Follow that up with an on-line scan.

Let us know if you need additional assistance.

Edit: Since you posted while I was composing, before scanning with another software, etc., I suggest you clear Temp Files. A simple program for that is ATF cleaner. The instructions are simple:

Download ATF Cleaner by Atribune from ATF-Cleaner.exe - www.atribune.org . Save it to your Desktop.

Run ATF Cleaner
  • Double-click ATF-Cleaner.exe to run the program.
  • Click Select All found at the bottom of the list.
  • Click the Empty Selected button.
  • Click Exit on the Main menu to close the program.
  • Shutdown/restart the computer.


Follow that with further scans.
I think the reason that it recommended to turn off System Restore is because of the chance that the infected machine takes a current image of itself with the trojan included...you restore back to the last point (the one just made) and you are now in an infinite loop...

Now you could always just restore to an even earlier one but the common user will go for the one made last...

Now that gives me an idea for a rather mean virus...Infect System->Clear All Restore Points->Make necessary registry changes to execute virus->Make a new Restore Point (itself included)->Destroy! Infuriate! Steal!...whatever it is designed to do...
My System SpecsSystem Spec
06 Jan 2010   #23
BWK

 

May suggest a few free ones...If I get hit I always use free online scanners just to make sure I am not missing anything with what I trust and use.
Get a hold of Spybot search and destroy as well and scan your pc. It's free.
The home of Spybot-S&D!
Also get hijackthis and see if anyone here can read the log and help determine your problem area.
HijackThis - Trend Micro USA
My System SpecsSystem Spec
.

06 Jan 2010   #24
Venths

Windows 7 Ultimate x64 SP1
 
 

You can also try Microsoft Security Essentials:

http://www.microsoft.com/Security_Essentials/
My System SpecsSystem Spec
06 Jan 2010   #25
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

In this case, svchost.exe is NOT a system file. This one is located here:
C:\windows\temp\wwbx.tmp\svchost.exe

The 'real' system file is located here: C:\windows\system32\svchost.exe

Run Malwarebytes Anti-Malware as instructed by Corrine.
My System SpecsSystem Spec
06 Jan 2010   #26
Jacee
Microsoft MVP

Windows 7 Ultimate 32bit SP1
 
 

After you have done the above download SpywareBlaster (update it and click on 'enable all protection') ...and SpywareGuard.
Javacool Software

Both applications are free.
My System SpecsSystem Spec
06 Jan 2010   #27
yowanvista

Windows 10 Pro x64, Arch Linux
 
 

I also had this backdoor, it was located in "C:\Users\Username\AppData\Roaming\Microsoft\Windows"
This required manual removal in safe mode
My System SpecsSystem Spec
06 Jan 2010   #28
hackerman1

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

Quote   Quote: Originally Posted by Jacee View Post
In this case, svchost.exe is NOT a system file. This one is located here:
C:\windows\temp\wwbx.tmp\svchost.exe

The 'real' system file is located here: C:\windows\system32\svchost.exe

Run Malwarebytes Anti-Malware as instructed by Corrine.
you are right !

i just read through the thread again, and in yadielfelicianos´s
first post: "the location of the backdoor is windows/tmp/svchost.exe"

but in yadielfelicianos´s post: "what's svchost.exe? is it a virus?"
there was no path mentioned, and i replied to THAT post.
My System SpecsSystem Spec
06 Jan 2010   #29
yadielfeliciano

Windows 7 Ultimate
 
 

Ok, I installed the firewall not the antivirus, I kept norton, and scanned my pc with malware bytes and it detected and removed svchost.exe trojan.backdoor

Edit: O.O Malwarebytes has detected 12 things so far on the second scan\
Edit2: last result
My System SpecsSystem Spec
06 Jan 2010   #30
hackerman1

W7-Enterprise + WS-2008 (Converted to Workstation)
 
 

hi !

do you use both Firewall and Defence+, and which settings ?
My System SpecsSystem Spec
Reply

 What is a backdoor? help




Thread Tools




Similar help and support threads
Thread Forum
Trojan Horse and backdoor.poison
How can i remove this trojan Horse?. I am unable to remove it through avast and malwarebytes. Is there any idea to remove without harming the file system. Please help
System Security
NSA backdoor in window 7
is there a backdoor? http://www.youtube.com/watch?v=VeYdr6P68H4&feature=related
General Discussion
Apple QuickTime backdoor
source..
News


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd

All times are GMT -5. The time now is 15:03.
Twitter Facebook Google+ Seven Forums iOS App Seven Forums Android App