What is a backdoor? help

Page 3 of 5 FirstFirst 12345 LastLast

  1. Posts : 428
    Windows Seven x64
       #21

    I would turn off System Restore...Virus have the potential to store the infected file in the System Restore folder.. Thats why you were getting that Notification from Norton. System Restore restores the files on your computer in case they become damaged. If a virus, worm, or Trojan infects a computer, System Restore may back up the virus, worm, or Trojan on the computer. Causing the virus or Trojan to reappear, every time it gets removed.

    I would run Malwarebytes and see the results. (with System Restore on)
    If nothing shows up I would disable System Restore and run the scan again..

    Hope this Helps..
      My Computer


  2. Posts : 5,807
    Windows 7 Home Premium x64 - Mac OS X 10.6.4 x64
       #22

    Corrine said:
    It depends on which backdoor trojan is on your computer. There are some that are not easily removed. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. If the trojan is easily removed, keep an eye on any bank/credit card statements. Otherwise, it would be wise to contact those same financial institutions to apprise them of your situation.

    As to the Symantec instructions, I do not agree with the recommendation that you disable System Restore. Clean the computer first, then create a fresh restore point and use Disk Cleanup to remove all but the last restore point.

    If you have an anti-malware software installed, I suggest updating and scanning with that as well. Follow that up with an on-line scan.

    Let us know if you need additional assistance.

    Edit: Since you posted while I was composing, before scanning with another software, etc., I suggest you clear Temp Files. A simple program for that is ATF cleaner. The instructions are simple:

    Download ATF Cleaner by Atribune from ATF-Cleaner.exe - www.atribune.org . Save it to your Desktop.

    Run ATF Cleaner
    • Double-click ATF-Cleaner.exe to run the program.
    • Click Select All found at the bottom of the list.
    • Click the Empty Selected button.
    • Click Exit on the Main menu to close the program.
    • Shutdown/restart the computer.



    Follow that with further scans.
    I think the reason that it recommended to turn off System Restore is because of the chance that the infected machine takes a current image of itself with the trojan included...you restore back to the last point (the one just made) and you are now in an infinite loop...

    Now you could always just restore to an even earlier one but the common user will go for the one made last...

    Now that gives me an idea for a rather mean virus...Infect System->Clear All Restore Points->Make necessary registry changes to execute virus->Make a new Restore Point (itself included)->Destroy! Infuriate! Steal!...whatever it is designed to do...
      My Computer


  3. BWK
    Posts : 177
    win7 ultimate x64
       #23

    May suggest a few free ones...If I get hit I always use free online scanners just to make sure I am not missing anything with what I trust and use.
    Get a hold of Spybot search and destroy as well and scan your pc. It's free.
    The home of Spybot-S&D!
    Also get hijackthis and see if anyone here can read the log and help determine your problem area.
    HijackThis - Trend Micro USA
      My Computer


  4. Posts : 385
    Windows 7 Ultimate x64 SP1
       #24

    You can also try Microsoft Security Essentials:

    http://www.microsoft.com/Security_Essentials/
      My Computer


  5. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #25

    In this case, svchost.exe is NOT a system file. This one is located here:
    C:\windows\temp\wwbx.tmp\svchost.exe

    The 'real' system file is located here: C:\windows\system32\svchost.exe

    Run Malwarebytes Anti-Malware as instructed by Corrine.
      My Computer


  6. Posts : 8,608
    Windows 7 Ultimate 32bit SP1
       #26

    After you have done the above download SpywareBlaster (update it and click on 'enable all protection') ...and SpywareGuard.
    Javacool Software

    Both applications are free.
      My Computer


  7. Posts : 8,383
    Windows 10 Pro x64, Arch Linux
       #27

    I also had this backdoor, it was located in "C:\Users\Username\AppData\Roaming\Microsoft\Windows"
    This required manual removal in safe mode
      My Computer


  8. Posts : 759
    W7-Enterprise + WS-2008 (Converted to Workstation)
       #28

    Jacee said:
    In this case, svchost.exe is NOT a system file. This one is located here:
    C:\windows\temp\wwbx.tmp\svchost.exe

    The 'real' system file is located here: C:\windows\system32\svchost.exe

    Run Malwarebytes Anti-Malware as instructed by Corrine.
    you are right !

    i just read through the thread again, and in yadielfelicianos´s
    first post: "the location of the backdoor is windows/tmp/svchost.exe"

    but in yadielfelicianos´s post: "what's svchost.exe? is it a virus?"
    there was no path mentioned, and i replied to THAT post.
      My Computer


  9. Posts : 107
    Windows 7 Ultimate
    Thread Starter
       #29

    Ok, I installed the firewall not the antivirus, I kept norton, and scanned my pc with malware bytes and it detected and removed svchost.exe trojan.backdoor

    Edit: O.O Malwarebytes has detected 12 things so far on the second scan\
    Edit2: last result
      My Computer


  10. Posts : 759
    W7-Enterprise + WS-2008 (Converted to Workstation)
       #30

    hi !

    do you use both Firewall and Defence+, and which settings ?
      My Computer


 
Page 3 of 5 FirstFirst 12345 LastLast

  Related Discussions
Our Sites
Site Links
About Us
Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

© Designer Media Ltd
All times are GMT -5. The time now is 15:26.
Find Us