Jump to content

backdoor.bot and quarantine error code 2


Recommended Posts

After installing a freeware program, malwarebytes pro (1.70.0.1100) informed me that it put backdoor.bot in quarantine twice, after failing to do so (error code 2):

2013/01/20 01:35:55

Detection c:\program files (x86) \zip password finder\recover.exe backdoor.bot quarantine

2013/01/20 01:38:18

Detection c:\program files (x86) \zip password finder\recover.exe backdoor.bot quarantine

2013/01/20 01:18

Error Quarantine failed: SDKQurantine failed with error code 2

Being unsure if the trojan got through due to the error, I took additional steps. Do I need to do anything else? Why was the trojan detected twice, or were there two trojans in the named file? How do I know if the trojan was quarantined before it did any damage? Should I delete the trojan or leave it in quarantine? Do I need to run combofix too?

Here are the steps I've taken si far:

I manually deleted the freeware program that contained the trojan along with a registry key containing the program's name as well as start menu links to the program.

A search of my registry didn't turn up a key with the string "backdoor."

A quick scan with malwarebytes reported no threats.

A quick scan with GMER turned up a suspicious file, which I think it a safe intel process, based on this from http://www.runscanne...Client.exe.html

"Privacyiconclient.exe with description Intel® Management and Security Status is a process file from company Intel Corporation belonging to product Intel® Management and Security Status. The file is digitally signed from Intel Corporation - VeriSign Time Stamping Services Signer - G2 We do not recommend removing digitally signed files from Intel Corporation"

I've attached the GMER log, but only the above file was marked suspicious, if I'm reading it correctly.

I ran AVG's anti-rootkit scan and it found no problems. I scanned my C: drive with AVG and it found no problems there.

I scanned with Avast's aswMBR but can't interpret the log, which I've also attached. It gave me a choice of fixing the MBR but I'm reluctant to do that w/o knowing what will be fixed. I'm guessing it's the "disk 0 unknown mbr code" but I've read that these custom codes are not always malicious and the other scans turned up no problems. If someone can interpret the log, I'd appreciate it.

I scanned with Sophos Virus Removal Tool, which found no threats.

I checked running processes and didn't find backdoor.bot.

Thanks for any help and advice.

Ellen

aswMBR.txt

GMER Log after backdoor.bot quarantined.txt

Link to post
Share on other sites

Hello ellentk,

Let me suggest, if you're an MBAM customer, you contact the consumer help desk here.

If you are in an organization or a corporate customer, contact Corporate Support for assistance.

Otherwise, Please print out, read and follow the directions here, skipping any steps you are unable to complete.

Please Copy & Paste the contents of MBAM scan log & the DDS logs

Always do a Copy & paste of report contents ...placing them Inline within main body of reply box.

IF your system is infected, one does not want to be downloading your files.

So, also, put copies of aswMBR & Gmer log inline. You may use a separate reply per each log.

What "freeware" program did you get? from where ?

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.