Jump to content

Recommended Posts

Hello evryone, this is my first post and I am just looking some help. I recently ran Malwarebytes and it found 4 references to Backdoor.bot, can you please tell me what I should do in regards to these? I'm not a computer whizz or anything, but hope that you may be able to help. These are in the Malwarebytes quarantine, but if I restart and run again they are detected. Here's the log...

Malwarebytes' Anti-Malware 1.39

Database version: 2421

Windows 5.1.2600 Service Pack 3

21/07/2009 19:52:45

mbam-log-2009-07-21 (19-52-45).txt

Scan type: Quick Scan

Objects scanned: 109599

Time elapsed: 7 minute(s), 14 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 4

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.

HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Should I be worried about these or what shoudl I do about them? Just I've read that other software uses bots so maybe they are OK?

All help greatly appreciated.

Cheers,

ZenZen

Link to post
Share on other sites

You had a Zbot infection in the past , these are the markers for it .

There are no other signs of the infection so just remove them and you are done .

Cheers for your quick reply, I'll just delete what's in quarantine then and take it from there! Thanks was quicker than lightning! :)

One other thing, I am currently running A-Squared and it has picked up C:\APPS\IWF\IWF-Presentation.exe as a Trojan, any ideas what this is as I have googled it and it seems to eb related to software?

Thanks again nosirrah for your help!

Regards,

ZenZen

Link to post
Share on other sites

Hi again, I'm unsure how to do that in regards to zipping the file?

I went to the location of the file as A-Squared has detected it twice and it seems to be a software program which possibly was on the computer form new. It is IWF-Presentation by Synectics Solutions. A-Squared has detected two traces of it as a Trojan.Win32.VB!IK

Sorry I'm not sure how to upload for you.

ZenZen

Link to post
Share on other sites

Hi Yardbord and Nossirah, sorry I didnt get to read your last posts and reply before now. In an update, Malwarebytes log is completely clear now after deleting all in quarantine. In regards to the IWF-Presentation.exe, this I eventually got rid of by using Revo Uninstaller's Hunter Mode. I think this is a preloaded package that was on the computer and to do with internet security or something from reading up on Google. It has now disappeared and a re-run of A-Squared didnt detect anything. There was no uninstall via the Control Panel or via the IWF desktop icon, so I just used Revo, which has worked. I dont know if the IWF was harmful, or just that A-Squared didnt like it, but anyhow, I never used it or knew what it was so it's gone and everything still working fine.

Again sorry I didnt get a zipped folder after you had asked, just I went full steam ahead to get rid of it before checking back, so please accept my apologies.

The desktop Icon for the IWF can be seen here: http://iwf-internet-safety-presentation.so...e.informer.com/

Looks like a globe inside a lifebuoy ring, no way of uninstalling it however except by using Revo or Killbox.

Thanks again,

ZenZen ;)

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.