ZenZen Posted July 21, 2009 ID:101040 Share Posted July 21, 2009 Hello evryone, this is my first post and I am just looking some help. I recently ran Malwarebytes and it found 4 references to Backdoor.bot, can you please tell me what I should do in regards to these? I'm not a computer whizz or anything, but hope that you may be able to help. These are in the Malwarebytes quarantine, but if I restart and run again they are detected. Here's the log...Malwarebytes' Anti-Malware 1.39Database version: 2421Windows 5.1.2600 Service Pack 321/07/2009 19:52:45mbam-log-2009-07-21 (19-52-45).txtScan type: Quick ScanObjects scanned: 109599Time elapsed: 7 minute(s), 14 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 4Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{19127ad2-394b-70f5-c650-b97867baa1f7} (Backdoor.Bot) -> Quarantined and deleted successfully.HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\{43bf8cd1-c5d5-2230-7bb2-98f22c2b7dc6} (Backdoor.Bot) -> Quarantined and deleted successfully.Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Should I be worried about these or what shoudl I do about them? Just I've read that other software uses bots so maybe they are OK?All help greatly appreciated.Cheers,ZenZen Link to post Share on other sites More sharing options...
nosirrah Posted July 21, 2009 ID:101041 Share Posted July 21, 2009 You had a Zbot infection in the past , these are the markers for it .There are no other signs of the infection so just remove them and you are done . Link to post Share on other sites More sharing options...
ZenZen Posted July 21, 2009 Author ID:101043 Share Posted July 21, 2009 You had a Zbot infection in the past , these are the markers for it .There are no other signs of the infection so just remove them and you are done .Cheers for your quick reply, I'll just delete what's in quarantine then and take it from there! Thanks was quicker than lightning! One other thing, I am currently running A-Squared and it has picked up C:\APPS\IWF\IWF-Presentation.exe as a Trojan, any ideas what this is as I have googled it and it seems to eb related to software?Thanks again nosirrah for your help!Regards,ZenZen Link to post Share on other sites More sharing options...
nosirrah Posted July 21, 2009 ID:101044 Share Posted July 21, 2009 Zip and attach IWF-Presentation.exe here if you can so I can look at it .If the zip is to large you can use virustotal.com to do a quick check on the file . Link to post Share on other sites More sharing options...
ZenZen Posted July 21, 2009 Author ID:101047 Share Posted July 21, 2009 Hi again, I'm unsure how to do that in regards to zipping the file?I went to the location of the file as A-Squared has detected it twice and it seems to be a software program which possibly was on the computer form new. It is IWF-Presentation by Synectics Solutions. A-Squared has detected two traces of it as a Trojan.Win32.VB!IKSorry I'm not sure how to upload for you. ZenZen Link to post Share on other sites More sharing options...
yardbird Posted July 21, 2009 ID:101090 Share Posted July 21, 2009 Try to zip it, with winzip and send it here: if you save it to the desktop, browse the desktop http://uploads.malwarebytes.org/ Link to post Share on other sites More sharing options...
yardbird Posted July 22, 2009 ID:101146 Share Posted July 22, 2009 you can download Winzip from here: http://www.filehippo.com/download_winzip/ Link to post Share on other sites More sharing options...
ZenZen Posted July 22, 2009 Author ID:101348 Share Posted July 22, 2009 Hi Yardbord and Nossirah, sorry I didnt get to read your last posts and reply before now. In an update, Malwarebytes log is completely clear now after deleting all in quarantine. In regards to the IWF-Presentation.exe, this I eventually got rid of by using Revo Uninstaller's Hunter Mode. I think this is a preloaded package that was on the computer and to do with internet security or something from reading up on Google. It has now disappeared and a re-run of A-Squared didnt detect anything. There was no uninstall via the Control Panel or via the IWF desktop icon, so I just used Revo, which has worked. I dont know if the IWF was harmful, or just that A-Squared didnt like it, but anyhow, I never used it or knew what it was so it's gone and everything still working fine.Again sorry I didnt get a zipped folder after you had asked, just I went full steam ahead to get rid of it before checking back, so please accept my apologies.The desktop Icon for the IWF can be seen here: http://iwf-internet-safety-presentation.so...e.informer.com/Looks like a globe inside a lifebuoy ring, no way of uninstalling it however except by using Revo or Killbox.Thanks again,ZenZen Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now