Jump to content

Backdoor.bot found


Recommended Posts

Hey

I just started a scan a few hours ago after not doing so for about 2 weeks. The reason for my suspicion was a java window popping up every time i booted my pc, saying, "load 4000" with a button below saying "ok".

Malwarebytes found a lot of stuff. Most of it was just adware from software i reconised or knew it's going to be a false positive. Then i found a backdoor.bot in the list.

I moved all the marked stuff into Quarantine, (or whatever action malwarebytes was thinking was best for this kind of positive) ran rkill and ran malwarebytes again. After running rkill and the second scan, the java window stopped popping up. I detected 2 new entrys. I  applied the actions and restarted my pc. Now i am not sure if i am clean or better off wiping my drives and reinstalling. 

I includet the 2 malwarebytes reports below.

Edit: addet FRST64 Adittion.txt

Thank you for your help in advance.

mwb.txt

mwb.secondscan.txt

Edited by Flinx
forgot to Addition.txt
Link to post
Share on other sites

Hello Flinx and :welcome: Forums.

My screen name is Android8888 but if you wish you can call me Rui which is my real name. I will be helping you with your malware issues. Please ask questions if anything is unclear.

I suggest printing out each set of instructions or copy them to a Notepad file and reading the entire post before proceeding. It will make following them easier.

Please DO NOT run any tools on your own and follow the directions in the order listed.

Make sure to run all the tools from the Desktop and with Administrator privileges.


With that being said let's start cleaning up your computer.

 

Warning: I noticed that you do not have an Antivirus installed on your computer. It is really dangerous to go online without an Antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. Both of the following are excellent free Antivirus. Be sure to only install one.

Avast Free Antivirus

Avira Free Antivirus

 

Next,

Follow the instructions below to execute a fix on your system using FRST, and provide the log in your next reply.

  • Download the attached fixlist.txt file, and save it on your Desktop (or wherever your FRST64.exe executable is located); DO NOT open or modify that file.
  • Right-click on the FRST64 executable and select Spcusrh.pngRun as Administrator;
  • Click on the Fix button;
    NYA5Cbr.png
    Credits: Aura
  • On completion, a message will come up saying that the fix has been completed and it'll open a log in Notepad;
  • Please attach the fixlog.txt in your next reply;


  • Download Junkware Removal Tool (JRT) and move it to your Desktop;
  • Right-click on JRT.exe and select Spcusrh.pngRun as Administrator;
  • Press on any key to launch the scan and let it complete;
    tLsXbWy.png
    Credits: Bleeping Computer and Aura
  • Once the scan is complete, a log will open. Please attach the output log in your next reply;


  • Download AdwCleaner and move it to your Desktop;
  • Right-click on AdwCleaner.exe and select Spcusrh.pngRun as Administrator;
  • Accept the EULA (I accept), let the database update, then click on Scan;
  • Let the scan complete. Once it's done, make sure that every item listed in the different tabs is checked and click on the Clean button. This will kill all the active processes;
  • Once the cleaning process is complete, AdwCleaner will ask to restart your computer, do it;
  • After the restart, a log will open when logging in. Please attach that log in your next reply;

 

You are running an outdated version of Malwarebytes. Please read the instructions below and make a clean install of Malwarebytes from version 2 to version 3.

Download MBAM-clean and save it to your computer Desktop.
 
Right-click on mbam-clean.exe icon and select Run as administrator to start the tool.
It will ask you to reboot the machine - please do so.
Run the MBAM-clean tool again and reboot when complete. NOTE: DO NOT miss this step.

If you have lost the activation licence key information it can be located here

Download Malwarebytes version 3 from here and save it to your Desktop or anywhere else on your system since you know where is located.

Double click on the installer and follow the prompts to install the program. If necessary select the blue Help tab for video instructions.

Note: It's your choice if you want to enable the free trial of Malwarebytes Premium or not. Enabling it will give you real-time protection from the program, as well as access to all the Premium features.

When the install completes and is updated do the following:

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Then select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits and Scan within Archives are both on.
  • Go back to DashBoard and select the blue Scan Now tab.
  • When the scan completes deal with any found entries.
  • Select Export Summary and then Text File (*.txt). Give a name to the log and save it;
  • Please attach that log in your next reply.


To summarize please attach the following logs in your next reply:
fixlog.txt;
JRT.txt log;
AdwCleaner clean log;
Malwarebytes log.

Let me know how is the computer running at this point.

Thank you.

fixlist.txt

Link to post
Share on other sites

Hey Rui

Thanks for your Answer 

I followed all the Instructions as you listed them above. 

My Pc is running fine at this point with no issues i can notice at least. 

I hope nothing is hiding and waiting to reactivate itself.

I updated malwarebytes (also got premium)  and will be installing an antivirus after i have written this.

Thank you for your help.

AdwCleaner[S0].txt

Fixlog.txt

JRT.txt

mwb3.0.6.txt

Link to post
Share on other sites

Hello Flinx and thank you for those logs.


The log you attached from AdwCleaner is the 'Scan' log. Please attach the 'Clean' log, it can be found at C:\AdwCleaner\AdwCleaner[Cx] (x is a number - the highest number is the most recent).

If you cannot find it, then re-run AdwCleaner, click the Scan button and wait until the scan is complete;
When the scan is complete, click the Clean button and wait;
If the tool ask you to restart the computer, please do it;
After reboot a log will open;
Please attach the AdwCleaner clean log in your next reply.


Next, you need to activate the 'Scan for Rootkits' feature, then perform a new scan, quarantine the items it finds and post the log.

  • Open Malwarebytes;
  • On the left pane select Settings;
  • Select the Protection tab;
  • Scroll down to Scan Options and ensure Scan for Rootkits is on and leave all other settings to default.
  • Go back to DashBoard and select the blue Scan Now tab; Note: The scan may take some time to finish, so please be patient.
  • When the scan completes if potential threats are detected, ensure to checkmark all the listed items, and click the Quarantine Selectedbutton.
  • While still on the Scan tab, click the View Report button, and in the window that opens click the Export button, select Text file (*.txt), give it a name and save it to your Desktop.
  • The log can also be viewed by clicking the log to select it, then clicking the View Report button.
  • Please attach the log in your next reply.


Next, let's check for remnants of infection.

Please scan your computer with ESET Online Scanner.

  • Click on this link to open ESET Online Scanner in a new window.
    1. Click on the Scan Now button to download the esetonlinescanner_enu.exe file. Save it to your Desktop.
    2. Close all your programs and browsers.
    3. Please disable your antivirus program to avoid potential conflicts, improve the performance and speed up the scan.
    4. Double click on esetonlinescanner_enu.exe to start ESET Online Scanner. It will open a window with the Terms of Use.

  • Check mark Download latest version of ESET Online Scanner and click the Accept button.
  • Click Yes to accept any security warnings that may appear.
  • Under Computer scan settings, check mark Enable detection of potentially unwanted applications.
  • Then click Advanced settings and check mark the following options:
    • Enable detection of potentially unsafe applications
    • Clean threats automatically
  • Click the Scan button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats.
  • Click Export, and save the file to your Desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.


Note: If nothing is found, it will not produce a log.

Please re-enable your antivirus program.


Your next reply should include:
The AdwCleaner clean log (attach it);
The Malwarebytes log (attach it);
The entire contents of the ESET log (if it produced one) --- please copy and paste it.

How is the computer running? Are there any issues or concerns?


Thank you.

Rui

Link to post
Share on other sites

Hey Rui

Thanks for your Answer 

I ran the stuff mentioned above and eset found nothing.

I incloudet the new malwarebytes log (i ran a scan on all drives with all scan options on) and the old Adwcleaner[Cx] i found in the folder you insructed me to visit.

So far my computer is running fine thanks for your help. 

From what you have seen so faar on my logs do you think it's still safe to operrate this pc?

AdwCleaner[C0].txt

mwb3.0.6.txt

Link to post
Share on other sites

Hello Flinx. Thank you for the logs.

I ran the stuff mentioned above and eset found nothing.

It's good to hear that. Your computer appears to be clean.

 

So far my computer is running fine thanks for your help.

You're welcome!

 

From what you have seen so faar on my logs do you think it's still safe to operrate this pc?

Yes, is completely safe.

 

Please keep your programs up to date. Vulnerabilities in your programs are often exploited in order to install malware on your PC.

Run a program like Personal Software Inspector (PSI) or FileHippo Update Checker to see what programs need to be updated.


After performing the updates you can now delete the tools used in the malware removal process.

Follow the instructions below to download and execute DelFix.

  • Download DelFix and move the executable to your Desktop;
  • Right-click on DelFix.exe and select Run as Administrator;
  • Check the following options :
    • Activate UAC (This option will activate the User Account Control feature).
    • Remove disinfection tools (this option will remove the tools used in the cleaning process).
    • Create registry backup (this option will create a backup from the Windows Registry).
    • Purge system restore (this option will remove all previous and possibly infected restore points, and will create a new and clean restore point of your system).
    • Reset system settings (this option will reset any system settings back to default that were changed either by us during cleansing or by malware infection).
  • Once the options mentioned above are checked, click on Run;
  • After DelFix is done running, a log will open. I don't need to see the log file;

You can also manually delete any logs they created and that were left behind.

Are there any issues or concerns with the computer?

Thank you.

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.