Jump to content

Backdoor.bot help me please.


Daily
 Share

Recommended Posts

Hi. Today I discovered that my laptop was infected by a backdoor.bot. I've been using this laptop for 5 years. I use it to access my emails and buy things online occasionally. I've run approximately 7 scans today(3 in the morning and 4 this evening) and I've picked up 1 or 2 backdoor.bots every single time. In addition, I've been picking up many pup.conduits, pup.ASK and pup.trovi in my scans. In the scan I just finished running(currently 12:30pm) did not pick up the backdoor.bots. I'm at a loss of knowing what to do. Please help. This is a copy of the scan log that was recorded at approximately 9pm.

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386309
Threats Detected: 6
Threats Quarantined: 0
(No malicious items detected)
Time Elapsed: 2 hr, 29 min, 55 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 6
Backdoor.Bot, C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\SCANRESULTS\POSTBUILD.EXE-K.MBAM, No Action By User, [48], [456339],0.0.0
Backdoor.Bot, C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\SCANRESULTS\POSTBUILD.EXE-U.MBAM, No Action By User, [48], [456339],1.0.3226
PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, No Action By User, [4983], [454808],1.0.3226
PUP.Optional.ASK, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, No Action By User, [527], [454829],1.0.3226
PUP.Optional.Conduit, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, No Action By User, [579], [454835],1.0.3226
PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, No Action By User, [4983], [454808],1.0.3226

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Here's a copy of the most recent scan. I'll probably conduct another scan in about 3-6 hours when I wake up. I fell extremely paranoid and anxious :/

-Log Details-
Scan Date: 11/10/17
Scan Time: 10:28 PM
Log File: 867c1598-c6a9-11e7-9d4f-08606e8b88da.json
Administrator: Yes

-Software Information-
Version: 3.2.2.2029
Components Version: 1.0.212
Update Package Version: 1.0.3228
License: Premium

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: VirgilYau-PC\Virgil Yau

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 386344
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 49 min, 38 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 5
PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [4983], [454808],1.0.3228
PUP.Optional.Conduit, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [579], [454835],1.0.3228
PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [4983], [454808],1.0.3228
PUP.Optional.ASK, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Replaced, [527], [454829],1.0.3228
PUP.Optional.Trovi, C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences, Replaced, [4983], [454808],1.0.3228

Physical Sector: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

Hi Daily :)

If you look at the location of the Backdoor.bot files, you'll see that they are inside a Malwarebytes folder. Which means, they are probably old threats that were quarantined (so already detected and deleted) back then by Malwarebytes. In other words, they aren't active.

As for the PUP detections, can you .zip these two files and PM me the .zip?

C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data
C:\USERS\VIRGIL YAU\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Secure Preferences

 

Link to post
Share on other sites

Can you upload these two files to VirusTotal, and post their report URLs here?

C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\SCANRESULTS\POSTBUILD.EXE-K.MBAM
C:\PROGRAMDATA\MALWAREBYTES\MBAMSERVICE\SCANRESULTS\POSTBUILD.EXE-U.MBAM

 

Link to post
Share on other sites

Hello Daily. I am having the same problem with Backdoor.Bot in my scan results and located in the same files. I am also seeing Virus.Xpaj as well in the same files. I just posted this in case you would like to read it. https://forums.malwarebytes.com/topic/214753-need-help-with-these-scan-results/?tab=comments#comment-1181927

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.