Backdoor.bot

[TheSentinel]

Hello, I was on the web earlier and picked up this virus. I've rebooted three times. There's a red circle and x in my toolbar. Everytime it's quaranted, it needs to restart. Then after the restart, the circle pops up saying "Windows has detected spyware infection! It is recommended to use special antispyware tools to prevent data loss. Windows will now download and install the most up-to-date antispyware for you." When I click it doesn't do anything. The current scan is up to 7 objects. Here's the list from last scaMalwarebytes' Anti-Malware 1.33

Database version: 1732

Windows 5.1.2600 Service Pack 3

9/24/2009 4:47:25 PM

mbam-log-2009-09-24 (16-47-25).txt

Scan type: Quick Scan

Objects scanned: 57866

Time elapsed: 38 minute(s), 50 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Son of Duh\Application Data\svcst.exe (Backdoor.Bot) -> Delete on reboot.

C:\WINDOWS\SYSTEM32\~.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

n. Please help!

[mountaintree16]

Welcome to the forum, TheSentinel

Please post your log and everything that you said in your post here:

http://www.malwarebytes.org/forums/index.php?showforum=7

this is the only place that logs will be worked on.

Someone will be along to assist you as soon as possible. Please be patient though, as there are many people waiting for help. If you do not get a reply within 48 hours, please feel free to "bump" up your post.

You'll be in good hands! And good luck

[nosirrah]

Malwarebytes' Anti-Malware 1.33

Database version: 1732

You are 8 application versions behind and more than 1000 database versions out of date . Why on earth are you not ever updating ? Neglecting to update is worse than uninstalling MBAM altogether as you are giving yourself a false sense of security .

If you update to the newest version and then newest definitions this threat will be removed .

[TheSentinel]

You are 8 application versions behind and more than 1000 database versions out of date . Why on earth are you not ever updating ? Neglecting to update is worse than uninstalling MBAM altogether as you are giving yourself a false sense of security .

If you update to the newest version and then newest definitions this threat will be removed .

I updated about an hour ago, running full scan.

[mountaintree16]

@ Nosirrah,

I didn't even notice that he was so behind, thanks for pointing that out!

@ TheSentinel

Please run a quick scan... remove whatever it finds, reboot if it asks, and then run a full scan if you wish!

[TheSentinel]

Oops, well, the current full scan has 7 detections. I will check for more updates after it reboots. Although, the newest update said 9/10/09, so I think I'm caught up. However, I could be very wrong. I gotta get on top of these things.

[mountaintree16]

@ TheSentinel

That's okay. Remove them, then reboot if necessary.

9/10 is the newest date for the new VERSION, not the newest detection definitions. You may have to download the newest detection definitions after updating to the newest version, sometimes this happens.

Then do a quick scan!!

If you still need help, post in the forum that I gave you a link to in my first reply.

[TheSentinel]

I'll look for that. I'm going to stay logged in, but I'm going out. So, if anyone posts something, please excuse my absence. I'll update you on the situation.

[mountaintree16]

It's alright, and thank you for keeping us posted

[noknojon]

I think the latest version is 1.41 - 2857 ~ Updated this morning -

[TheSentinel]

Yeah, just updated it. Where's the download for detection definitions?

[mountaintree16]

@ TheSentinel

Did you update internally or are you looking for a standalone update file? I can give you the link for the latter, if you need it

[TheSentinel]

I updated through the MBAM that was already installed-I guess that's internal

[mountaintree16]

You're all set then. What is your database number? (can be found on the update tab) I'll compare it with mine - I just updated

[TheSentinel]

2857

[mountaintree16]

That's what mine is too

You are good to go, at least as far as definition detections go.

Are you on the paid or the free version?

[TheSentinel]

Free.

[mountaintree16]

@ TheSentinel

It's a great program, isn't it? I'm so happy I found it.

Good luck in the HJT forum, hopefully nothing too major is going on.

[TheSentinel]

Alright, Thanks. I'm going to do the Full Scan.

[mountaintree16]

You're welcome

Did you do a quick scan first though?

[TheSentinel]

Started to, but my dad said stop, and remove all the things from quarantine-matter of fact it picked up a rootkit. That was quarantined, but not totally removed-which may come back and get me. Well, it's running the full scan. Probably another 2 hours there. Me, I'm off to bed, oh and we disconnected the router, so I'm on an iPhone right now

[mountaintree16]

wait, were they restored from quarantine or REMOVED?

Alright. Its best to run a quick scan first though, and then a full scan if you wish

have a good nights rest.

[TheSentinel]

removed

[mountaintree16]

That was more likely than not a good call, however, it is a good idea to keep items there for at least a couple days, just in case there was a FP. I doubt that there was a false positive in your case though.

[TheSentinel]

FP? Well, I look into it. Just got up. I'll check my computer in a few minutes. Should be good, probably 20 or 30 things in there