Jump to content

Cannont remove Secupdat.dat (Backdoor.Bot)

Recommended Posts

I installed and updated MBAM in a PC and it found some infections. One of them was

C:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Delete on reboot.

I rebooted and all other problems were gone except secupdat.dat, wich appears one again and again even if I use MBAM to remove it.

Norton Antivirus and Spybot Search & Destroy scans say all it's OK (except some disabled Windows security entries in the registry).

The file secupdat.dat has the date of the infection day, it's hidden and I cannot copy or send it to nowhere beacuse windows says it's in use. I tried it in Windows safe mode and no way.

Also I have some files named 9new.exe and 4new.exe wich Norton and Spybot don't detect as virus, but if I send them attached with a e-mail others antivirus like Panda and the one which uses Hotmail blocked them (Panda identifies them as Trj/Buzus.AH)

What can I do with that backdoor? Thanks in advance. I post both HijackThis and MBAM

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 6:51:04, on 30/10/2009

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Boot mode: Normal

Running processes:







C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSvcHst.exe


C:\Archivos de programa\Archivos comunes\Symantec Shared\AppCore\AppSvc32.exe


C:\Archivos de programa\USB Storage RW\shwicon.exe




C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe

C:\Archivos de programa\Archivos comunes\Microsoft Shared\Works Shared\WkUFind.exe

C:\Archivos de programa\Pinnacle\Pinnacle PCTV\Remote\Remoterm.exe


C:\Archivos de programa\QuickTime\qttask.exe

C:\Archivos de programa\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe

C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe

C:\Archivos de programa\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Archivos de programa\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Archivos de programa\hp center\137903\Program\BackWeb-137903.exe

C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe


C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hposol08.exe


C:\Archivos de programa\Canon\CAL\CALMAIN.exe

C:\Archivos de programa\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe

C:\Archivos de programa\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-es7.hpwis.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.es/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://es7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-es7.hpwis.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://srch-es7.hpwis.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://es7.hpwis.com/

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=805

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = V

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.