Jump to content

what exactly is "backdoor.bot"

nbeth
 Share

Recommended Posts

nbeth

nbeth

Posted
Posted

Friend found "backdoor.bot" with malwarebytes quickscan. Obviously anything with that kind of name sounds alarm bells but he didn't see details re. this particular infection and I can't find a db for this software. What is this nasty bug and HOW nasty is it? (Obviously will be encouraging more scans etc. but wondering whether might be better to encourage a full reformat.) thanks! nb

Link to post
Share on other sites
nbeth

nbeth

Posted
  • Author
Posted
Backdoor.Bot is a generic detection for any bot that's not part of another infection that will act as a backdoor, or basically a way of bypassing your computer's security and allowing unrestriced access to it for the distributor of the bot.

Charming. :) So what are the odds that the built in restore partition (sony) has been compromised as well? I have no idea how well those areas are protected....thanks again! nb

Link to post
Share on other sites
GT500

GT500

Posted
Posted
Charming. :) So what are the odds that the built in restore partition (sony) has been compromised as well? I have no idea how well those areas are protected....thanks again! nb

These days, restore/recovery partitions are difficult to mess with. At the same time, it's best to make disks out of that partition when you first get the computer, and keep them in a safe place so that you don't have to rely on that partition in a situation like this.

Sony isn't as widely targeted as HP/Compaq, so you are probably OK when it comes to your restore partition. Regardless, I would recommend running a scan right away if you ever need to restore from that partition.

Link to post
Share on other sites
nbeth

nbeth

Posted
  • Author
Posted
These days, restore/recovery partitions are difficult to mess with. At the same time, it's best to make disks out of that partition when you first get the computer, and keep them in a safe place so that you don't have to rely on that partition in a situation like this.

Sony isn't as widely targeted as HP/Compaq, so you are probably OK when it comes to your restore partition. Regardless, I would recommend running a scan right away if you ever need to restore from that partition.

Well this guy didn't do a lot of things right, including backups of anything or keeping up with his AV. :)

When you say run a scan right away you mean after restoring from the partition?

I've been trying to figure what sequence to recommend and so far was thinking: 1. save photos etc. 2. restore 3. Keeping off internet, use the cd I gave him with free zonealarm firewall to install it 4. ? install/run scan of malwarebytes from same CD 5. Run Win updates, etc. 6. Install Avast or something like that. What do you think?

Link to post
Share on other sites
GT500

GT500

Posted
Posted
When you say run a scan right away you mean after restoring from the partition?

Yes.

1. save photos etc.

Backup is always a good first step. Especially from a BartPE or UBCD4Win disk.

2. restore

I can't think of anything else he'll need to do before this, as long as he has any data backed up that he may need.

3. Keeping off internet, use the cd I gave him with free zonealarm firewall to install it

I would recommend Online Armor or Comodo (just without the AV and with Defense+ turned off).

4. ? install/run scan of malwarebytes from same CD

Always a good plan. :(

5. Run Win updates, etc.

Probably a good idea to do that before installing the firewall.

6. Install Avast or something like that. What do you think?

I'd recommend either AntiVir or Microsoft Security Essentials. Just make sure to send him this link if he intends on using our real-time protection with Microsoft Security Essentials on Windows XP.

Link to post
Share on other sites
nbeth

nbeth

Posted
  • Author
Posted
I would recommend Online Armor or Comodo (just without the AV and with Defense+ turned off).

I'm out of date--why not Zone Alarm? I don't much like the occasional sales pitches but otherwise I've been happy with it.

(re. win updates) Probably a good idea to do that before installing the firewall.

? He's on a big target ISP with a hit rate in bare minutes for unprotected systems. Figured firewall was good first step--curious why not?

(re. antivirus products) I'd recommend either AntiVir or Microsoft Security Essentials. Just make sure to send him this link if he intends on using our real-time protection with Microsoft Security Essentials on Windows XP.

I work from home so I'm protected by a corp package and not much up on the free AV scene but I'm hearing good things about Avast even in these forums. What makes you like these products more?

Thanks much!! :(

Link to post
Share on other sites
GT500

GT500

Posted
Posted
I'm out of date--why not Zone Alarm? I don't much like the occasional sales pitches but otherwise I've been happy with it.

It scores poorly in leaktests. Not that I can claim that that test site is entirely accurate, but it's better than nothing. Note, also, that the free version of ZoneAlarm at least used to not even block half of what the pro version blocked, but they haven't tested it for years.

? He's on a big target ISP with a hit rate in bare minutes for unprotected systems. Figured firewall was good first step--curious why not?

Unless he's plugged directly into the Internet, a software firewall is more of an annoyance than anything. I'll take a good hardware NAT over even the best software firewall any day. Of course, I'd be happier still with my own homemade Linux firewall box, but that's just personal preference.

Anyway, assuming that some kind of NAT is in place (pretty much all DSL and Cable modems with 4 ports have a NAT) then a software firewall will only be useful for preventing applications running on the computer from accessing the Internet, which is usually what happens when a user is running a software firewall anyway (they block things they shouldn't, and allow things they shouldn't). About the only firewall you don't have that problem with is GhostWall, but that thing hasn't been updated for so many years that it's almost not worth remembering, much less thinking of using. It did work great for blocking IP addresses from connecting to my Halo 2 Vista server when I still ran one (no IP/GUID banning in that pathetic excuse for a game server), but you have to set the rules up just right or it doesn't work properly.

I work from home so I'm protected by a corp package and not much up on the free AV scene but I'm hearing good things about Avast even in these forums. What makes you like these products more?

avast! used to be good back in the day, but not as much these days. They have some nice features in the free version (the updater is great) but the detection capabilities aren't as good as AntiVir or MSE. AntiVir tends to be the best free or paid anti-virus, but in my tests of MSE I was incredibly impressed, so I need to compare MSE and AntiVir and see which one fairs better these days.

AntiVir free has some drawbacks, such as slower updating speeds, clogged update servers, and that ad it shows when updating.

MSE is incredibly unobtrusive, and it doesn't annoy you with a lot of notifications (when something is wrong, the icon usually just turns red, and it waits for you to notice). It will update automatically at least once a day, and it has a very clean interface. The detection abilities surprised my very much. During the beta, I tested stuff against it that had been reported that day (some of it within minutes of my test), and it detected all but one item out of the 5 or 6 I tested against. I do need to test more thoroughly, and with newer samples, now that it's out of beta, but I really didn't expect it to detect a single one of the items I tested against. I would have included more samples in the original test if I could have found more on such a short notice, but almost every malicious link I tired had already been killed (someone was being too efficient that day).

Link to post
Share on other sites
YoKenny1

YoKenny1

Posted
Posted

To be fair comparing avast! V4.8.1356, Avira AntiVir, and MSE is akin to comparing MBAM and other anti malware applications.

They are part of Layered Protection for a system and should be updated at least daily and a Quick scan run to see if any new infection is detected so that it can be removed quickly before damage is done.

Before the end of November avast! will release V5 that is a significant update with better detection.

Have a read of the avast! blog of comments by Vincent Steckler the new CEO of avast!:

What do AV Products do and how are they tested?

http://blog.avast.com/2009/10/31/what-do-a...are-they-tested

And what about Microsoft Security Essentials

Link to post
Share on other sites
GT500

GT500

Posted
Posted
To be fair comparing avast! V4.8.1356, Avira AntiVir, and MSE is akin to comparing MBAM and other anti malware applications.

I wouldn't say that. avast!, AntiVir, and MSE all have the same basic purposes: 1) To prevent infection of known viruses. 2) To scan for and remove known viruses. 3) To attempt to use heuristics to detect unknown viruses.

Now, they all three have different engines, but in the end what sets them apart the most is which has the better detection rate and which is easier to use. Traditionally, AntiVir has the better detection rate, but MSE is giving it a run for it's money. For the past couple of years avast! hasn't been doing as well, but they may catch up with version 5.

They are part of Layered Protection for a system and should be updated at least daily and a Quick scan run to see if any new infection is detected so that it can be removed quickly before damage is done.

You have to be very careful with layered protection. If the real-time component of more than one anti-virus is loading at once, or the real-time component from more than one anti-malware/anti-spyware is loading at once, then you typically wind up less protected than if you had just picked the best out of the bunch for real-time protection, and just not had the rest installed. Now obviously there's nothing wrong with having multiple anti-virus and anti-malware utilities installed, but you have to make certain that only one is running in real-time.

And what about Microsoft Security Essentials—MSE?

http://blog.avast.com/2009/10/02/and-what-...als%e2%80%94mse

Never trust a security vendor's opinion of MSE. It's scaring the crud out of them right now, because not only is it a sign that Microsoft is serious about making a large presence for themselves in the security industry, but it's also a sign that Microsoft can outdo the entire lot of them when it comes to detection rates and an anti-virus that doesn't annoy the crud out of the user, and on top of all of that it's free. OneCare was a flop, as was Windows Defender, but MSE is neither of them. MSE is new, and it's surprisingly effective, and it's nowhere near as annoying as all of these other security products.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.