Jump to content

Infection in Windows folder


Recommended Posts

This is on a Windows Server 2003, SP 2 with SQL Server 2000 installed.

On first scan 4 backdoor.bot were detected by Malwarebytes. All them were under C:\Program Files\Windows folder - 3 were log files. I selected the 3 log files for removal. I've left the C:\Program Files\Windows folder and after a restart - rescanned again.

I'm seeing the backdoor.bot only for the C:\Program Files\Windows folder. I hesitate to click on "Remove Selected" as this is a OS folder.

How does Malwarebytes remove this infection - will it completely remove the 'Windows' folder or remove the infection from the folder magically?

Will the server continue to function if Malwarebytes removes the virus?

Please help. Thank you.

Here is the log file:

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3930

Windows 5.2.3790 Service Pack 2

Internet Explorer 7.0.5730.13

4/23/2010 7:54:36 AM

mbam-log-2010-04-23 (07-54-36).txt

Scan type: Full scan (C:\|F:\|)

Objects scanned: 196339

Time elapsed: 51 minute(s), 16 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 1

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

C:\Program Files\WINDOWS (Backdoor.Bot) -> No action taken.

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Hello and welcome to Malwarebytes

We apologize for the delay in responding to your request for help. Please note that your topic was not intentionally overlooked.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far. Did you create the folder C:\program files\windows? Are you familiar with the content of the folder? This folder does not exist on a default clean install normally.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

  1. Please download OTL from one of the following mirrors:

[*]Save it to your desktop.

[*]Double click on the otlDesktopIcon.png icon on your desktop.

[*]Click the "Scan All Users" checkbox.

[*]In the custom scan box paste the following:

netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
/md5stop
%systemroot%\*. /mp /s
C:\program files\windows

[*]Push the runscanbutton.png button.

[*]Two reports will open, copy and paste them in a reply here:

  • OTL.txt <-- Will be opened
  • Extra.txt<--Will be minimized

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.