Jump to content

Failure to remove backdoor.bot


Recommended Posts

My wifes PC has backdoor.bot in the C\windows\pchealth\helpctr\binaries directory.

Specifically secdrive.exe, VTkMgr.exe, VTsMgr.exe, svchost.exe

and lsass.exe in the same directory has Trojan.Agent

The PC is running Windows XP with Service pack 3

I have the latest Malwarebytes with all the latest updates.

Malwarebytes detects the problem, and asks for removal on reboot.

After reboot the problem ( the 5 entries ) are still there. This unfortunately is very repeatable.

I have Spybot installed and the Tea timer is disabled.

If I look at the c drive all is fine. I can list all the directories.

If I look at the Windows pchealth directory, the system says that the C drive is not formatted. This bit worries me.

Only this directory gives me the C drive not formatted response.

The machine is running very slowly, all the time.

The McAfee antivirus keeps getting switched off, although I can put it on again.

I had the same virus on my machine in the same place and it was removed very easily.

Some help would be very much appreciated.

Link to post
Share on other sites

  • Staff

Greetings and welcome to the forum.

To get you fixed up please follow the instructions here:

http://www.malwarebytes.org/forums/index.php?showtopic=2936

and post your logs in a new topic here:

http://www.malwarebytes.org/forums/index.php?showforum=7

Please be sure not to install any software or use any removal/scanning tools exept those that you are

instructed to by the expert who will be assisting you as doing so can make their job much more difficult.

I hope I was helpful. Good luck and safe surfing.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.