Home > Hijackthis Log > HijackThis Log -- Backdoor.sdbot

HijackThis Log -- Backdoor.sdbot

Enclosed is the log: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 6:38:42 PM, on 5/13/2008 Platform: Wind1ows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16640) Boot mode: Normal Then copy and paste the following into Notepad:sc stop mousebmsc delete mousebmsc stop sslsc delete ssldel delete.batSave the file as "delete.bat". Here is a hijackthis log if anyone can help. If you have not resolved this issue and still need assistance, post a HJT log as your system may have changed since your original post.Sorry for the delay. http://magicnewspaper.com/hijackthis-log/hijackthis-log-pls-help-with-sdbot-14176.html

Then look for Mouse Button Monitor (mousebm) and double click on it. Double click ATF-Cleaner.exe to run the program. There is a ctfmon.exe process that is 3000+k. The Asprotect is a program, but whether the entries are Sdbot faking AsProtect, I don't know. https://forums.techguy.org/threads/hijackthis-log-backdoor-sdbot.160924/

Check the boxes to the left of: Windows Temp Current User Temp All Users Temp Temporary Internet Files Java Cache The rest are optional - if you want to remove the Join the ClassRoom and learn how.MS - MVP Consumer Security 2009 - 2016, Windows Insider MVP 2017 Back to top #3 Bubba5056 Bubba5056 Member Members 65 posts Posted 13 May 2008 Finally paste the contents of the SDFix Report.txt back on the forum with a new HijackThis log Go to Start > Control Panel > Internet Options In the General tab, Temporary Copy the below files and go back to KillBox.

Does anything show up on the list after running HJT?? Most of all I'm curious about the fact that manually scanning the CD (I would suppose you simply right-clicked it and selected the scanning-option of Norton) did not get you any Oh, well. Quads Norton Fighter25 Reg: 21-Jul-2008 Posts: 16,481 Solutions: 182 Kudos: 3,388 Kudos0 Re: Questions about "Backdoor.Sdbot" Posted: 21-Sep-2008 | 10:15PM • Permalink Hi An Update.

Ask the experts! Is there any way that it couldve been exposed to any risks? Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.Put a check by Create a desktop icon then click Next again.Continue to follow http://www.bleepingcomputer.com/forums/t/146272/backdoorsdbotgen/ There are currently no users on-line.

If I keep deleting that in the Task Manager, I can keep running.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 10:43:20 PM, on 6/2/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer Terms of Service - Privacy Policy - Contact Avast community forum Home Help Search Login Register Avast WEBforum » Other » Viruses and worms (Moderators: Pavel, Maxx_original, misak) » Another Logged "If at first you don't succeed keep on sucking 'till you do succeed" - Curley Howard in Movie Maniacs (1935) an0nymous Newbie Posts: 14 Re: Another SDBot passing Avast « Then, if nothing works, you can decide yourself if you wanna take the risk and disable the Real-Time protection against viruses and malicious behaviour (SONAR), since they're connected and then both

Well, any ideas on how to get the file to Symantec.  I could not upload it.  When I tried to do so, I recieved a message of "you do not have http://www.geekstogo.com/forum/topic/68619-hijack-this-log-ircbackdoorsdbot-win-2000-pro-resolved/ Is safe mode okay? Google for all the info.Checked it on jotti as well:A-Squared Found Backdoor.Win32.SdBot.bkuAntiVir Found TR/Agent.648704ArcaVir Found Trojan.Sdbot.BkuAvast Found nothingAVG Antivirus Found SHeur.BEFBitDefender Found Backdoor.Agent.YTMClamAV Found Trojan.SdBot-6612CPsecure Found BackDoor.W32.SdBot.bkuDr.Web Found BackDoor.IRC.Sdbot.1705F-Prot Antivirus Found What I have to do is to inform you of what the potential results can be.It was a keystroke logger which means it is designed to steal passwords.

Click OK and then click on the CleanUp! Choose 'Remove', then put a check next to 'Perform action on all infections' in the left corner of the box so you don't have to sit and watch Ewido the whole Uncheck 'Scan local drives for temporary files'. o Click Open.

You DO NOT need to have the Windows CD to install Recovery Console! As for finding hidden registry entries, Try Systeminternal's "Rootkit Revealer" and/ or also WinPatrol. Sorry. Thanks in advance!

Then close all other windows and browsers except HijackThis and press fix checked. Return to Forum Home Latest Posts Wireless Nuisance Windows 7 On-screen keyboard HP envy printer AVAST - bcuengine.dll Issue New built Windows 10 Upgrade UAC Access Wireless icon yellow triangle My When you have finished, click on the Exit button in the Main menu.

Next, I updated to Nortan Internet Security 2009 and did a full scan.  No viruses were detected.  Then, I scanned the DVD with the supposedly infected archived copy of 3dsMax 8.0. 

Privacy Policy & Cookies Legal Terms We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. This is the main point I'm trying to investigate, whether this was a false detect or is there still a Backdoor.Sdbot lurking on my copied DVD. On another note, I've been reading the Symantec Backdoor.Sdbot web pages a little closer.   I see that the registry keys reported by NAV that were effected on my computer before NAV

Back to top #4 SueInAtl SueInAtl Topic Starter Members 28 posts OFFLINE Gender:Female Location:Atlanta, GA Local time:06:37 PM Posted 02 June 2008 - 09:44 PM Thank you for taking your Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine how do i trace how this file(bttray.exe) infiltrated our network?Infected File: http://rapidshare.com/files/45302814/bttray.rar Logged Eddy Avast Evangelist Maybe Bot Posts: 26023 Watching (over?) you Re: Another SDBot passing Avast « Reply #1 Edited by Juliet, 13 May 2008 - 06:47 PM.

Double click combofix.exe and follow the prompts.When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next replyNote: Do not mouseclick combofix's window while its running. Floating_Red Rootkit Eradicator19 Reg: 30-May-2008 Posts: 5,237 Solutions: 32 Kudos: 597 Kudos0 Re: Questions about "Backdoor.Sdbot" Posted: 19-Sep-2008 | 10:21AM • Permalink This should give you more deatils on the Trojan There could always be the odd small remnant, like reg entry, but one small thing like that with nothing else.