Re: Backdoor.Trojan

From: wichitajim (wichitajim.19tlc4_at_mail.mcse.ms)
Date: 07/23/04

• Next message: cafmenace: "Re: Trojan Horse = BackDoor.Agent.BA + Startpage"
• Previous message: cafmenace: "Re: Trojan Horse = BackDoor.Agent.BA + Startpage"
• In reply to: Ron Chamberlin: "Re: Backdoor.Trojan"
• Next in thread: omaen: "Re: Backdoor.Trojan"
• Reply: omaen: "Re: Backdoor.Trojan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Date: Thu, 22 Jul 2004 17:11:07 -0500

I am working to resolve the same situation only my file is named
logboje.dll When you follow the instructions from Symantec to scan in
safe mode, the file does not exist. I can browse the system32 folder
and see that it is not there and run a full scan and finds nothing.
Log back in to Normal mode and its back! Still working on it.

Ron Chamberlin wrote:
> *Carolyn,
>
> OK, step back and take a deep breath for a moment. Go back to the
> Symantec
> page for the exact name of the virus that it is reporting, and follow
> those
> instructions. Chances are it will want you to disable System Restore
> (for
> the time being), and will need to have you do a virus scan from Safe
> Mode.
> This is pretty standard fare, and most AV products can't knock out
> something
> that is active in memory, and /or residing in the System Restore
> files.
>
> Ron Chamberlin
> MS-MVP
>
>
> > I'm getting about 100 Norton Alerts every 30 minutes -
> > backdoor.trojan found in Windows/System32/sqladmb.dll
> > Norton will say "can't fix," "can't quarantine", "denied
> > access".
> > I'm so frustrated! I've scanned, I've gone to Symantec
> > and tried their solution, I've just plain hunted it down
> > and I can't delete it!!
> > Does anyone have some suggestions, please?
> > Thanks!!! *

--
wichitajim
------------------------------------------------------------------------
Posted via http://www.mcse.ms
------------------------------------------------------------------------
View this thread: http://www.mcse.ms/message875853.html
 

---

• Next message: cafmenace: "Re: Trojan Horse = BackDoor.Agent.BA + Startpage"
• Previous message: cafmenace: "Re: Trojan Horse = BackDoor.Agent.BA + Startpage"
• In reply to: Ron Chamberlin: "Re: Backdoor.Trojan"
• Next in thread: omaen: "Re: Backdoor.Trojan"
• Reply: omaen: "Re: Backdoor.Trojan"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Re: Report: bad news ... You would dump the contents of the System Restore cache after you know ... It is always best to scan in Safe Mode. ... I gave you a specific set of instructions in mty reply email. ... You can download an AV module in Normal Mode and then scan in Normal Mode or in ... (alt.comp.anti-virus) RE: w32.spybot trouble ... Thank you, but I did have System Restore disabled, norton ... is running the latest virus definitions, ... in safe mode (as advised by Symantec). ... (microsoft.public.windowsxp.general) Re: Trojan.moo ... I ended up having to start in safe mode, turned off system restore, I have ... XP2, followed more instructions from Symantec, it still would not allow ... > FireWall to allow it to download the needed AV vendor related files. ... (microsoft.public.security.virus) Re: Home page ... Go here and follow the instructions: ... Download all recommended programs in No.1, ... It is a good idea to run these programs in safe mode. ... Right click My Computer> go to properties> on the System Restore Tab> ... (microsoft.public.windows.inetexplorer.ie6.browser) Re: OT: Help! Ive lobotomized my computer ... Can you boot up in "safe mode" and access the system restore from there? ... I can't find instructions on the computer and the ... While it's booting, press F8 until you get a boot menu. ... That got me booted into safe mode. ... (rec.outdoors.rv-travel)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(13)