Re: Backdoor.trojan

From: WinGuy (no_spam_at_nomail.bot)
Date: 07/23/04 

Date: Fri, 23 Jul 2004 15:31:23 GMT

"Keith" <keithkillinger@suscom.net> wrote in message
news:ec5RjTMcEHA.3420@TK2MSFTNGP12.phx.gbl...
> Does anyone know how to get rid of the Backdoor.trojan? I have done
> everything that symantic has told me to do. When I reboot in safe mode and
> do a full system scan with Norton, it doesn't find anything. I checked all
> my registrys and can find no reference. But, while I am on the computer
> logged on as a user, I keep getting the virus warning:
>
> Object name: C:\WINDOWS\SYSTEM32\SQLFLP.DLL
> Virus name: Backdoor.Trojan
>
> I find the .dll, but cannot delete it. I have run Regestry Mechanic 4,
> Ad-Aware, and Spybot with no success. I also have my system restore turned
> off If I run a full scan with Norton while I am logged on as a user, It
> finds nothing. ANY IDEAS??
>
>
> Thanks
> Keith

Hi, Keith.

This might work for you. I might be wrong, but I don't think SQLFLP.DLL is a
valid system file.

Boot to the Recovery Console and then use these commands:
cd C:\WINDOWS\SYSTEM32
ren SQLFLP.DLL SQLFLP.DL!
exit

That keeps the DLL still on the HDD in case you find it absolutely necessary
to use it by renaming it back to its original name. If you then logon as
that user and it is back again then:
[1] In Windows, save some empty text file in that system32 folder. Call it
SQLFLP.TXT
[2] go back into RC, delete the new SQLFLP.DLL that got created (you still
have the original renamed one) and use these commands:
cd C:\WINDOWS\SYSTEM32
ren SQLFLP.TXT SQLFLP.DLL
exit
[3] Boot into safe mode as Administrator
[4] Go set the attributes of that fake SQLFLP.DLL as read-only and hidden.
You can use Windows Explorer to do that, right click the file and set its
Properties.
[5] If you're using XP-Pro or 2000, in those file Properties remove all
accounts from the Security permissions for that fake file except for the
Administrator account, and even for that one make it read-only permissions.
[6] Reboot back into that user account, run the antivirus. If it finds
SQLFLP.DL! then it is an infected file; if it can not get rid of it then
it's probably because of permission properties set on the file so you can go
back into RC and use these commands:
cd C:\WINDOWS\SYSTEM32
del SQLFLP.DL!
exit

I hope that helps.

Relevant Pages

  • Re: probelm deleting registry key
    ... are set to Full Control for my account. ... of the key to another user, changed the permissions for that account, but ... How can I get rid of this pesky registry key? ...
    (microsoft.public.windowsxp.general)
  • Re: probelm deleting registry key
    ... are set to Full Control for my account. ... of the key to another user, changed the permissions for that account, but ... How can I get rid of this pesky registry key? ...
    (microsoft.public.windowsxp.general)
  • Re: problem with mdw!!!!
    ... Keith there is a step in the wizard asking whether you want to give any ... permissions to the group users and i give no perimissions!!I have a thought ... go in the database because in this mdw the users group has full permissions ... Thanks for your time Keith!! ...
    (microsoft.public.access.security)
  • Re: Goodbye and Good Luck
    ... Sorry Keith, but I have to answer your reply before I go. ... And every troll that has tried to drive me off for year as well as all ... verbal salvo after salvo and drove them off. ... next time Bertie comes back see if you can get rid of him;) ...
    (rec.aviation.military)
  • Re: Securing divided database using workgroup (*.mdw) file
    ... "Keith Wilby" wrote: ... What I do is have no user permissions to tables at all and use RWOP (run ... So I decided to set permissions both in back-end and front-end ...
    (microsoft.public.access.security)
Quantcast