« previous next »
Pages: [1]

Author Topic: Need trojan.rootkit.h removal  (Read 1197 times)

Offline jowy1511

  • Newbie
  • *
  • Posts: 1
  • Karma: +0/-0
    • View Profile
Need trojan.rootkit.h removal
« on: June 23, 2005, 10:17:23 AM »
Hi there,

I desperately need a trojan removal for the following vrisuses:

trojan.rootkit.h
backdoor.irc.detox.b

backdoor.poebot.b
backdoor.sdbot.jg
backdoor.sdbot.yr

I tried many spyware removals but nothing seems to be working. I also tried to remove msconfig.exe in safe mode...in vain!

Please help me!!!!


Below is my last anti-virus scan report:

Scan Profile: "My Computer"
___________________________________________________________


----[  System Info  ]------------

OS Version:   Microsoft Windows XP Professional  (Build 2600)
Physical memory:   224 MB
System up-time:   0 days, 01 hours, 04 minutes, 33 seconds
BullGuard up-time:   0 days, 00 hours, 57 minutes, 57 seconds
TopLayer Version:   5.0.2.1
FileSpy Version:   1.0.0.3
MailProxy Version:   N/A
AntiVirus Version:   5.0.2.2

----[  Scan Parameters  ]------------

Folders to scan:
    C:\
    D:\

Excluded folders:
    None

Scan type:
   
  • Scan all files

    [ ] Scan program files only
    [ ] Scan custom extensions:

    [X] Exclude user extensions: lnk

    [X] Scan boot sectors
    [X] Scan packed files
    [X] Scan archives
    [X] Scan emails
    [X] Enable heuristic detection
___________________________________________________________

Scan Statistics
___________________________________________________________

Scan started:   Thursday, June 23, 2005 11:45:41
Scan duration:   0 days, 00 hours, 54 minutes, 12 seconds
Completion status:   Successful

Total files scanned:   268712
Total files skipped:   29
Identified viruses:   4
Scan speed:   82.63 files/sec

Files skipped:
    C:\WINDOWS\system32\config\system.LOG [Open Failed]
    C:\WINDOWS\system32\config\software.LOG [Open Failed]
    C:\WINDOWS\system32\config\default.LOG [Open Failed]
    C:\WINDOWS\system32\config\SAM.LOG [Open Failed]
    C:\WINDOWS\system32\config\SECURITY.LOG [Open Failed]
    C:\WINDOWS\system32\config\DEFAULT [Open Failed]
    C:\WINDOWS\system32\config\SECURITY [Open Failed]
    C:\WINDOWS\system32\config\SOFTWARE [Open Failed]
    C:\WINDOWS\system32\config\SYSTEM [Open Failed]
    C:\WINDOWS\system32\config\SAM [Open Failed]
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\AlexaRelated.zip=>related.htm [Password protected]
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip=>sbRecovery.reg [Password protected]
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\FunWeb.zip=>sbRecovery.ini [Password protected]
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch.zip=>f3initialsetup1.0.0.8-2.inf [Password protected]
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip=>sbRecovery.reg [Password protected]
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWebSearch1.zip=>sbRecovery.ini [Password protected]
    C:\Documents and Settings\All Users\Application Data\bg500000.tmp [Open Failed]
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG [Open Failed]
    C:\Documents and Settings\NetworkService\ntuser.dat [Open Failed]
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
    C:\Documents and Settings\LocalService\ntuser.dat.LOG [Open Failed]
    C:\Documents and Settings\LocalService\ntuser.dat [Open Failed]
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG [Open Failed]
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat [Open Failed]
    C:\Documents and Settings\user\ntuser.dat.LOG [Open Failed]
    C:\Documents and Settings\user\ntuser.dat [Open Failed]

___________________________________________________________

Infected Files
___________________________________________________________

----[  Infected Files  ]------------

Virus:   Backdoor.Irc.Detox.B
    C:\WINDOWS\system32\cfmon.exe

Virus:   Backdoor.Poebot.B
    C:\WINDOWS\system32\spoolsvc.exe

Virus:   Backdoor.Sdbot.JG
    C:\WINDOWS\system32\msconfg.exe

Virus:   Backdoor.Sdbot.YR
    C:\WINDOWS\system32\wincrs.exe
« Last Edit: June 23, 2005, 10:18:05 AM by jowy1511 »
Logged

Offline Cretemonster

  • Jr. Member
  • **
  • Posts: 88
  • Karma: +0/-0
    • View Profile
Need trojan.rootkit.h removal
« Reply #1 on: June 24, 2005, 04:59:26 AM »
We need to see a HijackThis log!

Use the link below to get started
http://www.thetechguide.com/forum/index.php?showtopic=14623
Logged
Pages: [1]
« previous next »