Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Virus help please!*backdoor.bot*

diamond_tears

By diamond_tears
in IObit Security 360

Recommended Posts

diamond_tears Newbie

diamond_tears

Posted
Posted

Im new here so idk if i posted in the right thread but i have this virus it says backdoor.bot on IObit security 360 beta 2.2 and i hit remove and it says remove completed but i do a scan again and it keeps on appearing it says its in my registry and i tried deleting it threw the registry too and it wont go away any help guys?

 

 

I have windows xp if that helps

Link to comment
Share on other sites
Leighton Newbie

Leighton

Posted
Posted

AFAIK backdoor.bot is ram-resident and must be disabled with taskmgr.exe from Start|Run|taskmgr.exe -or- ctrl+shift+esc before trying to remove it. If it's in RAM, it will recreate itself later. Try killing the task, then delete it with IS360 (assuming backdoor.bot hasn't disabled task manager). Give it a shot, it can't hurt.

Best of luck,

Leighton

Link to comment
Share on other sites
333halfevil Newbie

333halfevil

Posted
Posted
what would it be labled under task manager? cause i dont see any backdoor.bot in my taskmanager

 

Hello Diamond, please follow these steps: And remember do NOT delete anything.

 

Run Hijack Scan and save a log. Once a log file is saved to your desktop, please attach it to or paste it in this thread.

http://img30.imageshack.us/img30/7895/74140502.png

Link to comment
Share on other sites
333halfevil Newbie

333halfevil

Posted
Posted

Ok, thank you. Please remove the following by selecting them in Hijack Scan and clicking Delete and then run another scan with S360.

You must remove:

  • O4 - HKCU\..\Run: [MicrosoftUpdate] C:\Documents and Settings\Administrator\Application Data\taskeng.exe

 

You can remove the Ask Toolbar:

  • O23 - Service: ASKService - Unknown owner -C:\Program Files\AskBarDis\bar\bin\AskService.exe
  • O23 - Service: ASKUpgrade - Unknown owner -C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
  • O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
  • O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
  • Use the unlock and delete to remove:

    C:\Program Files\AskBarDis\bar\bin\AskService.exe

    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe


 

You may want to remove the AIM toolbar:

  • O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html

Link to comment
Share on other sites
333halfevil Newbie

333halfevil

Posted
Posted
Ok i deleted that and did the scan again and it showed up and i hit remove and then did another scan and its still there. gosh this virus is a pest (sorry for me being a pest)

 

Haha you're not being a pest don't worry. Please paste your scan log, which is found at "C:\Program Files\IObit\IObit Security 360\IObit Security 360 report.log".

Link to comment
Share on other sites
diamond_tears Newbie

diamond_tears

Posted
  • Author
Posted

ok lol heres the log it says it says it removed it but its still there >_<

IObit Security 360

 

OS:Windows XP

Version:0.2.2.8

Define Version:1103

Time:8/5/2009 12:01:50 AM

 

|Name|Type|Description|ID|

Tracking Cookies - Removed, Cookies, Cookie:administrator@ad.yieldmanager.com/, 7-1548

Backdoor.Bot - Removed, Registry Value, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon Value=Taskman, 4-6120

Link to comment
Share on other sites
danburrito Newbie

danburrito

Posted
Posted

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

 

 

Since you're using Avira now for your antivirus, please check Add/Remove Programs in Control Panel and remove Symantec's LiveUpdate.

 

If above entry is still there after uninstalling, you can simply remove it.

 

Might as well try the uninstaller from Symantec, also.

Link to comment
Share on other sites
danburrito Newbie

danburrito

Posted
Posted
umm ok i went to the add/remove programs and i dont see the Symantec's LiveUpdate?

 

 

Click here and download Norton's removal tool for whichever version of Norton's you have had on your machine before. After you've run it, reboot your computer, and if the entry

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

still exists, remove it.

Link to comment
Share on other sites
demitris Newbie

demitris

Posted
Posted

hi diamond

 

it is not wise to experiment all the time using your pc changing setting and so on

 

PCs do not malfunction if they are left alone (if you are using an extra old- pc its OK)

 

Now if u want to clear left overs and remove or simply disable useless services you can do it through CONTROL>ADMINISTRATING TOOLS>SERVICES........... OR U write msconfig in START SEARCH line /press enter.... where u can disable services

 

If u have ASC of IObit installed go ASC>Utilities>Administration Tools>Software Uninstaller>System Services........ It gives u the option to remove services

 

 

There is and other option to remove Useless-Left Folders in the Tree Structure in Windows Explorer

and to clear useless entries in REGISTRY (regedit in START SEARCH .....) given u are very-very-very carefull in what u are doing

 

cheers

Link to comment
Share on other sites
demitris Newbie

demitris

Posted
Posted

hi

 

OK diamond Do Nothing

 

anything i wrote in previous post is supposed to be for advanced users

 

i am using PCs for more than 20 years and believe it or not i made no mistake using all these cause i had learned much before i use anything

 

cheers

Link to comment
Share on other sites
solbjerg Newbie

solbjerg

Posted
Posted

Hi diamond

The one advice you should be following is to use the Symantec removal tool.

This ought to solve the problem you described.

 

After that if you still have a problem, describe it and we will try to give you step by step description of what to do.

 

Cheers

solbjerg

 

 

 

 

lol you guys are confusing me so what am i spose to be doing/using?
Link to comment
Share on other sites
demitris Newbie

demitris

Posted
Posted

hi Diamond

 

from you are attached reports it seems there is a servise for updating NORTON antivirus of SEMANTEC corp.

 

If u have a HEWLETT PACKARD (HP) pc , it comes with a preinstalled FREE TRIAL version (for a month i think) which the dealers sometimes remove and install a real free antiv like AVG,AVIRA,AVAST etc.

 

Or maybe u installed this NORTON antiv and after u removed it

 

u can browse in WINDOWS EXPLORER to see if there is folder with name SEMANTIC ....

 

AFTER uninstalling NORTON remains entries here and there and this applies and for other programs sometimes due to inadequate design of their uninstaller or for practical reasons

 

Usually these lefts are not a problem and i doubt if u can find more than 5% of all users worldwide with no left-overs like these.

 

Some Programs not very trusted maybe leave small programs behind in order to spy or other purposes (i don't believe SEMANTIC does)

 

Dnaburrito proposed u to download a Semantec Removal Tool which i personally don't prefer cause there is no garantee that this progam does not leave its own left-overs (i don't know)

 

Using msconfig and locating the service

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

u can disable it but u must be carefull (u can not remove it)

 

Finally i also advise u to follow Danburritos's suggestion and use NORTON REMOVAL TOOL

 

cheers

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...