Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

Backdoor.Frauder


OkayNowWhat

Recommended Posts

IObit Security 360

OS:Windows XP

Version:1.3.0.10

Define Version:1288

Time Elapsed:00:04:45

Objects Scanned:45735

Threats Found:2

 

|Name|Type|Description|ID|

 

Backdoor.Frauder - Removed, Registry Key, HKEY_CLASSES_ROOT\BhoNew.Bho.1, 4-18838

 

Adware.OSS - Removed, Registry Key, HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ONESTEP_SEARCH_SERVICE, 4-28122

 

 

I have attempted to "remove" the two (2) above listed threats after scanning, but they still remain. Is there something else I can do to get rid of these pests? Please assist- thanks :smile:

Link to comment
Share on other sites

Stop them from running first.

 

Open your task manager then stop them from running in the background. Then run your scan and remove them. Then restart system.

 

This might remove them, but others here are more knowledgable here than I.

 

Hopefully they will post soon as well!

Link to comment
Share on other sites

Not Sure What To Stop...

 

Melvin_Deal,

 

I really appreciate your input.

 

From your response, I understand that I will need to go into my Task Manager to stop them from running in the background. However, as I look in "Processes" I'm not quite certain which "Image Name" process(es) need to end. I could really use some additional input/analysis from those with more knowledge in this area and look forward to additional postings.

 

Thanks in advance for your help. :?

 

ONW

Link to comment
Share on other sites

Hey enoskype,

 

Thanks for your assistance.

 

To be honest with you, my not being a computer expert, I'm not quite sure what it means to "manually get rid of" the threats (IE Antivirus and OneStepSearch). After reading the website instructions it is my understanding that possibly each and every one of these files needs to be deleted manually? :-? If that's the case then this is way too big a project for this everyday computer person, besides the fact that I am not that confident to get it all correct and actually fix the problems.

 

Quite respectfully, I had thought that by downloading IObit Security 360, it would scan my computer and remove these type of threats (which seemed actually occur- only to find out they remained). At the risk of sounding naive, I am hoping that perhaps there is an easier process than manual deletion of multiple files. However, if this is the situation, I guess my only other alternative would be to seek out a local professional to fix the problems.

 

If, in fact, you feel that this can be accomplished without a significant task of "hunt and destroy" (or hiring an outside computer expert), please let me know as this has become a major frustration for me.

 

Thanks again- 8)

 

OWN

Link to comment
Share on other sites

Hi again,

 

Unfortunately, the malware that you have got are not easy ones and in fact very nast ones. If you have noticed, root is infected and IS360 is not one for the root nasties. Have a look at THIS page for a rootkit detection.

 

Of course, it will be better if you have a person with computer knowledge, but also it is not a big deal to get rid of them manually if you follow the guidence exactly.

 

As you may know, this is not a security forum, and there are some forums only for security.

 

If you choose not to do it manually, my suggestion will be going to those forums and follow the instructions of the experts there will certainly help you to get rid of those.

 

The other alternative is connecting to a computer expert remotely and let him do all the procedure.

 

I hope this was helpful.

 

Cheers.

Link to comment
Share on other sites

  • 2 months later...

backdoor.frauder removal method

 

I discovered that the virus had attached itself to the google toolbar in Internet Explorer, even though I don't use Explorer at all. I deleted the "google toolbar" from Explorer using ASC, and then ran a registry fix. The backdoor.frauder turned up as an "obsolete program" and was repaired (deleted). see updated comment for permanent solution. Even when you never use IE it's a pain in the hard drive.

Link to comment
Share on other sites

Hi friend!!

 

Hi OkayNowWhat,

 

Go to THIS page, follow the instructions and manually get rid of the IE Antivirus. (BhoNew.Bho.1)

 

Go to THIS page, follow the instructions and manually get rid of OneStepSearch.

 

Please post HijackThis report of IS360 afterwards.

 

Cheers.

Hi my special friend. I don't have any viruses, but I always read your posts to see what I can learn. When I clicked on your (this) I got this warning. I know you would not post any thing dangerous on the forum, and I'm just curious about this warning I got. Please do not assume I'm finding any thing negative with your post my friend. I know you to well to think you would post a dangerous site on the forum.===garybear I'm just curious about the warning I got which probably means nothing serious. Thanks friend!!!

Link to comment
Share on other sites

Thanks garybear.

 

Add-ons, such as WOT and McAfee SiteAdvisor rates the sites if they have a link to an unwanted program and so on.

 

In that case there is 1 download out of 20, which is ss_install.exe, and said to include a trojan. That file also is an old file from july 2009.

 

That doesn't mean that that page itself is malicious. Think about last November, the IObit forum!!! There were links to virus samples for IObit to use in their database.

 

I have given that page as there is a decription of manual deleting of the said virus. Entering to that page will not be harmful to the PC.

 

Cheers.

Link to comment
Share on other sites

Hi friend!!

 

Thanks garybear.

 

Add-ons, such as WOT and McAfee SiteAdvisor rates the sites if they have a link to an unwanted program and so on.

 

In that case there is 1 download out of 20, which is ss_install.exe, and said to include a trojan. That file also is an old file from july 2009.

 

That doesn't mean that that page itself is malicious. Think about last November, the IObit forum!!! There were links to virus samples for IObit to use in their database.

 

I have given that page as there is a description of manual deleting of the said virus. Entering to that page will not be harmful to the PC.

 

Cheers.

Hi friend, Thanks !! You cleared that up. The only way I learn is ask questions. I trust you and always read your posts, even if they don't pertain to me. ===garybear

Link to comment
Share on other sites

backdoor frauder

 

An addendum to my previous blog. backdoor frauder is JS: downloader-TJ version 100224-1 and I had tried to isolate it in a virus vault in Avast and several other anti spyware. Avast only eliminatyed the symptoms of the virus, not the source files. What worked was dumping Avast and loading AVGFree as my main antivirus system. AVGFREE detected the virus even before it was fully installed. It then grabbed the affected windows temp files and stuck them into the virus chest. Took most of the afternoon to find an antivirus that worked on this trojan but the problem is fixed.

Link to comment
Share on other sites

Guys, come on...

 

Our new member here seems to be clearly in need of help. Would we let that computer go to a shop, where they'd probably format it and charge a fortune ?

 

Google finds a quick and easy answer for removing those rather old and not-so-nasty detections, so... am I the only one who has spotted it ?

 

===

===

Link to comment
Share on other sites

Which new member

 

Guys, come on...

 

Our new member here seems to be clearly in need of help. Would we let that computer go to a shop, where they'd probably format it and charge a fortune ?

 

Google finds a quick and easy answer for removing those rather old and not-so-nasty detections, so... am I the only one who has spotted it ?

 

===

===

 

I'm not sure which new member you are referring to ?

 

alice005 likes reading posts by enoskype and has Sig Spam

 

blsegal has fixed the problem and has shared the fix with us. Thanks for that blsegal :smile:

 

But I guess you mean OkayNowWhat who posted in Dec 1st and 2nd 2009 ?

 

 

All the best, woz of oz

Link to comment
Share on other sites

Hi So_sad

Don't feel bad about it. I made the same blunder a couple of days ago!

Don't know why - perhaps I hadn't read it before - or perhaps it just caught my eye. :-)

Cheers

solbjerg

 

 

That'll teach me for not looking at the dates.

 

Sorry guys, Woz is right, I was talking about OkayNowWhat.

That also explains the "old" detections.

 

I'll have a better look next time.

 

Carry on.

 

===

===

Link to comment
Share on other sites

Thanks solbjerg.

 

You know what ? When Woz pointed out the date, I mistakenly thought it was December 2008 lol. OkayNowWhat posted less than 90 days ago, so it's not that old. Those adwares have been seen since mid-to-late 2008.

 

Anyways... I rarely miss a date thing like that so I'll try to not let it happen too often.

 

===

Link to comment
Share on other sites

You know what So_sad

I like integrity - and I believe you have it!

 

I think my mistake was older than yours :-)

Cheers

solbjerg

 

Thanks solbjerg.

 

You know what ? When Woz pointed out the date, I mistakenly thought it was December 2008 lol. OkayNowWhat posted less than 90 days ago, so it's not that old. Those adwares have been seen since mid-to-late 2008.

 

Anyways... I rarely miss a date thing like that so I'll try to not let it happen too often.

 

===

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...