Solved backdoor win32 cycbot.b

Has anyone experienced backdoor win32 cycbot.b

I was hit last night. Defender & McAfee both responded (Defender shows it as Quarantineed - successful) - I instructed it to be removed, but am definitely having problems. The best I can tell it is isolated to 1 user. Keeps changing my connection to proxy server.

Hi,

Look here for the removal instructions: -

Backdoor.Cycbot Removal - Removing Help | Symantec

Complete an on line check here: -

http://security.symantec.com/sscv6/home.asp?langid=ie&venid=sym&plfid=24&pkj=PUFUHODEQOHBDJQEEFG

Hi FCUSA,

Here's what someone (the same person who provides the removal instructions that follow) said about this particular infection. It doesn't sound good - but before you take drastic action like re-installing, let's try these options and then get an opinion from Jacee. http://www.bleepingcomputer.com/forums/topic354181.html/page__p__1977393#entry1977393.


I'm not the security expert, so I'll just offer some advice on a removal process that seems to have worked for at least one person (and was posted by someone with MANY posts): how do i remove Backdoor:Win32/Cycbot.B.

Running the second link Lottie suggested may also be beneficial. The first one, however, seems to want you to have a Norton Product and even though most are available as free trials, I recommend staying away from Norton products as I've seen them cause too many problems (and are sometimes hard to fully remove as well even using the special Removal Tool) - but even if you do this (if only the second link or you decide to download Norton despite my strong recommendation against it) I would still do the process I recommended above to be on the safe side. A bit of overkill won't hurt and may have a better chance of resolving the problem.

If that doesn't work, then we'll need to request assistance from Jacee, our security expert and malware removal guru. Post back and let me know how it goes and, if necessary, I'll alert her to the presence of this thread.

I hope this helps.

Good luck!

Hey - what a happy day!

I am waiting for my registration to go through at that site. I did actually find that this morning. I have run a full McAfee scan and it did not find anything. I also ran Defender and it quarantined it and then removed it. I had trouble getting IE and also Firefox working, but that has been resolved with setting changes. Then just a moment ago, I received another notice from Defender.

I wonder if this is isolated to the one user? I did go to a different user last night and all seemed to be working alright (that is also how I noticed the internet connection / proxy had changed. I cannot believe this.

I am going to try to find out from there if it is isolated to the one user; also am I actually infected - it sure seemed like the firewall prevented it - just don't know.

Hi FCUSA,

McAffee and Defender are not going to help with this particular infection (unless they actually blocked it before it could install) - and it is a serious one (not to be taken lightly). You need to start with the procedure I posted and use both of the recommended programs. Then we need to have Jacee take a look even if it seems to have worked (given how serious it is).

Maybe you were protected, but we don't know that for sure - so we should assume you weren't and do the removal procedures and then let Jacee have a look and verify that you really are clean.

Good luck!

OK - I have switched users so I can stay on-line. Are you saying run these two suggestions:

OK, I would run these tools. DrWeb CureIt and MBAM.
This can be a long scan.

Just another thought - these posts are from mid October (I have not received my login verification for this forum yet - so I cannot post) - Defender and McAfee update daily.

I understand that you want to believe this isn't a problem and are trying to find reasons to justify that (and that's a pretty good one), but this particular infection is just too dangerous to fool around with. Did you read the first link in my first post about what this can do and how some experts don't even think it can ever be resolved without a clean install and that your financial information and passwords and such may now be in someone's hands? I hope you're right and it didn't get past your defenses and you're not infected and this is a big waste of time - but we really can't take that chance with this infection. So please do the two (long) scans and remove anything they find. If possible, post the results here (a file or a screenshot or whatever) so we can see what they found, what they removed, and what they didn't remove. Then we'll call in Jacee to verify that you really are clean.

Good luck!

Oh, no I read it and am freaking. Do you think it is isolated to one user?

Hi,

When the software does it's checks, it will check all files & users. So you should just do the checks! OK?

thanks - I just printed everything to go over and that was my question - If I needed to be in a specific user or not?

Hi,

Please bear in mind that for protection the software to work it's "best" & "Easiest" magic, you should be in the user with the infection.

Both programs are run in Safe Mode so you won't be in any particular user account anyway. If you have to reboot into normal mode (it could happen with MBAM but only sometimes), then choose the account with the problems.

I don't want to seem like an idiot - but the instructions say to save it to the desktop - will I be prompted for that or does it happen automatically?

You should be asked if you want to Run or Save or Save As. Choose Save As and then go to the desktop in the selection window and choose that location. It should then save it to the desktop.

Thanks - just to better understand - does Defender/McAfee have partitions on the users or is it the computer? And does it matter where I run the scans recommended from? I'm sorry..

Defender & McAfee run for the entire computer - not individual users (though they check each user). Same for these other two programs. And yes, you should do so in Safe Mode as recommended.

Thank you - Ta Ta and wish me luck!

Good luck! You'll be fine. Just relax and take it one step at a time and it will work out.

Ok - I really ran into my first snag - there was only an option of RUN or SAVE, when I clicked save it went to a screen that said

"Your download will begin shortly. If it does not, click here to start it manually"

Afraid that it was going to download into 'nowhere' I did click 'Here' but those options didn't sound like your suggestion.