Windows defender quaratined this virus. Backdoor:Win32/Cycbot.B
Anyone have a procedure for removing it?? Thanks
Anyone have a procedure for removing it?? Thanks
Virus: Backdoor:win32/cybot.b
- Thread starter benakj
- Start date
Welcome
Dont take a chance, dont listen to anyones advice other than our expert. I will summon for her help.
She will make sure that it is completely removed
Jacee is off line. She will help asap.
Dont take a chance, dont listen to anyones advice other than our expert. I will summon for her help.
She will make sure that it is completely removed
Jacee is off line. She will help asap.
My Computer
System One
-
- Manufacturer/Model
- Dell XPS420
- Memory
- 6 gig
- Graphics Card(s)
- ATI Radeon HD3650 256 MB
- Sound Card
- Intergrated 7.1 Channel Audio
- Monitor(s) Displays
- Dell SP2009W 20 inch Flat Panel w Webcam
- Hard Drives
- 640 gb
- Cooling
- Fan
- Keyboard
- Dell USB
- Mouse
- Dell USB 4 button optical
- Other Info
- DSL provided by ATT
Hello, first thing i would run would be this : How to use Malwarebytes' Anti-Malware to scan and remove malware from your computer
Post back your results please .
Post back your results please .
My Computer
System One
-
- Manufacturer/Model
- Emachine ET 1161-05
- CPU
- AMD Athlon 64 LE-1640
- Motherboard
- eMachines MCP61PM-GM (Socket AM2 )
- Memory
- 2.00 GB Dual-Channel DDR2 @ 387MHz (6-6-6-18)
- Graphics Card(s)
- Acer E181H (1280x768@60Hz) 128MB GeForce 6150SE nForce 430 (
- Sound Card
- Realtek High Definition Audio
- Monitor(s) Displays
- Name Acer E181H on NVIDIA GeForce 6150SE nForce 430
- Screen Resolution
- 1280x768 pixels
- Hard Drives
- ST316081 5AS SCSI Disk Device
- PSU
- MCP61PM-GM 9000 NVIDIA Chipset Model MCP61 Chipset Revisio
- Case
- Tower
- Cooling
- Fan Speed 1247 RPM
- Keyboard
- Standard PS/2 Keyboard
- Mouse
- PS/2 Compatible Mouse
- Internet Speed
- http://www.speedtest.net/result/1538974261.png
I just checked at Bleeping Computer and this one is not good at all : A security expert there has posted this :
should also tell you this about this backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
Which that in mind, wait on our expert Jacee and see what she says .
should also tell you this about this backdoor trojan.
This allows hackers to remotely control your computer, steal critical system information and download and execute files.
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
Which that in mind, wait on our expert Jacee and see what she says .
My Computer
System One
-
- Manufacturer/Model
- Emachine ET 1161-05
- CPU
- AMD Athlon 64 LE-1640
- Motherboard
- eMachines MCP61PM-GM (Socket AM2 )
- Memory
- 2.00 GB Dual-Channel DDR2 @ 387MHz (6-6-6-18)
- Graphics Card(s)
- Acer E181H (1280x768@60Hz) 128MB GeForce 6150SE nForce 430 (
- Sound Card
- Realtek High Definition Audio
- Monitor(s) Displays
- Name Acer E181H on NVIDIA GeForce 6150SE nForce 430
- Screen Resolution
- 1280x768 pixels
- Hard Drives
- ST316081 5AS SCSI Disk Device
- PSU
- MCP61PM-GM 9000 NVIDIA Chipset Model MCP61 Chipset Revisio
- Case
- Tower
- Cooling
- Fan Speed 1247 RPM
- Keyboard
- Standard PS/2 Keyboard
- Mouse
- PS/2 Compatible Mouse
- Internet Speed
- http://www.speedtest.net/result/1538974261.png
That thread is here : http://www.bleepingcomputer.com/forums/topic354181.html
My Computer
System One
-
- Manufacturer/Model
- Emachine ET 1161-05
- CPU
- AMD Athlon 64 LE-1640
- Motherboard
- eMachines MCP61PM-GM (Socket AM2 )
- Memory
- 2.00 GB Dual-Channel DDR2 @ 387MHz (6-6-6-18)
- Graphics Card(s)
- Acer E181H (1280x768@60Hz) 128MB GeForce 6150SE nForce 430 (
- Sound Card
- Realtek High Definition Audio
- Monitor(s) Displays
- Name Acer E181H on NVIDIA GeForce 6150SE nForce 430
- Screen Resolution
- 1280x768 pixels
- Hard Drives
- ST316081 5AS SCSI Disk Device
- PSU
- MCP61PM-GM 9000 NVIDIA Chipset Model MCP61 Chipset Revisio
- Case
- Tower
- Cooling
- Fan Speed 1247 RPM
- Keyboard
- Standard PS/2 Keyboard
- Mouse
- PS/2 Compatible Mouse
- Internet Speed
- http://www.speedtest.net/result/1538974261.png
As posted wait for the Security experts. You can have trouble if not done correctly.
My Computer
System One
-
- Manufacturer/Model
- Dell XPS420
- Memory
- 6 gig
- Graphics Card(s)
- ATI Radeon HD3650 256 MB
- Sound Card
- Intergrated 7.1 Channel Audio
- Monitor(s) Displays
- Dell SP2009W 20 inch Flat Panel w Webcam
- Hard Drives
- 640 gb
- Cooling
- Fan
- Keyboard
- Dell USB
- Mouse
- Dell USB 4 button optical
- Other Info
- DSL provided by ATT
Hi benakj, first of all, pay special attention to Yard Dog's post. You will need to follow the steps to change all your passwords, using a "clean" computer, not the infected one.
Next, let's flush the dirty DNS cache, and restore MS's Hosts file:
Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop.
Vista and Windows 7 users ... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.
Now, download Malwarebytes' Anti-Malware and "save" to your desktop
Download Malwarebytes' Anti-Malware 1.51.2.1300 Free - Thoroughly detect and remove even the most advanced malware - Softpedia
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
After doing the above, download Dr.Web CureIT! and "save" it to your desktop.
Dr.Web CureIt
alternate download link
Right click to run as Administrator
Scan with Dr.Web CureIt as follows:
Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
Next, let's flush the dirty DNS cache, and restore MS's Hosts file:
Copy and paste these lines in Note pad.
@Echo on
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1 localhost>HOSTS
attrib +r +h +s hosts
popd
ipconfig /release
ipconfig /renew
ipconfig /flushdns
netsh winsock reset all
netsh int ip reset all
shutdown -r -t 1
del %0
Save as flush.bat to your desktop.
Vista and Windows 7 users ... right click the .bat file and choose to run as Administrator. Your computer will reboot itself.
Now, download Malwarebytes' Anti-Malware and "save" to your desktop
Download Malwarebytes' Anti-Malware 1.51.2.1300 Free - Thoroughly detect and remove even the most advanced malware - Softpedia
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad. Please save it to a convenient location. Copy and Paste that log into your next reply.
After doing the above, download Dr.Web CureIT! and "save" it to your desktop.
Dr.Web CureIt
alternate download link
Right click to run as Administrator
Scan with Dr.Web CureIt as follows:
Read the anti-virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
- The Express scan will automatically begin.
(This is a short scan of files currently running in memory, boot sectors, and targeted folders). - If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
- If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
- After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
- In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
- Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
- Please be patient as this scan could take a long time to complete.
- When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
- Click Select All, then choose Cure > Move incurable.
- In the top menu, click file and choose save report list.
- Save the DrWeb.csv report to your desktop.
- Exit Dr.Web Cureit when done.
- Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
- After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)
My Computer
System One
-
- Manufacturer/Model
- Bruce ... somewhere in his 40's
- CPU
- Intel(R) Core(TM)2 Quad CPU
- Motherboard
- INTEL/D975XBX2
- Memory
- 4 GB
- Graphics Card(s)
- ATI Radeon HD 2600 Pro
- Monitor(s) Displays
- Samsung SyncMaster 914v
- Screen Resolution
- 1280 x 1024
- Hard Drives
- 2/500GB each ... ST3500630AS ATA Device.
One is not connected
- PSU
- Rocketfish 700 W
- Case
- G.Skill Gigabyte Chassis
- Keyboard
- Standard PS/2 Keyboard
- Mouse
- Microsoft PS/2 Mouse
- Internet Speed
- DSL
- Other Info
- ATI HDMI Audio