Solved backdoor win32 cycbot.b

[derekimo]

done! (that is Saved)

Excellent, now you should be able to right click and extract or just double click, and you'll get the open folder just like the one I posted earlier.

 

[FCUSA]

OK -

I Extracted All
Tried Run as Admin
Received - May not have installed correctly, try installing with compatible settings (something like that)
I did - and nothing.

In this shot, if I right click it is the same as before (which may be it is supposed to be as the files have extracted?)

 

[derekimo]

OK -

I Extracted All
Tried Run as Admin
Received - May not have installed correctly, try installing with compatible settings (something like that)
I did - and nothing.

In this shot, if I right click it is the same as before (which may be it is supposed to be as the files have extracted?)

Perfect! now you have it extracted, sadly though I am not familiar with how that should be run so I will have to concede to the experts.

I think Jacee may have mentioned how to in her post.

I have to take care of some real life stuff so you should listen to those familiar with that now, glad I could help you this far though.

 

[FCUSA]

Thank you so much - I had no idea how much time it would take - you were exceptional!!

 

[derekimo]

Thank you so much - I had no idea how much time it would take - you were exceptional!!

You're very welcome and Thank you for the kind words.

I'm sure you'll be getting the rest of your help soon, Take care.

Derek

 

[niemiro]

Hello!

Just run the Flash Disinfector (Application) from that folder, and follow the prompts. Just ask if you need any help with that!

Richard

 

[FCUSA]

Hello -

I have tried. It asks for permission and acts like it will run (for a second) and then that is it.

 

[Jacee]

I have a question ... I see you have Spybot s&d installed. I would like you to disable TeaTimer, if it is installed too.

Now do this:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.

Tell me if you can open and run flash disinfector as Administrator now.
Click on the shield icon in the folder.

 

[FCUSA]

Hi Jacee -

Yes, I do have Tea Timer running - will follow instructions and get back to you.

 

[FCUSA]

OK - I followed instructions. I right clicked Flash Disinf and ran as Admin - no window comes - the drive (on the computer seems to be running) but nothing else.

Did Tea Timer prevent the first installation?

I just used the extracted file Derek provided (I'm fairly sure - there are so many on the desktop right now)

 

[Jacee]

Let's see what's blocking it ... download LockHunter LockHunter is a free 64/32 bit tool to delete files blocked by any processes

 

[FCUSA]

Downloaded. Run as Admin? Anything I should expect during the process?

 

[Jacee]

Yes to both. Look at the picture on the link.... what does it say is locking it?

 

[FCUSA]

It actually says nothing is blocking it.

I have 3 folders that ended up being created today, but I believe I have chosen correctly. The extracted file from Derek's zip - which is 298KB; the application that was corrupt is only 81.9KB
(on right clicking - I noticed 'What is locking this file?' is now available on both.

EDIT:

Just want to be sure we are on the same page. When I had to choose the file in LockHunter - it only allowed the full folder.

When going to the actual application in the folder directly and right click, it appears the file can now be checked right there. (I hope that was explained well enough).

 

[Jacee]

Do you have the flash drive plugged into your computer?

*** Note: Be sure to insert your flashdrives before you begin!
Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.

 

[FCUSA]

Yes, the flash drive is in and the only prompt I receive is if I want to allow the program to run - which I do' then nothing.

 

[Jacee]

Okay, it's done the same thing for me ... now let's do this part:
Exit the program.
Reboot your computer when done.
Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.

 

[FCUSA]

OK - FYI - at this point I only had the Flash Drive in as I anticipated another prompt to add other devices. Shall I just follow above to see if we have the file you are speaking of? (and if that worked then just do it again with the Backdrive?)

 

[FCUSA]

OK - I did the reboot and am looking at the Flash Drive - How do I go about finding the 'hidden file' on the flash drive and other partitions?

 

[Jacee]

Well I looked in my flash drive and I don't see a folder named autorun.inf

Click on your computer, then right click on the flash drive. Have it scanned by either Malwarebytes' or your anti-virus (or both) to see if that file is infected.