Where do I go if I just found a new backdoor virus on my computer?

[lchyi]

I just found a backdoor on my desktop that was installed when I got my computer hijacked sometime this afternoon. I don't know what to do with it and I can't find it on Google. Any suggestions?

 

[j00fek]

nav scan, avast online scan... or the operating sys forum

 

[mchammer]

MS a free help number.

 

[Rubycon]

This is supposed to work pretty well.

PM someone by the name of mechBgon - he may be able to help you out. 🙂

 

[lchyi]

It's a poorly written backdoor it seems, I can already locate where it put all it's files in. It also modified some of my files: ftp.exe tftp.exe and cscript.exe, copied to a backup folder in the Windows/system32 folder.

I have a firewall setup now, you think that should make me safe enough to figure this out online?

 

[mchammer]

Originally posted by: lchyi
It's a poorly written backdoor it seems, I can already locate where it put all it's files in. It also modified some of my files: ftp.exe tftp.exe and cscript.exe, copied to a backup folder in the Windows/system32 folder.

I have a firewall setup now, you think that should make me safe enough to figure this out online?

No, disconnect your cord and use another PC. It could send out you data or let other trojans in.

 

[DeviousTrap]

Why not just run an antivirus program as well as a spyware check?

 

[imported_LoKe]

Originally posted by: lchyi
It's a poorly written backdoor it seems, I can already locate where it put all it's files in. It also modified some of my files: ftp.exe tftp.exe and cscript.exe, copied to a backup folder in the Windows/system32 folder.

I have a firewall setup now, you think that should make me safe enough to figure this out online?

IMO firewalls are useless for personal computers. Jsut run an AV periodically and follow the guide in the software forum and you should be good to go. Also, as an above poster said, MechBgon is great at figuring this crap out.

 

[lchyi]

I've run Anti-Vir directly on the file itself (it was left on the desktop by the bum who installed it) and nothing shows up as a virus. It looks like just a simple batch file to install and modify files in my windows directory. One of the few files stem from this site which is a german hosting site home.pages.at and on his directory contains all these files it installed. I've already contacted the company to shut it the directory down.

I guess this thing is pretty new, the last modified files were in february of this year.

 

[lchyi]

Would it be illegal to post the install.bat contents in text format? I hope maybe some of you can figure out what it's exactly doing to my computer.

 

[ghostman]

If this happened on my personal machine, I'd wipe it clean and start fresh. As such, this has happened a few times when I worked as a PC Tech at my university. No, an AV won't pick those files up because they are all legit programs. I doubt a spyware app would either since an FTP server is not spyware if you installed it yourself. And YES, a firewall is valuable on a personal computer. ZoneAlarm prevented my computer from being infected during that summer of viruses (I forgot their names... blaster? sobor?) while other machines were infected before their AV updates were available.

I doubt there is any harm posting the batch file, although I suspect there it will give hints for people wanting to write one of their own. Additionally, it'll probably point to the locations to download the software. But don't take my word for it if you get banned.

Additionally, run an application like TCPView (google it) to identify applications trying to connect to the net that's not supposed to be there (it's like netstat, but is GUI and with more options).

Still, the surest way is to do a clean build.

 

[Zim Hosein]

Originally posted by: lchyi
Would it be illegal to post the install.bat contents in text format? I hope maybe some of you can figure out what it's exactly doing to my computer.

Nope, but you might want to post that info in the right forum IMO lchyi 🙂