Announcement

Collapse
No announcement yet.

HELP PLZ! Not sure if this is a virus

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • HELP PLZ! Not sure if this is a virus

    In c:\program files\NortonAntivirus\quarantine\portal\1FD11D37.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
    In c:\program files\NortonAntivirus\quarantine\portal\192A51AD.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
    In c:\program files\NortonAntivirus\quarantine\portal\19891345.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
    In c:\program files\NortonAntivirus\quarantine\portal\1B7D2B1F.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
    In c:\program files\NortonAntivirus\quarantine\portal\1BFC1093.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
    In c:\program files\NortonAntivirus\quarantine\portal\1C475640.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
    In c:\program files\NortonAntivirus\quarantine\portal\1CAC6BD1.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
    In c:\program files\NortonAntivirus\quarantine\portal\1DF0286D.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
    Norton doesn't find anything. Also the 1FD11D37.exe file is in the quarantine directory, not the portal subdirectory.
    Is AVG making a mistake? Actually when I try to delete the file from AVG it causes NAV to make the w32.spybot.worm autodelete alert come up!



    Another problem I have is that when I run NAV or AVG it seems to cause the production(??) of w32.spybot.worm which is automatically deleted by NAV. I'd rather it wasn't created in the first place! The "help" from Systemac doesn't work so I don't know what to do about that one either.



    AVG also detects c:\winnt\system32\msdtc\driver\mstdtc.xlSO as a virus (IRC/BackDoor.Flood) but NAV says it's Ok. Should I delete the file???


    Any ideas Machine? Brody? Yenz? Anyone?
    Last edited by Convict; 1 Dec 2004, 07:36 PM.
    Night of the Werewolves II
    HarryPotterwars
    A Thief's Guide to Thievery for UT (video not complete yet)

  • #2
    a good site for this stuff is to go to the forums here: http://forums.spywareinfo.com

    At the moment you will need to register (free) before see anything per this message:
    http://forums.spywareinfo.com/index.php?showtopic=32062


    The rest may be useless, but anyway...

    Based on the path, looks like NAV had found it an quarrantined it, which may be why it gets ignored. AVG does not know this though, so it alerts you. This is a guess on my part though.

    Some thes things are nasty, and can recreate themselves if deletes throught normal means.

    Not sure about the file.
    Give some taffer fire, and you'll keep him warm for the night with one less reason to cause trouble for the master.
    Set a taffer on fire, and he will be warm for the rest of his life, and have no need to bother the master.

    Comment


    • #3
      That link just says guests can't access forums.

      Can I delete the quarantined files?

      Can I delete mstdtc.xlSO?

      Why does the worm get created whenever I run antivirus stuff?
      I'll try asking at forums also thx.
      Night of the Werewolves II
      HarryPotterwars
      A Thief's Guide to Thievery for UT (video not complete yet)

      Comment


      • #4
        check out this great site for Information like "what is it", "what does it", " how to fix it".
        A real huge Man will neither stamp on a Worm, nor crawl for an Emperor

        Thievery Customs Center
        Vietcong Customs Center

        Comment


        • #5
          You CAN delete Quarantined files, Bos is quite right in what he says about Norton ignoring those files. The best solution is to find the option in Norton to remove the quarantined files, they only exist in case the software makes a mistake.

          You MAY be getting the worm whenever you launch the virus software because the virus has attached itself to the avg 'exe' file, in this instance what you can possibly to is to create a rescue disk. I once did this ages ago with Mcaffee I think, basicly it's a boot disk with a virus scanner on it, and you scan your HD in DOS prior to windows loading up, DOS does have TSR's which run behind the scenes but I doubt that the virus would infect at that level, if it did you wouldn't notice because XP disregards the autoexec.bat.

          Anyway, thats a last resort but could clear your machine. OR ultimately with this new found knowledge you have, I would wipe the entire machine and install everything anew. If you keep those spyware, adware and virus software up to date then I think you'll have a spanky clean system for good. At least then you've wiped the slate clean.

          Whilst your at it, partition your drive to sperate your OS, Games and important Data. I did this during university and even now, find it a SUPERB way of keeping my information safe. If my OS crashes or gets infected (It never does) but if it did, I'd just reinstall it, all my games, MP3s work, PoRn etc.. is safe on the other drives / partitions. Nothing lost.
          ~TuF~

          Comment


          • #6
            Originally posted by Brody
            check out this great site for Information like "what is it", "what does it", " how to fix it".
            Damn you. For a second there I thought you were linking to Google.


            ...no. I don't have anything useful to say.
            Ah, to be a hero. Keeping such company...

            Comment


            • #7
              Originally posted by Convict
              In c:\program files\NortonAntivirus\quarantine\portal\1FD11D37.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
              In c:\program files\NortonAntivirus\quarantine\portal\192A51AD.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
              In c:\program files\NortonAntivirus\quarantine\portal\19891345.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
              In c:\program files\NortonAntivirus\quarantine\portal\1B7D2B1F.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
              In c:\program files\NortonAntivirus\quarantine\portal\1BFC1093.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
              In c:\program files\NortonAntivirus\quarantine\portal\1C475640.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
              In c:\program files\NortonAntivirus\quarantine\portal\1CAC6BD1.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
              In c:\program files\NortonAntivirus\quarantine\portal\1DF0286D.e xe AVG finds a trojan horse called IRO/BackDoor.SdBot.84.U
              These are viruses that norton has just shoved in quarantine. Basically, rather than delete them, it renders them harmless and stores them in this folder. You delete them pretty safely. It's only used in case norton finds a virus in a file that actually contains something you need, so you can restore it.

              Originally posted by Convict
              Norton doesn't find anything.
              That's because Norton ignores the viruses it has already put into quarantine.

              Originally posted by Convict
              Also the 1FD11D37.exe file is in the quarantine directory, not the portal subdirectory.
              Sounds like jsut another virus NAV has put away.

              Originally posted by Convict
              Is AVG making a mistake?
              No. They are actual viruses, but they aren't being executed or doing anything. They're just sitting in the folder.

              Originally posted by Convict
              Actually when I try to delete the file from AVG it causes NAV to make the w32.spybot.worm autodelete alert come up!
              Norton integrates with the windows shell so that every time a file is accessed, it gets a quick scan.

              (Aside: This degrades system performance quite a lot. You'll notice it in NAV 2004 and later, especially if you're doing an install. Try installing a program with NAV auto-protect activated, and then reinstall with it turned off. Time the difference. It can be huge)

              So basically, when AVG tries to access the file to delete it, Norton gives it a quick scan, and finds the virus. Because this is the auto-protect part of norton and not the scanning part, it doesn't take into account that the files have already been quarantined. If you disable norton, you should be able to delete the files easily with AVG. Or, just clean out the quarantined files via the norton interface. Either way, doesn't really matter.

              Originally posted by Convict
              Another problem I have is that when I run NAV or AVG it seems to cause the production(??) of w32.spybot.worm which is automatically deleted by NAV. I'd rather it wasn't created in the first place! The "help" from Systemac doesn't work so I don't know what to do about that one either.
              What do you mean, production of spybot.worm every time you run AVG or NAV? Every scan it finds this virus? Or every time you run NAV/AVG, NAV auto-protect / AVG resident shield alerts you to the virus?

              Originally posted by Convict
              AVG also detects c:\winnt\system32\msdtc\driver\mstdtc.xlSO as a virus (IRC/BackDoor.Flood) but NAV says it's Ok. Should I delete the file???
              Probably delete it. Google the file name, find out what it is.

              If I were you, I would only have the norton auto-protect running. Use AVG to do scans if you like, but there is little point having both of them chewing resources all the time. Norton is more comprehensive.

              Comment


              • #8
                Cheers Yenz. It worked deleting the quarantined files. The only virus AVG is picking up now is mstdtc.xlSO.

                w32.spybot.worm (Norton's name) come up when I'm running AVG part way through the scan.
                Night of the Werewolves II
                HarryPotterwars
                A Thief's Guide to Thievery for UT (video not complete yet)

                Comment

                Working...
                X