0
Backdoors
In terms of computer security, a backdoor is a hidden method to gain unauthorized access to a computer system. Questions about backdoors belong here.
678 Questions
How do you get rid of the stealth boot virus?
Run a couple of online virus scans
Run Malwarebytes Anti-Malware
Run a complete scan with free curing utility Dr.Web CureIt!
If you still have the problem you need to run
RootkitRevealer
www.Microsoft.com/technet/sysinternals/Utilities/RootkitRevealer.HTML
Sophos Anti-Rootkit
www.sophos.com/products/free-tools/sophos-anti-rootkit.HTML
And post your hijackthis log on a hijackthis forum (NOT HERE)
I'm not sure how to get rid of the stealth boot virus, I've never had it but I'm guessing that it opens during the boot process of your computer. One thing you could try is going to Start>run> and type msconfig. On the window that opens up go to startup then you can go to Google or some other search engine and type in the name of the startup items to see if any are not supposed to be there. Otherwise there are a couple programs out there that allow you to see what programs open at starup, you could find one that isn't supposed to be there. I hope this helps
using avast scan local disk at boot time;then check aswboot.txt after system restart
You need to run these 6 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run the vundo and combo fix
3. Run Malwarebytes Anti-Malware
4. Run the anti spyware removal programs spybot
5 Run Superantispyware
6. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
How do you get rid of Trojan viruses delupdat exe sui exe m3tsp8 dll?
Download and run Firefox to protect your computer from future spyware attacks and pop ups which are coming in through internet explorer (Trojan downloaders, win32 ).Browser attacks aren't easy to spot because they piggyback on legitimate traffic that doesn't exhibit many obvious warning signs
1. Run Deckard's System Scanner (DSS)
2. Run the vundo and combo fix
3. Run Malwarebytes Anti-Malware
4. Run the anti spyware removal programs spybot
5 Run Superantispyware
6. Run a complete scan with free curing utility Dr.Web CureIt!
I've found these a problem myself -my virus checker gets rid of them, but they pop back. A Google search took me to http://www.2-spyware.com/file-sui-exe.html which offers some free software to find 'Spyware' - since none of the antivirus sites I've looked at have anything to say about it. I haven't yet downloaded it yet, so I can't tell you if it works, but it is a possible option! 1. Delete the folder c:\program files\common files\updater and all files in it.2. Run regedit (Run Window). Drill into HKEY_LOCAL_MACHINE, SOFTWARE, MICROSOFT, WINDOWS, CURRENT VERSION, RUN folder. Remove the entry for "updater.exe".
Doing both of these steps will prevent the trojan from reinfecting your PC.
In addition to the updater directory in c:\program files\common files\, I found c:\updaterInstall_112.exe as being apparently responsible for creating the updater directory. Delete this .exe file also. Just found that if you scan with Norton it will find these files, sui.exe , wupdater.exe ect. and before telling Norton to erase them just press ctrl-alt-delete to access the task manager an in the processes tab , just highlight wupdater.exe and hit stop process. It will stop it letting the chance to Norton to erase it.The reason Norton cannot delete them is because it is running so can't be deleted.
Do the same with other.exe files you see in Norton scan and when all of them has been stopped, you can tell Norton to delete them and it will.
Try the following programs. They will stop all unwanted stuff from getting on your pc- I went to www.webattack.com and found a way to remove it by doing the following. I clicked on green link at the top of the page stating "FREEWARE", then clicked on virus tools/or you can search on that site for this program - "Avast home edition". It is the best freeware program, that i have ever used and removed the virus in no time. The Funweb A is a Trojan horse virus, and when Avast picked it up was going under another name - I think that's why everybody have difficulty in removing it, and can't find anything under funweb A because it is going under another name. Avast has also detected and removed 2 other virus infected files on my PC! It is important to do a live update of avast virus definitions and to set program to run a full system scan. Do download the full free home edition and not just the computer cleaner. It's AMAZING! Thank you so much Avast! Two programs going really well with Avast and also freeware on the same site is Ad-Aware spy detector and Zone Alarm firewall. I have all three and they work together like magic! Try it, you won't look back! I can confirm that Avast has picked up these trojans and another on one of my PCs despite me thinking I was fully defended. It seems to be considerably better than Norton although its not as user friendly to be honest. If you are a half way experienced user you should be fine with it, and for home use it's free! You can get rid of this trojan viruses delupdat exe sui exe m3tsp8 dll by following these steps .1 Download and intall the Malwarebytes on your computer.
2 Update your Malwarebytes .
3 Scan your computer for all the malwares in your computer.
4 Remove all the malware found while scanning with the malwarebytes.
5 Restart your computer.
You can take care of your problem with MalwareBytes at best. Just run a simple scan and you should have no problems. In the future however be very careful when downloading freeware. In order to sustain themselves, developers often overlook various threats bundled with their software.You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
Norton is junk. I fix computer every day and take out thousands of viruses and what I commonly see is Norton on the computer. That tell me that Norton is not working at all. Norton has lot of problem because it lives on your machine. New viruses come out by the second and Norton could not keep up with the update with its long distribution line and traffic jam up.
Where do I go to find the hidden files? 1. doesn't tell me enough about what window to be in to follow the instructions. Thank you
Go to the Start tab, Click it. Go to the control panel. On the tool bar click the tools tab, and find the folder options. click the folder options. Select "Show all hidden files". That should do it. When you are done fixing your PC, go back and select to hide folders and files.
You need to run these 6 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run the vundo and combo fix
3. Run Malwarebytes Anti-Malware
4. Run the anti spyware removal programs spybot
5 Run Superantispyware
6. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
How do you get rid of Trojan Spooner A virus?
Download and run firefox to protect your computer from future spyware attacks and pop ups which are coming in through internet explorer (Trojan downloaders, win32 ).Browser attacks aren't easy to spot because they piggyback on legitimate traffic that doesn't exhibit many obvious warning signs
1. Run Deckard's System Scanner (DSS)
2. Run the vundo and combo fix
3. Run Malwarebytes Anti-Malware
4. Run the anti spyware removal programs spybot
5 Run Superantispyware
6. Run a complete scan with free curing utility Dr.Web CureIt!
I used AVG free 6 to remove Spooner.A, the only part it didn't remove was form SP.exe in the root directory of C, i changed my settings to show hidden files and deleted it manually.
USE AVG FREE 7 TO REMOVE TROJAN HORSE SPOONER.A,IT ALSO REMOVES sp.exe ,WHICH IT DID NOT DO IN AVG FREE 6
For support within the United States and Canada, call toll-free (866) PCSAFETY (727-2338).
This is the Microsoft virus line, the call is free if you call them they will walk you though the steps for virus removal
Try to download and intall malwarebytes anitvirus software , upgrade and scan the computer for the virus .
How can you remove Trojan MusicSearch.AM in a subdirectory under c system volume?
Assuming you mean a subdirectory under 'C:\System Volume Information' and your anti-virus application has detected but cannot fix the problem :- select System Restore tab in System Properties (WinKey+Pause) and check the box marked 'Turn off System Restore on all drives', confirm, close System Properties and reboot. This will clear all files in 'C:\System Volume Information' and therefore the MusicSearch.AM problem. 'C:\System Volume Information' is not just a hidden folder, it's also system protected and as such, anti-virus software cannot write to any file within and therefore cannot delete or quarantine any infected file detected. To turn on System Restore, just reverse the above procedure. Hope this helps, Canis.
How do you get rid of a virus .pif file?
Unfortunately, IM viruses have become a very common problem lately. Generally, removing these viruses can be complex, and removal instructions vary depending on which virus you have. More detail would be useful.
There are however some general things you can do:
1. Your best solution is to use a virus scanner. If the scanner does not detect the virus, it may lead you to a removal tool online.
2. If you know the name of the virus you have, a simple search on a virus scanner's web site (such as www.symantec.com) will probably lead you to an automatic removal tool.
3. Check out Microsoft's security web site at They have some tools you can use to remove many of these types of viruses, especially for MSN Messenger. You can look up other IM web sites to see if they have a removel tool available.
4. Spyware removal software, such as Ad-aware, can sometimes clean some types of these viruses. Check out www.lavasoft.com for more.
5. Try a google search, and provide as many details as possible. It's very likely someone has posted removal steps somewhere for your virus.
You can get rid of this worm , by following these steps .
1 Download and intall the Malwarebytes on your computer .
2 Update your Malwarebytes .
3 Scan your computer for all the malwares in your computer .
4 Remove all the malwares , found while scanning with the malwarebytes .
5 Restart your computer ,
You need to run these 3 essential programs to remove all the spyware on your computer.
If you do not have an internet security suit and only an anti virus
1. Run Malwarebytes Anti-Malware
2. Run a complete scan with free curing utility Dr.Web CureIt!
3. Run the anti spyware removal programs spybot or Superantispyware
Browsers
Use Mozilla firefox or the google chrome browser for browsing unsafe websites
Install ThreatFire
ThreatFire, features innovative real-time behavioral protection technology that provides powerful standalone protection or the perfect complement to traditional signature-based antivirus programs offers unsurpassed protection against both known and unknown zero-day viruses, worms, trojans, rootkits, buffer overflows, spyware, adware and other malware.
Run an online virus scan like
Trend Micro HouseCall
Kaspersky free online virus scanner
Windows Live OneCare safety scanner
BitDefender Online Scanner
ESET Online Antivirus Scanner
F-Secure Online Virus Scanner
avast! Online Scanner
update your software by running
Secunia Online Software Inspector
Install a good antivirus in your computer.
Keep your antivirus updated. If automatic updates are available, configure your antivirus to use them.
Keep your permanent antivirus protection enabled at all times.
How do you remove download Trojan found at C windows temp dwh2691.tmp if Norton says access denied?
1. Download and run firefox to protect your computer from future spyware attacks and pop ups which are coming in through internet explorer (Trojan downloaders, win32 ).Browser attacks aren't easy to spot because they piggyback on legitimate traffic that doesn't exhibit many obvious warning signs . 2. Run the vundo and combo fix 3. Run Malwarebytes Anti-Malware
4. Run the anti spyware remove programs spybot
5. Run a complete scan with free curing utility Dr.Web CureIt!
What does Trojan horse TR Dldr Delf R do to your computer?
Trojan-Clicker.Win32.Delf.r
This Trojan hijacks Internet Explorer
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
The easiest way to get rid of it is to switch off system restore, then switch it back on again. This is done through 'System' in the 'Control Panel'. This deletes all of your restore points, so you'll have to do a manual 'restore point' afterwards. There are some antivirus programs that can get rid of viruses/trojans in restore point files, AVAST is one of them. You'll have to make sure that whatever antivirus program you're running is up-to-date though.
Here are opinions and answers from contributors: * One approach is to browse your competitors. See what brands they sell and then search for contact information for the manufacturers or distributors. * You can also try the Yellow Pages, the Internet or contact your local Chamber of Commerce.
Would Trojan Horse Dialer virus cause the constant beep you have after turning on your computer?
It usually does not cause your computer to beep but if you have a modem and a phone line it could dial some random numbers
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
How do you get rid of Trojan downloader Backdoor Ruledor D?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
If you download The Cleaner 4.1 Professional and use the trial version for now, it will sniff out any possible trojans on your computer and delete the ones it quarantines. I've tried it and it was very effective. You can download it here: http://www.moosoft.com/products/cleaner/download/
How do you delete backdoor ruledor d Trojan virus?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
the Ruledor.D Virus came when i arrived on this web site: ***://***.simplemp3s.com/ the virus immediately installed many spywares and Horoscope (!) files, developing a lot of false MS warning messages (telling my PC was not protected enough, & bla & bla...). The first of all, don't click on this pop ups windows... Juste do a ctr+alt delete and close all those apps.
Then, i ran Ad-Aware 6.0 and cleaned all new unwanted files. Then, i ran AVG which located the virus in C:/WINDOWS/bundles/CSV5P070.EXE that has been healed by the anti-virii. that's all folks!
How do you remove Backdoor Trojan Backdoor Ouping and Backdoor Fraggle 20?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
Download The Cleaner 4.1 Professional here: http://www.moosoft.com/products/cleaner/download/
and it should sniff out all trojans and quarantine them. After that you need to go into the quarantine and delete them.
How do you get rid of backdoor generic 820 and backdoor generic 699?
Download The Cleaner 4.1 Professional here: http://www.moosoft.com/products/cleaner/download/
and it should sniff out all trojans and quarantine them. After that you need to go into the quarantine and delete them.
How can you remove the BackDoor Agent 2 virus from a PC?
You can remove many viruses on your computer using a program called The Cleaner Professional 4.1. You can find it here: http://www.moosoft.com/products/cleaner/download/
Make sure you use the "Evaluation" instead of registering right away or even buying it. Make sure it's the program you want and see if it will quarantine the virus or viruses. After they are quarantined you need to go into the actual quarantine section on the main Cleaner menu and delete everything it placed in there.
I ran AVG and and it found the two trojans you are having trouble with. It would get rid of them, move one to virus vault and I would delete out of virus vault. Then, then next day, AVG found them again. So, I dug deeper. I looked to see where they were being saved. Then, I went to the file where they were stored. I also ran Hi jack This before deleting anything to verify things. To make along story short, I found it in a temp folder called -Temp. It was below the regular folder Temp. If you look in the -Temp folder. You should see an Optimize.exe and an Instal~1.exe These are the ones that are giving problems. If you look in the Hi Jack This log, you should see some lines that reference this. Those need to be removed, because this is where the reinfection comes from. NOTE: These are located in the registry files, SO BECAREFUL as to what you delete. Make a copy of your registy file firt and research the lines in question. After I did all this I have not had any trouble since. My computer is alot faster now.
This worked for my situation, but may or may not for you.
Thanks and good luck!
Also, look for a WebRebates0.exe file.
How can you trace and remove backdoors on your PC?
You can find if it is running on a port and process name by typing at a command prompt Strat>run(Type "command") when you get to a command prompt type "netstat -obna" you will get a list of executable that are involved with each port or listening ports. You can get a list of commands for NETSTAT by typing "netstat ?" after you find the file name you might have to boot in safe mode to remove it. You can run it in intervals by typing "netstat -obna 5" the five is the number of seconds it waits to run again you may change this number. Also you can look at http://www.symantec.com and do a search at the top.
What does the computer virus Trojan horse Downloader Rameh b do?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
How can you get rid of Trojan downloader Rameh A?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
I had the virus in my "System Volume Information" folder. I turned off the system backup and then turned it back on. This destorys all the XP restore points, but it did get rid of my virus.
I tried that, it didn't work. How else can it be removed?
How do you remove Trojan downloader 5 N and what does it do?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
I had Downloader.Small.5.N & Downloader.Bridge.A.
AVG found them but could not vault them. I ran Norton - didn't find them. Looked all over the internet. People suggested deleting from the files. Did not work. People suggested Spybot. I had already run that and that did not fix it. They suggested Ad-ware 6 and RegSeeker. I did both. Regseeker came up with 850 files to "delete". I was not going to delete 850 files!!! until I saw someone else say the same - and he had "taken the bull by the horns", shut his eyes and deleted without reperussion - so I did the same eventually. No prob so far. I also ran the Ad-ware 6 and deleted those files (Trusting!!) Still AVG said they were there. Rebooted, rescanned, still there. Then this morning (13.04.04) AVG said it had healed Downloader.Bridge.A. and not sign of Downloader.Small.5.N - obviously taken out by RegSeeker or Adware.
Have no idea what either Trojan Horse does but I have not been adverseley affected by any of this awful time - yet!!
It took me 3 full days of searching as neither of these were to be found anywhere.
Good luck.
How do you get rid of Trojan horse Downloader keenval c and why does AVG antivirus not detect it?
You need to run these 5 essential steps to remove all the spyware on your computer.
1. Run Deckard's System Scanner (DSS)
2. Run Malwarebytes Anti-Malware
3. Run the anti spyware removal programs spybot
4 Run Superantispyware
5. Run a complete scan with free curing utility Dr.Web CureIt!
Install threat fire which will enhance your antivirus protection
I use AVG free version 6.0.684 with latest updates on a Win 98 P166Mhz 97Mb RAM PC. This seems to detect and heal downloader.keenval types B,C,D&E. My PC detects these in C:\program files\common files\updmgr. Q:Where have any other users discovered these viruses, and do you know how they infect PCs?
support.Microsoft.com
I found this link and haven't tried it yet but it's worth a shot and the best answer I have found to date. Hope it helps.
i have avg free version and it finds it, it found keenval.c, j and b twice. keeps coming back though....
The Trojan horse is install via Euniverse WUpdater - Part of the Kazaa software, deleting it and running Kazaa redownloads the software, the solution is to install Diet K dietk.com and let this remove all the background rubbish that is installed along side Kazaa.
You will also add some additional features to Kazaa, well worthwhile.
All Trojan horses are hidden files so you would need to go to the Files Option (click the View tab)at Control Panel and uncheck both the *Hide file extension for known file types & *Hide protected operating system files (Recommended)-boxes, then OK yourself out. You will then need to restart your computer and and go into Safe Mode by holding the F8 key down -(kind of at the beginning of bootup). When you're at the DeskTop screen go to Start/ Search/ For Files and Folders and type up the NAME OF THE FILE & EXT which would have shown up on your Anti-Virus software, you can delete this file from here. Also, make sure to empty your Recycle Bin.
I have had 4 Trojan horses on my C drive and kinda figured out the above method a week ago. I deleted the Temp file (as these keep putting the same files back into your system) from the Restore folder after unchecking the hidden files boxes, then went to SafeMode to delete what virus files that were still there. My computer is now absolutely FREE of these pests!
PS. I also have AVG 6.0 (the free one) & also the Ad-aware 6 and I use them every day as my kids love to play games from the Internet.
The Free AVG version will identify Trojans but doesn't delete them all. Some it will only heal (temporarily) depending on the criticality of the file.
It most cases AVG will pick up keenval c. Sometimes it identifies the existence of the Trojan during its DOS scan. When windows has fully loaded you should then run AVG from the windows desktop . Run Complete Test but make sure it is set to heal file. This should resolve your problem.
You may wish to try the links below which will provide you with free anti-Trojan software
http://www.emsisoft.com/en/software/free/
This next link is another Trojan software program which is free to evaluate for 30 days.
http://www.simplysup.com/tremover/download.HTML
Good Luck!
