-
November 11th, 2004, 01:20 PM
#1
Registered User
backdoor.agent.b
morning guys and gals, I need a little help on this one:
I recently removed backdoor.agent.b from an XP Home system using Norton's removal tool. Now the system will only boot to safe mode. Here is a copy of the log file created by the backdoor.agent.b removal tool:
Symantec Backdoor.Agent.B Removal Tool 1.0.1.2
process: winlogon.exe, thread: 00000200 (terminated)
process: services.exe, thread: 000002AC (terminated)
process: lsass.exe, thread: 0000025C (terminated)
process: svchost.exe, thread: 0000034C (terminated)
process: svchost.exe, thread: 000003A0 (terminated)
process: OPXPApp.exe, thread: 000003F0 (terminated)
process: svchost.exe, thread: 00000434 (terminated)
process: svchost.exe, thread: 00000470 (terminated)
process: spoolsv.exe, thread: 00000510 (terminated)
process: explorer.exe, thread: 000006D4 (terminated)
process: avgserv.exe, thread: 00000740 (terminated)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: AppInit_DLLs (value set to "")
C:\Documents and Settings\Dustin: (not scanned)
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\GFSDYVAH\homework_poetry;svc=;si te=poetry;t=;pc=2;fd=0;fs=0;a=;sbj=pid469;kw=neice %20poems;chan=homework;syn=about;tile=1;r=1;dcopt= ist;sz=468x60;ord=1498NZT0N20SA1n0g842[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\OFY5Y39H\homework_poetry;svc=;si te=poetry;t=;pc=6;fd=0;fs=0;a=;sbj=pid469;kw=neice %20wedding%20poems;chan=homework;syn=about;tile=2; r=1;sz=120x600;ord=1498N[00F20SA1f0W513[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\OFY5Y39H\homework_poetry;svc=;si te=poetry;t=;pc=6;fd=0;fs=0;a=;sbj=pid469;kw=neice %20wedding%20poems;chan=homework;syn=about;tile=4; r=1;sz=728x91;ord=1498N[00F20SA1f0W513[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\S5MRO1UB\homework_poetry;svc=;si te=poetry;t=;pc=6;fd=0;fs=0;a=;sbj=pid469;kw=neice %20wedding%20poems;chan=homework;syn=about;tile=1; r=1;dcopt=ist;sz=468x60;ord=1498N[00F20SA1f0W513[1].htm (WARNING: not scanned, path to long)
C:\Documents and Settings\Owner\Local Settings\Temp\Temporary Internet Files\Content.IE5\WZMB0ZKN\homework_poetry;svc=;si te=poetry;t=;pc=4;fd=0;fs=0;a=;sbj=pid469;kw=neice %20wedding%20poems;chan=homework;syn=about;tile=1; r=1;dcopt=ist;sz=468x60;ord=1498NZm0G20SA1Q1673[1].htm (WARNING: not scanned, path to long)
C:\System Volume Information: (not scanned)
Backdoor.Agent.B has been successfully removed from your computer!
Here is the report:
The total number of the scanned files: 72162
The number of deleted files: 0
The number of viral processes terminated: 0
The number of viral threads terminated: 11
The number of registry entries fixed: 1
"If life is a journey....Who's got the map?"
-
November 21st, 2004, 05:52 PM
#2
Driver Terrier
www.emsisoft.com a square I think is the best trojan killer out there - free version should kill it.
Go into msconfig and see if it set to boot to safe mode under the boot.ini tab.
Never, ever approach a computer saying or even thinking "I will just do this quickly."
-
November 21st, 2004, 08:28 PM
#3
Registered User
Originally Posted by NooNoo
www.emsisoft.com a square I think is the best trojan killer out there - free version should kill it.
Go into msconfig and see if it set to boot to safe mode under the boot.ini tab.
Noo,
I had already removed the trojan using Norton's removal tool. That was the easy part. At the beginning of my post I stated, "I recently removed backdoor.agent.b from an XP Home system using Norton's removal tool. Now the system will only boot to safe mode." It was not set to boot to safe mode.
I ended up reinstalling XP over existing installation to fix problem, but would like to know how to avoid this happening again. Backdoor.agent.b hides itself in safe mode, so could not simply boot to safe mode and delete files. AVG would not detect trojan in safe mode, only normal mode, and hooking hard drive up to tech computer and scanning it with Norton AV '04 would not find trojan either. Running the removal tool (from symantec) removed the trojan, but killed some key processes for logging onto windows.
"If life is a journey....Who's got the map?"
-
November 21st, 2004, 08:36 PM
#4
Registered User
I've had good results by turning off System Restore and running the AV again...
I had machines at work that McAfee would find and delete a worm each reboot and it was because XP was replacing it via the Sys Restore.
-
November 22nd, 2004, 01:55 AM
#5
Registered User
Originally Posted by shamus
I've had good results by turning off System Restore and running the AV again...
I had machines at work that McAfee would find and delete a worm each reboot and it was because XP was replacing it via the Sys Restore.
Yes, good advice. We also always disable system restore before removing a virus/trojan/worm from an already infected machine, then reboot to dump all restore points, remove virus/trojan/worm/etc, then reboot, then re-enable system restore.
However, this does not help me with this particular problem as being able to roll back to the last restore point may have actually helped because I would've been able to restore from the last saved point, return to normal mode and figure out an alternate way to remove backdoor.agent.b without causing the damage that was caused... perhaps by using Noo's suggested a squared prog.
"If life is a journey....Who's got the map?"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Bookmarks