Backdoor.bla.trojan Removal

baker7

By baker7,
in Windows 10, 8, 7, Vista, and XP

 Share Followers 0

Recommended Posts

baker7

baker7

Posted
Posted

Good Morning folks:

I got called to a clients house this past tuesday, because she was infected with spyware and adware, and because she was reporting that she was receiving block notices from an intrusion attempt by the backdoor.bla.trojan.

I think I got all of the spyware/adware out of there, so the only problem is the trojan.

Norton has a block rule for this badboy, and blocks it every time, which wouldn't be bad, but when you go to Symantic Security Response - Backdoor.bla.Trojan (advice) It TELLS you that you should run LiveUpdate, then run NAV and when it finds the file that is the bla.trojan, write it down, then go delete the file.

Then it says that you should go to the Key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Then in the right pane, find the file name that you wrote down earlier (the one NAV Detected and says is infected) The name is supposed to Vary but these have been reported:

System

IO System Debug

Delete the entry that refers to the trojan file name

Click Registry and Then Exit to save the changes

The problem is that NAV does not show me what the file that was detected is, nor does it tell me where it is, so disinfection of this is impossible at this time. However, the NAV information says that the Bla block rule blocks the intrusion, but I want to eliminate the trojan entirely - Is there another program that I can use to detect it, and delete it? Or is there a way to force NAV to pick it up and show me the file name and location???

Any help would be appreciated

Brian

Link to post
Share on other sites
Dragon

Dragon

Posted
Posted

Download and run the Free Trial of Trojan Hunter at http://www.misec.net/products/TrojanHunter.exe first. Next, take a free Online Virus scan at http://www.housecall.trendmicro.com or http://www3.ca.com/virusinfo/virusscan.aspx. After this, Reboot

Anitvirus programs aren't designed to remove trojans very well, and Symantec is really bad at trying to do anything to remove them. Thats why it's always a good idea to have a separate anti-trojan program on a computer.

Link to post
Share on other sites
rhema7

rhema7

Posted
Posted
Good Morning folks:

I got called to a clients house this past tuesday, because she was infected with spyware and adware, and because she was reporting that she was receiving block notices from an intrusion attempt by the backdoor.bla.trojan.

I think I got all of the spyware/adware out of there, so the only problem is the trojan.

Norton has a block rule for this badboy, and blocks it every time, which wouldn't be bad, but when you go to Symantic Security Response - Backdoor.bla.Trojan (advice) It TELLS you that you should run LiveUpdate, then run NAV and when it finds the file that is the bla.trojan, write it down, then go delete the file.

Then it says that you should go to the Key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Then in the right pane, find the file name that you wrote down earlier (the one NAV Detected and says is infected) The name is supposed to Vary but these have been reported:

System

IO System Debug

Delete the entry that refers to the trojan file name

Click Registry and Then Exit to save the changes

The problem is that NAV does not show me what the file that was detected is, nor does it tell me where it is, so disinfection of this is impossible at this time. However, the NAV information says that the Bla block rule blocks the intrusion, but I want to eliminate the trojan entirely - Is there another program that I can use to detect it, and delete it? Or is there a way to force NAV to pick it up and show me the file name and location???

Any help would be appreciated

Brian

you maybe able to locate it and delete it with A- Squared http://www.emsisoft.com/en/software/free/

or ewido http://www.ewido.net/en/download/.

I prefer ewido you will have to DL and install new signatures yourself but worth it. A-squared is good but will not search archives. With active trojans it is often necessary to boot into safemode to besure it is not active.

Preston

Link to post
Share on other sites
baker7

baker7

Posted
  • Author
Posted (edited)

Good Morning folks:

I got called to a clients house this past tuesday, because she was infected with spyware and adware, and because she was reporting that she was receiving block notices from an intrusion attempt by the backdoor.bla.trojan.

I think I got all of the spyware/adware out of there, so the only problem is the trojan.

Norton has a block rule for this badboy, and blocks it every time, which wouldn't be bad, but when you go to Symantic Security Response - Backdoor.bla.Trojan (advice) It TELLS you that you should run LiveUpdate, then run NAV and when it finds the file that is the bla.trojan, write it down, then go delete the file.

Then it says that you should go to the Key:

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run

Then in the right pane, find the file name that you wrote down earlier (the one NAV Detected and says is infected) The name is supposed to Vary but these have been reported:

System

IO System Debug

Delete the entry that refers to the trojan file name

Click Registry and Then Exit to save the changes

The problem is that NAV does not show me what the file that was detected is, nor does it tell me where it is, so disinfection of this is impossible at this time. However, the NAV information says that the Bla block rule blocks the intrusion, but I want to eliminate the trojan entirely - Is there another program that I can use to detect it, and delete it? Or is there a way to force NAV to pick it up and show me the file name and location???

Any help would be appreciated

Brian

you maybe able to locate it and delete it with A- Squared http://www.emsisoft.com/en/software/free/

or ewido http://www.ewido.net/en/download/.

I prefer ewido you will have to DL and install new signatures yourself but worth it. A-squared is good but will not search archives. With active trojans it is often necessary to boot into safemode to besure it is not active.

Preston

Preston:

Thank you for that information: I was wondering if Ewido would find that trojan and delete it, or at least show me what the file was that I needed to delete - NAV detected something, but as usual, did not show me anything in the logs I checked. I used Adaware 1.06 Personal, Spybot 1.4, Panda ActiveScan and NAV 2005, and I could not remove it - I was using dialup, and found over 90+ pieces of spyware, plus one that NAV picked up - She uses Juno, so I didn't know if some of that was Juno Related, but removed all I could using Spybot and Adaware.

Will Ewido also delete the offending line in the registry???

Dragon:

Download and run the Free Trial of Trojan Hunter at http://www.misec.net/products/TrojanHunter.exe first. Next, take a free Online Virus scan at http://www.housecall.trendmicro.com or http://www3.ca.com/virusinfo/virusscan.aspx. After this, Reboot

Anitvirus programs aren't designed to remove trojans very well, and Symantec is really bad at trying to do anything to remove them. Thats why it's always a good idea to have a separate anti-trojan program on a computer.

Dragon:

I am hesitant to use Trojanhunter.exe to remove trojans because the last time I used Trojanhunter, it caused my system to lock up and not respond, and I had a heck of a time using it - Used A2 to scan instead, and everything was cool - I just can't remember exactly why she locked up on me though......

I will use Ewido and see if that clears it up, and if needed ASquared. I agree that separate Trojan removing software is a good Idea. I also agree that Symantic is not the best for helping you eliminate the problems you encounter - I am NOT gonna muck around in the registry just because they tell you to run a program that they make, Navigate to a key, and delete it, without knowing the name of the Trojan file - That is my Number one rule - so I figured my Buddies on BT could help me, and it looks like they did ;)

Thanks for the help Gents - will keep you advised :)

Brian

Edited by baker7
Link to post
Share on other sites
baker7

baker7

Posted
  • Author
Posted

if nothing else you can try an online scan at http://www.moosoft.com

Used it years ago and liked it very nice program.

Thanks for that information: Will download these and prepare a CD with the proper removal tools: I have almost all of the tools necessary, so hopefully, I can remove this trojan ;)

Thanks again

Brian :ph34r:

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Followers 0
Go to topic listing