Backdoor.Sdbot
- Thread starter Emre
- Start date
- Status
Remove all! Everything!
Rename cbf.exe back to Combofix.exe.
Then
Start-Run
type
combofix /u
This will uninstall ComboFix.
Now download Combofix again. Rename it cbf.exe again, and run again IN SAFE MODE post new log (need this after Spyware Doctor and cleaning combofix entries.
Mike
Rename cbf.exe back to Combofix.exe.
Then
Start-Run
type
combofix /u
This will uninstall ComboFix.
Now download Combofix again. Rename it cbf.exe again, and run again IN SAFE MODE post new log (need this after Spyware Doctor and cleaning combofix entries.
Mike
Hi Emre
My apologies for dropping out again. Still paying the price for my long Christmas Vacation. I have been traveling at work. Plus some family issues. Finally seeing the light of day.
Here are the steps that should do it!
VERY IMPORTANT: Turn off Spyware Doctor
1. Disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.
6. Exit by a right-click on the "Spyware Doctor" icon in the system tray and choose "Exit".
7. [To enable Spyware Doctor when you are finished, open the program, Settings>Startup Settings> CHECK "Run at Windows Startup">APPLY
Now Reboot before continuing below! After rebooting open no movies or photos nor attempt to browse the www.
Rt click Mcafee Virus scanner and choose close or exit. Then run TaskMgr and end any process related to Mcafee (beginning with mc...)
and any related to Spyware Doctor and any other programs that may interfere with cleaning.
Download Trojan Remover http://www.simplysuponline.com/download/dl/trjsetup675.exe
This is a fully working 30 day trial.
Update but do not run it, also update MBAM and SAS.
Start-Run
type
ComboFix /u
Uninstalls ComboFix
Redownload Combofx.
Redownload SDFix. (I think SpyWare Doctor or Mcafee is preventing SDFix from from running at all and not allowing Combofix to work correctly)
Download HostMan http://www.box.net/shared/mnzfmikqgh
Unzip, install, allow it to turn off DNS Cache. Click update select all 3 host files. Have it replace not merge your host file.
Now unplug Network Cable.
Drag mouse Highlight and copy all text inside box below and paste to an Open Command prompt!
Next in the following order do the below
1. Run Trojan remover, any remove found.
2. Run ComboFix
3. Boot to safe Mode run Trojan Remover again!
then while still in Safe mode...
3. Try SDFix again.
4. If SDFix works and reboots back to normal mode then run Combofix once more. If SDFix still does not work then reboot and run ComboFix again.
Plug in cable post all logs.
Mike
My apologies for dropping out again. Still paying the price for my long Christmas Vacation. I have been traveling at work. Plus some family issues. Finally seeing the light of day.
Here are the steps that should do it!
VERY IMPORTANT: Turn off Spyware Doctor
1. Disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.
6. Exit by a right-click on the "Spyware Doctor" icon in the system tray and choose "Exit".
7. [To enable Spyware Doctor when you are finished, open the program, Settings>Startup Settings> CHECK "Run at Windows Startup">APPLY
Now Reboot before continuing below! After rebooting open no movies or photos nor attempt to browse the www.
Rt click Mcafee Virus scanner and choose close or exit. Then run TaskMgr and end any process related to Mcafee (beginning with mc...)
and any related to Spyware Doctor and any other programs that may interfere with cleaning.
Download Trojan Remover http://www.simplysuponline.com/download/dl/trjsetup675.exe
This is a fully working 30 day trial.
Update but do not run it, also update MBAM and SAS.
Start-Run
type
ComboFix /u
Uninstalls ComboFix
Redownload Combofx.
Redownload SDFix. (I think SpyWare Doctor or Mcafee is preventing SDFix from from running at all and not allowing Combofix to work correctly)
Download HostMan http://www.box.net/shared/mnzfmikqgh
Unzip, install, allow it to turn off DNS Cache. Click update select all 3 host files. Have it replace not merge your host file.
Now unplug Network Cable.
Drag mouse Highlight and copy all text inside box below and paste to an Open Command prompt!
Code:
@echo off
reg delete HKLM\SOFTWARE\swearware /f
reg delete HKCU\Software\Wget /f
reg delete HKLM\Software\Classes\CLSID\{CD363BEC-7150-B887-530D-5F3E2E0424EA} /f
net stop McAfeeFramework
net stop McShield
exit
exit1. Run Trojan remover, any remove found.
2. Run ComboFix
3. Boot to safe Mode run Trojan Remover again!
then while still in Safe mode...
3. Try SDFix again.
4. If SDFix works and reboots back to normal mode then run Combofix once more. If SDFix still does not work then reboot and run ComboFix again.
Plug in cable post all logs.
Mike
Emre
Posts: 31 +0
Well well Mike, you did it!
You just magically (or you know, scientifically in a "you-know-more-than-me-so-i-don't-understand-at-all" way) succeeded in removing every single malware, adware and every other thing that has the suffix of ware. I do not get backdoor.sdbot's or anything else for that matter anymore.
I had a few difficulties following your steps, so i:
Had to turn off my version of spyware doctor w/ antivirus differently than you explained (it didn't include an option to turn off start on reboot so i had to search around a bit)
Had to turn off my mcafee (which was harder as this too doesn't include any buttons or options to close or exit, you have to shut it off from task manager every time it respawns - it respawns every time you reboot and sometimes randomly at any moment-)
Found out the prompt error with the quote, repasted without quotations, the pc gave a few errors so i had to manually clean the registry directory stuff.
Couldn't use SDfix still, it seems mcafee or spdoc has nothing to do with it.
I'm attaching all the logs now, but i am pretty sure there is nothing remaining; did a few scans with different programs in a row. I know who i can trust if anything happens anyway, i will come crying and running if something turns up in my scans later - so be prepared.
Mike, i don't know what to do, but i want to make you happy in an "ugly girl receives valentine's day card" way, if i can do anything at all, tell me. I hope you win the lottery. And be elected president. Or live 500 years. Or find the meaning of life. Pick one. Or more.
Thanks, man
This time makes two of "you saving me and me being able to do nothing in return"
I hope there is anything i can do to help with anything.
Emre.
You just magically (or you know, scientifically in a "you-know-more-than-me-so-i-don't-understand-at-all" way) succeeded in removing every single malware, adware and every other thing that has the suffix of ware. I do not get backdoor.sdbot's or anything else for that matter anymore.
I had a few difficulties following your steps, so i:
Had to turn off my version of spyware doctor w/ antivirus differently than you explained (it didn't include an option to turn off start on reboot so i had to search around a bit)
Had to turn off my mcafee (which was harder as this too doesn't include any buttons or options to close or exit, you have to shut it off from task manager every time it respawns - it respawns every time you reboot and sometimes randomly at any moment-)
Found out the prompt error with the quote, repasted without quotations, the pc gave a few errors so i had to manually clean the registry directory stuff.
Couldn't use SDfix still, it seems mcafee or spdoc has nothing to do with it.
I'm attaching all the logs now, but i am pretty sure there is nothing remaining; did a few scans with different programs in a row. I know who i can trust if anything happens anyway, i will come crying and running if something turns up in my scans later - so be prepared.
Mike, i don't know what to do, but i want to make you happy in an "ugly girl receives valentine's day card" way, if i can do anything at all, tell me. I hope you win the lottery. And be elected president. Or live 500 years. Or find the meaning of life. Pick one. Or more.
Thanks, man
This time makes two of "you saving me and me being able to do nothing in return"
I hope there is anything i can do to help with anything.
Emre.
Good Emre my friend!
Trojan Remover defaulted the hosts file so run Hostman and update all 3 blocklists.
Find all Quarantine folders and empty them, Spyware Doc, Mcafee SAS amd MBAM.
I think you would be better off to uninstall all Mcafee and install Avira, many times better even if free.
If you decide to do it let me know and I will guide you to completely uninstall it as its uninstall leaves a lot!
ThreatFire is very misunderstood. I advise you to download and install. It does not use definitions but looks for Virus/Malware activity. It does take some effort as it asks you to approve or disapprove new programs as you run them. Look at it. It would have likely prevented this last issue alone by catching them on the way in. It was designed to work with other Virus scanners.
Run these programs SAS MBAM etc every couple of weeks as maintenance even if you have no obvious problem.
Your thanks and happiness is all the pay I need! Thanks!
Mike
Trojan Remover defaulted the hosts file so run Hostman and update all 3 blocklists.
Find all Quarantine folders and empty them, Spyware Doc, Mcafee SAS amd MBAM.
I think you would be better off to uninstall all Mcafee and install Avira, many times better even if free.
If you decide to do it let me know and I will guide you to completely uninstall it as its uninstall leaves a lot!
ThreatFire is very misunderstood. I advise you to download and install. It does not use definitions but looks for Virus/Malware activity. It does take some effort as it asks you to approve or disapprove new programs as you run them. Look at it. It would have likely prevented this last issue alone by catching them on the way in. It was designed to work with other Virus scanners.
Run these programs SAS MBAM etc every couple of weeks as maintenance even if you have no obvious problem.
Your thanks and happiness is all the pay I need! Thanks!
Mike
Emre
Posts: 31 +0
About mcafee, i am pretty sure anything is better than mcafee it never finds anything or does any good in any sense at all, so i guess i could take your guidance in uninstalling mcafee and installing avira.
About threatfire, i think i will pass on that not because of the effort -as a vista user i am used authorizing every single program every single moment- but because the kind of programs that can fool me generally can fool me to let them run when threatfire asks me what to do. (those hackers and malicious software writers know how to conceal stuff within stuff, if you know what i mean)
Thanks again,
Emre
By the way, from this post on, you could just add me on msn messenger; i don't think this thread being stuffed with new posts will be of any use to other users.
it never finds anything or does any good in any sense at all, so i guess i could take your guidance in uninstalling mcafee and installing avira.About threatfire, i think i will pass on that not because of the effort -as a vista user i am used authorizing every single program every single moment- but because the kind of programs that can fool me generally can fool me to let them run when threatfire asks me what to do. (those hackers and malicious software writers know how to conceal stuff within stuff, if you know what i mean)
Thanks again,
Emre
By the way, from this post on, you could just add me on msn messenger; i don't think this thread being stuffed with new posts will be of any use to other users.
Good Morning Emre
OK to remove Mcafee
1st Disable/Turn off McAfee as you did before
2nd In Add/Remove Programs uninstall all McAfee entries.
3rd Reboot
4th Run Mcafee Removal Tool McAfee Removal Tool
5th Run MPFCleanuptool MPFCleanuptool
6th Run VSCleanuptool VSCleanuptool
7th Do a windows search for Mcafee*.* delete all.
8th With Regseeker search for and remove all mcafee
Reboot!
Run CCleaner Temp and registry repeatedly until clean.
The issues found is in System Restore so do the below
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point.
You mentioned you gained back 30G by cleanup before so here is one more Impressive cleaner download and install and run: KCleaner
Then go to The 8 Steps and download and install Avira.
Update and do full scan. Do not be surprised if it finds issues clean them and post log!
Mike
OK to remove Mcafee
1st Disable/Turn off McAfee as you did before
2nd In Add/Remove Programs uninstall all McAfee entries.
3rd Reboot
4th Run Mcafee Removal Tool McAfee Removal Tool
5th Run MPFCleanuptool MPFCleanuptool
6th Run VSCleanuptool VSCleanuptool
7th Do a windows search for Mcafee*.* delete all.
8th With Regseeker search for and remove all mcafee
Reboot!
Run CCleaner Temp and registry repeatedly until clean.
The issues found is in System Restore so do the below
Start-Programs-Accessories-System Tools-Disk- System Restore and create a new Restore point. Name it "After cleanup at TechSpot".
Then Start-Programs-Accessories-System Tools-Disk Cleanup
Click OK to accept C:
Select all Boxes
Then click More Options
Here click System Restore and OK to "Are you sure" and the OK to Run.
As this runs it clears all but the most recent Restore Point.
You mentioned you gained back 30G by cleanup before so here is one more Impressive cleaner download and install and run: KCleaner
Then go to The 8 Steps and download and install Avira.
Update and do full scan. Do not be surprised if it finds issues clean them and post log!
Mike
Fantastical!
Did you do KCleaner?
I think you are now clean.
Lets remove the fix tools (if needed later they need to be fresh anyways).
Start-Run
type Combofix /u
Uninstalls ComboFix.
Then
Thread closing-------------------------------------------------------------------
Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
Save to desktop.
This will remove all the tools we used to clean your computer.
These tools update so often they require downloading again later if needed.
Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"
Approve all if prompted by Firewall, Widows Defender or other guards or security programs about OTCleanIt attempting access to the Internet, allow all.
If prompted to Reboot click Yes.
OTCleanit will delete itself when finished, if not delete it by yourself.
Every 2 weeks or so run mbam and sas until clean They take a while so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be schedules not to interfere with computer time.
If they find something they can not clean then get back to us.
Additionally run CCleaner.
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.
It was designed to co-exist with other Virus scanners.
Additionally it uses totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity. It's like looking at it with 2 sets of eyes and from a different angle.
http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html
Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/
Install Hostman and allow it to disable DNS Client and select all 4 Host files and the Update
Hostman http://www.box.net/shared/mnzfmikqgh
A Disk scan and Defrag are in order.
Mike
Did you do KCleaner?
I think you are now clean.
Lets remove the fix tools (if needed later they need to be fresh anyways).
Start-Run
type Combofix /u
Uninstalls ComboFix.
Then
Thread closing-------------------------------------------------------------------
Please download OTCleanIt http://download.bleepingcomputer.com/oldtimer/OTCleanIt.exe
Save to desktop.
This will remove all the tools we used to clean your computer.
These tools update so often they require downloading again later if needed.
Double-click OTCleanIt.exe. Click CleanUp. Yes to the "Begin cleanup Process?"
Approve all if prompted by Firewall, Widows Defender or other guards or security programs about OTCleanIt attempting access to the Internet, allow all.
If prompted to Reboot click Yes.
OTCleanit will delete itself when finished, if not delete it by yourself.
Every 2 weeks or so run mbam and sas until clean They take a while so leave scanning while you are sleeping working or watching TV. If not done under the gun they can be schedules not to interfere with computer time.
If they find something they can not clean then get back to us.
Additionally run CCleaner.
I have been using ThreatFire for more than a year, it just went from ver 3 to ver 4.
It was designed to co-exist with other Virus scanners.
Additionally it uses totally different process to protect. While conventional Virus scanners work from definitions ThreatFire works on recognizing Virus/Malware activity. It's like looking at it with 2 sets of eyes and from a different angle.
http://www.threatfire.com/Download/
-------------------------------------------------------------------------------------
Look at http://www.javacoolsoftware.com/spywareblaster.html
Run SpyBot ocassionally and use the Immunize function.
http://www.safer-networking.org/en/download/
Install Hostman and allow it to disable DNS Client and select all 4 Host files and the Update
Hostman http://www.box.net/shared/mnzfmikqgh
A Disk scan and Defrag are in order.
Mike
- Status
Similar threads
Latest posts
-
Researchers have unlocked the "Holy Grail" of memory technology- DanteSmith replied