also @ TechSpot: Android 4.0: Tracking Ice Cream Sandwich's Availability on Smartphones

TechSpot

[Active] Trojan horse BackDoor.Generic14.ANNA effecting a system file

Discussion in 'Virus and Malware Removal' started by Johnh92, Nov 29, 2011.

Page 2 of 2

  1. Johnh92 Newcomer, in training

    ok after that i did a scam because my Malwarebytes will expire in 3 days so i did a scan just because. and it didnt find anything :)


    Malwarebytes' Anti-Malware 1.51.2.1300
    www.malwarebytes.org

    Database version: 8313

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    12/12/2011 7:24:37 AM
    mbam-log-2011-12-12 (07-24-37).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 449082
    Time elapsed: 6 hour(s), 40 minute(s), 13 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
    Johnh92, Dec 11, 2011
    #21

  2. Johnh92 Newcomer, in training

    back to my original problem,

    netbt.sys

    i thought i had fixed the problem with my internet browsing issues and then i found this website (below) and it had a paragraph which explained my problems perfectly

    "Can ping and search a remote computer but not browse it

    If you can see or search a remote computer in mixed OS (win98, ME, NT, W2K and XP) network, this is master browser issue. You may try to use browstat.exe from NT resource kit to check the master browser status. Or stop computer browser on w2k/xp.

    For consultants, refer to case 100903RL."

    and then down the very bottom of the page it has two paragraphs about netbt.sys and so i had a little play around and tried checking the status of my master browser how they said and so i did this in the command program and this is what happened

    "C:\Documents and Settings\Hunter family>nbtstat -RR
    Failed to access NetBT diver -- NetBT may not be loaded    "

    just wondering what happened to my netbt.sys file when i cleaned it?

    http://http://www.chicagotech.net/browser.htm
    Johnh92, Dec 11, 2011
    #22

  3. Bobbye Helper on the Fringe

    This looks like the problem- but I m not sure of the cause:
    Log: 'System' Date/Time: 12/12/2011 12:39:58 AM
    Event: 7003 Source: Service Control Manager
    1. The TCP/IP NetBIOS Helper service depends on the following nonexistent service: NetBT
    2. The DHCP Client service depends on the following nonexistent service: NetBT

    Log: 'System' Date/Time: 12/12/2011 12:35:38 AM
    Event: 7000 Source: Service Control Manager
    The TOSHIBA Bluetooth Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. (Timed out)
    ------------------------------------------
    There is some problem with the RealVNC settings:It is running: c:\program files\RealVNC\VNC4\WinVNC4.exe:
    Event: 1 Source: WinVNC4
    ManagedListener: unable to bind listening socket: Only one usage of each socket address (protocol/network address/port) is normally permitted.

    I am not familiar with this program, but the 2 references below should help you work through the settings and possible upgrade:
    http://www.realvnc.com/products/free/4.1/winvnc.html
    http://www.realvnc.com/products/free/4.1/winvnc.html#Upgrade> v4.1
    -
    I do think that this>"135:TCP"= 135:TCP:RPC< has been set by or for VNC and I don't think it's correct.
    ------------------------------------
    The 3 issues are all network related: WinVNC4, NetBT and BlueTooth. You said the network problem had been resolved.
    But the date for these errors are after you said this. I suggest you read the VNC info I left
    . Check the setting for that against what is on your system.
    You will use the path Start> Settings> Control Panel> Network Connections> right click> Propertien> Advanced tab.
    ==================================
    One other issue I saw in the Events:
    Bonjour has been set for some kind of Scheduled Task- it's not working. Why do you have this set for task?
    Event: 100 Source: Bonjour Service
    Task Scheduling Error: m->NextScheduledSPRetry 3922
    Task Scheduling Error: m->NextScheduledEvent 5875
    Task Scheduling Error: Continuously busy for more than a second
    Whatever it is, it's not working. It also isn't needed. I don't know if it could cause interruption of the system, but I do recommend that you delete any Tasks you have scheduled for Bonjour:
    Opening scheduled tasks to modify or delete them:
    Access Scheduled Tasks with Click on Start> All Programs> Accessories> System Tools> Scheduled Tasks.

    • To change the settings for a task: right-click the Task> click Properties> do any of the following:
      1. To change the schedule for the task, click the Schedule tab.
        (Since these are new, make sure the settings are configured as you want. Both as MSE/MSAntimalware related)
        c:\windows\Tasks\MP Scheduled Scan.job
        c:\windows\Tasks\MpIdleTask.job
      2. To customize the settings for the task,such as run time,idle time, power management options, click the Settings tab.
      3. To delete a task> right-click the task> click Delete.
        c:\windows\Tasks\RealUpgradeLogonTask
        c:\windows\Tasks\RealUpgradeScheduledTasks
      4. To prevent task from running until you run again>
        [o] right-click the task> Properties> On the General tab>
        [o] clear the Enabled check box> Select the check box again when you are ready to run it again.
      =====================================
      Removing all of the tools we used and the files and folders they created
      • Uninstall ComboFix and all Backups of the files it deleted
      • Click START> then RUN
      • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
        [IMG]
      • Download OTCleanIt by OldTimer and save it to your Desktop.
      • Double click OTCleanIt.exe.
      • Click the CleanUp! button.
      • Select Yes when the "Begin cleanup Process?" prompt appears.
      • If you are prompted to Reboot during the cleanup, select Yes.
      • The tool will delete itself once it finishes.
      -----
      Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

      Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
      ------------------------------------------
      • You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
      • Go to Start > All Programs > Accessories > System Tools
      • Click "System Restore".
      • Choose "Create a Restore Point" on the first screen then click "Next".
      • Give the Restore Point a name> click "Create".
      • Go back and follow the path to > System Tools.
        [*]Choose Disc Cleanup
        [*]Click "OK" to select the partition or drive you want.
        [*]Click the "More Options" Tab.
        [*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.


      Empty the Recycle Bin
      =====================================
      About this:
      I am not seeing any related Error for this in the Event Viewer. If it continues to be a problem, please start a new thread in our Win BSOD/Freezes. etc. Forum. Mention we have cleaned the system.
    Bobbye, Dec 12, 2011
    #23
Page 2 of 2