TechSpot

Trojan Virus

By sillygirl
Jul 18, 2004
  1. Help!

    I've contracted a virus and can't seem to do anything with it. It is called backdoor.trojan and it references file name msb.dll in the windows\system32 folder. A symantec alert pops up periodically to let me know it's there but it can't be cleaned or quarantined.

    I've tried to follow the instructions for manually removing it (disabling system restore, boot up in safe mode, run virus scan, ect.) I can't find any references to the virus when doing this.

    Any suggestions?

    Thanks,
    Kim

    PS I'm running Windows XP Professional
     
  2. Mictlantecuhtli

    Mictlantecuhtli TS Evangelist Posts: 4,916   +9

    Welcome to TechSpot Forums

    Boot to Recovery Console and delete the file from there.

    It might be hidden / system attributes set, and if you're using NTFS, you might not have ownership to it, that's why AV software won't delete it.

    In addition, thanks to the way the operating system is designed, you can't delete files that are in use :rolleyes:
     
  3. Goalie

    Goalie TS Rookie Posts: 703

    If you are using Norton Anti-Virus, try Updating your virus definitions, rebooting into safe mode, and rerunning the scan.

    For a backdoor.trojan type "virus" you might try Spybot S&D 1.3. Get the most recent spyware definitions, it might be able to remove that for you.

    This being said, I generally recommend reinstalling the operating system after a trojan has been installed. While you might remove the original trojan, this doesn't mean you've removed ALL trojans- many trojan users will first infect you with an obvious trojan, then use that hole to upload their own "homegrown" trojans that may, or may not, be detected. From a security standpoint, it's a nightmare- back up your data, reinstall, and patch your machine back up again.

    When I get the chance later on tonight, I will try to research that particular file for you and let you know of anything I find.

    Hope this helps!
     
  4. sillygirl

    sillygirl TS Rookie Topic Starter

    trojan

    Thanks Goalie -

    I've already taken all the steps that you outline. The next step I will take will be to log into the Windows Recovery Console and see if it can be resolved from there. I have received 2 responses (one here - one elsewhere) advising this "fix." Hopefully it will do the trick.......

    If you find additional info, please let me know

    Kim
     
  5. Goalie

    Goalie TS Rookie Posts: 703

    Just to clarify- is this file msb.dll or msbb.dll? I see only one hit on the first, but quite a few on the second..

    If the above solution didn't work for you, I'll keep on it.
     
  6. sillygirl

    sillygirl TS Rookie Topic Starter

    Hi Goalie -

    Definitely msb.dll - the symantec message pops up everytime I boot up - this particular file name is burned in my brain now. We haven't been able to try to recovery console thing yet. The laptop is company issued and an administrator's password has been set up. We are going back and forth now as to whether they are going to give me the password or if I have to ship it up to be fixed.

    It's beyond me why they would limit access with viruses being so rampant these days.....

    Thanks,
    Kim
     
  7. Godataloss

    Godataloss TS Rookie Posts: 501

    Well actually, this is exactly one of the reasons why they try to limit access.:rolleyes:
     
  8. sillygirl

    sillygirl TS Rookie Topic Starter

    yes, yes I know - i was really referring to the inability to fix a probem due to limited access :)
     
  9. Goalie

    Goalie TS Rookie Posts: 703

    in regards to msb.dll

    http://www.computercops.biz/postp229922.html

    Is the link I found googling to it. It has some pseduo-directions for fixing it which involve mucking around in the registry. Not for the meek.

    It mentions CoolWebSearch.. you might look for CoolWebShredder and try it. I've never used the file myself, but I hear it's good for dealing with that nasty spyware.

    Hope this helps.
     
  10. sillygirl

    sillygirl TS Rookie Topic Starter

    Thanks Goalie:

    I'll let you know how everything turns out.

    Kim

    PS We have used cwshredder - it does work, but when you hit an infected site, your browser gets hi jacked again. Sometimes it gets the whole thing, somtimes it justs picks up the search. We end up running this a couple of times a week, it seems.
     
  11. Goalie

    Goalie TS Rookie Posts: 703

    I'd suggest getting Spybot S&D 1.3 for that- the teatimer in it means you know EVERY program that tries to modify the registry, and you can stop it before it happens (unexpected activity)

    Yeah, revisitng websites and getting it when you didn't know is a pain.

    Perhaps time to try Mozilla Firefox? :grinthumb
     
     
  12. sillygirl

    sillygirl TS Rookie Topic Starter

    Trojan Virus msb.dll

    Hey you guys:

    Problem solved. After a little snooping around, I found thru the administrative tools that the IT guys had disabled recovery console access. I simply enabled it, booted from CD to recovery console and was able to access, rename and modify the registry entries and then delete the offending file. Heh, heh - now I don't have to ship my computer anywhere....

    Thanks for everyone's help.

    Kim
     
  13. BrownPaper

    BrownPaper TS Rookie Posts: 467

    Also maybe you should consider using SpywareBlaster, Sillygirl. It blocks bad sites that can give you spyware. Kind of like preventing spyware from getting on to the computer in the first place. I use this program with Spybot S&D and Adaware. It is worth a try.

    www.javacoolsoftware.com/spywareblaster.html
     
  14. sillygirl

    sillygirl TS Rookie Topic Starter

    Thanks Brown Paper -

    Believe it or not, I use all three of those - adaware, spybot and most recently Spyware blaster. Since I was finally able to delete the file, I haven't had anymore problems.

    Kim
     
  15. SturmteK

    SturmteK TS Rookie Posts: 63

    I hate trojans.
    Those are a pain in the butt to get rid off.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.