TechSpot

WIN32.BACKDOOR.CIADOOR help!

By TommyDDD
Apr 7, 2007
  1. hiya.

    i was playing a game cald World of warcraft and i was playing sunnly mine computer freezes and restared so i thnk okee never happend before but i think i press wrong butten then i come back to windows ctrl+alt+delete dost show cpu speed aneymore mine computer is sunnly slower and evertime i start up ''mine system" starts on and i dint even pressed on it and then i wanted too check mine Norton internet security and it was off and cund turn it on aneymore. and i think this is not good so i try too systemrestore but it dost let me in becouse its turn off or something and i dont no wy or how to oget it on and i scan with hitmanpro2 and finds that virues or something what it is and it removes it i restart and its back again! this is what it says

    WIN32.BACKDOOR.CIADOOR
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[0]=Regkey : clsid\{e14dce67-8fb7-4721-8149-179baa4d792c}
    obj[1]=Regkey : interface\{0958c4c9-77b0-4aa8-9364-7886bfca7e39}
    obj[2]=Regkey : typelib\{c9f1c5a0-f3d8-48e2-8b8c-3e86b4cac7e3}

    WINDOWS
    »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
    obj[3]=RegData : software\microsoft\windows nt\currentversion\winlogon "Shell"

    that was removed but still there. olso have seen i need too put a hijackthis.log and put it on mine post so here i hope u guys can help becouse this is just not normal i can use everthing but its very very slow and seems i cant remove the trojan thing.

    btw sorry i dint see the part i need put in a how too u say it attetchement sorry for bad english :(
     
  2. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    Its okay on the English. :) Tommy this is a link from these forums that you should read carfully and follow the steps spelled out. Let us know if it helps or if you have other issues.

    http://www.techspot.com/vb/topic50981.html
     
  3. TommyDDD

    TommyDDD TS Rookie Topic Starter

    okie ty :):) and i have tryed it and the same thing keeps comming back :( i dont no what 2 too everthing is slow and cant even see mine cpu. very nast ad-adware.
     
  4. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    So if I am reading you correctly, you have taken every step that that link directs you to do and you still have the same problem? Have you run the various free online scanners?

    Can you turn on your Norton Security and run a scan? When you are ready in the near future we'll discuss many better alternatives than Norton. ;)
     
  5. TommyDDD

    TommyDDD TS Rookie Topic Starter

    yeap i have scaned it with every thing the said i suld two and onley 3 of them found then and if im right onley 1 removed it. thats wy i maked a tread becouse it dint work :p and nop norton is still not fucntion i cant get ittoo start :( so far i onley have pc tools spyware doctor on too proctect me allite.

    and so far i have reading is norton really that bad? becouse it seems allot of pc magazine and stuff recommand it like macefee :p
     
  6. Route44

    Route44 TechSpot Ambassador Posts: 11,966   +70

    Norton is a system Hog meaning it takes a lot of resources to run which slows down your system. Both Norton and McAfee's detection rates are not that good.

    There are a lot better anti-virus solutions out there, one of which is Kaspersky. By the way, do you use a router?

    Tommy, I need to go to bed, so if you don't get anymore responses from me for awhile you'll know why. I have a few more questions: In steps 2 and 3 of the thread I linked you to, did you go to the links provided in 2 and 3 by clicking on the word Here and follow those steps?

    I have seen the suggestion to reboot, and press F8 to enter Safe Mode and run your scans there (you can't access online though). if you have Adaware or Spybot they would be good to run.
     
  7. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You`re running more than one antivirus programme and this is not recommended, will slow your system down and can cause serious conflicts.

    Uninstall that Symantec/Norton crap. See this post HERE for instructions.

    Once you`ve done that, go HERE and follow the instructions exactly.

    Post fresh HJT, AVG Antispyware and Combofix logs as attachments into this thread, only after doing the above.

    Also, let me know the results of the AVG Antirootkit scan.

    Regards Howard :wave: :wave:

    This thread is for the use of TommyDDD only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  8. TommyDDD

    TommyDDD TS Rookie Topic Starter

    hiya.

    okie thank you so far i have scaned it all in safe mode and have used AVG and so far nothing has befound but still mine pc is very slow cant see mine cpu speed and system restore is still dost work just like norton. but im still 100% sure that that virus thing is still on mine computer but where is hiding i dont no.

    to Route44

    okee good two know that :p but never had problems with it that is slow mine pc done have it for 2 years and always found stuff so i was pretty pleased with it :) but that it can be turn off that easly be just 1 virus is pretty lame and im still following the steps u said gone 2 it tomorrow onley did what Howard told me at the moment :) but thank you too the both of u im gone too more tomorrow :) here is mine HJT file mabye its already solve but i dont think so :p

    Edited by Moderator: Removed quote. There`s no need to quote the post directly above your own, unless you`re only replying to a specific section, in which case you would only quote that section. ;)
     
  9. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    You`re still running an outdated version of HijackThis. Also, you have not posted the requested log files. Please do so in your next reply, including an updated HJT log.

    Regards Howard :)

    This thread is for the use of TommyDDD only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  10. TommyDDD

    TommyDDD TS Rookie Topic Starter

    lol sorry about that :p here is what u asked for :):) and still AVG dint found anthing and when i was running ComboFix.exe mine PC tools spyware doctor bloked 5 trojan.gulden or something when i was running that so i dont recale that safe :p
     
  11. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Your HJT log is clean.

    Disable Spyware doctor and run a fresh Combofix scan. Post the resulting Combofix log.

    Regards Howaard:)

    This thread is for the use of TommyDDD only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  12. TommyDDD

    TommyDDD TS Rookie Topic Starter

    okee thats cool :) that mine HJT is clean but sorry i cant Disable Spyware Docter if says 5 trojan.golden something blocked when i was running that programma im not gone risk it :p
     
  13. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Spyware doctor is giving you a false positive. I assure you Combofix is absolutely safe. Unless I see a Combofix log, I can`t say whether your system is clean.

    Regards Howard :)

    This thread is for the use of TommyDDD only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  14. TommyDDD

    TommyDDD TS Rookie Topic Starter

    hiya :)

    i believe u that mabye spyware docter is giving me a false positive but mine computer is not very strong in defense and what i read that combofix is rnning that athor programma or something is trying too get it ya know. so i dont want too risk that and i have olso decided to go to a computer store named RAF/Strafhorst its a very good store i olso how too i call it i dont work there but its for school ya know :p sort training or something and i will let it check there i thank u for helping me in every way :):)
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...