• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

This forum thread needs a solution.
Kudos0

Backdoor Trojan with Vista

I appear to somehow have infected my computer with Backdoor.Trojan.  I've searched around trying to find how I can remove it, but all the suggestions refer to XP and I'm running Vista with SP1.  I've updated my virus definitions and run a full system scan in normal and safe modes.  The Backdoor.trojan file is detected every time, but the message alongside says that it "cannot be removed from an unsupported file".

I would appreciate any suggestions from anyone instructing me how to get rid of this Trojan.

Thanks,

Heimdall

Replies

Kudos0

Re: Backdoor Trojan with Vista

Can you try scanning with SuperAntiSpyware and Malware Bytes. You can upload the file to Virustotal.com.
Real Time Protection = NIS 2009 + NATBehavior Analysis = ThreatfireOn Demand = MBAM
Kudos0

Re: Backdoor Trojan with Vista

Hi

does it tell you the name of the file that the Trojan is embedded in??

Do you know whether the file is in use, by process or any other means,  ( the file starts up as soon as you PC is turned on and Windows is loaded).

Backdoor.Trojan, is that all, is the name given more specific??

Regards

Quads 

Kudos0

Re: Backdoor Trojan with Vista

Please can you confirm if you have tried this: http://www.symantec.com/security_response/writeup.jsp?docid=2001-062614-1754-99&tabid=1.  Please click on Removal.  The reason why I have gave you Page 1 is because it has important information on it that will explain why you keep getting pop-ups regtading why it has been Blocked.  :)

Could you also provide:

- Your O.S., S.P..

- Your Norton Product and Version.  To get this information: Click "? Help & Support" > About (N.I.S. 2008).  You can also get this information via Add/Remove.

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Backdoor Trojan with Vista

It states OS = "Vista - SP1" :-) 

Quads 

Kudos0

Re: Backdoor Trojan with Vista


Quads wrote:

It states OS = "Vista - SP1" :-) 

Quads 


Just noticed that; thanks.

Brain is half-asleep!

Thursday, November 21, 2013: The THREATCON was changed to Level 1: Normal | Tue., Nov. 05, 2013: Zero-Day Vulnerability: Microsoft Security Advisory 2896666 | Saturday, November 09, 2013: Cyber-Criminals Serve Up A Veritable Smorgasbord Of Threats For South Koreans | Wednesday, October 09, 2013: New Internet Explorer Zero-Day Targeted In Attacks Against Korea And Japan [C.V.E.-2013-3897]
Kudos0

Re: Backdoor Trojan with Vista

Hi Heimdall

Can you please advise which Norton Product you are currently using.

You can read about this infection and removal advice following this link provided by Floating_Red. If that doesn't help, try what Dieselman743 suggests and download Malwarebytes', update the definitions and run a full system scan with it. Then do a full system scan with Norton again and let us know the results.

If the infection is still there, can you provide the exact location of the infected file/s.

Thanks

Message Edited by johna on 09-18-2008 03:54 PM
Kudos0

Re: Backdoor Trojan with Vista

Hi Heimdall,
 
Based on the "unsupported file" text you saw, the threat is probably in a compressed file.  

I am guessing that you have NAV or NIS 2008 or earlier.  This text would be shown for compressed file types that supported detection, but not automatic removal.

In NAV/NIS 2009, there is improved handling for compressed files, and normally for a case like this, you would be offered the option to delete the compressed file.
 
To see which file contains the threat:
1) From a scan: Go to the Attention Required tab and click the name of the threat. That will open the risk properties to the Details tab. You should see the path to the file in a format like this:
       [ThreatFile.exe] inside of [CompressedFile.rar]
 
2) From Security history: Find the threat in Security History in the Unresolved Security Risks view. Click More Details, then click on the link under Risk Details.  Switch to the Details tab and look for the file path as mentioned in #1.
 
Find this file in Windows and delete it manually.

Regards,

Lisa

Screenshot from NAV 2008

Kudos0

Re: Backdoor Trojan with Vista

My thanks to everyone who responded to my call for help.  The Trojan is removed and my computer is now clean.  Now all I need to do is go and speak to the 'friend' who sent me the file!!!

Heimdall

PS:

Isn't this forum great!

Kudos0

Re: Backdoor Trojan with Vista

Glad to hear you are clean of the infection, how did you manage to remove it?
Kudos0

Re: Backdoor Trojan with Vista

i am new to vista and have this same problem  however when i look at the file properties it says "restricted item permission required.  I am logged in my pc as the administrator.  can someone help me?  thanks,
Kudos0

Re: Backdoor Trojan with Vista

Hi

With Vista even having the account with Administrator rights, still does not give you Full rights, or any part of.

Find the file (or folder) in question,  You may have the UAC, popping up and asking now and then.

Right-click the file and select "Properties".

Click on the "Security" tab.

Click "Advanced" in the lower right.

In the "Advanced Security Settings" window that pops up, click on the "Owner" tab.

Click "Edit".

Click "Other users or groups".

Click "Advanced" in the lower left corner.

Click "Find Now".

Scroll through the results and double-click on 'your' current user account.

Click "OK" to all of the remaining windows except the first Properties window.

Select your user account from the list up top and click "Edit".

Select your user account from the list up top again and then in the pane below, check "Full control" under Allow, or as much control as you need.

You’ll get a security warning, click "Yes".

Hope that helps

Quads 

This thread is closed from further comment. Please visit the forum to start a new thread.