HELP! Legit Concern about Virusus

Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Sed posuere consectetur est at lobortis. Vestibulum id ligula porta felis euismod semper. Donec ullamcorper nulla non metus auctor fringilla. Aenean lacinia bibendum nulla sed consectetur. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Cras mattis consectetur purus sit amet fermentum. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Sed posuere consectetur est at lobortis. Etiam porta sem malesuada magna mollis euismod. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Cras justo odio, dapibus ac facilisis in, egestas eget quam. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Curabitur blandit tempus porttitor. Sed posuere consectetur est at lobortis.

In addition, this occurred just twice last night at 7:30pm central US time. No other instances of back-orifice noted overnight.

However, there were two instances of IP address connecting to MY PC ms-wbt-server.

Is there anyway that maybe a Norton person can look at this issue? I was just about to feel relived and trust all was safe until this came up.

As you will have seen the Norton Staffers are very active here but so are we users in posting problems! So give them a little time to get around all the messages to deal with those they can.

 

Meanwhile you might consider forwarding the file -- if you have actually got one -- to Symantec for verification and if it's malware you might consider running one of the excellent free utilities such as Malwarebytes. It is free for home use despite the impression their website gives. What you get if you pay is the same program but with the ability to run continuously in the background, which most of us do not want or need.

thats the weird thing about it, there is no file to send. I didn't find it as a result of a scan. It was just an entry in the connection log.

just noting that I connected to the yahoo site, but instead of it being my normal notation (my PC), it included the backorifice 2000-1 thing. I did complete scans and found nothing so I don't even know what file it could be.

Message Edited by NY1986 on 08-05-2008 05:08 PM

Not a situation I’m familiar with so I’ll have to leave it for others to help you on this one.

It looks like some sniffer tool which could be dangerous but it doesn't have to be.

Please follow these steps:

  1. install  Norton Antibot from  here
  2. Download and install malwarebytes
  3. update and run a full scan
  4. Download and install SuperAntispyware
  5. update and run a full scan
Than come back over here and see what happened

Doesn't it seem weird that if it were some malicious item, it would actually be identifying itself by it's known bad name?

 

Even though it wasn't picked up by my NAV2008, but rrather just on the connection log, could it still be some type of false positive? Like maybe something taht appeared like this Back Ori**ce thing?

 

Oh and spyware S&D and windows defender showed nothing bad

Stu if it was a sniffer, wouldn’t Norton pick it up?


NY1986 wrote:
Stu if it was a sniffer, wouldn't Norton pick it up?

probably. Depends on your settings if you notice something.

Did you try my suggestions?

I did run SpyBot S & D and the Windows defender and they picked up nothing. SpyBot did pick up tracking cookies and nothing more

How do you mean depends on your settings if you notice something? You mean my Norton Settings?

 

I mean its the strangest thing. If I didn't look in the connection log, I wouldn't even have this post. My browser settings are the same and I notice nothing funky about my computer. Just this connection entry for

Back Orifice 2000-1 and ms-wbt-server

 

I mean if someone was squating on my machine, it would show as malware or spyware right? Anmd if it was something bad, why would it read as something so suspicious as back orifice?

 

Could it be a false ID? Like something thatwas similar but not bad? Again nothing on my scans except tracking cookie. Could it be part of tracking cookie mechanisim?

NY1986:

Stu posted:

"Please follow these steps:

  1. install  Norton Antibot from  here
  2. Download and install malwarebytes
  3. update and run a full scan
  4. Download and install SuperAntispyware
  5. update and run a full scan

Than come back over here and see what happened"

 

I will repeat what he asked you in an earlier post: Did you try Stu's suggestions?