I need help to remove backdoor.bot

[Needshelppp]

I am using vista 32bit home premium, 1 hour ago i may have stumbled upon the wrong website, cutting a long story short it opened up the process "e.exe" on my machine, so i was self alerted that i had been infected with a virus (which should have been avasts job to do, but avast did not detect this).

(I have not ran a virus scan of any kind for quite some time, so i do not know if backdoor.bot came from this incident, what i am saying is that it was this incident that alerted me to do a virus scan)

After updating malwarebytes and running a scan it uncovered 12 infected fiiles most of them being trojan.downloader, which were all removed.

The one that seems to be stick around, and does not want to leave is backdoor.dot, it is a nasty keylogger, i do things such as internet banking and play games of value such as world of warcraft, i can not afford to lose my personal information to this virus, and i need some help with removing it please!

Currently i am running a thorough scan with avast "while awaiting your response"! i know avast will not be much help in terminating the virus, and using smaller programs to manually directly target backdoor.bot will be much more effective.

PLEASE HELP!


Also: i have unconvered the following path manually, i am not sure if it is a virus, but i know it has negative reputation to the good, in the world of data stealing.

C:\Users\"unsername"\AppData\Roaming\sdra64.exe

[mkis]

Google is your friend

http://www.google.com/search?q=sdra64.exe&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8


http://www.google.com/search?q=backdoor.bot&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

http://www.spywareremove.com/removeBackdoorBot.html

[Needshelppp]

Google is your friend

http://www.google.com/search?q=sdra64.exe&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8


http://www.google.com/search?q=backdoor.bot&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

http://www.spywareremove.com/removeBackdoorBot.html

I have read every google search available for my situation! I AM GOING CRAZY because it is not as simple as "read an artical, remove it".

I need an "expert" to guide me through the process, or at least somebody knowlegdable to help me.

[Needshelppp]

Take this small guide for example.

http://www.spywareremove.com/removeBackdoorBot.html

This is nonsense, infect your machine with backdoor.bot and see if you are able to remove it following this guide, you will understand what i mean.

[Pondus]

Try these

Norman Malware Cleaner http://www.norman.com/support/support_tools/58732/en

Dr.Web CureIt! http://www.freedrweb.com/cureit/
How Do I Use Dr.Web CureIt!? http://www.freedrweb.com/cureit/how_it_works/

[mkis]

Google is your friend

http://www.google.com/search?q=sdra64.exe&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8


http://www.google.com/search?q=backdoor.bot&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

http://www.spywareremove.com/removeBackdoorBot.html

I have read every google search available for my situation! I AM GOING CRAZY because it is not as simple as "read an artical, remove it".

I need an "expert" to guide me through the process, or at least somebody knowlegdable to help me.

You have to start somewhere. I can see what the spyware remove people are getting at. I have no idea what steps you've taken other than what you have said in yr OP.

[Needshelppp]

I reformatted.

[jolo]

What I gather from this is that avast! doesn't have a product that can product us from Bots? Is this true?

How sad that someone has to re-format.

For those obnoxious mimics who help no one with their "Google is your friend", if you don't know what your doing and/or don't give a crap about helping others, then GET OFF THE FORUM. Forums are about each member sharing their time and experience to help another person. If you want others to waste hours searching, then just get off the forum.

Jon

[mikaelrask]

did you try the tools pondus suggested?

you should not give up that easy.

i would recomend a scan with superantispyware becouse sometimes that picking up things malwarebytes don't and vice versa.

http://www.superantispyware.com/

if that does not solve your problem. make a scan with hijack this and post the result here so we could see if we could find the infection from there.

http://download.cnet.com/Trend-Micro-HijackThis/3000-8022_4-10227353.html

good luck 

[mkis]

quote author=Needshelppp link=topic=52028.msg440318#msg440318 date=1260350323]

Google is your friend

http://www.google.com/search?q=sdra64.exe&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8


http://www.google.com/search?q=backdoor.bot&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

http://www.spywareremove.com/removeBackdoorBot.html

I have read every google search available for my situation! I AM GOING CRAZY because it is not as simple as "read an artical, remove it".

I need an "expert" to guide me through the process, or at least somebody knowlegdable to help me.

you give no indication in yr OP that you already thoroughly searched for information on BackdoorBot.
So sorry i was only trying to contribute understanding of the issue in what little time was available. In which case Google is a most convenient vehicle, perhaps not always yr friend but that is just something we say anyway.

I did not say the spywareremove page would remove an the infection for you. After you read the page, I ask you now what you do not understand about BackdoorBot.  

Also worth bearing in mind that no antivirus will detect 100%.

This weekend as always I disinfected systems of malware - Sality in one bad case (see pictue below), and Antivirus Action. I then returned these systems to smooth running. As you say, Needshelppp, not that simple  a procedure. At times I was nearly locked out of the system. And when it comes to the forum, I just dont have the same amount of time to spare. of the forum. All credit to people like Pondus who I rely on to fill in gaps that are left.

Edit - 13/12/2010 2.31AM - just booted into PC infected with Sality and checking the system - will post reply here

[essexboy]

That was a version of Zeus so it was keylogging.  It can be removed but not automatically, manual removal is needed for some elements

sdra64.exe is one of the key files.  Although I gather the Zeus author has now come up with a better version, that will start relying on bootkits like whistler   

[mkis]

Taking out sality - the PS2 keyboard that was plugged into the computer was hopelessly lost to the variant, but slipping in a USB keyboard under the radar enabled me to log in and remove the user's passwords.

otherwise gaining access may have become impossible - the Linux discs I use for circumventing passwords were being turned into confetti by the virus.


Edit - that is to say, the PS2 keyboard reading of the disks was turned into confetti

here's an interesting one I've had in the past - when you open the commandline, the / key on the keyboard starts reading #
but thats okay the / key still works okay, just forget about the fact that it's reading #, and yr commands will effect as per norm

[mkis]

here is probably recent information - shows relation between sdra64.exe and Sality

http://www.threatexpert.com/files/palma.exe.html  (edit - sorry very busy, forgot to insert link first time round)

I have yet to run an analysis of the Sality infection - removal including manual were completed satisfactorily (for now)
in this case, I plugged a friend's USB into the PC and detected Sality but the steps I took to sort the threat were too superficial
and nonetheless i let the person continue to use the system
the following day when I returned to that PC I noted the change in functionality - so stepped up my defenses before it was too late

while disinfecting PCs is a good practice, it is not much fun to the user of the computer
if sufficient steps are not taken to prevent infection, the disinfection can prove very time-consuming to all concerned

[nsm0220]

Needshelppp try gdata boot cd https://www.gdatasoftware.co.uk/support/main-subjects/upgrade-service/download.html

[mkis]

thread was a year old when jolo stepped in
perhaps not a bad thing, we can carry the issues further if there is something to gain

gdata boot CD may have bypassed the keylogger, I dont know, some of the variants I would expect to be very elusive

- and oops, have yet to send files to avast