Going crazy with this damn backdoor-czp

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I don't know how it got on the computer but its here nevertheless ...

When I boot up McAfee tells me it deleted the file ntswrl32.dll and
then seconds later informs me it deleted ldapi32.exe. Zonealarm
follows with an alert of msiefixd.exe tring to access the net which I
don't allow it to.

When running system restore I get this message:
"system restore is not able to protect your computer. Please restart
your computer and run restore again"

That doesn't work and when I look for the files that it said it
deleted they are not there but obviously it is re-writing itself every
boot. Its impossible to get rid of it if it isn't showing.

I've also tried running in safe mode but all it does is reboot after
hitting F8 and selecting it.

I'm runnig a typical WinXP machine ...

Please please please ... would anyone have any idea for a lost soul!!

Thanks in advance for any info.

Bob

Re: Going crazy with this damn backdoor-czp


| I don't know how it got on the computer but its here nevertheless ...
|
| When I boot up McAfee tells me it deleted the file ntswrl32.dll and
| then seconds later informs me it deleted ldapi32.exe. Zonealarm
| follows with an alert of msiefixd.exe tring to access the net which I
| don't allow it to.
|
| When running system restore I get this message:
| "system restore is not able to protect your computer. Please restart
| your computer and run restore again"
|
| That doesn't work and when I look for the files that it said it
| deleted they are not there but obviously it is re-writing itself every
| boot. Its impossible to get rid of it if it isn't showing.
|
| I've also tried running in safe mode but all it does is reboot after
| hitting F8 and selecting it.
|
| I'm runnig a typical WinXP machine ...
|
| Please please please ... would anyone have any idea for a lost soul!!
|
| Thanks in advance for any info.
|
| Bob


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go
through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal
Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the
PC.

You can choose to go to each menu item and just download the needed files or you
can
download the files and perform a scan in Normal Mode. Once you have downloaded
the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode
[F8 key
during boot] and re-run the menu again and choose which scanner you want to run
in Safe
Mode.  It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive
PDF help
file.  http://www.ik-cs.com/multi-av.htm

Additional Instructions:
http://pcdid.com/Multi_AV.htm


* * *   Please report back your results  * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Going crazy with this damn backdoor-czp

On Sat, 04 Nov 2006 02:41:19 GMT, "David H. Lipman"
 
Quoted text here. Click to load it


Thanks for the quick response David.

I couldn't reboot into safe mode ... the computer would always start
another reboot when I selected that process. As I said, Zonealarm kept
asking me if I wanted to let msiefixd.exe have permission to access
the net and I always denied thankfully. I went into the registry and
did a bunch of searching and found that SOB and deleted it and every
occassion that I found it on the computer. Believe it or not, those
two warning from McAfee went away but who knows if that killed the
trojan or not.

I still can't use safe mode or system restore but am going to try and
reinstall restore when I find my OEM disk.

I don't have a clue how to restore safe mode back but I guess hunting
and pecking may eventually return things to normal.

Thansk a bunch again ...

Bob

Re: Going crazy with this damn backdoor-czp



|
| Thanks for the quick response David.
|
| I couldn't reboot into safe mode ... the computer would always start
| another reboot when I selected that process. As I said, Zonealarm kept
| asking me if I wanted to let msiefixd.exe have permission to access
| the net and I always denied thankfully. I went into the registry and
| did a bunch of searching and found that SOB and deleted it and every
| occassion that I found it on the computer. Believe it or not, those
| two warning from McAfee went away but who knows if that killed the
| trojan or not.
|
| I still can't use safe mode or system restore but am going to try and
| reinstall restore when I find my OEM disk.
|
| I don't have a clue how to restore safe mode back but I guess hunting
| and pecking may eventually return things to normal.
|
| Thansk a bunch again ...
|
| Bob

OK, forget Safe Mode for the time being.  Go through the scanners in Normal Mode.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Re: Going crazy with this damn backdoor-czp


[snip]
Quoted text here. Click to load it

Have you tried BootSafe (freeware)?

    http://www.superadblocker.com/bootsafe.html

Larry

Re: Going crazy with this damn backdoor-czp

Try scanning with this:
http://housecall.trendmicro.com /

Hit "Scan Now - It's Free".
After it loads, hit "Accept" or whatever else it is, the checkmark to
keep it going is automatically checked.
When it loads again, choose whichever kernel you want but do NOT hit
"Scan" yet - go into "Advanced Options" abd check the checkmark that
says "Scan for malware and greyware". Now scan and remove anything it
finds.
Bob J wrote:
Quoted text here. Click to load it


Re: Going crazy with this damn backdoor-czp


| Try scanning with this:
| http://housecall.trendmicro.com /
|
| Hit "Scan Now - It's Free".
| After it loads, hit "Accept" or whatever else it is, the checkmark to
| keep it going is automatically checked.
| When it loads again, choose whichever kernel you want but do NOT hit
| "Scan" yet - go into "Advanced Options" abd check the checkmark that
| says "Scan for malware and greyware". Now scan and remove anything it
| finds.

I already suggested my Multi AV Scanning Tool which incorporates the Trend Micro
Sysclean
utility which uses the same engine and pattern file as the web site but does NOT
require Sun
Java or ActiveX in conjunction with a web browser.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Site Timeline