"BackDoor-DOB!mem" wtf is it and what can I do to remove it?

[RRBM [NL]]

Here are some other tools you can use  :


Rootkit scanners :

F-Secure BlackLight

http://www.f-secure.com/blacklight/

Sophos Anti-Rootkit

http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html

RootkitRevealer

http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx


Antivirus :

AVG Free

http://free.grisoft.com/ww.download-avg-anti-virus-free-edition


Antispyware :

Ad-Aware 2007 Free

http://www.lavasoftusa.com/products/ad_aware_free.php

Spyware Doctor

http://www.pctools.com/spyware-doctor/


Another rogue scanner :

RogueRemover FREE

http://www.malwarebytes.org/rogueremover.php

[RRBM [NL]]

English translation of the french page http://www.commentcamarche.net/forum/affich-5868128-virus-backdoor-dob-mem with help from google translate (http://www.google.com/translate_t) :

http://www.google.com/translate?u=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich-5868128-virus-backdoor-dob-mem&langpair=fr%7Cen&hl=nl&ie=UTF8
http://www.google.com/translate?u=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich-5868128-virus-backdoor-dob-mem&langpair=fr%7Cen&hl=nl&ie=UTF8

[[BTF]Sigma]

Nothing is detected in safemode, unfortunately. I'll try all those proggys that you have recommended RRBM[NL], thanks.

Running a full scan in windows defender and heading out for a run. Finger's Crossed.

[reaper]

did you try the sysinternals thing qwazy mentioned, I bet that shows you something in purple, or highlights something obvious as purple.  since the virus is tied to svchost that's where you should check!

 

[[BTF]Sigma]

Nothing showed up...opera was running in that vibrant purple but I noticed nothing else.

[reaper]

you want to see which service is messing up your computer. 

you can turn them off one by one (sometimes they will come back - which indicates which service might be the problem as well).  so if you look at process explorer, and see what services svchost is tied to, you can turn off those services (resource consumption may be a sign of the problem, and process explorer will show what each service is doing).

once you find out what the offending service is by
1) turning off services (making sure they stay off), and determing when the problem goes away
2) looking at resource usage of the services, since the virus seems to be eating them sometimes

then you can delete the bad files, which are probably in some place under the windows directory.  sometimes you can just search the windows directory and it's obvious.   i don't really do this stuff, but i've worked with some people that can usually just take a quick look at process explorer, then go to the windows directory and find something odd.

if symantec said it found a virus in memory running as a service, that's where i'd be looking.  and also turning things off to make the machine run faster, run spybot and lavasoft adware too..

[[BTF]Sigma]

So I began to stop a process in procexp and it crashed (the program, not my PC)

Mass grrrrrrrrr-idge

[Whirlingdervish]

you might try using the search function to locate any files created on the day/time that the vscan message appeared, and the problems began..

That's how I tend to narrow down the search when I'm manually attempting to scrub out an infection..

[[BTF]Sigma]

Good idea

[[BTF]Sigma]

Hmm... it looks like on that day Apple's Safari decided it would install itself onto my computer. Joy. I guess those Mac vs PC commercials have it all wrong...Mac is the new Microsoft!!!

Head for the hills!!!!! 



This post brought to you by my lack of action and beer....mmmm beer

[[BTF]Sigma]

OK so I have been running F-Secure's online scanner and I have 2 virii and 2 spywares so far....spybot and adaware is up next after I do a run to the store.

[[BTF]Sigma]

Thanks for all your help, gentlemen.

Nailed it. (no longer suffering stutters and such.)

I believe it was a combo of Adaware and Spybot that detected 406 items to be removed/quarantined.

Looks like I totally forgot to install Spybot and Adaware when I last reformatted so all that crap flooded in.

Learned a bunch of new tricks though.  Hat's off to you.

[Art]

I ditched adaware and spybot for avg anti-spyware. They bought out ewido.