Welcome,
Guest
. Please
login
or
register
.
September 20, 2024, 12:13:43 PM
News:
tastyspleen.net has a new discord server:
http://discord.tastyspleen.net
Home
Forum
Help
TinyPortal
Search
Calendar
Login
Register
tastyspleen::quake 2 community
»
Forum
»
Quake Related Topics
»
Trouble Shooting
»
"BackDoor-DOB!mem" wtf is it and what can I do to remove it?
« previous
next »
Print
Pages:
1
[
2
]
Go Down
Author
Topic: "BackDoor-DOB!mem" wtf is it and what can I do to remove it? (Read 10483 times)
RRBM [NL]
Full Member
Posts: 123
That's a Frag Folks!
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #15 on:
April 30, 2008, 02:06:30 AM »
Here are some other tools you can use :
Rootkit scanners :
F-Secure BlackLight
http://www.f-secure.com/blacklight/
Sophos Anti-Rootkit
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
RootkitRevealer
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
Antivirus :
AVG Free
http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
Antispyware :
Ad-Aware 2007 Free
http://www.lavasoftusa.com/products/ad_aware_free.php
Spyware Doctor
http://www.pctools.com/spyware-doctor/
Another rogue scanner :
RogueRemover FREE
http://www.malwarebytes.org/rogueremover.php
Logged
RRBM [NL]
Full Member
Posts: 123
That's a Frag Folks!
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #16 on:
April 30, 2008, 02:16:55 AM »
English translation of the french page
http://www.commentcamarche.net/forum/affich-5868128-virus-backdoor-dob-mem
with help from google translate (
http://www.google.com/translate_t
) :
http://www.google.com/translate?u=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich-5868128-virus-backdoor-dob-mem&langpair=fr%7Cen&hl=nl&ie=UTF8
http://www.google.com/translate?u=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich-5868128-virus-backdoor-dob-mem&langpair=fr%7Cen&hl=nl&ie=UTF8
«
Last Edit: April 30, 2008, 02:21:53 AM by RRBM [NL]
»
Logged
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #17 on:
April 30, 2008, 06:23:10 AM »
Nothing is detected in safemode, unfortunately. I'll try all those proggys that you have recommended RRBM[NL], thanks.
Running a full scan in windows defender and heading out for a run. Finger's Crossed.
Logged
reaper
Opulent Member
Posts: 2872
Nice night for a walk, eh? - Nice night for a walk
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #18 on:
April 30, 2008, 06:56:19 AM »
did you try the sysinternals thing qwazy mentioned, I bet that shows you something in purple, or highlights something obvious as purple. since the virus is tied to svchost that's where you should check!
Logged
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #19 on:
April 30, 2008, 07:06:10 AM »
Nothing showed up...opera was running in that vibrant purple but I noticed nothing else.
Logged
reaper
Opulent Member
Posts: 2872
Nice night for a walk, eh? - Nice night for a walk
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #20 on:
April 30, 2008, 07:34:43 AM »
you want to see which service is messing up your computer.
you can turn them off one by one (sometimes they will come back - which indicates which service might be the problem as well). so if you look at process explorer, and see what services svchost is tied to, you can turn off those services (resource consumption may be a sign of the problem, and process explorer will show what each service is doing).
once you find out what the offending service is by
1) turning off services (making sure they stay off), and determing when the problem goes away
2) looking at resource usage of the services, since the virus seems to be eating them sometimes
then you can delete the bad files, which are probably in some place under the windows directory. sometimes you can just search the windows directory and it's obvious. i don't really do this stuff, but i've worked with some people that can usually just take a quick look at process explorer, then go to the windows directory and find something odd.
if symantec said it found a virus in memory running as a service, that's where i'd be looking. and also turning things off to make the machine run faster, run spybot and lavasoft adware too..
Logged
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #21 on:
April 30, 2008, 07:55:29 AM »
So I began to stop a process in procexp and it crashed (the program, not my PC)
Mass grrrrrrrrr-idge
Logged
Whirlingdervish
Super ShortBus Extravaganza
Illimitable Sesquipedalian Member
Posts: 6384
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #22 on:
April 30, 2008, 08:21:00 AM »
you might try using the search function to locate any files created on the day/time that the vscan message appeared, and the problems began..
That's how I tend to narrow down the search when I'm manually attempting to scrub out an infection..
Logged
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #23 on:
April 30, 2008, 08:27:54 AM »
Good idea
Logged
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #24 on:
April 30, 2008, 07:19:20 PM »
Hmm... it looks like on that day Apple's Safari decided it would install itself onto my computer. Joy. I guess those Mac vs PC commercials have it all wrong...Mac is the new Microsoft!!!
Head for the hills!!!!!
This post brought to you by my lack of action and beer....mmmm beer
Logged
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #25 on:
April 30, 2008, 07:49:34 PM »
OK so I have been running F-Secure's online scanner and I have 2 virii and 2 spywares so far....spybot and adaware is up next after I do a run to the store.
Logged
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #26 on:
May 02, 2008, 09:53:24 PM »
Thanks for all your help, gentlemen.
Nailed it. (no longer suffering stutters and such.)
I believe it was a combo of Adaware and Spybot that detected 406 items to be removed/quarantined.
Looks like I totally forgot to install Spybot and Adaware when I last reformatted so all that crap flooded in.
Learned a bunch of new tricks though. Hat's off to you.
Logged
Art
Carpal Tunnel Member
Posts: 1095
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #27 on:
May 02, 2008, 10:16:11 PM »
I ditched adaware and spybot for avg anti-spyware. They bought out ewido.
Logged
Print
Pages:
1
[
2
]
Go Up
« previous
next »
tastyspleen::quake 2 community
»
Forum
»
Quake Related Topics
»
Trouble Shooting
»
"BackDoor-DOB!mem" wtf is it and what can I do to remove it?
El Box de Shoutamente
Last 10 Shouts:
RyU
September 03, 2024, 05:15:49 PM
And wow Derrick is still playing lol
RyU
September 03, 2024, 05:15:15 PM
Just know yesterday is gone and soon tomorrow will be gone too
Lejionator
August 08, 2024, 07:28:01 PM
It's tiem to QuakeCon!!!
https://www.youtube.com/watch?v=ThQd_UJaTys
ImperiusDamian
July 26, 2024, 09:34:53 PM
In nomine Quake II et Id Software et Spiritus John Carmack, Amen.
QuakeDuke
July 26, 2024, 05:10:30 PM
Hey, shout, summertime blues
Jump up and down in you blue suede shoes
Hey, did you rock and roll? Rock on!! ...QD
Yotematoi
July 24, 2024, 01:31:20 PM
Ayer me mato 5 veces para robarme en la vida real hará lo mismo? [img]<iframe src="https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid0wXU2VgS7atesBcSoMz5BWMJCJajeZFVT6GzSU6TtpJGddN9kLTvWNgcZaskkbKFQl&show_text=true&width=500
https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid0wXU2VgS7atesBcSoMz5BWMJCJajeZFVT6GzSU6TtpJGddN9kLTvWNgcZaskkbKFQl&show_text=true&width=500
" width="500"
Yotematoi
July 24, 2024, 01:25:59 PM
hi ya está la basura de Martin, se cambió el nombre es un ladron estupido, asi llegó a 10000[img]<iframe src="https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&show_text
https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&show_text
Yotematoi
July 24, 2024, 01:25:59 PM
hi ya está la basura de Martin, se cambió el nombre es un ladron estupido, asi llegó a 10000[img]<iframe src="https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&show_text
https://www.facebook.com/plugins/post.php?href=https%3A%2F%2Fwww.facebook.com%2Fzoloyoze.torito%2Fposts%2Fpfbid03hZrkDUBJPZKCuFgy5hRUy831ekKJYVRzC7ajXaKQbJ6xcPgKftLukUDfovFyEq3l&show_text
[BTF]Jehar
July 19, 2024, 04:28:08 PM
http://forum.tastyspleen.net/quake/index.php?topic=23579.msg238738#msg238738
ts500 comin!
-Unh0ly-
July 05, 2024, 05:20:36 AM
https://unh0lyquakeii.godaddysites.com/
[/i]
Show 50 latest
User
Welcome,
Guest
. Please
login
or
register
.
September 20, 2024, 12:13:43 PM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search
Advanced search