Welcome,
Guest
. Please
login
or
register
.
November 22, 2024, 02:46:00 PM
News:
tastyspleen.net discord server:
http://discord.tastyspleen.net
Home
Forum
Help
TinyPortal
Search
Calendar
Login
Register
tastyspleen::quake 2 community
»
Forum
»
Quake Related Topics
»
Trouble Shooting
»
"BackDoor-DOB!mem" wtf is it and what can I do to remove it?
« previous
next »
Print
Pages:
1
[
2
]
Go Down
Author
Topic: "BackDoor-DOB!mem" wtf is it and what can I do to remove it? (Read 10746 times)
RRBM [NL]
Full Member
Posts: 123
That's a Frag Folks!
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #15 on:
April 30, 2008, 02:06:30 AM »
Here are some other tools you can use :
Rootkit scanners :
F-Secure BlackLight
http://www.f-secure.com/blacklight/
Sophos Anti-Rootkit
http://www.sophos.com/products/free-tools/sophos-anti-rootkit.html
RootkitRevealer
http://www.microsoft.com/technet/sysinternals/Security/RootkitRevealer.mspx
Antivirus :
AVG Free
http://free.grisoft.com/ww.download-avg-anti-virus-free-edition
Antispyware :
Ad-Aware 2007 Free
http://www.lavasoftusa.com/products/ad_aware_free.php
Spyware Doctor
http://www.pctools.com/spyware-doctor/
Another rogue scanner :
RogueRemover FREE
http://www.malwarebytes.org/rogueremover.php
Logged
RRBM [NL]
Full Member
Posts: 123
That's a Frag Folks!
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #16 on:
April 30, 2008, 02:16:55 AM »
English translation of the french page
http://www.commentcamarche.net/forum/affich-5868128-virus-backdoor-dob-mem
with help from google translate (
http://www.google.com/translate_t
) :
http://www.google.com/translate?u=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich-5868128-virus-backdoor-dob-mem&langpair=fr%7Cen&hl=nl&ie=UTF8
http://www.google.com/translate?u=http%3A%2F%2Fwww.commentcamarche.net%2Fforum%2Faffich-5868128-virus-backdoor-dob-mem&langpair=fr%7Cen&hl=nl&ie=UTF8
«
Last Edit: April 30, 2008, 02:21:53 AM by RRBM [NL]
»
Logged
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #17 on:
April 30, 2008, 06:23:10 AM »
Nothing is detected in safemode, unfortunately. I'll try all those proggys that you have recommended RRBM[NL], thanks.
Running a full scan in windows defender and heading out for a run. Finger's Crossed.
Logged
reaper
Opulent Member
Posts: 2872
Nice night for a walk, eh? - Nice night for a walk
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #18 on:
April 30, 2008, 06:56:19 AM »
did you try the sysinternals thing qwazy mentioned, I bet that shows you something in purple, or highlights something obvious as purple. since the virus is tied to svchost that's where you should check!
Logged
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #19 on:
April 30, 2008, 07:06:10 AM »
Nothing showed up...opera was running in that vibrant purple but I noticed nothing else.
Logged
reaper
Opulent Member
Posts: 2872
Nice night for a walk, eh? - Nice night for a walk
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #20 on:
April 30, 2008, 07:34:43 AM »
you want to see which service is messing up your computer.
you can turn them off one by one (sometimes they will come back - which indicates which service might be the problem as well). so if you look at process explorer, and see what services svchost is tied to, you can turn off those services (resource consumption may be a sign of the problem, and process explorer will show what each service is doing).
once you find out what the offending service is by
1) turning off services (making sure they stay off), and determing when the problem goes away
2) looking at resource usage of the services, since the virus seems to be eating them sometimes
then you can delete the bad files, which are probably in some place under the windows directory. sometimes you can just search the windows directory and it's obvious. i don't really do this stuff, but i've worked with some people that can usually just take a quick look at process explorer, then go to the windows directory and find something odd.
if symantec said it found a virus in memory running as a service, that's where i'd be looking. and also turning things off to make the machine run faster, run spybot and lavasoft adware too..
Logged
VaeVictus "reaper is a lying sack of shit and ragequit then had, probably slugs, come alias and beat me, wasnt even the same person playing OBVIOUSLY, accuracies basicly doubled, and strategy
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #21 on:
April 30, 2008, 07:55:29 AM »
So I began to stop a process in procexp and it crashed (the program, not my PC)
Mass grrrrrrrrr-idge
Logged
Whirlingdervish
Super ShortBus Extravaganza
Illimitable Sesquipedalian Member
Posts: 6384
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #22 on:
April 30, 2008, 08:21:00 AM »
you might try using the search function to locate any files created on the day/time that the vscan message appeared, and the problems began..
That's how I tend to narrow down the search when I'm manually attempting to scrub out an infection..
Logged
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #23 on:
April 30, 2008, 08:27:54 AM »
Good idea
Logged
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #24 on:
April 30, 2008, 07:19:20 PM »
Hmm... it looks like on that day Apple's Safari decided it would install itself onto my computer. Joy. I guess those Mac vs PC commercials have it all wrong...Mac is the new Microsoft!!!
Head for the hills!!!!!
This post brought to you by my lack of action and beer....mmmm beer
Logged
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #25 on:
April 30, 2008, 07:49:34 PM »
OK so I have been running F-Secure's online scanner and I have 2 virii and 2 spywares so far....spybot and adaware is up next after I do a run to the store.
Logged
[BTF]Sigma
Phenomenally Prodigious Member
Posts: 3059
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #26 on:
May 02, 2008, 09:53:24 PM »
Thanks for all your help, gentlemen.
Nailed it. (no longer suffering stutters and such.)
I believe it was a combo of Adaware and Spybot that detected 406 items to be removed/quarantined.
Looks like I totally forgot to install Spybot and Adaware when I last reformatted so all that crap flooded in.
Learned a bunch of new tricks though. Hat's off to you.
Logged
Art
Carpal Tunnel Member
Posts: 1095
Rated:
Re: "BackDoor-DOB!mem" wtf is it and what can I do to remove it?
«
Reply #27 on:
May 02, 2008, 10:16:11 PM »
I ditched adaware and spybot for avg anti-spyware. They bought out ewido.
Logged
Print
Pages:
1
[
2
]
Go Up
« previous
next »
tastyspleen::quake 2 community
»
Forum
»
Quake Related Topics
»
Trouble Shooting
»
"BackDoor-DOB!mem" wtf is it and what can I do to remove it?
El Box de Shoutamente
Last 10 Shouts:
Costigan_Q2
November 11, 2024, 06:41:06 AM
"Stay cozy folks.
Everything is gonna be fine."
There'll be no excuses for having TDS after January 20th, there'll be no excuses AT ALL!!!
|iR|Focalor
November 06, 2024, 03:28:50 AM
RailWolf
November 05, 2024, 03:13:44 PM
Nice
Tom Servo
November 04, 2024, 05:05:24 PM
The Joe Rogan Experience episode 223 that dropped a couple hours ago with Musk, they're talking about Quake lol.
Costigan_Q2
November 04, 2024, 03:37:55 PM
Stay cozy folks.
Everything is gonna be fine.
|iR|Focalor
October 31, 2024, 08:56:37 PM
Costigan_Q2
October 17, 2024, 06:31:53 PM
Not activated your account yet?
Activate it now! join in the fun!
Tom Servo
October 11, 2024, 03:35:36 PM
HAHAHAHAHAHA
|iR|Focalor
October 10, 2024, 12:19:41 PM
I don't worship the devil. Jesus is Lord, friend. He died for your sins. He will forgive you if you just ask.
rikwad
October 09, 2024, 07:57:21 PM
Sorry, I couldn't resist my inner asshole.
Show 50 latest
User
Welcome,
Guest
. Please
login
or
register
.
November 22, 2024, 02:46:00 PM
1 Hour
1 Day
1 Week
1 Month
Forever
Login with username, password and session length
Search
Advanced search