shawdreamer Posted October 28, 2010 Share Posted October 28, 2010 No doubt more of the tech learned amongst us (Sidrick & Peeewee to mention a few) will have already had dealings with this particularly annoying Trojan: Backdoor:Win32/Cycbot.B AFter a good hour of repeated scans and false "System clean & protected" reports from MSE I eventually had to resort to a System restore point before the initial recording of the Trojan in MSE's history (which much to my suprise was a good week ago) Nothing I attempted with MSE made a blind bit of difference and thats with MSE's latest virus definition and windows security definition. MSE would simply detect the infection (wether via popup window report or during a system scan) and request system cleaning permission which naturally is given, at the end of the cleaning MSE reports that either the infection had be quarenteened or removed successfully and report "system fully protected" shortly after (usually about 10-15 minutes)MSE would again detect the infection and your back to sqaure one (repeated attempts only resulted the same) Googling the Trojan gave me more reason for concern (feel free to yourself) and even MS have rated it as highly serious due to the amount of external access it gives someone to the infected computer. various PC forums advised the extreme of format and reinstalling of my OS to confirm eradication but as I only got a Win7 key and not the actual disc with my new laptop (thats what was infected btw) thats out the question, which just left me with a system restore hope. on the system restore front, so far..... so good. no alerts or detections despite 2-3 full scans in the last hour or so. reason for this post. If any non-techie types (kinda like me) come across a alert for this Trojan dont be tempted to ignore it or assume your chosen AV can cope with it....its a persistant and particularly nasty little Trojan if any of the googled reports are anything to go by. Link to comment Share on other sites More sharing options...
MCCORNY11 Posted October 28, 2010 Share Posted October 28, 2010 i keep telling people this but they dont listen Host file modification cuts 99% percent of the rubbish out there if updated. takes less than 5 seconds it stops pop ups adverts even known bad ips and websites have a look http://www.mvps.org/winhelp2002/hosts.htm for 5 mins reading can save days in restoring Link to comment Share on other sites More sharing options...
scottg17 Posted October 29, 2010 Share Posted October 29, 2010 I had this on a customers PC the other week, Into safe mode, Run Malware bytes, kept coming back, so i assumed there was a rootkit on the systemRun combofix, followed by an OS repair (id had damaged one or more sys 32 fils)All sorted, A courtesy call back this week confirmed all was well Link to comment Share on other sites More sharing options...
shawdreamer Posted October 29, 2010 Author Share Posted October 29, 2010 I had this on a customers PC the other week, Into safe mode, Run Malware bytes, kept coming back, so i assumed there was a rootkit on the systemRun combofix, followed by an OS repair (id had damaged one or more sys 32 fils)All sorted, A courtesy call back this week confirmed all was well my System Restore method still seems to be holding solid, 2 further scans have turned up feckall, only fortunate that I didnt have to lose something important in the restore. additional to the MS statedment on the Trojan the majority of forums also say that on previous OS running systems it also disables IE7+8 thus blocking you from seeking internet related assistance.....devious little bugger, least Win7 and the latest edition of MSE doesnt seem to allow that symptom on mine. Link to comment Share on other sites More sharing options...
scottg17 Posted October 29, 2010 Share Posted October 29, 2010 Thing is, you may have just picked up the Trojan, if there was a rootkit there then it would most likely come back Link to comment Share on other sites More sharing options...
shawdreamer Posted October 29, 2010 Author Share Posted October 29, 2010 Thing is, you may have just picked up the Trojan, if there was a rootkit there then it would most likely come back hence the continued repeated scans just incase Link to comment Share on other sites More sharing options...
smithyandco Posted October 29, 2010 Share Posted October 29, 2010 i keep telling people this but they dont listen Host file modification cuts 99% percent of the rubbish out there if updated. takes less than 5 seconds it stops pop ups adverts even known bad ips and websites have a look http://www.mvps.org/winhelp2002/hosts.htm for 5 mins reading can save days in restoringSpybot S&D also adds a healthy amount of sites/ips to the HOSTS to blacklist Link to comment Share on other sites More sharing options...
LiamGTR Posted October 29, 2010 Share Posted October 29, 2010 You have effected EVO, everyone who visits EVO will now be affected by this trojan. Please leave EVO. http://www.jimimorrisonshead.com/wp-content/uploads/2010/07/cyberpolice.jpg Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now