BackOrifice.B SpybotSD
tRevHead62
Melbourne, Australia
Hi, My latest scan of Spybot - SD has come up with a message that mentions the BackOrifice.B on my system, but does not tell me much else. Here is a snip from the SpybotSD Logfile...
Error during check!: BackOrifice.B (Datei C:\WINDOWS\wininit.ini kann nicht geöffnet werden. The process cannot access the file because it is being used by another process) ()
I have also scanned with AdAware and Norton's AntiVirus - All with the latest patches/updates. They can't pick up anything wrong.
Here's a copy of my HJT log file....
Logfile of HijackThis v1.98.0
Scan saved at 9:46:33 AM, on 27/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\VPN Client\cvpnd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - Global Startup: LimeWire 4.0.8.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093592241746
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
Is there anything nasty in this list?
Thanks in advance,
tRev.
Error during check!: BackOrifice.B (Datei C:\WINDOWS\wininit.ini kann nicht geöffnet werden. The process cannot access the file because it is being used by another process) ()
I have also scanned with AdAware and Norton's AntiVirus - All with the latest patches/updates. They can't pick up anything wrong.
Here's a copy of my HJT log file....
Logfile of HijackThis v1.98.0
Scan saved at 9:46:33 AM, on 27/10/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ISS\BlackICE\blackd.exe
C:\Program Files\VPN Client\cvpnd.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - Global Startup: LimeWire 4.0.8.lnk = C:\Program Files\LimeWire\LimeWire 4.0.8\LimeWire.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093592241746
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
Is there anything nasty in this list?
Thanks in advance,
tRev.
0
Comments
the incident that you are referring to is a glitch in the newest update for Sptbot. Please open your spybot while on line and go to the help site / forum and you will find a downloadable patch that will fix this problem. Also, please update your windows XP and internet explorer so that you have the most current security patches installed. If after this you still feel that you have a security problem then post another Hijackthis log and we will assist you.
respectfully,
wildthing423 :canflag:
Here's the link to this topic if anyone else would like to read up on it....
http://forums.net-integration.net/index.php?showtopic=24066&st=0&#entry111329
It seems there is/was a bug in the SpyBotSD program that since has been sorted. I have now installed SP2 and the latest security patches for my O.S and downloaded the latest patch for SpybotSD. I re-scanned and the BackOrifice.B detection warning has now disappeared.
Thanks a lot for your help.
tRev.