Backdoor.Win32.Sinowal.cb

Printable View

02.06.2010, 10:53
howdowedo

Backdoor.Win32.Sinowal.cb

Hello,
i've got some virus trouble named: Backdoor.Win32.Sinowal.cb and i cannot remove it.
Please find attached the Kaspersky removal tool report.
Thank you for your help.
02.06.2010, 11:47
Rene-gad

Switch off/Disable:
- Antivirus and and, if you have - Firewall.
- System Restore

- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual disinfection
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
QuarantineFile('C:\Program Files\webserv\webserv.exe','');
QuarantineFile('C:\AdventNet\ME\AssetExplorer\bin\wrapper.exe','');
DelBHO('{A7CDDCDC-BEEB-4685-A062-978F5E07CEEE}');
QuarantineFile('C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll','');
DelBHO('{F0626A63-410B-45E2-99A1-3F2475B2D695}');
DelBHO('{8A9D74F9-560B-4FE7-ABEB-3B2E638E5CD6}');
QuarantineFile('C:\Program Files\SGPSA\BHO.dll','');
QuarantineFile('C:\Program Files\SGPSA\SearchAssistant.dll','');
DelCLSID('{5E2121EE-0300-11D4-8D3B-444553540000}');
QuarantineFile('C:\PROGRA~1\ANTIMA~1\amext.dll','');
QuarantineFile('C:\WINDOWS\system32\ED76jfu3.exe','');
QuarantineFile('C:\autorun.inf','');
DeleteFile('C:\autorun.inf');
DeleteFile('C:\WINDOWS\system32\ED76jfu3.exe');
DeleteFile('C:\PROGRA~1\ANTIMA~1\amext.dll');
DeleteFile('C:\Program Files\SGPSA\SearchAssistant.dll');
DeleteFile('C:\Program Files\SGPSA\BHO.dll');
DeleteFile('C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll');
DeleteFileMask('c:\windows\tasks\','At*.job',false);
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.[/CODE]

After reboot [URL="http://virusinfo.info/showthread.php?t=9207"]execute following script[/URL] in Manual disinfection
[code]begin
CreateQurantineArchive('C:\quarantine.zip');
end.
[/code]and upload the C:\quarantine.zip over the link [COLOR="Red"][B]Upload quarantined files[/B][/COLOR] on the top of this page.

- Install Service Pack 3 for Windows XP + all subsequent updates + Internet Explorer 8
- Upgrade your Antivirus till the LAST VERSION!
- Update Java Runtime Environment.
- Update OpenOffice
- Repeat a log file of AVPTool.
- Attach a log to your new post..
02.06.2010, 15:06
howdowedo

Backdoor.win32.Sinowal.cb issue

hello,
thanks for the response.
I've followed the instructions and there is attached the new log...
02.06.2010, 15:49
Rene-gad

[QUOTE=howdowedo;648128]
I've followed the instructions [/QUOTE]Not completely
[QUOTE]- Install Service Pack 3 for Windows XP + all subsequent updates + Internet Explorer 8
- Upgrade your Antivirus till the LAST VERSION!
- Update Java Runtime Environment.
- Update OpenOffice[/QUOTE]
- [URL="http://virusinfo.info/showthread.php?t=9207"]Execute following script[/URL] in Manual disinfection
[CODE]begin
SearchRootkit(true, true);
SetAVZGuardStatus(True);
ClearQuarantine;
DeleteService('Audio Windows (AudioSrv)');
BC_DeleteSvc('Audio Windows (AudioSrv)');
DeleteFile('C:\AdventNet\ME\AssetExplorer\bin\wrapper.exe');
RegKeyParamDel('HKEY_LOCAL_MACHINE','SYSTEM\CurrentControlSet\Services\Eventlog\Application\assetexplorer','EventMessageFile');
DeleteFile('C:\Program Files\webserv\webserv.exe');
BC_ImportAll;
ExecuteSysClean;
BC_Activate;
SetAVZPMStatus(True);
RebootWindows(true);
end.[/CODE]
and fulfill [B]all recommendations[/B].
03.06.2010, 00:19
howdowedo

hi,

when i try to intall pack 3, the computer switch off by itself
i have desinstall open office due to space on the driver...
03.06.2010, 02:59
howdowedo

Backdoor.win32.Sinowal.cb issue

I have done the update (java runtime,anti virus) and installed service pack3. Internet explorer 8 was apprently allready done.

Please find attached the log

regards
03.06.2010, 09:28
Alex_Goodwin

Hi, check you comp. [url]http://www.freedrweb.com/download+cureit/?lng=en[/url]
download and scan cureit.
03.06.2010, 11:16
Rene-gad

[QUOTE=howdowedo;648441]I have done the update....anti virus[/QUOTE]No, you hadn't, you have Kaspersky 8, it's an obsolete version.
After scanning as Alex_Goodwin wrote pls. update your antivirus.
03.06.2010, 18:13
howdowedo

Backdoor.win32.Sinowal.cb issue

Hello,
I've update the anti virus and there is the log
03.06.2010, 18:44
Rene-gad

Did you scan your system as Alex_Goodwin advised?
- Execute following script in Manual disinfection
[CODE]begin
ClearQuarantine;
QuarantineFile('iexplore.exe','');
CreateQurantineArchive('C:\quarantine.zip');
end.[/CODE]
and upload the C:\quarantine.zip over [URL="http://virusinfo.info/upload_virus_eng.php?tid=79969"]this link[/URL]
03.06.2010, 19:25
howdowedo

Backdoor.win32.Sinowal.cb issue

Done.
03.06.2010, 19:58
Rene-gad

Do you have any problem more?
03.06.2010, 20:42
howdowedo

Backdoor.win32.Sinowal.cb issue

apparently not! it seems to be removed!
Thank you very much guys for your help
04.06.2010, 20:42
CyberHelper

Итог лечения

Статистика проведенного лечения:
[LIST][*]Получено карантинов: [B]2[/B][*]Обработано файлов: [B]38[/B][*]В ходе лечения вредоносные программы в карантинах не обнаружены[/LIST]