Members
  • Total Members: 14176
  • Latest: toxxxa
Stats
  • Total Posts: 42862
  • Total Topics: 16071
  • Online Today: 1328
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)









Author Topic: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"  (Read 19634 times)

0 Members and 2 Guests are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #10 on: 09. September 2007., 16:48:19 »
Samker,
Thanks. I was almost sure that hjT report is Ok.
I need to restart my computer and b back in a few minutes.
Funny thing that I looked in registry now
and HKEY_USERS does not have those values at the main nod ??? they are gone!
===
Windows Registry Editor Version 5.00

[HKEY_USERS]
===
It has a correct entry (Default) REZ_SZ (value not set)
which as I understant should look the same in HKEY_CURRENT_USER
The latter still have those two bloody additional entries
Shouldn't I just remove them or you think I need to run tun-up anyway?
Thnks
BRB



Go with TuneUp anyway, you will see that TU is one excelent software.


Samker's Computer Forum - SCforum.info

Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #10 on: 09. September 2007., 16:48:19 »

SiberLynx

  • SCF Member
  • **
  • Posts: 13
  • KARMA: 1
Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #11 on: 09. September 2007., 17:00:26 »
K i'm back
I'll try Tune-up now

SiberLynx

  • SCF Member
  • **
  • Posts: 13
  • KARMA: 1
Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #12 on: 09. September 2007., 17:39:36 »
Samker,
I did run Tune-up
It found 94 entries which may be cleaned.
Nothing related to the strange entry.
Unfortunately I don't see (probably, yet) the way to save report in TuneUp.
All I see are  crucial at all  and can be cleaned or left for now.
In addition to CCleaner (soft) I have and use some other cleaners (strong), which find more than TunUp.
They are  RegSeeker. RegCure, RegScrab and TrashReg.
The latter can find and remove some stuff - none of the existing Tools can like null-value keys. Sysinternals reg Tool may or may not find them but cannot sometimes delete them...
So Tun-up will not touch questioned "trojan-keys" for sure.
Is it a spacial time to be risky and just remove'em manually?
Regards 

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #13 on: 09. September 2007., 17:50:49 »

1. Fix all that with TU.

2. Check is it System Restore at your PC turned on if isn't then turn it.

3. Go and manually remove that.

SiberLynx

  • SCF Member
  • **
  • Posts: 13
  • KARMA: 1
Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #14 on: 09. September 2007., 18:11:03 »
Samke,
I do appreciate your help and time you spent.
Sys restore is On.
I may create a check-point even and kick'em
I'm not going to keep TunUp so... no cleaning using it.
P.S.
Just got very interesting comment concerning this in another forum:
"...it's likely one key that's affected. HKEY_CURRENT_USER is a symbolic link to HKEY_USERS/current-user.
My guess is that it's the result of some anti-malware scan, based on the reasoning that malware is hardly likely to identify itself as malware."
I have a feeling that is is very, very close to some of my deep thoughts.
Thanks again
My best regards
SiberLynx

Samker's Computer Forum - SCforum.info

Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #14 on: 09. September 2007., 18:11:03 »

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #15 on: 09. September 2007., 18:30:42 »
You're Welcome here, any day & any time.  ;)

If you are still here, I have only one more question: How did you find us (SCforum.info) ?

SiberLynx

  • SCF Member
  • **
  • Posts: 13
  • KARMA: 1
Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #16 on: 09. September 2007., 18:41:33 »
You're Welcome here, any day & any time.  ;)
If you are still here, I have only one more question: How did you find us (SCforum.info) ?
Thanks for welcoming
We all have that thing... what's the name?... Oh!... Google... so I Shmoogled:  "security forums" ;D

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #17 on: 09. September 2007., 18:47:47 »
 ;D

Thanks, that's important information for me.

cya

Samker

P.S.
I hope we will see you here often.  ;)


SiberLynx

  • SCF Member
  • **
  • Posts: 13
  • KARMA: 1
Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #18 on: 09. September 2007., 18:58:11 »
I hope we will see you here often.  ;)
with real infections? hehehe!
Cheers

Samker

  • SCF Administrator
  • *****
  • Posts: 7528
  • KARMA: 322
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum
Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #19 on: 09. September 2007., 19:12:30 »
 ;D  ;D  ;D

It will be better in CHIT CHAT section.

 ;D  ;D  ;D

Samker's Computer Forum - SCforum.info

Re: Strange registry entries "Trojan horse BackDoor.Ircbot.BBO"
« Reply #19 on: 09. September 2007., 19:12:30 »

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising