Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Removal of a backdoor - Couldn't find anywhere else to post
New Posts  All Forums:Forum Nav:

Removal of a backdoor - Couldn't find anywhere else to post

post #1 of 11
Thread Starter 
[img]http://i.gyazo.com/1ded470fe883b76b3fd61fecf2e63dc2.png/img] My friend is having this problem. Everytime he removes it, it duplicates, and we can't seem to find a fix online, anyone know what to do? Didn't know where else to post, thanks in advance.
post #2 of 11
Quote:
Originally Posted by Mhyles View Post

[img]http://i.gyazo.com/1ded470fe883b76b3fd61fecf2e63dc2.png/img] My friend is having this problem. Everytime he removes it, it duplicates, and we can't seem to find a fix online, anyone know what to do? Didn't know where else to post, thanks in advance.

Your image link is broken... non-functional....
Workstation
(16 items)
 
   
CPUMotherboardGraphicsGraphics
INtel 4770k ASUS maximus extreme VI  EVGA GTX 780Ti SC  EVGA GTX 780Ti SC 
GraphicsRAMHard DriveHard Drive
EVGA GTX 780Ti SC Kingston HyperX Beast 32 GB Kit (4x8 GB) 2400MH... Western Digital 2tb Enterprise Samsung 840 Pro SSD 256GB 
Optical DriveCoolingCoolingCooling
Pawtec External USB 3.0 Aluminum 8X DVD-RW Writ... Primochill ghost fitings Monsoon reservoir Swifttech MCP50x/2  
CoolingCoolingCoolingCooling
Primochill rigid acrylic tubing EK supremacy CPU block - Nickel EK 780Ti waterblocks x3 - Nickel Lamptron FC9 fan Controller 
CoolingCoolingCoolingCooling
9x Primochill Acrylic Radiator Grills Alphacool ST30 280 radiator Alphacool ST30 280 radiator Alphacool 420 80mm 
OSMonitorKeyboardPower
Windows 7 Ultimate Dell UW3014 Merc stealth steel series keyboard EVGA NEX1500 PSU 
CaseMouseMouse PadAudio
Lian Li PC-D600 Razer Death Adder Mouse Razer Scarab mousepad Logitech X-540 5.1 speakers with sub 
  hide details  
Reply
Workstation
(16 items)
 
   
CPUMotherboardGraphicsGraphics
INtel 4770k ASUS maximus extreme VI  EVGA GTX 780Ti SC  EVGA GTX 780Ti SC 
GraphicsRAMHard DriveHard Drive
EVGA GTX 780Ti SC Kingston HyperX Beast 32 GB Kit (4x8 GB) 2400MH... Western Digital 2tb Enterprise Samsung 840 Pro SSD 256GB 
Optical DriveCoolingCoolingCooling
Pawtec External USB 3.0 Aluminum 8X DVD-RW Writ... Primochill ghost fitings Monsoon reservoir Swifttech MCP50x/2  
CoolingCoolingCoolingCooling
Primochill rigid acrylic tubing EK supremacy CPU block - Nickel EK 780Ti waterblocks x3 - Nickel Lamptron FC9 fan Controller 
CoolingCoolingCoolingCooling
9x Primochill Acrylic Radiator Grills Alphacool ST30 280 radiator Alphacool ST30 280 radiator Alphacool 420 80mm 
OSMonitorKeyboardPower
Windows 7 Ultimate Dell UW3014 Merc stealth steel series keyboard EVGA NEX1500 PSU 
CaseMouseMouse PadAudio
Lian Li PC-D600 Razer Death Adder Mouse Razer Scarab mousepad Logitech X-540 5.1 speakers with sub 
  hide details  
Reply
post #3 of 11
It's just a registry key, as it clearly states; open regedit, browse to it and delete it.

If you are deleting it and it's reappearing then you likely have malware installed that isn't being detected, so use another AV.
post #4 of 11
Thread Starter 
What one wpould it be? theres millions
post #5 of 11
Your image... (looks like some of the Fake Anti-Virus screens.. haven't seen those in a while)



As Bearybear states... it is a REG key... and you apparently have some other "bug" on that pc.

what OS?
What AV is / was running?

Assuming you are on WIndows XP or 7... boot to safe mode... check all of your startup entries in MSCONFIG (if it works)

Using Regedit... go to HKLM/Software/Microsoft/Wndows/Currentversion/ Run and see what is there...

.try malwarebytes to start with.. run it in safe mode... see what it finds..

You may need to find a boot disk you can use, and run AV tools from that... either a windows recovery disk, a linux distro.. or a Antivirus boot disk if you have that option

You may have a rootkit going... harder to fix.. but not impossible.

There is usually a lot of damage to the registry and files... depending on what malware it is. Sometimes a wipe and reinstall is easier than trying to fix it....
Edited by cgipson1 - 3/26/14 at 2:49pm
Workstation
(16 items)
 
   
CPUMotherboardGraphicsGraphics
INtel 4770k ASUS maximus extreme VI  EVGA GTX 780Ti SC  EVGA GTX 780Ti SC 
GraphicsRAMHard DriveHard Drive
EVGA GTX 780Ti SC Kingston HyperX Beast 32 GB Kit (4x8 GB) 2400MH... Western Digital 2tb Enterprise Samsung 840 Pro SSD 256GB 
Optical DriveCoolingCoolingCooling
Pawtec External USB 3.0 Aluminum 8X DVD-RW Writ... Primochill ghost fitings Monsoon reservoir Swifttech MCP50x/2  
CoolingCoolingCoolingCooling
Primochill rigid acrylic tubing EK supremacy CPU block - Nickel EK 780Ti waterblocks x3 - Nickel Lamptron FC9 fan Controller 
CoolingCoolingCoolingCooling
9x Primochill Acrylic Radiator Grills Alphacool ST30 280 radiator Alphacool ST30 280 radiator Alphacool 420 80mm 
OSMonitorKeyboardPower
Windows 7 Ultimate Dell UW3014 Merc stealth steel series keyboard EVGA NEX1500 PSU 
CaseMouseMouse PadAudio
Lian Li PC-D600 Razer Death Adder Mouse Razer Scarab mousepad Logitech X-540 5.1 speakers with sub 
  hide details  
Reply
Workstation
(16 items)
 
   
CPUMotherboardGraphicsGraphics
INtel 4770k ASUS maximus extreme VI  EVGA GTX 780Ti SC  EVGA GTX 780Ti SC 
GraphicsRAMHard DriveHard Drive
EVGA GTX 780Ti SC Kingston HyperX Beast 32 GB Kit (4x8 GB) 2400MH... Western Digital 2tb Enterprise Samsung 840 Pro SSD 256GB 
Optical DriveCoolingCoolingCooling
Pawtec External USB 3.0 Aluminum 8X DVD-RW Writ... Primochill ghost fitings Monsoon reservoir Swifttech MCP50x/2  
CoolingCoolingCoolingCooling
Primochill rigid acrylic tubing EK supremacy CPU block - Nickel EK 780Ti waterblocks x3 - Nickel Lamptron FC9 fan Controller 
CoolingCoolingCoolingCooling
9x Primochill Acrylic Radiator Grills Alphacool ST30 280 radiator Alphacool ST30 280 radiator Alphacool 420 80mm 
OSMonitorKeyboardPower
Windows 7 Ultimate Dell UW3014 Merc stealth steel series keyboard EVGA NEX1500 PSU 
CaseMouseMouse PadAudio
Lian Li PC-D600 Razer Death Adder Mouse Razer Scarab mousepad Logitech X-540 5.1 speakers with sub 
  hide details  
Reply
post #6 of 11
Quote:
Originally Posted by Mhyles View Post

What one wpould it be? theres millions

The "Location" shows the location of the key; HKU\ is HKEY_USERS\

I can't see the exact location because it's cut off with "..." so see if you can expand it, or open a log file since it's likely to have the full location recorded.

EDIT: Also, do not just delete HKEY_USERS\S-1-5-21-[...]-1000 because that will likely be your user account.
Edited by Bearybear - 3/26/14 at 2:58pm
post #7 of 11
Thread Starter 
Alright. thanks lads, my friend found it and is trying to remove it.

He uses W7 & Malware Bytes btw, but it strange because his Malware Bytes is different to mine, although gotten of the same website, their one ofcourse.
post #8 of 11
If it's a fake AV, then that registry key probably isn't even bad... You probably don't want to delete it.
post #9 of 11
Thread Starter 
He just restored and all seems to be fine now, thanks anyhows!
post #10 of 11
Quote:
Originally Posted by Mhyles View Post

He just restored and all seems to be fine now, thanks anyhows!

Glad to hear he got it fixed! thumb.gif
Workstation
(16 items)
 
   
CPUMotherboardGraphicsGraphics
INtel 4770k ASUS maximus extreme VI  EVGA GTX 780Ti SC  EVGA GTX 780Ti SC 
GraphicsRAMHard DriveHard Drive
EVGA GTX 780Ti SC Kingston HyperX Beast 32 GB Kit (4x8 GB) 2400MH... Western Digital 2tb Enterprise Samsung 840 Pro SSD 256GB 
Optical DriveCoolingCoolingCooling
Pawtec External USB 3.0 Aluminum 8X DVD-RW Writ... Primochill ghost fitings Monsoon reservoir Swifttech MCP50x/2  
CoolingCoolingCoolingCooling
Primochill rigid acrylic tubing EK supremacy CPU block - Nickel EK 780Ti waterblocks x3 - Nickel Lamptron FC9 fan Controller 
CoolingCoolingCoolingCooling
9x Primochill Acrylic Radiator Grills Alphacool ST30 280 radiator Alphacool ST30 280 radiator Alphacool 420 80mm 
OSMonitorKeyboardPower
Windows 7 Ultimate Dell UW3014 Merc stealth steel series keyboard EVGA NEX1500 PSU 
CaseMouseMouse PadAudio
Lian Li PC-D600 Razer Death Adder Mouse Razer Scarab mousepad Logitech X-540 5.1 speakers with sub 
  hide details  
Reply
Workstation
(16 items)
 
   
CPUMotherboardGraphicsGraphics
INtel 4770k ASUS maximus extreme VI  EVGA GTX 780Ti SC  EVGA GTX 780Ti SC 
GraphicsRAMHard DriveHard Drive
EVGA GTX 780Ti SC Kingston HyperX Beast 32 GB Kit (4x8 GB) 2400MH... Western Digital 2tb Enterprise Samsung 840 Pro SSD 256GB 
Optical DriveCoolingCoolingCooling
Pawtec External USB 3.0 Aluminum 8X DVD-RW Writ... Primochill ghost fitings Monsoon reservoir Swifttech MCP50x/2  
CoolingCoolingCoolingCooling
Primochill rigid acrylic tubing EK supremacy CPU block - Nickel EK 780Ti waterblocks x3 - Nickel Lamptron FC9 fan Controller 
CoolingCoolingCoolingCooling
9x Primochill Acrylic Radiator Grills Alphacool ST30 280 radiator Alphacool ST30 280 radiator Alphacool 420 80mm 
OSMonitorKeyboardPower
Windows 7 Ultimate Dell UW3014 Merc stealth steel series keyboard EVGA NEX1500 PSU 
CaseMouseMouse PadAudio
Lian Li PC-D600 Razer Death Adder Mouse Razer Scarab mousepad Logitech X-540 5.1 speakers with sub 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Removal of a backdoor - Couldn't find anywhere else to post