It is called Backdoor.win32.servU.based..........

The machines we love to hate

Moderator: Wiz Feinberg

Post Reply
Linda Merrick
Posts: 2
Joined: 20 Sep 2009 8:32 am
Location: Alberta, Canada

It is called Backdoor.win32.servU.based..........

Post by Linda Merrick »

Hello and good morning.well i must cut to the chase.
it seems that i have picked up a virus/mallware?

It is called Backdoor.win32.servU.based

i have tried every thing to get rid of this pest.
You guys are my last hope in resolving this problem
thanks for taking the time to read this thread
Any and all helpis appreciated.

Linda
Mitch Drumm
Posts: 2664
Joined: 4 Aug 1998 11:00 pm
Location: Frostbite Falls, hard by Veronica Lake

Post by Mitch Drumm »

Have you specifically tried malware bytes?

http://www.malwarebytes.org/

download the free version.

install it


go to the update tab and check for updates

go to the scanner tab and choose full scan
User avatar
Wiz Feinberg
Posts: 6091
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
Contact:

Post by Wiz Feinberg »

Linda;
MalwareBytes Anti-Malware (MBAM) will remove this old threat. It has a history going back to at least 2004, making it one of the second generation backdoors. Whoever is in control of that malware is using it as a remote control point of access to your PC.

You should be prepared to reboot into safe mode, in case the malware has been case-hardened against standard removal tactics. This is done by restarting and tapping the F8 key constantly, until a boot menu appears. I would recommend Safe Mode with Networking. This will enable you to access the Internet to fetch program or definition updates for MBAM, or other security tools you may have.

Since I don't know how this malware entered your PC, my advice, after removing it for free, would be to pay (about $25) to register MBAM for life, which turns on automatic updates and a real-time process monitor, to prevent reinfection by known malware.

Further, you need to run an audit of the third party software that runs in your browsers, to find out if anything on your PC is out-dated, being exploited in the wild, and has updates available. If you have insecure versions of commonly exploited software installed and you operate your PC with Administrator privileges, you will be at risk of hostile takeovers by all manner of malware.

The most frequently exploited browser is Internet Explorer. The most exploited browser plug-in (or add-on) is Adobe Flash, followed by Adobe Reader and Acrobat, then Apple Quicktime, then Sun Java. Missing Windows Updates will leave your PC vulnerable to current threats in the wild. You can find out what, if any vulnerable software you have installed, by running the Secunia Online Software Inspector every other week. The results will tell you what needs to be updated, or uninstalled and provides links to get official updates for the covered applications.

You may wish to consider installing the latest version of Firefox and making it your default browser. It will import cookies and saved links from IE. Firefox does not recognize ActiveX, the frequently exploited proprietary technology from Microsoft, used in Internet Explorer browsers from the early days.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Clyde Mattocks
Posts: 2992
Joined: 26 May 2005 12:01 am
Location: Kinston, North Carolina, USA

Post by Clyde Mattocks »

Chalk up another one for the forum. My AVG has served me well for a number of years, but last night a nasty cluster of malware get into my computer, pops ups, bogus anti spyware ads coming up constantly. I couldn't access my AVG, Spybot or AdAware. Couldn't do system restore. It denied me every tool I could think of. I came here and after several tries thru all the junk, I was able to download the MalawareBytes and scan. Hallelujah, free at last!
LeGrande II, Nash. 112, Harlow Dobro
User avatar
Gordon Borland
Posts: 844
Joined: 28 Oct 2002 1:01 am
Location: San Antonio, Texas, USA
Contact:

No good?

Post by Gordon Borland »

Do you mean AVG is no good anymore?
Gordon Borland
MSA D10,1974 Fender twin reverb
User avatar
Steve Norman
Posts: 1696
Joined: 12 Oct 2007 6:28 am
Location: Seattle Washington, USA
Contact:

Post by Steve Norman »

You have to update AVG a lot, same for any anti virus program
GFI D10, Fender Steel King, Hilton Vpedal,BoBro, National D dobro, Marrs RGS
Clyde Mattocks
Posts: 2992
Joined: 26 May 2005 12:01 am
Location: Kinston, North Carolina, USA

Post by Clyde Mattocks »

What I am saying is, my AVG has caught a lot of stuff in the past couple of years and kept me safe, but this one got around it big time.
LeGrande II, Nash. 112, Harlow Dobro
User avatar
John Cipriano
Posts: 449
Joined: 13 Jun 2008 8:23 pm
Location: San Francisco

Post by John Cipriano »

It does have malware protection now but I have also seen it miss things. There's no silver bullet. AVG's probably as good as the rest of them, which is to say, just OK. I just had to clean a machine up with MBAM infected with something that probably came in the user's email, which AVG was scanning.

It's anecdotal but I never see people getting hit with this stuff while running Firefox (or Opera, or Chrome, etc). Those browsers have their vulnerabilities but most of the real-world infections I see start with IE. And the small percentage that don't come from Outlook and trojans.

So even though it's not security software per se you can be more secure with a different browser.

Again, AVG is fine but it's not going to protect you 100%...MBAM is great supplementary protection and not running IE (especially IE6) helps too. And a firewall is always called for.
User avatar
Wiz Feinberg
Posts: 6091
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
Contact:

Post by Wiz Feinberg »

Most malware infections require full administrator privileges to install into the operating system. This is especially so for rootkits and hidden bots. If one learns to operate ones computer as a less privileged user, one negates the main avenue of infection. You can learn about User Account Privileges here.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Post Reply