Results 1 to 5 of 5

Thread: Win32.backdoor.HacDef.bo

  1. #1
    wilisp Guest

    Default Win32.backdoor.HacDef.bo

    ZA is finding this trojan, deleting it, but it keeps coming back. Any thoughts on how to fix this?

    Thanks.

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,292

    Default Re: Win32.backdoor.HacDef.bo

    try to perform a full Antivirus/Antispyware scan but in SAFE MODE.1. Disable system restore;2. Reboot in SAFE MODE3. Run a full ZA AV/AS scan4. Reboot in Normal Mode5. Ensable System restore(How to start in SAFE MODE: http://www.microsoft.com/resources/d..._failsafe.mspx)If the above fails you may want to try Ewido online scan at:http://www.ewido.net/en/onlinescan/and also download, update and scan with superantispyware FREE:http://www.superantispyware.com/download.htmlif ALL the above fails please post your Hijackthis log here:http://www.castlecops.com/f67-Hijack...ans_Oh_My.htmlPlease read mandatory steps before posting:http://www.castlecops.com/t102301-Hi...e_Posting.htmlFax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    sjr Guest

    Default Re: Win32.backdoor.HacDef.bo

    I have filed a false positive with Zonelab.
    I have not heard back from them.
    I have read and followed the reply by Oldsod on the Win32.Askyaya.
    I did not find any files on my PC, yet Zonealarm continues to say there is a problem.
    I wish zonealarm would come back and let all of us know if there is or is not a problem.
    I also checked my computer per Oldsod recommendation on the free **bleep** site without problems.
    I guessing that Zonelab has screwed up again!!!

  4. #4
    wilisp Guest

    Default Re: Win32.backdoor.HacDef.bo

    Dear Fax,
    I have followed your advice and have scanned by computer in safe mode. No luck. I have also scanned with spysweeper, trojan hunter, ewido, sophos anti rootkit, lavasoft without luck. I have sent a letter to webroot with by spysweeper log and am waitng to hear back.

    The file in question is a system.dll that appears in my /localsettings/temp/... directory. However the name of the directory seems to change.

    ASW,2007/04/05,21:31:50 -7:00 GMT,Win32.Backdoor.HacDef.bo,Trojan,Manual
    File Name-C:\Documents and Settings\...\Local Settings\Temp\nsw8.tmp\System.dll
    Module-C:\Documents and Settings\...\Local Settings\Temp\nsw8.tmp\System.dll

    I will try the super antispyware program. And the castlecops link. I hope this is not a false positive--that has happened once before. I don't have this kind of time to waste for nothing.

    Thanks again for your help and time.

    William

  5. #5
    wilisp Guest

    Default Re: Win32.backdoor.HacDef.bo

    Hi SJR:
    I think you are right. I posted a question on the castle cops trojan site, ran a bunch of tools, and all is clean. I am so mad...I was on vacation (but still had work to check up on that requires secure connections), so I couldn't do my stuff (and spent hours dealing with this) because I thought my computer was infected. Tech support still hasn't replied. And to think that we buy these programs to makes things easier--I am not sure I will stay with Zone Labs after my renewal is up.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •