Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Win32/Backdoor.HacDef.bo

  1. #1
    lbs Guest

    Default Win32/Backdoor.HacDef.bo

    ZA Security Suite 7.0 seems to find an remove Win32.Backdoor.HacDef.bo every few days.This sounds like a bad one to get. ZA Viraus dictionary has little info on it.What is the risk of this Trojan? Where does it keeping coming from?Does ZA protect my PC from it before it finds it during a scan?Can it be blocked from re-installing all together?

    LBS

    Operating System:Windows XP Home Edition
    Software Version:7.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Win32/Backdoor.HacDef.bo

    Hi!please see this message:http://forums.zonealarm.com/zonelabs...essage.id=1648Here there are instructions how to proceed. Please consider that it can be a false positive depending on what exactly is detected.Is your antispyware DAT updated?We are at: Anti-spyware signature DAT file version:01.200708.2175Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    lbs Guest

    Default Re: Win32/Backdoor.HacDef.bo

    Thanks, yes DAT is up to date.
    I'd suspect a false positive, but not sure how to confirm, other than spending lots of time running every other sweeper in the world.What is the risk of just assuming it is a false + and going on with life?

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Win32/Backdoor.HacDef.bo

    Hi!can you post where the Backdoor is detected? Is it a file or a registry entry?If it is a file you can upload it to www.virustotal.com . It will be checked by more than 30 AV scanners.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    lbs Guest

    Default Re: Win32/Backdoor.HacDef.bo

    The ZA Quarantine doesn't say where they came from.Can't remember it ZA said where it was when it found it.Can wait until it shows up again, unless you know a "backdoor" to find it.

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Win32/Backdoor.HacDef.bo

    Hi!you need to go to ZA alerts and logs tab, in there you will find everything.Select Antispyware or Antivirus log (drop down menu called "alert type")--> identify the entry within the list --> select the entry with the mouse --> look down (entry detail) --> right click on the box "entry detail" and "copy"and "paste" wherever.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    lbs Guest

    Default Re: Win32/Backdoor.HacDef.bo

    Not much...<blockquote>

    Decription

    Anti-spyware successfully quarantined one or more spyware packages
    Date / Time
    2007/08/09 06:47:28-4:00 GMT
    Type







    Treat
    Category



    Trojan
    Name







    Win32.Backdoor.HacDef.bo
    Action





    Quarantined
    Mode







    Manual
    </blockquote>

    ZA's not giving much info on stuff. Not very helpful.

    I see &quot;Help&quot; says the file names should be listed, but they are not?????

    Thanks for your time.

    Message Edited by LBS on 08-12-2007 04:30 PM

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Win32/Backdoor.HacDef.bo

    Hi!thanks... strange, don't use see any other entry?If not, please go to C:\WINDOWS\Internet Logs and open one of the logs there according to the date it was detected.If it was today, it should be in "ZALog.txt".Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    lbs Guest

    Default Re: Win32/Backdoor.HacDef.bo

    Found it!
    Where would I find the quarantined file(s)?I'll try to hunt around, don't want to take too much of your time.But ZA definitely isn't making it easy.<blockquote>ZoneAlarm Logging Client v7.0.337.000
    Windows XP-5.1.2600-Service Pack 2-SP
    type,date,time,source,destination,transport (Security)
    type,date,time,virus name,file name,mode,e-mail id (Anti-Virus)
    type,date,time,source,destination,action,service (IM Security)
    type,date,time,source,destination,program,action (Malicious Code Protection)
    type,date,time,action,product,file,event,subevent, class,data,data,... (OSFirewall)
    type,date,time,name,type,mode (Anti-Spyware)
    AV/scan,2007/08/09,01:56:28 -4:00 GMT,Multiple Files,Scan Completed,Auto
    ASW,2007/08/09,03:31:34 -4:00 GMT,Win32.Backdoor.HacDef.bo,Trojan,Auto

    File Name-C:\WINDOWS\Temp\nsw8.tmp\System.dll

    Module-C:\WINDOWS\Temp\nsw8.tmp\System.dll

    File Name-C:\WINDOWS\Temp\nsdD.tmp\System.dll

    Module-C:\WINDOWS\Temp\nsdD.tmp\System.dll
    AV/update,2007/08/09,13:00:34 -4:00 GMT,,Update Install Completed,Auto</blockquote>

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Win32/Backdoor.HacDef.bo

    Right! Things are getting complicated...I have seen this before and I don't have a 100% answer about if it is a false positive or not.See here:http://www.castlecops.com/postx186050-0-0.htmlFrom the above is not clear if it is a false positive or not since the OP stopped answering.Better you contact ZA technical support at: www.zonelabs.com/tsform and report about it including details of the "infection"Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •