locked
Windows Live One Care will not delete Backdoor, I have no idea what it is but I can imagen that it is some sort of hack! RRS feed

  • Question

  • I am pretty new to these forums and I have just signed a years subscription to Windows Live One Care which is the only Antivirus I know of that does its job without taking up too much CPU time which is a fantastic feat!

    Just one thing though, every now and again I get a Live Care pop up that wants to clean a program saything that it has a backdoor on it, I clean it and then it says the program was either deleted or not and the backdoor messege keeps appearing nearly everyday and I clean it and it comes back.

    I have also noticed some settings have been changed and that the light on base unit always flashes even when I am inactive on my PC. I have Windows Vista Home Premium SP1 and I have used One Care and AVG and a Free Scan from Mcaffes but none of them have found anything I have done all I can and don't know what to do can anyone help?
    Thursday, December 13, 2007 1:16 AM

Answers

  • You are right about that stephen, to be exact the actual Internet explorer has been compromised already, he has of the moment has a file somewhere in C:\windows\system32\drivers or within his temp file controlling this file IEXPLORE.exe since to be exact there is no iexplore.exe in system32 for both windowsXP and Vista. This one is being used by a malicious file to proceed with whatever program it needs to add on in your system. As indicated that class cateogory for this one is a backdoor they dont come alone.

     

    Please get a hold of WLOC support asap since they would be need to use a specialize tools to remove this thing.

     

     

     

    Friday, December 14, 2007 9:02 PM

All replies

  •  

    hmmm any particular file name that keeps on coming you would like to share with us so that we can identify and pin point how you did acquired this malicious file. Also since you are using Live Onecare

     

    To reach support group for Windows Live Onecare in direct assistance to removing this concern you have

    http://forums.microsoft.com/WindowsOneCare/ShowPost.aspx?PostID=2421771&SiteID=2

     

    And hmmm nice to know you are a RC user for Vista SP1 nice...

     

     

    Thursday, December 13, 2007 1:40 PM
  • Thanks for the Info I will do what you said next time it pops up, I guess I was in a too much of a hurry to delete what ever it was to write down the file info properly.

    I downloaded SP1 yesterday and I was so pleased to notice that my speakers and Voip Headset was working properly so I am very happy with the service pack so far and for some reason my screen looks better too and everything just seems smoother, the only problem I am having at the moment is that Vista takes longer to start but I can live with that!
    Thursday, December 13, 2007 2:36 PM
  •  

    Actually its would or probably is the infection that's causing the slow windows loading... anyways if you get the pop-ups please dont try or so close those prompts since some of them are triggered by the close button to initialize rather than vanish. Hope you have your UAC activated for secondary security measures.
    Thursday, December 13, 2007 3:03 PM
  • Yes I always have that turned on even though User Account Control can be annoying sometimes but I always make sure all securty messures are in place for when I use the internet and even when I am offline, at this moment I am trying to find the info about the possible Virus in Live One Care, does it keep info on possible threats that have been delt with?

     

    And just with that I have copied and pasted the info I hope you need below thanks!

     

    12/12/2007 23:09 Windows Live OneCare found potentially harmful or unwanted software on your computer
    Threat Name: Backdoor:Win32/Sdbot.BC
    Detection Date and Time: 12/12/2007 23:06
    File Name: C:\Windows\System32\IEXPLORE.exe
    Threat Severity: Severe
    Threat Category: Backdoor
    Virus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS)
    Threat Status: Removed
     
    12/12/2007 22:42 Windows Live OneCare found potentially harmful or unwanted software on your computer
    Threat Name: Backdoor:Win32/Sdbot.BC
    Detection Date and Time: 12/12/2007 22:42
    File Name: C:\Windows\System32\IEXPLORE.exe
    Threat Severity: Severe
    Threat Category: Backdoor
    Virus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS_INFECTED)
    Threat Status: Detected
     
    12/12/2007 21:05 Windows Live OneCare found potentially harmful or unwanted software on your computer
    Threat Name: Backdoor:Win32/Sdbot.BC
    Detection Date and Time: 12/12/2007 21:05
    File Name: C:\Windows\System32\IEXPLORE.exe
    Threat Severity: Severe
    Threat Category: Backdoor
    Virus and spyware monitoring found potentially unwanted software: (ANTIVIRUS_ONACCESS_INFECTED)
    Threat Status: Detected

    Thursday, December 13, 2007 3:13 PM
  • I'll need to defer to Milo regarding the details of the above infection, but it would appear to me that Internet Explorer is being infected by this malware. When the message from OneCare happens, are you browsing a particular web site? The entries you've posted indicated that it has been removed, but if you revisit a site that loads the infection, OneCare would step in "on access" and block and clean the threat once again.

    -steve

     

    Friday, December 14, 2007 4:08 PM
    Moderator
  • You are right about that stephen, to be exact the actual Internet explorer has been compromised already, he has of the moment has a file somewhere in C:\windows\system32\drivers or within his temp file controlling this file IEXPLORE.exe since to be exact there is no iexplore.exe in system32 for both windowsXP and Vista. This one is being used by a malicious file to proceed with whatever program it needs to add on in your system. As indicated that class cateogory for this one is a backdoor they dont come alone.

     

    Please get a hold of WLOC support asap since they would be need to use a specialize tools to remove this thing.

     

     

     

    Friday, December 14, 2007 9:02 PM