Backdoor Agent virus... anyone ever get this?

groph · 11-06-2011, 05:52 PM

A few weeks ago I did a scan (I use Malware Bytes) after I noticed my internet browser was behaving oddly. The scan revealed a few infected items, all of which but one were successfully removed. The stubborn one was a Backdoor.Agent, no idea what it is really but it's incredibly annoying.

Whatever it is, it's been ....ing with my search engines, I can't, for example, do a google search, click on a result, and go to the webpage. The browser tries to load the page, but it's instead redirected to some bogus site like "marveloussearchengies" and the page never loads. Also, every couple of minutes, a new tab opens automatically and tries to load one of these bogus search engine sites.

Also it seems that I'm wide open for other malware, I just did a scan a couple of minutes ago that revealed 10 infected files that have since been removed but I can't get rid of this last one.

I can't get rid of the virus using MalwareBytes so I guess my only option is to reinstall Windows?

Hopefully I'm not having a steady stream of child porn sent into my harddrive so the FBI can come along and register me on the sex offender list?

Does reinstalling Windows even get rid of viruses? I'm not absolutely computer illiterate, but I'm not the guy people go to for such advice.

EDIT: yeah this thing apparently can't be deleted.

The .dll file has the following capabilities:

Allows control of some functions in Internet Explorer.
Checks if a debugger-type program is executed.
Allows access to several files belonging to the program, SOFTICE, in order to scan them.
Uses communication objects.
Gathers information from the infected computer.
Gets the names of the system and Windows temporary folders.
Can execute up to five copies of itself at the same time, in order to carry out several actions simultaneously.
Blocks its own file so that it cannot be deleted.

woohoo. somebody knows what porn I've been watching for a little while now

Qweklain · 11-06-2011, 07:54 PM

Try going into safe mode and either scanning in safe mode, or try to find that file (and any other names associated with it) via search.

Personally, whenever people get "control-ware," I go into the registry and search for everything myself and delete it out of there.

groph · 11-06-2011, 09:08 PM

Yeah I tried that but apparently this little sucker really embeds itself and it can disguise it's location, modifying some of your files to trick you into thinking they're infected when they're not.

I've just reinstalled Windows and I'm getting set up with Avast! and I'm getting Malwarebytes again. I can do Google searches now without things ....ing up so the virus might actually be gone.

Mr Violence · 11-07-2011, 09:03 AM

I know you already formatted, but here are some solutions to that issue that aren't so drastic.

When your browser redirects like that, you want to check the hosts file. The only entry that should be in it should be "127.0.0.1"

It's found at %systemroot\Windows\System32\Drivers\etc\hosts

Also, there's a redirect fix found here: |MG| GooredFix 2.0.0.687 Download

When all else fails when trying to nuke a virus, try ComboFix. It's quite the tool.

Found here: A guide and tutorial on using ComboFix

But formatting is a very valid solution, as well. Sorry I didn't see the thread sooner!

groph · 11-07-2011, 10:02 AM

Yeah I'm pretty sure it's gone. Malwarebytes didn't detect anything during the last scan and my browser isn't being redirected to bogus search engine pages, I can also click on links directly in Google without being redirected to some other page.

When you reinstall Windows 7 your old files are kept in a folder called windows.old, I deleted the whole folder however one file was left over that seems to be hidden somewhere and I can't get rid of it. Still, there are no signs that I still have this backdoor agent.

But holy shit guys, seriously these backdoor agents can .... you over. Some have keystroke loggers (they can monitor what you've typed), some can do screen scraping (meaning someone can watch your screen), some allow remote access to your computer, they can steal passwords, download or upload files onto your computer (in theory someone could give me a giant stash of kiddie porn if I'm not mistaken), these backdoor agents are dangerous. I had 10, 9 of which got removed, 1 remained that I couldn't get rid of so I reformatted out of pure paranoia. I just hope to .... what I got was just some relatively benign bit of malware that just left me wide open to other infections and wasn't itself something that could have ....ed me. Basically a backdoor can let someone do anything to your computer, including rebooting it, deleting or modifying files, a whole bunch of scary shit. I ....ing hope it's gone.

I had recently gotten a new motherboard, processor and RAM installed and the hardware change required me to revalidate Windows or else the security essentials will be disabled and Windows will be insecure. Of course I let the 30 day countdown expire without doing anything and lo and behold, weird shit started happening. I'm not being lazy about this shit anymore, not barebacking the Internet any more.

EDIT: Actually I don't even know what I had. There's apparently a google search engine virus that hijacks your browser and redirects your searches to a "marveloussearchsystems.com" and I just looked that up, apparently it's another known virus that is apparently dangerous but I don't know if it's a backdoor agent. Malwarebytes detected a whole slew of programs it called "Backdoor.Agent" so I don't know what to think now. I hope it was just this hijacker because that sounds a whole lot less malicious.

butterschnapps · 11-07-2011, 11:59 AM

Firewall & Antivirus Software Suite - Internet Security | Comodo

Download

This is possibly the best freeware anti-virus/firewall security system I know of for Windows. With paranoid options, you can lock down your system pretty tight.
I'd suggest utilizing this in conjunction with malwarebytes anti-malware.

If you need assistance with this, you can ask me whatever questions you may have.

	sevenstring guitars		sevenstring registry		photo gallery		subscription		spy

11-06-2011, 05:52 PM	#1
groph surrounded by chairs Join Date: Jul 2008 Location: Nova Scotia, Canada Posts: 2,398 Thanked: 57 Feedback Score: 0 reviews	Backdoor Agent virus... anyone ever get this? A few weeks ago I did a scan (I use Malware Bytes) after I noticed my internet browser was behaving oddly. The scan revealed a few infected items, all of which but one were successfully removed. The stubborn one was a Backdoor.Agent, no idea what it is really but it's incredibly annoying. Whatever it is, it's been ....ing with my search engines, I can't, for example, do a google search, click on a result, and go to the webpage. The browser tries to load the page, but it's instead redirected to some bogus site like "marveloussearchengies" and the page never loads. Also, every couple of minutes, a new tab opens automatically and tries to load one of these bogus search engine sites. Also it seems that I'm wide open for other malware, I just did a scan a couple of minutes ago that revealed 10 infected files that have since been removed but I can't get rid of this last one. I can't get rid of the virus using MalwareBytes so I guess my only option is to reinstall Windows? Hopefully I'm not having a steady stream of child porn sent into my harddrive so the FBI can come along and register me on the sex offender list? Does reinstalling Windows even get rid of viruses? I'm not absolutely computer illiterate, but I'm not the guy people go to for such advice. EDIT: yeah this thing apparently can't be deleted. The .dll file has the following capabilities: Allows control of some functions in Internet Explorer. Checks if a debugger-type program is executed. Allows access to several files belonging to the program, SOFTICE, in order to scan them. Uses communication objects. Gathers information from the infected computer. Gets the names of the system and Windows temporary folders. Can execute up to five copies of itself at the same time, in order to carry out several actions simultaneously. Blocks its own file so that it cannot be deleted. woohoo. somebody knows what porn I've been watching for a little while now

11-06-2011, 07:54 PM	#2
Qweklain SS.org Regular Join Date: Jan 2011 Location: Minnesota Posts: 446 Thanked: 2 Feedback Score: 3 reviews	Try going into safe mode and either scanning in safe mode, or try to find that file (and any other names associated with it) via search. Personally, whenever people get "control-ware," I go into the registry and search for everything myself and delete it out of there. Michael T likes this.

11-07-2011, 09:03 AM	#4
Mr Violence SS.org Regular Join Date: Jan 2010 Location: Syracuse, NY Posts: 671 Thanked: 15 Feedback Score: 4 reviews	I know you already formatted, but here are some solutions to that issue that aren't so drastic. When your browser redirects like that, you want to check the hosts file. The only entry that should be in it should be "127.0.0.1" It's found at %systemroot\Windows\System32\Drivers\etc\hosts Also, there's a redirect fix found here: \|MG\| GooredFix 2.0.0.687 Download When all else fails when trying to nuke a virus, try ComboFix. It's quite the tool. Found here: A guide and tutorial on using ComboFix But formatting is a very valid solution, as well. Sorry I didn't see the thread sooner! "I'll stuff your body inside of my snare drum and do a blast beat at 600 BPM for 3 and a half hours."

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Today
Seven String	Sponsored Links __________________ This advertising will not be shown in this way to registered members. Register your free account today and become a member on Sevenstring.org

11-06-2011, 09:08 PM	#3
groph surrounded by chairs Join Date: Jul 2008 Location: Nova Scotia, Canada Posts: 2,398 Thanked: 57 Feedback Score: 0 reviews	Yeah I tried that but apparently this little sucker really embeds itself and it can disguise it's location, modifying some of your files to trick you into thinking they're infected when they're not. I've just reinstalled Windows and I'm getting set up with Avast! and I'm getting Malwarebytes again. I can do Google searches now without things ....ing up so the virus might actually be gone.

11-07-2011, 10:02 AM	#5
groph surrounded by chairs Join Date: Jul 2008 Location: Nova Scotia, Canada Posts: 2,398 Thanked: 57 Feedback Score: 0 reviews	Yeah I'm pretty sure it's gone. Malwarebytes didn't detect anything during the last scan and my browser isn't being redirected to bogus search engine pages, I can also click on links directly in Google without being redirected to some other page. When you reinstall Windows 7 your old files are kept in a folder called windows.old, I deleted the whole folder however one file was left over that seems to be hidden somewhere and I can't get rid of it. Still, there are no signs that I still have this backdoor agent. But holy shit guys, seriously these backdoor agents can .... you over. Some have keystroke loggers (they can monitor what you've typed), some can do screen scraping (meaning someone can watch your screen), some allow remote access to your computer, they can steal passwords, download or upload files onto your computer (in theory someone could give me a giant stash of kiddie porn if I'm not mistaken), these backdoor agents are dangerous. I had 10, 9 of which got removed, 1 remained that I couldn't get rid of so I reformatted out of pure paranoia. I just hope to .... what I got was just some relatively benign bit of malware that just left me wide open to other infections and wasn't itself something that could have ....ed me. Basically a backdoor can let someone do anything to your computer, including rebooting it, deleting or modifying files, a whole bunch of scary shit. I ....ing hope it's gone. I had recently gotten a new motherboard, processor and RAM installed and the hardware change required me to revalidate Windows or else the security essentials will be disabled and Windows will be insecure. Of course I let the 30 day countdown expire without doing anything and lo and behold, weird shit started happening. I'm not being lazy about this shit anymore, not barebacking the Internet any more. EDIT: Actually I don't even know what I had. There's apparently a google search engine virus that hijacks your browser and redirects your searches to a "marveloussearchsystems.com" and I just looked that up, apparently it's another known virus that is apparently dangerous but I don't know if it's a backdoor agent. Malwarebytes detected a whole slew of programs it called "Backdoor.Agent" so I don't know what to think now. I hope it was just this hijacker because that sounds a whole lot less malicious.

11-07-2011, 11:59 AM	#6
butterschnapps (´･ω･`) Join Date: Oct 2011 Location: Jacksonville, FL Posts: 249 Thanked: 4 Feedback Score: 2 reviews	Firewall & Antivirus Software Suite - Internet Security \| Comodo Download This is possibly the best freeware anti-virus/firewall security system I know of for Windows. With paranoid options, you can lock down your system pretty tight. I'd suggest utilizing this in conjunction with malwarebytes anti-malware. If you need assistance with this, you can ask me whatever questions you may have.