Page 1 of 2 12 LastLast
Results 1 to 15 of 29
  1. #1
    5 Star Lounger
    Join Date
    Oct 2007
    Location
    Darlington, Durham, England
    Posts
    711
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Backdoor.Flood [Virus]

    Hello guys / galls. In response to a recent question about Zone Alarm I installed it and Hey presto, I have encountered the first virus to invade my computer. This despite the fact that I was assured Zone Alarm is far superior to Microsoft's XP built in firewall. I Googled the virus name [ IRC/BackDoor.Flood] and discovered that numerous other suckers have been similarly invaded too. One of the answers pin pointed the virus as being in folder C:winntsystem32 so located and right clicked on it as directed then did an AVG scan but the report found nothing. I have taken screen shots of the various results but the file is too big so I will [if permitted] send it to one of you kind Moderators as an attachment on an email. If it is not too much trouble perhaps screen shots thought relevant can be copied to the lounge so if other readers encounter this problem they may know what to do. As a background to the problem May I suggest readers to whom this virus is new do a Google for IRC/BackDoor.Flood and see the various questions and remedies which explain it without me having to submit an unduly lengthy thread. Like some of the writers of the said questions on Google I too can't find the infected file to delete it. Any help would be appreciated. regards. Dave.
    Dave
    <img src=/w3timages/redline.gif width=33% height=2>
    True happiness is not what you have to live WITH but what you have to live FOR. ASSBG

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Backdoor.Flood [Virus]

    ZoneAlarm is a firewall, it prevents the outside world from taking control over your computer. It is not an antivirus program.

    How have you determined that you have the Backdoor virus if AVG says your PC is clean?

  3. #3
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Backdoor.Flood [Virus]

    ZoneAlarm is a firewall. The firewall's function is to control connections into and out of your computer. However, once you approve your email software fetching your email and your browser fetching web pages and downloads, then ZoneAlarm stands aside. It does not, unless supplemented with additional features, concern itself with what is passing through a permitted connection. This is a crucial point that I hope all Loungers will keep in mind.

    What program reported to you that it detected "IRC/BackDoor.Flood"? Does that program have the capability of cleaning it?

    Added: Hey -- while this tab was waiting for me to finish with another post, Hans already made these points. <img src=/S/grin.gif border=0 alt=grin width=15 height=15>

  4. #4
    Uranium Lounger
    Join Date
    Mar 2001
    Location
    New Jersey
    Posts
    6,684
    Thanks
    1
    Thanked 11 Times in 11 Posts

    Re: Backdoor.Flood [Virus]

    I would also be curious to know how you "encountered" this on you computer. What made you suspect that it was this particular virus out of the millions that are floating around in the wild ?? Was there some specific behavior that made you suspect you were infected ??
    <IMG SRC=http://www.wopr.com/w3tuserpics/DocWatson_sig.gif>

  5. #5
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts

    Re: Backdoor.Flood [Virus]

    You could search for a file called OCXDLL.EXE on your computer and if found, delete it.

  6. #6
    5 Star Lounger
    Join Date
    Oct 2007
    Location
    Darlington, Durham, England
    Posts
    711
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Re: Backdoor.Flood [Virus]

    Hi. Responding to both replies; Just done as you said, a search for it but none was found yet I have since done a full scan with AVG and the Security Status report, though assuring me "All components are installed and fully working", indicates the said virus is present. The prog. then tried to "Heal" the intruder but as on each of the previous occasions, failed. [Incidentally, this is what other victims of this attack claim as is seen if one Googles for this virus, some have had the virus showing twice but only one will delete.]
    With a view to sending the report as an attachment I have taken a screen shot of it and using Microsoft Photo Editor, cropped it to reduce it's size and saved it as a jpeg but, can't seem to reduce it to less than less than 174 KB. though I have in the past sent a couple of attachments successfully using this method. Is there (as a one off), an email address I can sent the Word doc to with the three screen shots as an attachment? It would prove what seems to be a paradox to be true.
    In anticipation regards Dave.
    Dave
    <img src=/w3timages/redline.gif width=33% height=2>
    True happiness is not what you have to live WITH but what you have to live FOR. ASSBG

  7. #7
    Platinum Lounger
    Join Date
    Feb 2002
    Location
    A Magic Forest in Deepest, Darkest Kent
    Posts
    5,681
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Backdoor.Flood [Virus]

    Hi there

    If you click on Jezza above my Jezza Bear avitar you may send it to my public email address.

    PS I use this email address for this specific reason and will not enter into conversation outside the Lounge <img src=/S/grin.gif border=0 alt=grin width=15 height=15>
    Jerry

  8. #8
    Plutonium Lounger Leif's Avatar
    Join Date
    Dec 2000
    Location
    U.K.
    Posts
    14,010
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Backdoor.Flood [Virus]

    As you emailed me the attachments, I thought I'd chime in...

    Looking at the pathnames in the attachment below, the 'script.ini' file is either in your recycle bin, in a system restore file, or both - which I would surmise is why it can not be quarantined. You could try emptying your recycle bin and see if that clears it, or turn-off your system restore then back on again to delete the restore file. (Note: this will clear ALL previous restore points.) I don't think it can do much harm where it is.

    To reduce file sizes of jpg's in Photo Editor, in the Save As window, click on 'More >>' and set the JPEG quality factor to 70 - this should be fine for posting here and will reduce the file size by perhaps a factor of 4.
    Attached Images Attached Images
    • File Type: jpg x.jpg (44.3 KB, 1 views)

  9. #9
    5 Star Lounger
    Join Date
    Oct 2007
    Location
    Darlington, Durham, England
    Posts
    711
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Re: Backdoor.Flood [Virus]

    Hello all. I'm sorry not to have responded earlier, had unexpected demands on my free time. I will try to answer the numerous points raised in this reply. If I miss some point made please forgive me but the drama has dragged on longer than I anticipated. More than one of you seemed to be puzzled by my comment that the AVG free prog was fully up to date and protecting my computer but that it was reporting that a virus was present. How I came to make this claim is based on the screen shot [which I hope is attached] confirming the same. As recommended, I performed a "Search" for the virus name [OCXDLL.EXE ] but nothing was found. In my naivety I thought that there may be some currency in performing a System Restore (which I have done several times in the past) but it failed three times with the warning that it was not successful, so maybe that will suggest a link with the virus which (on one report pane) is said to be located in < C:Comon FilesM/s sharedWorks Shared wkcalrem.exe > On another report this information is given; C:RECYCLERS-1-5-21-6067471-1058031214-725345543=500script.ini . If that bamboozles you readers think of dummies like me who grew up with the ABACUS, when there was just one TV in the village & pocket calculators were science fiction. That's why the likes of me ask you to tread slowly with your 21st century knowledge. The screen shot proves three things; 1 The Security status assurance me that the AVG package is fully up to date and functioning properly; 2 The IRC/BackDoor.Flood virus is present; 3 The "Threats Found" report shows the intruder was NOT healed, deleted or moved to the vault. So that is the dilemma friends, I hope the attachment explains the predicament & someone can point me in the right direction. Regards Dave.
    Dave
    <img src=/w3timages/redline.gif width=33% height=2>
    True happiness is not what you have to live WITH but what you have to live FOR. ASSBG

  10. #10
    5 Star Lounger
    Join Date
    Oct 2007
    Location
    Darlington, Durham, England
    Posts
    711
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Re: Backdoor.Flood [Virus]

    Hi Guys, just done another scan with AVG which found & tried to delete the said virus but as the screen shot shows, it is unable to. Regards Dave.
    Attached Images Attached Images
    Dave
    <img src=/w3timages/redline.gif width=33% height=2>
    True happiness is not what you have to live WITH but what you have to live FOR. ASSBG

  11. #11
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Backdoor.Flood [Virus]

    It says it is in your Recycle bin, or a Recycle bin associated with a different user. Try emptying your Recycle bin.

    (Also, as mentioned above, a .ini file is not executable, so in itself, that file appears to be harmless debris.)

  12. #12
    5 Star Lounger
    Join Date
    Oct 2007
    Location
    Darlington, Durham, England
    Posts
    711
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Re: Backdoor.Flood [Virus]

    Edited by StuartR to reduce width of graphic

    SORRY for my ineptitude, forgot to attach the screen shot, here it is... dave
    Attached Images Attached Images
    Dave
    <img src=/w3timages/redline.gif width=33% height=2>
    True happiness is not what you have to live WITH but what you have to live FOR. ASSBG

  13. #13
    5 Star Lounger
    Join Date
    Oct 2007
    Location
    Darlington, Durham, England
    Posts
    711
    Thanks
    2
    Thanked 0 Times in 0 Posts

    Re: Backdoor.Flood [Virus]

    Hello Scher, I'm sure you have reason from the information supplied (as have others) for deducing it is in the Recycle Bin but I can assure you there is nothing visible in there as I empty it after every session. Could it be it is there but as a Hidden file? The only other user is my daughter so are there perchance two Recycle Bins? Incidentally, the computer is not set up for two separate users with individual passwords, she simply has a folder on the desktop which I NEVER NEVER open. Regards & thanks again, Dave.
    Dave
    <img src=/w3timages/redline.gif width=33% height=2>
    True happiness is not what you have to live WITH but what you have to live FOR. ASSBG

  14. #14
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Backdoor.Flood [Virus]

    Perhaps it is hidden. I wouldn't worry about it. (I'd be annoyed by it, but I wouldn't worry about it.)

  15. #15
    Platinum Lounger
    Join Date
    Feb 2002
    Location
    A Magic Forest in Deepest, Darkest Kent
    Posts
    5,681
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Backdoor.Flood [Virus]

    Hi Dave

    When you delete a file in Windows Explorer or My Computer, the file is stored in the Recycle Bin. The file remains in the Recycle Bin until you empty the Recycle Bin or restore the file.

    The Recycler folder is used only on disk partitions. The Recycler folder contains a Recycle Bin for each user that logs on to the computer.

    Can you log onto the PC as the other users, or get the other users to log on and empty their Recycle Bins and run the AVG again
    Jerry

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •