Difficult virus!

Status
Not open for further replies.
O

oreganp

Beta member
Messages
3
Hi All,

I have a Windows 2000 server running Symantec Corp Edition 8.0. The daily scan picked up a backdoor.trojan in a file named userbin.dll. The anti-virus won't clean, quarentine or delete the file. It also doesn't tell me much about it.

I've tried running a bootable McAfee Virusscan CDROM with the latest defs and same thing, won't get rid of it.

I ran an online scan using www.ravantivirus.com. However, this scan found the little known win32/sfind virus in scan.exe...but it didn't find find the virus in userbin.dll. Similarly, the Symantec product can find the backdoor.trojan in userbin.dll, but not the win32/sfind in scan.exe....weird!!

I've searched the Internet high and low for anything that might give me a lead with the userbin.dll file, but I haven't found anything. Similarly, win32/sfind isn't very common and there's not much out there on that one either.

Lastly, used pandavirus online and Panda does not find ANY viruses. Ok, someone please tell me that I am not loosing my mind. Any and all suggestions will be greatly appreciated

Patrick
 
What you need t o know is the path to the userbin.dll file. It should have been reported by Norton.
Now set the system to show hidden files and folders as per http://www.spyware911.net/showhiddenfiles.htm


Then open windows explorer, find , copy and paste the dll to the desktop. Zip it up with winzip or winrar then email it to me here moboATspyware911.net

I can have itr analyzed and get back to you..
 
after you email him the .dll, you might be able to delete it by using a bootable Linux CD (windows viruses don't affect Linux)
you can use a bootable Linux CD to do a lot of repair work.
although if your hard drive is NTFS, getting it to write to NTFS can be difficult at first.
 
Unable to copy userbin.dll

Well, I'm not exactly sure what the userbin.dll file is used for, and perhaps I should install HiJack, but I am unable to copy the file to submit.

Any suggestions?
 
Folks, thanks for all the replies. In the end, it was a new variant of a virus, discovered on 19 January. The virus was called backdoor-AZF.dll. I've since removed the virus from my server. Thanks again for your comments and response!!
 
Status
Not open for further replies.

Similar threads

P
ComboFix Replacement
Replies
5
Views
517
PC_Cone
P
B
Multiple Seagate External Drives Not Working(Windows+Mac)
Replies
2
Views
442
Joe C
Joe C
J
Deleting files on my iphone
Replies
2
Views
758
Joe C
Joe C
A
Any Advices for New Software Development Company?
Replies
0
Views
531
angelkrider2001@gmai
A
S
can I find a key stroker virus on my new used Laptop
2
Replies
18
Views
2K
LilyRoss
L
Back
Top Bottom