Results 1 to 5 of 5

Thread: How to remove backdoor files?

  1. #1

    Default How to remove backdoor files?

    Hi,

    I have discovered some illegal files in my windows/system32 folders. My anti-virus software can detect but can't disinfect them. These files have naming convention TFTP<num> and I have tried various ways to delete them but in vain.

    Appreciate if anyone can advise how to go about resolving this. Thanks in advance.

    Littlefoot

  2. #2

    Default

    Quote Originally Posted by littlefoot
    Hi,

    I have discovered some illegal files in my windows/system32 folders. My anti-virus software can detect but can't disinfect them. These files have naming convention TFTP<num> and I have tried various ways to delete them but in vain.

    Appreciate if anyone can advise how to go about resolving this. Thanks in advance.

    Littlefoot
    what's your OS system? FAT32 or NTFS? I always install my OS in Fat32 and rest of my drives as NTFS. This is inorder that in any crash or virus infection, I can read my drive in DOS mode upon booting up in CD bootable. I just had a trojan few weeks back. Before the mcafee reported it as a trojan weeks ago, it was unable to idenify it even as a trojan. It alarmed me when the program tried to access internet which Mcafee firewall alerted me. The trojan was clever, tried hiding in several folders, one of being the Window Font system folder which the OS only displays Font type files and trojan was not display even though it was there. I tried to run my registry and found the trojan entries and deleted them but it modified itself kept coming back. In the end, I found it was loaded in the memory which will detect if it was removed from the registry and will add itself back to it again. I was using taskbar to end its process but unable to do so. Not even in safe mode. So the only solution for me was to boot up in FAt32 and erase the damn trojan in my own way. It worked and gone forever.

  3. #3
    Senior Member dennisc's Avatar
    Join Date
    Oct 2002
    Location
    Freezing Upp Thomson/Mandai!
    Posts
    2,008

    Default

    I always remove viruses/trojans via dos and registry when it's a stubborn replicable 1. From my limited knowledge hmm I'd say yep, goto dos and wipe it out. Then get into ur registry and kill the offending file. But it maybe safer if u first use up all the options such as: reading up more on the backdoor in question online. is there an auto removal program? Or even try some trial antivirus and see if it can remove it, or go for online scanning/removal (find it in yahoo), etc. Best is read up online on how to remove the particular trojan in ur system and kick his behind

  4. #4
    Senior Member
    Join Date
    Oct 2003
    Location
    Last planet from the sun
    Posts
    2,822

    Default

    Get a MAC........












    runs away...........

  5. #5

    Default

    Boot up in Safe Mode and delete them

    If you're using a USB keyboard and cant go to safe mode...

    Go to Start-> Run -> type msconfig . Go to startup and remove the tick from the line which has the tftp file, then restart and delete. If still cant then create a BartPE CD (http://www.nu2.nu/pebuilder/) boot up with the cdrom delete the files from inside bartpe.

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •