1st March 2005, 01:12 AM
How to remove backdoor files?
I have discovered some illegal files in my windows/system32 folders. My anti-virus software can detect but can't disinfect them. These files have naming convention TFTP<num> and I have tried various ways to delete them but in vain.
Appreciate if anyone can advise how to go about resolving this. Thanks in advance.
1st March 2005, 01:24 AM
what's your OS system? FAT32 or NTFS? I always install my OS in Fat32 and rest of my drives as NTFS. This is inorder that in any crash or virus infection, I can read my drive in DOS mode upon booting up in CD bootable. I just had a trojan few weeks back. Before the mcafee reported it as a trojan weeks ago, it was unable to idenify it even as a trojan. It alarmed me when the program tried to access internet which Mcafee firewall alerted me. The trojan was clever, tried hiding in several folders, one of being the Window Font system folder which the OS only displays Font type files and trojan was not display even though it was there. I tried to run my registry and found the trojan entries and deleted them but it modified itself kept coming back. In the end, I found it was loaded in the memory which will detect if it was removed from the registry and will add itself back to it again. I was using taskbar to end its process but unable to do so. Not even in safe mode. So the only solution for me was to boot up in FAt32 and erase the damn trojan in my own way. It worked and gone forever.
Originally Posted by littlefoot
1st March 2005, 02:56 AM
I always remove viruses/trojans via dos and registry when it's a stubborn replicable 1. From my limited knowledge hmm I'd say yep, goto dos and wipe it out. Then get into ur registry and kill the offending file. But it maybe safer if u first use up all the options such as: reading up more on the backdoor in question online. is there an auto removal program? Or even try some trial antivirus and see if it can remove it, or go for online scanning/removal (find it in yahoo), etc. Best is read up online on how to remove the particular trojan in ur system and kick his behind
1st March 2005, 03:02 AM
Get a MAC........
1st March 2005, 09:18 AM
Boot up in Safe Mode and delete them
If you're using a USB keyboard and cant go to safe mode...
Go to Start-> Run -> type msconfig . Go to startup and remove the tick from the line which has the tftp file, then restart and delete. If still cant then create a BartPE CD (http://www.nu2.nu/pebuilder/) boot up with the cdrom delete the files from inside bartpe.