'WELCOME TO MY LIFE'

Herzlich Willkommen

"Life isn't about being old or having more problem. It's about growing to see this life from a better view coz GOD bless you more"

So...Enjoy your LIFE...


I choose to have faith, because without that I have nothing. It's the only thing that's keeping me going.

ΩMega Ticket

Search Me Here!

ΩMega Ticket

Thursday, March 4, 2010

Backdoor.DMSpammer

My computer was infected by Backdoor.DMSpammer two days ago :( , it is a trojan horse type, my outlook mail was going error. I'm starting to fix it and I found some information about this trojan horse. Backdoor.DMSpammer is a Backdoor Trojan Horse that relays spam email messages, discovered on October 28, 2003, systems affected: Windows 2000, Windows 3.x, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP and I am using Windows XP. Backdoor.DMSpammer is usually found as the file, C:\Program Files\Common Files\MSDM\msdm.exe. When Backdoor.DMSpammer is executed, it listens on a (configurable) port for spammers, who can send it a list of addresses, as well as what to send. Security risk level 1: Very Low.

Since I'm using Symantec Antivirus, here is how to removal it from computer:
A. Disable System Restore (Windows Me/XP).
Recommend to temporarily turn off System Restore. Windows Me/XP uses this feature, which is enabled by default, to restore the files on computer in case they become damaged. If a virus, worm, or trojan infects a computer, System Restore may back up the virus, worm, or trojan on the computer. Windows prevents outside programs, including antivirus programs, from modifying System Restore. Therefore, antivirus programs or tools cannot remove threats in the System Restore folder. As a result, System Restore has the potential of restoring an infected file on computer, even after you have cleaned the infected files from all the other locations. Also, a virus scan may detect a threat in the System Restore folder even though you have removed the threat.
Turn off Windows XP System Restore:
  1. Click Start.
  2. Right-click My Computer, and then click Properties.
  3. On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives. If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
  4. Click Apply.
  5. When you see the confirmation message, click Yes.
  6. Click OK.
B. Update the virus definitions.
Symantec Security Response fully tests all the virus definitions for quality assurance before they are posted to our servers. There are two ways to obtain the most recent virus definitions:
  1. Running LiveUpdate, which is the easiest way to obtain virus definitions: These virus definitions are posted to the LiveUpdate servers once each week (usually on Wednesdays), unless there is a major virus outbreak. To determine whether definitions for this threat are available by LiveUpdate.
  2. Downloading the definitions using the Intelligent Updater: The Intelligent Updater virus definitions are posted on U.S. business days (Monday through Friday). You should download the definitions from the Symantec Security Response Web site and manually install them. To determine whether definitions for this threat are available by the Intelligent Updater.
I am choosing Running LiveUpdate.

C. Restart the computer in Safe mode or VGA mode.
Shut down the computer and turn off the power. Wait for at least 30 seconds, power on and then restart the computer in Safe mode or VGA mode. For Windows 95, 98, Me, 2000, or XP users, restart the computer in Safe mode. For Windows NT 4 users, restart the computer in VGA mode.
I am using Windows XP so to make Safe Mode:
  1. Exit all programs.
  2. Click Start > Run.
  3. In Run dialog box, type the following text: msconfig
  4. Click OK.
  5. In the System Configuration Utility, on the BOOT.INI tab, check /SAFEBOOT.
  6. Click OK.
  7. When you are asked to restart the computer, click Restart. The computer restarts in Safe mode. This can take several minutes.
D. Run a full system scan and delete all the files detected as Backdoor.DMSpammer, or similar variants.
  1. Start your Symantec antivirus program and make sure that it is configured to scan all the files.
  2. Run a full system scan.
  3. If any files are detected as Backdoor.DMSpammer, click Delete.
So far, it is OK, my computer was safe, if you still find qtplugin.exe (default is in C:\WINDOWS\system32), kill/delete/remove it. Qtplugin.exe is Trojan/Backdoor.

If you already fix the problem and satisfied, make your computer back to default setting.
Start the computer in Normal mode:
  1. Close all programs.
  2. Click Start > Run.
  3. In Run dialog box, type the following text: msconfig
  4. Click OK.
  5. In the System Configuration Utility, on the BOOT.INI tab, uncheck /SAFEBOOT.
  6. Click OK.
  7. Close all programs, and restart the computer.
Turn on Windows XP System Restore:
  1. Click Start.
  2. Right-click My Computer, and then click Properties.
  3. On the System Restore tab, uncheck Turn off System Restore or Turn off System Restore on all drives.  If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
  4. Click Apply.
  5. When you see the confirmation message, click Yes.
  6. Click OK.

0 Comments: