Need tech help - backdoor bla trojan.

My virus scan popped up for the first time ever today and said that the bla trojan had been found. It made some mention of unable to clean file or delete file or something (wish I hadn't closed that box). There was a "delete" and "clean" and I clicked both but nothing happened. I found it on my C drive and deleted it. I have not yet emptied my recycle bin. I looked it up at this site: http://securityresponse.symantec.com/avcenter/venc/data/pf/backdoor.bla.trojan.html and read through it but am not exactly clear what further steps I should take. It mentions that the trouble starts once the computer is turned off. I have run AdAware and Spybot, though not sure they would deal with this one. Anything else I need to do?

It's way cool. You might get some help from 'puter whiz who don't hang in the lounge

http://www.democraticunderground.com/discuss/duboard.php?az=show_topics&forum=242

If you were opening an e-mail or a web page, or maybe launching a program or file, your anti-virus successfully interrupted the installation of the trojan, and your system is still clean.

You should do a complete system scan of your hard drive to see if it still finds anything.

but I had spent about 10 minutes downloading pictures from my camera when it popped up.

See if it finds anything, first, and if it does, use the lcean/quarantine feature. Do NOT turn your comp off.

I'm assuming you have windows XP, which is slightly easier to deal with. Go step by step to remove the virus via Symantec's recommendations:

If you are networked, disconnect from the network by unplugging all other Ethernet cables from the back of those computers.

1. Try closing all your un-needed services Click on Start, Control Panel, Administrative Tools, Services.

You'll get a list in alphabetical order, Start with Windows Messenger (it's not the IM Service). Double click on it, and click the Stop Button then you'll see a drop down box click on that and disable it, click apply then OK.

Do the same with Telnet. You don't need those, they are for advanced networking and won't interfere with your network, and plus leaves you open for these types of attacks.


Turn on Windows XP firewall, if you download something new you'll have to restart the computer for it to take effect and that's what we don't want. Click on Start, Control Panel, Network Connections. You see your connections there, Local Area Connection, or Dial UP whatever is enabled, just right click on it and Click Properties.

Click the Advanced Tab then enable firewall. Click OK.

Then Run Live Update, do another system scan.

Scroll down symantec's website and Print out and follow the instructions on how to back up and restore the system registry (the entire one) then follow the instructions on how to remove the infected keys.

After that re run the system scan.

Spybot, Adaware are neat programs, but it wont help only detect.

If none of symantec's removal instructions help then you want to back up all files and restore the system (worst Case)

If it does work I can suggest two sites. www.pcpitstop.com and grc.com (no www. on grc.) Sign up for the free account on PC Pitstop and run full tests. Then follow the instructions if you don't get a checkered flag. They have automated repairs. Then grc.com click on sheilds up then click on it again and click common ports. This will test if you still have open ports on your system. You want to have stealth when the results come back.

Hope this helps, I couldn't post in the Techie group cause I can't afford to donate. Sorry. Let me know if you need any additional help.

Do I do the same thing?

Windows XP and 2000 is based on the Windows NT OS. They're almost mirrors. You might have to skip the firewall step though. In fact if it saves you time do the single registry key backup, it might be in your favor. Be Careful and back up the right key it's EXTREMELY important.

I have printed out your directions and will try it in a little bit. I'll let you know how it goes. Thanks for all the detailed help!

:hi: Please let me know how it goes, I hate to hear how someone's waste of time (virus programmers) bother good people! :toast:

I tried to send you one and it didn't work. We did all the stuff you said but I have yet to reboot my computer but I guess I need to. I am afraid to do internet banking right now. How will I know for sure the virus is not lurking somewhere in the computer?

And if it comes out clean, reboot. :D I have faith you did well! Lemme Know! As for my email, I checked everything I dunno why I didn't get one. :shrug:

Oh btw... go to www.zonelabs.com and download the free version of Zone Alarm. It's a great firewall and easy to use. You'll know exactly which programs on your computer are trying to access the internet and can block them accordingly or allow them. It comes with a tutorial too.

What does having a star allow you to do? Can you not post in some of the forums or what?

means that you donated! I have yet to do so, hopefully it'll be a xmas prezzie for me :party:!

in your name as a thanks for the help.