Need tech help - backdoor bla trojan.

Somebody just alerted me to this group so I am reposting here.

My virus scan popped up for the first time ever today and said that the bla trojan had been found. It made some mention of unable to clean file or delete file or something (wish I hadn't closed that box). There was a "delete" and "clean" and I clicked both but nothing happened. I found it on my C drive and deleted it. I have not yet emptied my recycle bin. I looked it up at this site: http://securityresponse.symantec.com/avcenter/venc/data... and read through it but am not exactly clear what further steps I should take. It mentions that the trouble starts once the computer is turned off. I have run AdAware and Spybot, though not sure they would deal with this one. Anything else I need to do?

I'm assuming it's Bla 1.0. If it's 2.0, let us know. I'm also assuming that Norton was unable to deletethe critter.

Now you must find the value that the trojan added to your registry and remove it before you do anything.

I got this from http://www.hackfix.org/miscfix/bla.shtml:


REMOVAL

Click Start, and go to Run. In the box, type regedit and click OK.

When regedit starts, you will see a file-like tree on the left hand panel.

Open the folders to follow the path:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\

Click on 'Run' and the righthand panel will change.

Look for the item titled: System = "C:\WINDOWS\System\mprdll.exe"

Right click on 'System' and choose Delete.

Next look for the item titled: Systemdoor = "C:\WINDOWS\System\rundll argp1"

Right click on 'Systemdoor' and choose Delete.

Close regedit and reboot your PC to remove the trojan from memory.

After the reboot, use Windows Explorer to delete the trojan file at:
C:\WINDOWS\System\mprdll.exe

Also find and delete the file
C:\WINDOWS\system\rundll.exe BUT BE CAREFUL with this last step because the rundll.exe in c:\windows\ is a Real system file and should NOT be deleted!

Afterward, reboot and run Norton's again.

If you have further trouble let us know, because bla can be persistent. But we can nail it!

P.S. You can also go to http://www.anti-trojan.net/?features and
download the free trial of Anti-Trojan. It's supposed to remove bla but I've not tried it.


Angry Girl
nightweed.com

I printed this off and some from the other post and handed it promptly to my husband! He is more tech enabled than me so he spent a couple of hours on it and we hope it is finished. I think it is okay but I am a little afraid to do internet banking now.

But one of my best friends does it all the time....

I recommend against banking on the Internet because of my experience as an ex-system administrator. The weak point everywhere is the system administrator of the bank or business you're dealing with:

How well do they keep up-to-date on security issues?
Did they install the latest security patch?
Did they do it immediately or are they overworked and understaffed?
Did they do it correctly?
Did they have a tiff with the spouse that morning?
Are they a disgruntled employee?

So even if the operating platform is rock solid (i.e., not a Microsoft product like WinNT, which most companies still use....) and the database/accounting software is solid, that's not really the issue.

Most people are incompetent. And it's getting worse because of our wonderful U.S. educational reforms. And they're overworked and tired and understaffed. But that's just my take.

I have a small amount of money in an account that I use for credit card purchases online, so if that's jacked I won't have a financial disaster on my hands. At least not more than usual.... :-)

Angry Girl
nightweed.com