My PC has a back door virus and a dialer virus that I cannot get rid off. I have two virus programs running Mcaffee and a spyware program. When I scan using both programs it says that if found them and cleaned them, but they are still present when I dial up on the internet. This has also affected my hotmail account as well? Any help is appreciated. Thanks

What operating system do you have?

Did you happen to catch the name of the virus / files it found?

If you have the name that would be helpful.
Have you tried adaware or spybot search and destroy?

My operating system is Windows XP. The info I get from my virus scan is a Backdoor. BDD virus that has infected my Documents and Settings hidden file folders I believe in my Windows system 32 location. The program name is Xwxload. The dialer is Dialer 194. I can get on the internet alright, but when I access Hotmail it overwrites my logon info and says wrong password. Then all it leaves is a white screen that keeps trying to pop up.
I have not tried Spybot. I have McAfee virus can and firewall protection going, Spykiller spyware. It finds these infected files and says they have been cleaned, but they are always there again when I dial up.
Any ideas other than formatting the hard drive?

Have you turned off System Restore? This could be the problem. Turn off System Restore and let the tools clean the system again. Then you may turn System Restore back on.

Also, try instructions here if you haven't already:

http://vil.nai.com/vil/content/v_123098.htm

Hey and thanks for the help so far. I attempted what you suggested, but the Xwxload is still there when I run McAfee scan still. I downloaded Spybot ran that and it found lots of things. So I had it fix that. I ran McAfee again and it still found the Xwxload file. Maybe I am just doing something wrong. I have the Restore off still after I run McAfee scan. Do I need to delete a folder or something after the scan? This thing is really becoming a pain.
Anymore advice? Thanks again.

Have you installed Microsoft's brand new update for XP called Service Pack 2? If not go to Windows Update (start, control panel, then pick update on left hand menu) and do the download. This update was released earlier this month and will clear up and remove many of the known virus and browser hijackers. The download and install is anywhere from 78 to 160 megs file, so I hope you have either DSL or cable connection. If neither, go to MS web site and order it on CD. MS will also be packaging it on CD with many of most popular PC mags, so you can check your local mag rack.
Let us know how you make out. Also, do not format your drive, we can get rid of your problems without such a drastic move. If, after installing the MS Update 2, you still have the problem, you can send me a private message with your tel number or I can give you mine, and I'll call you to walk you through.
Jack (retired telco)

Thanks for the tip Jacksnap. I will try that and let you know. Right now I am ready to try anything.

I have the same problem with the Backdoor BDD virus, I scanned with McAfee and have a windows firewall, and router firewall, I turned off windows restore and I have service pack 2. I still cannot get rid of the Bacdoor Bdd virus. I scan my computer and nothing is found, but whenever I get online, the McAfee pop up says it detected a virus and it has been deleted, and requests a scan, I'll scan and nothing is found. I'll close out and just as soon as I open up my browser, I get another message about another infected file. This has been going on for weeks and I dont know what else to do... Any help will be appreciated.

Run the scans in safe mode. I read some stuff that the virus might be loading itself into memory and then reinfecting after you clean.

1. Make sure your system restore is turned off.
2. Boot windows into "Safe Mode" then run McAfee virus scan
and delete any virus's found.

Removed offensive message

Administrator

FYI.... One of the features of runing a board like this, is all posts register the originating IP address. A simple email to the providing ISP about malicious conduct originating from one of their customers toward a web site may be all that is needed to find that the ISP's terms to provide service may have been broken. Many times this results in the ISP cancelling that service.

The offending message...(have edited message to remove certain words)

The IP Address is: 68.123.65.80. The host name is: adsl-68-123-65-80.dsl.renocs.pacbell.net.

Ironically, this thread is titled 'back door virus help'.

I suspect that that IP address is merely the address of a compromised computer. A little old lady from Pasadena perhaps.

Four years ago one of my computers was underprotected and was compromised. This led me to investigate the threats from these trojans.

I evaluated the threat from the Sub Seven trojan. I was amazed at what it could do. Particularly, it allows a port redirection. Basically an attacker could redirect port 80 activity through a compromised computer and appear to be browsing from the compromised machine.

I guess at the very least, an e-mail should be sent to Pacific Bell notifying them of the activity. It will give the little old lady from Pasadena a chance to install some anti-virus software.

Here's a link to more information (http://www.all-internet-security.com/subseven_trojan.html) on Sub Seven which is just one of hundreds of trojans out there.

With so many computers unprotected there must be millions of compromised systems out there.

Homer

Pacific Bell should be able to identify the culprit from their records, even if it is due to a vulnerability.

Pacific Bell should be able to identify the culprit from their records, even if it is due to a vulnerability.Only if the culprit was one compromised computer away.

These clever kids tend to cascade through many compromised computers across several ISPs in multiple jurisdictions. It makes it very time consuming to track them down. Generally nothing is done unless a crime has been commited.

We've been rather lucky here on the forum in that we haven't had many spam messages posted. Offensive messages have been even rarer.

Homer

Only if the culprit was one compromised computer away.

These clever kids tend to cascade through many compromised computers across several ISPs in multiple......

Homer

I could be wrong, but this kid seems like a moron. Just a hunch.

Pattman, you probably meant BackDoor-BDD instead of BackDoor.BDD because I couldn’t find anything on BackDoor.BDD (in this finite world of computing 1 character can make a world of difference). Here's some information on BackDoor-BDD from Mcafee (there are some removal instructions listed on this site):
http://vil.mcafeesecurity.com/vil/content/v_126448.htm

I tried searching on backdoor-bdd and backdoor.bdd on Symantec with no luck. In an attempt to help everyone here are the two virus knowledge bases I use for work:
Symantec Security Response: http://securityresponse.symantec.co...er/vinfodb.html

McAfee Avert Virus Information Library:
http://vil.mcafeesecurity.com/vil/default.asp

Just search on your virus problems, hoaxes, etc at these two sites, and hopefully you’ll find your fix. If you don’t find a fix, you’re S.O.L. (Like Rob Zombie said… Reload!) 

These two sites have helped me fix tons of computers in the past; hopefully these sites will be useful to you as well.

I also like to use something called BartPE (a bootable CD that boots into a stripped down version of Windows XP). BartPE allows you to create a bootable CD with virus/spyware removal tools that you can use to clean computers up with. BartPE was based off of Windows PE… but Microsoft only made Windows PE available for OEMs, therefore us mundane technician’s can’t legally obtain a copy of Windows PE. Enter BartPE... an OS made by a technician for the rest of us… and it actually includes features that make it better than Windows PE. BartPE allows you to boot up without using your infected hard drive, because you are booting off of a CD. I wouldn't advise you to create the BartPE disk on an infected computer however, because you may risk propagating that virus out to other systems (so use a clean computer to create the CD). Check it out: http://www.nu2.nu/pebuilder/

Finally, you can always use a utility called McAfee Stinger (you can run this on BartPE as well)… it’s free and helps you perform a second scan (in addition to the virus scanner you already have). Best of all there’s nothing to install, just run the EXE and you’re on your way. You can get Stinger at: http://vil.nai.com/vil/stinger/

Good luck!