Backdoor.Flood [Virus]

Topic

New Reply

Hello guys / galls. In response to a recent question about Zone Alarm I installed it and Hey presto, I have encountered the first virus to invade my computer. This despite the fact that I was assured Zone Alarm is far superior to Microsoft’s XP built in firewall. I Googled the virus name [ IRC/BackDoor.Flood] and discovered that numerous other suckers have been similarly invaded too. One of the answers pin pointed the virus as being in folder C:winntsystem32 so located and right clicked on it as directed then did an AVG scan but the report found nothing. I have taken screen shots of the various results but the file is too big so I will [if permitted] send it to one of you kind Moderators as an attachment on an email. If it is not too much trouble perhaps screen shots thought relevant can be copied to the lounge so if other readers encounter this problem they may know what to do. As a background to the problem May I suggest readers to whom this virus is new do a Google for IRC/BackDoor.Flood and see the various questions and remedies which explain it without me having to submit an unduly lengthy thread. Like some of the writers of the said questions on Google I too can’t find the infected file to delete it. Any help would be appreciated. regards. Dave.

Reply | Quote

Replies

ZoneAlarm is a firewall, it prevents the outside world from taking control over your computer. It is not an antivirus program.

How have you determined that you have the Backdoor virus if AVG says your PC is clean?

Reply | Quote

ZoneAlarm is a firewall. The firewall’s function is to control connections into and out of your computer. However, once you approve your email software fetching your email and your browser fetching web pages and downloads, then ZoneAlarm stands aside. It does not, unless supplemented with additional features, concern itself with what is passing through a permitted connection. This is a crucial point that I hope all Loungers will keep in mind.

What program reported to you that it detected “IRC/BackDoor.Flood”? Does that program have the capability of cleaning it?

Added: Hey — while this tab was waiting for me to finish with another post, Hans already made these points.

Reply | Quote

I would also be curious to know how you “encountered” this on you computer. What made you suspect that it was this particular virus out of the millions that are floating around in the wild ?? Was there some specific behavior that made you suspect you were infected ??

Reply | Quote

You could search for a file called OCXDLL.EXE on your computer and if found, delete it.

Reply | Quote

Hi. Responding to both replies; Just done as you said, a search for it but none was found yet I have since done a full scan with AVG and the Security Status report, though assuring me “All components are installed and fully working”, indicates the said virus is present. The prog. then tried to “Heal” the intruder but as on each of the previous occasions, failed. [Incidentally, this is what other victims of this attack claim as is seen if one Googles for this virus, some have had the virus showing twice but only one will delete.]
With a view to sending the report as an attachment I have taken a screen shot of it and using Microsoft Photo Editor, cropped it to reduce it’s size and saved it as a jpeg but, can’t seem to reduce it to less than less than 174 KB. though I have in the past sent a couple of attachments successfully using this method. Is there (as a one off), an email address I can sent the Word doc to with the three screen shots as an attachment? It would prove what seems to be a paradox to be true.
In anticipation regards Dave.

Reply | Quote

Hi there

If you click on Jezza above my Jezza Bear avitar you may send it to my public email address.

PS I use this email address for this specific reason and will not enter into conversation outside the Lounge

Reply | Quote

As you emailed me the attachments, I thought I’d chime in…

Looking at the pathnames in the attachment below, the ‘script.ini’ file is either in your recycle bin, in a system restore file, or both – which I would surmise is why it can not be quarantined. You could try emptying your recycle bin and see if that clears it, or turn-off your system restore then back on again to delete the restore file. (Note: this will clear ALL previous restore points.) I don’t think it can do much harm where it is.

To reduce file sizes of jpg’s in Photo Editor, in the Save As window, click on ‘More >>’ and set the JPEG quality factor to 70 – this should be fine for posting here and will reduce the file size by perhaps a factor of 4.

Reply | Quote

Hello all. I’m sorry not to have responded earlier, had unexpected demands on my free time. I will try to answer the numerous points raised in this reply. If I miss some point made please forgive me but the drama has dragged on longer than I anticipated. More than one of you seemed to be puzzled by my comment that the AVG free prog was fully up to date and protecting my computer but that it was reporting that a virus was present. How I came to make this claim is based on the screen shot [which I hope is attached] confirming the same. As recommended, I performed a “Search” for the virus name [OCXDLL.EXE ] but nothing was found. In my naivety I thought that there may be some currency in performing a System Restore (which I have done several times in the past) but it failed three times with the warning that it was not successful, so maybe that will suggest a link with the virus which (on one report pane) is said to be located in On another report this information is given; C:RECYCLERS-1-5-21-6067471-1058031214-725345543=500script.ini . If that bamboozles you readers think of dummies like me who grew up with the ABACUS, when there was just one TV in the village & pocket calculators were science fiction. That’s why the likes of me ask you to tread slowly with your 21st century knowledge. The screen shot proves three things; 1 The Security status assurance me that the AVG package is fully up to date and functioning properly; 2 The IRC/BackDoor.Flood virus is present; 3 The “Threats Found” report shows the intruder was NOT healed, deleted or moved to the vault. So that is the dilemma friends, I hope the attachment explains the predicament & someone can point me in the right direction. Regards Dave.

Reply | Quote

Edited by StuartR to reduce width of graphic

SORRY for my ineptitude, forgot to attach the screen shot, here it is… dave

Reply | Quote

Hi Guys, just done another scan with AVG which found & tried to delete the said virus but as the screen shot shows, it is unable to. Regards Dave.

Reply | Quote

It says it is in your Recycle bin, or a Recycle bin associated with a different user. Try emptying your Recycle bin.

(Also, as mentioned above, a .ini file is not executable, so in itself, that file appears to be harmless debris.)

Reply | Quote

Hello Scher, I’m sure you have reason from the information supplied (as have others) for deducing it is in the Recycle Bin but I can assure you there is nothing visible in there as I empty it after every session. Could it be it is there but as a Hidden file? The only other user is my daughter so are there perchance two Recycle Bins? Incidentally, the computer is not set up for two separate users with individual passwords, she simply has a folder on the desktop which I NEVER NEVER open. Regards & thanks again, Dave.

Reply | Quote

Perhaps it is hidden. I wouldn’t worry about it. (I’d be annoyed by it, but I wouldn’t worry about it.)

Reply | Quote

Hi Dave

When you delete a file in Windows Explorer or My Computer, the file is stored in the Recycle Bin. The file remains in the Recycle Bin until you empty the Recycle Bin or restore the file.

The Recycler folder is used only on disk partitions. The Recycler folder contains a Recycle Bin for each user that logs on to the computer.

Can you log onto the PC as the other users, or get the other users to log on and empty their Recycle Bins and run the AVG again

Reply | Quote

Hello Jerry, As I mentioned in my reply of 6th Nov instant, Yes there are two users of the computer but my daughter only has a folder on my desktop so when either of us switches on, only my desktop appears. I have checked the Recycle Bin details / settings and as far as I understand, the attachment shows the one bin is where deleted files end up regardless of who has deleted them. From what jscher2000 says, it seems the intruder is nothing to really worry about so I feel a little more relaxed about it, however, I would be even more content if it could be eliminated altogether so any further advice would be appreciated. Regards Dave.

Reply | Quote

OK, This is looking promising.

If you could endulge me, I just want to check something

Can you open My Computer on your desktop and navigate so you view C:Documents and Settings, don’t panic, nothing private will show but it will show us what other system users are presen, if anyt. If you could screendump that and attach it to the next post I would be grateful….I have a theory

Reply | Quote

Edited by Big Al to “crop” the graphic to a smaller size, i.e. get rid of unnecessary portion of the picture.

Hi Jerry, let’s hope that theory works. Here is the screen shot of what is in the C:Documents and Settings, folder. To assist in the investigation perhaps I can say what is in the folder. The untitled folder on the left has the following folders in it :- Applications Data; Cookies; Desktop; Favourites; My Documents; Start Menu; User Update; Windows; Default; NTUSER; the last two not being folders as such but look like CD discs with a right arrow in them. The folder to the right has these folders in it : – Desktop; Favourites; Shared Documents; Start Menu; ntuser, Incidentally, this is by the way but when I took a screen shot of the said folder, copied into Microsoft Photo Editor, clicked on the “Select” tab to choose only the relevant details of the shot then clicked on “Edit” again as instructed, I was told a re-sized image should be saved but I find that the original larger one saves instead. Result; one of my recent attachments was doctored by Hans to make it a reasonable size for the forum. What am I doing wrong if anything? Thanks Dave.

Reply | Quote

I have found a folder on my computer named Recycler which contained files I had deleted. I have no idea if the Recycle Bin is tied to it in anyway, but I deleted the contents. See if you have such a folder and if it contains any deleted files. If so, empty Recycler.

Reply | Quote

Hello Duchess843. Where have you been since I first posted my question? I seem to have been going round in ever decreasing circles yet ever wider fields of possibilities, searching for & without success but within minutes of searching for the folder named “Recycler” as you suggested, the offending folder was exposed. I deleted the contents of the folder and with great anticipation did a scan with AVG BUT as the attachment shows, the gremlin is still lurking somewhere in the bowels of the computer & seems to refuse to be deleted. Though jscher2000 seems to feel there is little to fear from this intruder I am still suspicious and would feel much happier if it went down the plug hole once and for all. PS note the report says it is not HEALABLE Dave.

Reply | Quote

The file is contained in one of your System Restore points. As mentioned by Leif in post 674,744, if you turn System Restore off for the C: drive and then back on it will get rid of the offending file(s0. NOTE: You will also lose all of your restore points. So, you may want to back up your system ASAP after getting rid of the files. To turn off System Restore right click My Computer and select Properties. Then click on the System Restore tab. Ensure the check box for ‘Turn off System Restore’ is checked. OK you way out. To turn System Restore back on reverse the process.

Joe

--Joe

Reply | Quote

(Edited by jscher2000 on 07-Nov-07 20:27. Repaired link.)

Hi Dave

After getting the information from you it was quite apparent what the issue was, it just needed us all to ask the right questions. I think the clue was that in your post 675,136 the image indicated that there was a folder called Recycler which was what we were alluding to.

It appears that the Anti-Virus software has been doing its job nicely and has been interacting with System Restore correctly

I think it prudent that before you take Joe’s advice but before doing so read up on How antivirus software and System Restore work together and go through the step-by-step instructions provided by Microsoft to eliminate it onceand for all.

Reply | Quote

A word of sincere personal thanks to all who responded to my numerous posts to the lounge as this thread has protracted to one of the longest I have seen though I did notice one by the Duchess843 which went to 22 posts. Incidentally, it was the Duchess that first pointed me to the folder called “Recycler” which I located in the first “Search” and which the folder when scanned with AVG pinpointed the (BackDoor.Flood) horror. I did a sweep with AVG late last night and got a clean bill of health SO, once more I express my sincere thanks for every contribution made on the lounge during this thread. Must tell all my friends about it, (as we say here in the UK) ….since Sliced Bread. Regards Dave.

Reply | Quote

…..please, I beg your pardon friends regarding the final half sentence which reads …..since sliced bread. This must have appeared as absolute gobble-de-gook especially to none UK readers being without any sense or reason for it should have read : – “This web site is the best thing since sliced bread.” …. which is a common saying here in the UK when something good happens. Finally thanks Dave.

Reply | Quote

Always good to see positive results with solving a problem.

BTW, the best thing since sliced bread.” …. which is a common saying here in the UK when something good happens.

That’s a pretty common saying here in the US of A also.

Reply | Quote

At last I learn that we do have something in common, though I expect there must be many things colloquial that we are poles apart on. One of your very common sayings which forever seems to niggle my tolerance level in the realm of [good English] is to hear Americans say something like….. [ he fell OFF OF his bicycle. ] I know this form of speech is particularly unique to the US of A but how it came to become so I cannot imagine. Have a nice day loungers….. Cheers Dave.

Reply | Quote

Have you met John Gray, our resident Lounge pendant?
Seems like some common ground there?

Reply | Quote

Nope…. not had the pleasure of any banter with John though as time permits I am open for idea / threads. I suppose the Scuttlebutt section is the place to send posts for banter other than computer issues! Recently I got an email from a niece asking me if I knew any USA web sites that her son could log on to where he could learn about USA culture as he was researching the same as part of a project he was doing for school. Here is the brief email

[Hi Uncle David, Sorry I haven’t replied sooner but it’s not very often i come on line. I need a bit of help if you can.Nathan is doing a project on America have you got any web sites were i can get information on things such as phrases, numbers. greetings etc to help him with his project.It is very much appreciated.Hope to be in touch soon Love from Lynda and family.
Maybe this is a good place for “John” to jump on the bandwagon and give me some answers that can be forwarded to my niece. Over & out. Dave.

Reply | Quote

Thanks for the honorable mention Dave. I don’t get nor deserve many of them.

Reply | Quote