7 Replies Latest reply on Apr 13, 2011 2:20 PM by psm3660

    Backdoor EDY.b

      How do we get rid of the Backdoor EDY.b trojan that pops up everyday? McAfee removes it daily, but it keeps coming back everyday. Can anyone help?

       

       

      Message was edited by: candj1 Running DAT 5913, Engine 5301.4018 of SecurityCenter.  McAfee blocks it every time I launch IE.  I have XP on 3/10/10 8:43:49 PM CST
        • 1. Re: Backdoor EDY.b

          I had a very similar problem. I am NOT a computer tech,but, after a little researching i found that XP has the "system restore" function.

          That is most likely where your bug is hiding. Restore is protected,so your scans will remove the bug from your system,but it's still in the "protected"

          system restore folder.

          Long story short, here's what i done. Go to System properties/restore,in the folder is a "turn off system restore" box. check it,and apply.

          Run your scans and evict all transgressors!  :-o

          After your scans TURN restore back on! (uncheck the box and apply).

          Turning off restore IS dangerous! (if you crash???)

          It worked for me.

          Hope this helps.

           

           

           

          Edit--- While i done this I disconnected from the internet.

           

           

          Message was edited by: turfgrease on 3/10/10 9:43:53 PM CST
          • 2. Re: Backdoor EDY.b

            I tried the System Restore option but the problem continues.

             

            It's very frustrating since McAfee catches it, but can't seem to remove it.  Can you suggest an alternative security package to replace McAfee's SecurityCenter?

            • 3. Re: Backdoor EDY.b
              SamSwift

              Hi,

               

              You could try running our free stinger tool with Artemis enabled on 'very high' in  report only mode, then post the report back here for us to review.

               

              Details can be found here: http://vil.nai.com/vil/stinger

               

              Cheers,

               

              Sam

              • 4. Re: Backdoor EDY.b

                Thanks for the suggestion.  So I tried the Stinger both Report Only, and also Repair Option for Processes and Boot sectors, and the next day the problem returned when starting to visits website via IE8.  Does McAfee have the registry edits for this one?

                 

                Thanks!

                • 5. Re: Backdoor EDY.b

                  Second time w/Stinger set to Delete, it found:

                   

                  artemis!D72804597795

                   

                  and deleted it.  Do I need to do anything else?

                   

                  Thanks

                  • 6. Re: Backdoor EDY.b
                    SamSwift

                    Hi,

                     

                    Our virus information library has been updated for this threat. If you are seeing removal issues please send us a sample of the file for analysis.

                     

                    Thanks,

                     

                    Sam

                    • 7. Re: Backdoor EDY.b

                      I have the same problem had it for a week now tried everything here nothing works keeps on comming back and mcAfee removes it comes back the next day BackDoor-EDY.b Trogan  Quarantined From c:\ProgramFiles\shared\shared.dll Sent it to McAfee today does anyone know how to get rid of this thing?