Backdoor.Agent.B and iSearch nightmare
This feature article is a step away from our normal discussions, as I am currently out of town visiting a friend in Toronto, Ontario for the next few days.
RE: My encounter with the Backdoor.Agent.B Trojan
I arrived at Frank's place in Toronto this past Sunday, and was unable to access the Internet until Wednesday. Unfortunately, Frank's computer was host to 35 virus-infected files, 7 Spyware variants, 4 Trojans, and 2 Internet worms (including MyDoom and SoBig) -- and he didn't even know it.
I spent much of Monday and Tuesday "undoing" the damage caused by the malware. I have to say that with all my years of computing experience, the Backdoor.Agent.B Trojan virus and the iSearch toolbar were probably the most difficult, scum-sucking, bottom-of-the-barrel programs I've ever attempted to manually remove from a computer. Backdoor.Agent.B was particularly difficult to research on the 'net because the infected .DLL filename ("logapd.dll", in this case) was randomly generated by the Trojan. In other words, no other web sites on the 'net were talking about logapd.dll, because logapd.dll only existed (as a randomly generated filename) on Frank's computer.
Pretty tricky.
Thankfully, Norton Antivirus (which I recently installed) recognized the variant under its official call name (Backdoor.Agent.B), and and I was able to research further using Google. I eventually made my way to Symantec's web site, which provided manual removal instructions. After Agent.B was removed, undoing the rest of the damage to Frank's computer was relatively simple, although very time consuming.
Lessons Learned: how to avoid Spyware, Viruses, and Trojans in the Future
After it was all said and done, Frank learned a few valuable lessons:
- First and foremost: there is no such thing as a free lunch these days. This is especially true for the many "free" downloads on the Internet which often come bundled with Spyware. One of the programs that Frank installed onto his machine recently was "Messenger Plus" (a plug-in for MSN Messenger), which I believe came bundled with the iSearch toolbar. Frank was very surprised to learn that Messenger Plus, although related to MSN Messenger, was in fact a third-party utility -- bundled with third-party software -- and not something that was released by Microsoft. Side note: If you ever have any doubt of whether a program you're about to download contains Spyware, simply visit Google.com and type in the name of the program, followed by the word "Spyware", and click the search button. Using the Messenger Plus example, the phrase to search for would be "Messenger Plus Spyware". Click here for an example.
- Download Windows Updates as soon as they become available, and install them immediately. Although Frank set Windows Updates to download automatically, he chose to have Windows "remind [him] of pending updates". In other words, Frank chose to install the updates at a later time, rather than have Windows do it automatically. For instructions on how to automate Windows Updates for Windows XP, read this Microsoft article.
- Make sure that your Virus Scanner is up to date. Frank was using McAfee Virus Scan version 5, with old virus definitions (dating back to April of 2002). The lesson learned: a virus scanner is only as good as its virus definition files, which need to be updated regularly: typically once a week or less.
- Use an adequate Firewall. Frank was using an older version of Mcafee Firewall, which was not capable of informing him that programs running on his computer were communicating with the outside world. In fact, a number of the Trojans installed on Frank's computer were designed to "sniff" his passwords and send them to a remote computer (connected somewhere on the Internet). To correct this problem, I uninstalled Mcafee Firewall and installed ZoneAlarm (free).
- And most importantly: Neither LavaSoft AdAware nor SpyBot Search and Destroy (two freeware Spyware removers which Frank had installed on his computer) were able to detect and remove the highly annoying iSearch toolbar / homepage hijacker. I had to manually remove the program myself, which required editing the System Registry (read this previous Gazette article for generic steps on how to remove any Spyware toolbar). After I told Frank that Spy Sweeper would stop Spyware *before* it had a chance to get on his system and cause harm, he quickly signed up for a 2 year subscription. More information on Spy Sweeper and how it works here.
Reminder: PC Security Guide
Much of what I have just briefly mentioned above is covered explicitly in my PC Security Guide. If you have any concerns about protecting your PC, privacy, and data, you should download the guide immediately!
Most popular articles
- Which Processor is Better: Intel or AMD? - Explained
- How to Prevent Ransomware in 2018 - 10 Steps
- 5 Best Anti Ransomware Software Free
- How to Fix: Computer / Network Infected with Ransomware (10 Steps)
- How to Fix: Your Computer is Infected, Call This Number (Scam)
- Scammed by Informatico Experts? Here's What to Do
- Scammed by Smart PC Experts? Here's What to Do
- Scammed by Right PC Experts? Here's What to Do
- Scammed by PC / Web Network Experts? Here's What to Do
- How to Fix: Windows Update Won't Update
- Explained: Do I need a VPN? Are VPNs Safe for Online Banking?
- Explained: VPN vs Proxy; What's the Difference?
- Explained: Difference Between VPN Server and VPN (Service)
- Forgot Password? How to: Reset Any Password: Windows Vista, 7, 8, 10
- How to: Use a Firewall to Block Full Screen Ads on Android
- Explained: Absolute Best way to Limit Data on Android
- Explained: Difference Between Dark Web, Deep Net, Darknet and More
- Explained: If I Reset Windows 10 will it Remove Malware?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.