Backdoor.Sinique

  • Thread starter Thread starter Simon
  • Start date Start date
S

Simon

Norton AntiVirus pops up this alert as High Risk on my computer:

Object Name: C:\Windows\system32\usr32.dll
Virus Name: Backdoor.Sinique
Action Taken: Unable to repair the file.

Search on the web, got no info about it.

Any advice, thanks in advance.
 
Norton AntiVirus pops up this alert as High Risk on my computer:

Object Name: C:\Windows\system32\usr32.dll
Virus Name: Backdoor.Sinique
Action Taken: Unable to repair the file.

Search on the web, got no info about it.

Any advice, thanks in advance.
Click to expand...

Since this a trojan and not a virus (it didn't infect a host) you can
delete the file in safe mode. You should run a tool such as clean.exe
from our website to make sure you are completly disinfected
afterwards.
 
From: "Simon" <[email protected]>

| Norton AntiVirus pops up this alert as High Risk on my computer:
|
| Object Name: C:\Windows\system32\usr32.dll
| Virus Name: Backdoor.Sinique
| Action Taken: Unable to repair the file.
|
| Search on the web, got no info about it.
|
| Any advice, thanks in advance.
|


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove
viruses and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *
 
Simon said:
Norton AntiVirus pops up this alert as High Risk on my computer:

Object Name: C:\Windows\system32\usr32.dll
Virus Name: Backdoor.Sinique
Action Taken: Unable to repair the file.

Search on the web, got no info about it.

Any advice, thanks in advance.
Click to expand...

Submit the file to "virustotal" to be scanned by several other AV
products. Then you will have many names to investigate or be assured it
is a false positive (if it is one).

....or you could do as other posters have suggested.
 
David H. Lipman - 07.08.2005 19:33 :
From: "Ian Kenefick" <[email protected]>

|
| Greetings Dave :-)
|
| --
| Ian Kenefick
| http://www.ik-cs.com
| http://antivirus.ik-cs.com

Ciao !
Click to expand...

Dave, how does it work that even the SIG-lines from Ian are quoted, as
you can see above? Normally, a well configured SIG-part with "-- " is
greyed out and automatically NOT quoted within a response. Or did you a
copy and paste deliberately?

BTW, the mixture of the normal ">" and your "|" quoting looks a little
bit confusing/irritating?!
 
Peter said:
David H. Lipman - 07.08.2005 19:33 :



Dave, how does it work that even the SIG-lines from Ian are quoted, as
you can see above? Normally, a well configured SIG-part with "-- " is
greyed out and automatically NOT quoted within a response. Or did you a
copy and paste deliberately?
Click to expand...

X-Newsreader: Microsoft Outlook Express 6.00.2800.1506 :-D
 
From: "Beauregard T. Shagnasty" <[email protected]>


|
| X-Newsreader: Microsoft Outlook Express 6.00.2800.1506 :-D
||
| --
| -bts
| -This space intentionally left blank.

Half right....

FL-Build: Fidolook 2002 (SL) 6.0.2800.94 - 5/4/2005 11:39:16
 
David said:
From: "Beauregard T. Shagnasty" <[email protected]>

| X-Newsreader: Microsoft Outlook Express 6.00.2800.1506 :-D


|
| --
| -bts
| -This space intentionally left blank.

Half right....

FL-Build: Fidolook 2002 (SL) 6.0.2800.94 - 5/4/2005 11:39:16
Click to expand...

That's one I'm not familiar with, but I see at:
http://www.fidolook.org/

"Fidolook is freeware extension for Microsoft Outlook Express what
shipped with Microsoft Internet Explorer. This program dramatically
enhance Outlook Express. ..."

Doesn't it allow OE to snip properly-formed sigs, such as mine above?

OE_Quotefix does, as far as I remember...
 
Dave, how does it work that even the SIG-lines from Ian are quoted, as
you can see above? Normally, a well configured SIG-part with "-- " is
greyed out and automatically NOT quoted within a response. Or did you a
copy and paste deliberately?
Click to expand...

How a conversation digresses! :-)
 
Ian Kenefick said:
How a conversation digresses! :-)
Click to expand...

Certainly does (G). I have yet to see Peter Seiler offer any antivirus
advice. He seems to prefer nitpicking about style and news readers, not
content. Sigh!!

Heather
 
From: "Beauregard T. Shagnasty" <[email protected]>


|
| That's one I'm not familiar with, but I see at:
| http://www.fidolook.org/
|
| "Fidolook is freeware extension for Microsoft Outlook Express what
| shipped with Microsoft Internet Explorer. This program dramatically
| enhance Outlook Express. ..."
|
| Doesn't it allow OE to snip properly-formed sigs, such as mine above?
|
| OE_Quotefix does, as far as I remember...
|
| --
| -bts
| -This space intentionally left blank.

It does all that OEQF does but more...

If it is an option, I have to look into the setings.
 
From: "Heather" <[email protected]>


|
| Certainly does (G). I have yet to see Peter Seiler offer any antivirus
| advice. He seems to prefer nitpicking about style and news readers, not
| content. Sigh!!
|
| Heather
|

Yes !!!! In *many* News Groups.
 
From: "Heather" <[email protected]>


|
| Certainly does (G). I have yet to see Peter Seiler offer any
| antivirus advice. He seems to prefer nitpicking about style and
| news readers, not content. Sigh!!
|
| Heather
|
Click to expand...

Heather-
Sounds like my father-
Worried about the outside of the cup.
Yes !!!! In *many* News Groups.
Click to expand...

David-
I don't care much for the way your extention for OE works either.
You should look into changing it.(sits back and waits to see if you
are an A or B type person,I am betting on A) Oh I am having too much
fun now.
-max
 
From: "What's in a Name?" <[email protected]>


| David-
| I don't care much for the way your extention for OE works either.
| You should look into changing it.(sits back and waits to see if you
| are an A or B type person,I am betting on A) Oh I am having too much
| fun now.
| -max
| --
| Making Good Posts:
| Virus Removal Instructions: http://home.neo.rr.com/manna4u/
| Change nomail.afraid.org to yahoo.com to reply.
| Registered Linux User #393236
|

Well my blood is A+

As for FidoLook... you can't please everyone all the time.
 
David H. Lipman said:
From: "What's in a Name?" <[email protected]>


| David-
| I don't care much for the way your extention for OE works either.
| You should look into changing it.(sits back and waits to see if you
| are an A or B type person,I am betting on A) Oh I am having too much
| fun now.
| -max
|
Click to expand...
Well my blood is A+
Click to expand...

Well, that fits (grin)......you most definitely are an A type, perhaps with
a *softer delivery*, so to speak.

Heather
 
M$ From: "What's in a Name?" <[email protected]>
M$
M$
M$ David-
M$ I don't care much for the way your extention for OE works either.
M$ You should look into changing it.(sits back and waits to see
M$ if you
M$ are an A or B type person,I am betting on A) Oh I am having too
M$ much fun now.
M$ -max
M$ Well my blood is A+
M$
M$ As for FidoLook... you can't please everyone all the time.
M$

You should really mess with them and use $
-max
 
Back
Top