clh333
2009-01-04, 20:13
I have a small (home) wireless network of Windows computers which are now infected with a Trojan program identified by SB-SD 1.6 as "BachKoa Antivirus", despite the presence of AVG Free 8.0 and other prophylaxis. The virus has persisted despite my attempts to clean it.
I am currently connected to your site from a Windows Vista machine, through a router and cable modem. My ISP is Time Warner. The machine runs Vista Home Premium on an HP Pavillion m8000n, 64-bit AMD processor, 4 GB RAM. Windows automatic updates is enabled.
This Vista computer is the only one active at the moment: I have decided to keep all others powered down until I can clean this one. I won't go into the attempts to clean the other machines, although I first discovered the infection on a dual-boot machine running XP-Pro (SP2) and SUSE Linux 10.2.
I installed SB-SD 1.4 on this, the Vista machine, and ran it this morning. On first run it checked for updates and downloaded v.1.6. The install of 1.6 failed as Vista refused to release (shut down) one of the processes that 1.4 was running.
I downloaded 1.6 from your site, uninstalled 1.4 and installed 1.6, successfully. Registry backup, TeaTimer and Immunize were options selected. Was this perhaps a mistake? I see a note about not running TeaTimer on Vista.
After checking and installing updates, I launched the Search and Destroy. Once again I received a Windows error message about being unable to start a process, I believe because the file was not found.
S&D ran, however, and discovered several tracking cookies and three instances of registry keys for the BachKoa program. I was able to remove the cookies, but not the Trojan: S&D reported that I did not have authorization, as I was not an administrator!
A quick check of User accounts verified that I am indeed administrator, so this little Trojan is doing all it can to protect itself. I would greatly appreciate suggestions for how to proceed with its extermination.
Thank you for your assistance.
Charles Hudson
I am currently connected to your site from a Windows Vista machine, through a router and cable modem. My ISP is Time Warner. The machine runs Vista Home Premium on an HP Pavillion m8000n, 64-bit AMD processor, 4 GB RAM. Windows automatic updates is enabled.
This Vista computer is the only one active at the moment: I have decided to keep all others powered down until I can clean this one. I won't go into the attempts to clean the other machines, although I first discovered the infection on a dual-boot machine running XP-Pro (SP2) and SUSE Linux 10.2.
I installed SB-SD 1.4 on this, the Vista machine, and ran it this morning. On first run it checked for updates and downloaded v.1.6. The install of 1.6 failed as Vista refused to release (shut down) one of the processes that 1.4 was running.
I downloaded 1.6 from your site, uninstalled 1.4 and installed 1.6, successfully. Registry backup, TeaTimer and Immunize were options selected. Was this perhaps a mistake? I see a note about not running TeaTimer on Vista.
After checking and installing updates, I launched the Search and Destroy. Once again I received a Windows error message about being unable to start a process, I believe because the file was not found.
S&D ran, however, and discovered several tracking cookies and three instances of registry keys for the BachKoa program. I was able to remove the cookies, but not the Trojan: S&D reported that I did not have authorization, as I was not an administrator!
A quick check of User accounts verified that I am indeed administrator, so this little Trojan is doing all it can to protect itself. I would greatly appreciate suggestions for how to proceed with its extermination.
Thank you for your assistance.
Charles Hudson