Nurech ShellBotR?

[surfsista]

SpyBot has identified Nurech, but does not resolve. Is this a false positive? What is ShellBotR?


Hint of the Day: Click the bar at the right of this to see more information! ()


Nurech: [SBI $DD2B7EA5] Settings (Registry key, nothing done)

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellBotR





--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---



2008-07-07 blindman.exe (1.0.0.8)

2008-07-07 SDFiles.exe (1.6.0.4)

2008-07-07 SDMain.exe (1.0.0.6)

2008-07-07 SDShred.exe (1.0.2.3)

2008-07-07 SDUpdate.exe (1.6.0.8)

2008-07-07 SDWinSec.exe (1.0.0.12)

2008-07-07 SpybotSD.exe (1.6.0.30)

2008-07-07 TeaTimer.exe (1.6.0.20)

2004-04-27 unins000.exe (51.13.0.0)

2008-08-14 unins001.exe (51.49.0.0)

2008-07-07 Update.exe (1.6.0.7)

2008-07-07 advcheck.dll (1.6.1.12)

2007-04-02 aports.dll (2.1.0.0)

2004-05-12 borlndmm.dll (7.0.4.453)

2004-05-12 delphimm.dll (7.0.4.453)

2008-06-14 DelZip179.dll (1.79.11.1)

2008-07-07 SDHelper.dll (1.6.0.12)

2008-06-19 sqlite3.dll

2008-07-07 Tools.dll (2.1.5.7)

2004-05-12 UnzDll.dll (1.73.1.1)

2004-05-12 ZipDll.dll (1.73.2.0)

2008-08-05 Includes\Adware.sbi (*)

2008-08-12 Includes\AdwareC.sbi (*)

2008-06-03 Includes\Cookies.sbi (*)

2008-06-03 Includes\Dialer.sbi (*)

2008-08-05 Includes\DialerC.sbi (*)

2008-07-22 Includes\HeavyDuty.sbi (*)

2008-07-30 Includes\Hijackers.sbi (*)

2008-08-12 Includes\HijackersC.sbi (*)

2008-08-05 Includes\Keyloggers.sbi (*)

2008-08-12 Includes\KeyloggersC.sbi (*)

2004-11-29 Includes\LSP.sbi (*)

2008-08-05 Includes\Malware.sbi (*)

2008-08-12 Includes\MalwareC.sbi (*)

2008-08-05 Includes\PUPS.sbi (*)

2008-08-12 Includes\PUPSC.sbi (*)

2007-11-07 Includes\Revision.sbi (*)

2008-06-18 Includes\Security.sbi (*)

2008-08-12 Includes\SecurityC.sbi (*)

2008-06-03 Includes\Spybots.sbi (*)

2008-06-03 Includes\SpybotsC.sbi (*)

2008-08-11 Includes\Spyware.sbi (*)

2008-08-11 Includes\SpywareC.sbi (*)

2008-06-03 Includes\Tracks.uti

2008-08-05 Includes\Trojans.sbi (*)

2008-08-12 Includes\TrojansC.sbi (*)

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

[md usa spybot fan]

surfsista:

I do not believe that the detection is a false positive. See:

• ThreatExpert Report Trojan-Proxy.Agent!sd5, Trojan-Proxy.Win32.Agent.jo, Backdoor.Shellbot..
  http://www.threatexpert.com/report.a...a-08985179791b

• The following Registry Key was created:
  
  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellBotR

I believe you are running with month old updates. Please go into Spybot » Help »About. Make sure you are running the latest detection updates:

• Latest detection update 9/10/2008

If not update.

After updating try running another scan/fix. If that does not fix the problem, try running Spybot in Safe Mode and see if that helps with the removal of the problem.

If Spybot still fails to correct the problem consider posting in the Malware Removal forum and having someone take a look at your system.

If you decide to have an experienced malware removal specialist assist you, please follow the procedure in this link to run scans and produce a HijackThis log:

• "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance).

After you have completed the required scans and produced the requested logs, start your own thread in the Malware Removal forum, making sure to post the HijackThis log produced from the above instructions.