Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

BD Thing 1.6 ?!?!?! What' going on?!

Posted on 2006-11-07
11
Medium Priority
?
268 Views
Last Modified: 2013-12-04
Hi. I'm running XP SP2. I have a cable at home with router. Then I have home wireless network protected by filtering MAC numbers (only specific MAC numbers allowed access wifi router). I had used Bittorrent to download stuff in the past and to use it I had to open up a specific port for it for IP forwording. Port that I opened was 6200 or 6400  either one.
Now, here's my issue:
Last night while checking email (i use a POP3 program that loads email into my machine from my ISP server) my Norton Antivirus came up with message that something's trying to break into my computer. In details it said that I had BD Thing 1.6 trying to break into my machine. I could not load my emails, the email update would be interrupted by Norton with that message.

I looked up on Symantec website about BD Thing and it sounds like it's a Trojan that looks for open ports on machines and gives access to remote coputers. Does this mean I already have the trojan or an email that was coming in had that trojan and Norton blocked it? Why wouldn't Norton dete the email with trojan, it's done it in the past. I still can't load my emails and I get the same BD Thing message every time i do Send/Receive. Can someone help?!?

Thanks a lot Experts!!!
0
Comment
Question by:Gvigorus
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
11 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 17893994
I would try and do something besides a Norton Scan

HouseCall from TrendMicro
http://housecall.trendmicro.com

Chances are you are already infected, which is why Norton cant remove it.
Excerpt from http://www.spywaredb.com/remove-the-thing-1-6/
Check to see if you can find any of thes eprocesses or files...(if you find tehm, you might need to Boot into Safe mode to get rid of them properly)


Kill the following processes
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, hello$.exe, xzip.exe, packedserver.exe, server.exe
Remove the following files
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, file_id.diz, hello$.asm, hello$.exe, hello.asm, last.txt, make.bat, xzip.exe, mainform.dcu, mainform.dfm, mainform.pas, packedserver.exe, servcfg.dof, servcfg.dpr, servcfg.res, server.exe.

Be careful, not to delete any valid MS files, or files from other valid Apps. You can always right click>Properties>Verion tog et file info, to see if they are legit. 99.99% ot times, nasty files are not signed, or may not even have a verion tab.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17894002
Also, looks like Pestpatrol, and Spysweeper can detect and clean these, or so they say....

The Thing 1.6
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=23044
0
 

Author Comment

by:Gvigorus
ID: 17959164
I tried following this process:

"Kill the following processes
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, hello$.exe, xzip.exe, packedserver.exe, server.exe
Remove the following files
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, file_id.diz, hello$.asm, hello$.exe, hello.asm, last.txt, make.bat, xzip.exe, mainform.dcu, mainform.dfm, mainform.pas, packedserver.exe, servcfg.dof, servcfg.dpr, servcfg.res, server.exe"

None of these processed were present and neither could I find any of these files on my hard drive (anywhere)...

I use Earthlink broad band cable. Earthlink has an email tool (similar to Outlook or Thunderbird), in basically connects to Earthlink email server via POP3 and SMTP and loads emails on to my machine. What happens is now when i click "Send/Receive" button to load my emails, a little window opens that shows "connecting to pop3 server" or something like that, then it waits for a little, shows me "you've got 50 new messages, downloading 0 of 50". Then it switches from "connecting to Pop3 server" to "virus blocker service" and that's when Norton Antivirus tells me "BD Thing 1.6 tries to hack your machine on port so and so". As a result, my emails do not load and that's why I opened up this question. Do you think this is something to do with my email server provider? Why would Norton say I had BD Thing 1.6 while i was loading my emails from my Earthlink pop3 account?

Thank you so much for all the help! I hope this can be resolved. I think there's some kind of incompatibility between Norton Antivirus and my ISP email software. Do you think Norton Antivirus thinks that Earthlink POP3 is like a BD Thing?
0
Introducing the WatchGuard 420 Access Point

WatchGuard's newest access point includes an 802.11ac Wave 2 chipset, providing the fastest speeds for VoIP, video and music streaming, and large data file transfers. Additionally, enjoy the benefits of strong security as the 3rd radio delivers dedicated WIPS protection!

 
LVL 66

Expert Comment

by:johnb6767
ID: 17959230
Can you uninstall the Earthlink email tool?? and retest?
0
 

Author Comment

by:Gvigorus
ID: 17959909
I will try uninstalling and reinstalling. But do you think i may be getting this BD Thing 1.6 message from Norton because it doesn't like the Earthlink tool? Does that sound possibe? I don't understand why Norton would say I have BD Thing 1.6 when I couldn't find any of the listed malicious files or processes... weird stuff.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17959921
It could be possible that its a false positive, from Norton.....
0
 

Author Comment

by:Gvigorus
ID: 17979780
I downloaded and ran AntiVir. It found two trojans such that Norton Antivirus for some reason missed. Tried doing my email send/receive, but still no luck, same issue. I think I'm going to try shutting Norton Down and just leaving AntiVir running, then doing Send/Receive. I think Norton causes the issue...
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 500 total points
ID: 17980103
Norton has a bad history with Trojan Detection, in the past.I used to swear by them, but I saw an article once that referred to their shortcomings with Trojan....In that Norton is antiVIRUS, not antiTROJAN. Thier Internet Security Suite helped more with Trojans, where the AV fell short.

$.02
0
 

Author Comment

by:Gvigorus
ID: 17980756
Thanks John. I was under impression that Trojan's were still viruses, or type of viruses. Heh, so much crap for Windows out there, never had any of this on Fedora Core 4 (ranting)...
0
 

Author Comment

by:Gvigorus
ID: 18187542
Okay, it was the security level of my email program, no Trojan's were found on my machine. Norton was false alarming... Thanks John!!
-=G=-
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18187636
No problem, glad you figured it out.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Recently, a new law in my state forced us to get a top-to-bottom analysis of all of our contract client's networks. While we have documentation, it was spotty at best for some - and in any event it needed to be checked against reality. That was m…
Many of us in IT utilize a combination of roaming profiles and folder redirection to ensure user information carries over from one workstation to another; in my environment, it was to enable virtualization without needing a separate desktop for each…
Add bar graphs to Access queries using Unicode block characters. Graphs appear on every record in the color you want. Give life to numbers. Hopes this gives you ideas on visualizing your data in new ways ~ Create a calculated field in a query: …
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question