Solved

BD Thing 1.6 ?!?!?! What' going on?!

Posted on 2006-11-07
11
263 Views
Last Modified: 2013-12-04
Hi. I'm running XP SP2. I have a cable at home with router. Then I have home wireless network protected by filtering MAC numbers (only specific MAC numbers allowed access wifi router). I had used Bittorrent to download stuff in the past and to use it I had to open up a specific port for it for IP forwording. Port that I opened was 6200 or 6400  either one.
Now, here's my issue:
Last night while checking email (i use a POP3 program that loads email into my machine from my ISP server) my Norton Antivirus came up with message that something's trying to break into my computer. In details it said that I had BD Thing 1.6 trying to break into my machine. I could not load my emails, the email update would be interrupted by Norton with that message.

I looked up on Symantec website about BD Thing and it sounds like it's a Trojan that looks for open ports on machines and gives access to remote coputers. Does this mean I already have the trojan or an email that was coming in had that trojan and Norton blocked it? Why wouldn't Norton dete the email with trojan, it's done it in the past. I still can't load my emails and I get the same BD Thing message every time i do Send/Receive. Can someone help?!?

Thanks a lot Experts!!!
0
Comment
Question by:Gvigorus
  • 6
  • 5
11 Comments
 
LVL 66

Expert Comment

by:johnb6767
ID: 17893994
I would try and do something besides a Norton Scan

HouseCall from TrendMicro
http://housecall.trendmicro.com

Chances are you are already infected, which is why Norton cant remove it.
Excerpt from http://www.spywaredb.com/remove-the-thing-1-6/
Check to see if you can find any of thes eprocesses or files...(if you find tehm, you might need to Boot into Safe mode to get rid of them properly)


Kill the following processes
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, hello$.exe, xzip.exe, packedserver.exe, server.exe
Remove the following files
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, file_id.diz, hello$.asm, hello$.exe, hello.asm, last.txt, make.bat, xzip.exe, mainform.dcu, mainform.dfm, mainform.pas, packedserver.exe, servcfg.dof, servcfg.dpr, servcfg.res, server.exe.

Be careful, not to delete any valid MS files, or files from other valid Apps. You can always right click>Properties>Verion tog et file info, to see if they are legit. 99.99% ot times, nasty files are not signed, or may not even have a verion tab.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17894002
Also, looks like Pestpatrol, and Spysweeper can detect and clean these, or so they say....

The Thing 1.6
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=23044
0
 

Author Comment

by:Gvigorus
ID: 17959164
I tried following this process:

"Kill the following processes
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, hello$.exe, xzip.exe, packedserver.exe, server.exe
Remove the following files
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, file_id.diz, hello$.asm, hello$.exe, hello.asm, last.txt, make.bat, xzip.exe, mainform.dcu, mainform.dfm, mainform.pas, packedserver.exe, servcfg.dof, servcfg.dpr, servcfg.res, server.exe"

None of these processed were present and neither could I find any of these files on my hard drive (anywhere)...

I use Earthlink broad band cable. Earthlink has an email tool (similar to Outlook or Thunderbird), in basically connects to Earthlink email server via POP3 and SMTP and loads emails on to my machine. What happens is now when i click "Send/Receive" button to load my emails, a little window opens that shows "connecting to pop3 server" or something like that, then it waits for a little, shows me "you've got 50 new messages, downloading 0 of 50". Then it switches from "connecting to Pop3 server" to "virus blocker service" and that's when Norton Antivirus tells me "BD Thing 1.6 tries to hack your machine on port so and so". As a result, my emails do not load and that's why I opened up this question. Do you think this is something to do with my email server provider? Why would Norton say I had BD Thing 1.6 while i was loading my emails from my Earthlink pop3 account?

Thank you so much for all the help! I hope this can be resolved. I think there's some kind of incompatibility between Norton Antivirus and my ISP email software. Do you think Norton Antivirus thinks that Earthlink POP3 is like a BD Thing?
0
Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

 
LVL 66

Expert Comment

by:johnb6767
ID: 17959230
Can you uninstall the Earthlink email tool?? and retest?
0
 

Author Comment

by:Gvigorus
ID: 17959909
I will try uninstalling and reinstalling. But do you think i may be getting this BD Thing 1.6 message from Norton because it doesn't like the Earthlink tool? Does that sound possibe? I don't understand why Norton would say I have BD Thing 1.6 when I couldn't find any of the listed malicious files or processes... weird stuff.
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 17959921
It could be possible that its a false positive, from Norton.....
0
 

Author Comment

by:Gvigorus
ID: 17979780
I downloaded and ran AntiVir. It found two trojans such that Norton Antivirus for some reason missed. Tried doing my email send/receive, but still no luck, same issue. I think I'm going to try shutting Norton Down and just leaving AntiVir running, then doing Send/Receive. I think Norton causes the issue...
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 125 total points
ID: 17980103
Norton has a bad history with Trojan Detection, in the past.I used to swear by them, but I saw an article once that referred to their shortcomings with Trojan....In that Norton is antiVIRUS, not antiTROJAN. Thier Internet Security Suite helped more with Trojans, where the AV fell short.

$.02
0
 

Author Comment

by:Gvigorus
ID: 17980756
Thanks John. I was under impression that Trojan's were still viruses, or type of viruses. Heh, so much crap for Windows out there, never had any of this on Fedora Core 4 (ranting)...
0
 

Author Comment

by:Gvigorus
ID: 18187542
Okay, it was the security level of my email program, no Trojan's were found on my machine. Norton was false alarming... Thanks John!!
-=G=-
0
 
LVL 66

Expert Comment

by:johnb6767
ID: 18187636
No problem, glad you figured it out.
0

Featured Post

Three Reasons Why Backup is Strategic

Backup is strategic to your business because your data is strategic to your business. Without backup, your business will fail. This white paper explains why it is vital for you to design and immediately execute a backup strategy to protect 100 percent of your data.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

This is a guide to the following problem (not exclusive but here) on Windows: Users need our support and we supporters often use global administrative accounts to do this. Using these accounts safely is a real challenge. Any admin who takes se…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
This video shows how to quickly and easily add an email signature for all users on Exchange 2016. The resulting signature is applied on a server level by Exchange Online. The email signature template has been downloaded from: www.mail-signatures…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question