Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 270
  • Last Modified:

BD Thing 1.6 ?!?!?! What' going on?!

Hi. I'm running XP SP2. I have a cable at home with router. Then I have home wireless network protected by filtering MAC numbers (only specific MAC numbers allowed access wifi router). I had used Bittorrent to download stuff in the past and to use it I had to open up a specific port for it for IP forwording. Port that I opened was 6200 or 6400  either one.
Now, here's my issue:
Last night while checking email (i use a POP3 program that loads email into my machine from my ISP server) my Norton Antivirus came up with message that something's trying to break into my computer. In details it said that I had BD Thing 1.6 trying to break into my machine. I could not load my emails, the email update would be interrupted by Norton with that message.

I looked up on Symantec website about BD Thing and it sounds like it's a Trojan that looks for open ports on machines and gives access to remote coputers. Does this mean I already have the trojan or an email that was coming in had that trojan and Norton blocked it? Why wouldn't Norton dete the email with trojan, it's done it in the past. I still can't load my emails and I get the same BD Thing message every time i do Send/Receive. Can someone help?!?

Thanks a lot Experts!!!
0
Gvigorus
Asked:
Gvigorus
  • 6
  • 5
1 Solution
 
johnb6767Commented:
I would try and do something besides a Norton Scan

HouseCall from TrendMicro
http://housecall.trendmicro.com

Chances are you are already infected, which is why Norton cant remove it.
Excerpt from http://www.spywaredb.com/remove-the-thing-1-6/
Check to see if you can find any of thes eprocesses or files...(if you find tehm, you might need to Boot into Safe mode to get rid of them properly)


Kill the following processes
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, hello$.exe, xzip.exe, packedserver.exe, server.exe
Remove the following files
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, file_id.diz, hello$.asm, hello$.exe, hello.asm, last.txt, make.bat, xzip.exe, mainform.dcu, mainform.dfm, mainform.pas, packedserver.exe, servcfg.dof, servcfg.dpr, servcfg.res, server.exe.

Be careful, not to delete any valid MS files, or files from other valid Apps. You can always right click>Properties>Verion tog et file info, to see if they are legit. 99.99% ot times, nasty files are not signed, or may not even have a verion tab.
0
 
johnb6767Commented:
Also, looks like Pestpatrol, and Spysweeper can detect and clean these, or so they say....

The Thing 1.6
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=23044
0
 
GvigorusAuthor Commented:
I tried following this process:

"Kill the following processes
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, hello$.exe, xzip.exe, packedserver.exe, server.exe
Remove the following files
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, file_id.diz, hello$.asm, hello$.exe, hello.asm, last.txt, make.bat, xzip.exe, mainform.dcu, mainform.dfm, mainform.pas, packedserver.exe, servcfg.dof, servcfg.dpr, servcfg.res, server.exe"

None of these processed were present and neither could I find any of these files on my hard drive (anywhere)...

I use Earthlink broad band cable. Earthlink has an email tool (similar to Outlook or Thunderbird), in basically connects to Earthlink email server via POP3 and SMTP and loads emails on to my machine. What happens is now when i click "Send/Receive" button to load my emails, a little window opens that shows "connecting to pop3 server" or something like that, then it waits for a little, shows me "you've got 50 new messages, downloading 0 of 50". Then it switches from "connecting to Pop3 server" to "virus blocker service" and that's when Norton Antivirus tells me "BD Thing 1.6 tries to hack your machine on port so and so". As a result, my emails do not load and that's why I opened up this question. Do you think this is something to do with my email server provider? Why would Norton say I had BD Thing 1.6 while i was loading my emails from my Earthlink pop3 account?

Thank you so much for all the help! I hope this can be resolved. I think there's some kind of incompatibility between Norton Antivirus and my ISP email software. Do you think Norton Antivirus thinks that Earthlink POP3 is like a BD Thing?
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
johnb6767Commented:
Can you uninstall the Earthlink email tool?? and retest?
0
 
GvigorusAuthor Commented:
I will try uninstalling and reinstalling. But do you think i may be getting this BD Thing 1.6 message from Norton because it doesn't like the Earthlink tool? Does that sound possibe? I don't understand why Norton would say I have BD Thing 1.6 when I couldn't find any of the listed malicious files or processes... weird stuff.
0
 
johnb6767Commented:
It could be possible that its a false positive, from Norton.....
0
 
GvigorusAuthor Commented:
I downloaded and ran AntiVir. It found two trojans such that Norton Antivirus for some reason missed. Tried doing my email send/receive, but still no luck, same issue. I think I'm going to try shutting Norton Down and just leaving AntiVir running, then doing Send/Receive. I think Norton causes the issue...
0
 
johnb6767Commented:
Norton has a bad history with Trojan Detection, in the past.I used to swear by them, but I saw an article once that referred to their shortcomings with Trojan....In that Norton is antiVIRUS, not antiTROJAN. Thier Internet Security Suite helped more with Trojans, where the AV fell short.

$.02
0
 
GvigorusAuthor Commented:
Thanks John. I was under impression that Trojan's were still viruses, or type of viruses. Heh, so much crap for Windows out there, never had any of this on Fedora Core 4 (ranting)...
0
 
GvigorusAuthor Commented:
Okay, it was the security level of my email program, no Trojan's were found on my machine. Norton was false alarming... Thanks John!!
-=G=-
0
 
johnb6767Commented:
No problem, glad you figured it out.
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

  • 6
  • 5
Tackle projects and never again get stuck behind a technical roadblock.
Join Now