Solved

BD Thing 1.6 ?!?!?! What' going on?!

Posted on 2006-11-07
11
261 Views
Last Modified: 2013-12-04
Hi. I'm running XP SP2. I have a cable at home with router. Then I have home wireless network protected by filtering MAC numbers (only specific MAC numbers allowed access wifi router). I had used Bittorrent to download stuff in the past and to use it I had to open up a specific port for it for IP forwording. Port that I opened was 6200 or 6400  either one.
Now, here's my issue:
Last night while checking email (i use a POP3 program that loads email into my machine from my ISP server) my Norton Antivirus came up with message that something's trying to break into my computer. In details it said that I had BD Thing 1.6 trying to break into my machine. I could not load my emails, the email update would be interrupted by Norton with that message.

I looked up on Symantec website about BD Thing and it sounds like it's a Trojan that looks for open ports on machines and gives access to remote coputers. Does this mean I already have the trojan or an email that was coming in had that trojan and Norton blocked it? Why wouldn't Norton dete the email with trojan, it's done it in the past. I still can't load my emails and I get the same BD Thing message every time i do Send/Receive. Can someone help?!?

Thanks a lot Experts!!!
0
Comment
Question by:Gvigorus
  • 6
  • 5
11 Comments
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
I would try and do something besides a Norton Scan

HouseCall from TrendMicro
http://housecall.trendmicro.com

Chances are you are already infected, which is why Norton cant remove it.
Excerpt from http://www.spywaredb.com/remove-the-thing-1-6/
Check to see if you can find any of thes eprocesses or files...(if you find tehm, you might need to Boot into Safe mode to get rid of them properly)


Kill the following processes
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, hello$.exe, xzip.exe, packedserver.exe, server.exe
Remove the following files
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, file_id.diz, hello$.asm, hello$.exe, hello.asm, last.txt, make.bat, xzip.exe, mainform.dcu, mainform.dfm, mainform.pas, packedserver.exe, servcfg.dof, servcfg.dpr, servcfg.res, server.exe.

Be careful, not to delete any valid MS files, or files from other valid Apps. You can always right click>Properties>Verion tog et file info, to see if they are legit. 99.99% ot times, nasty files are not signed, or may not even have a verion tab.
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Also, looks like Pestpatrol, and Spysweeper can detect and clean these, or so they say....

The Thing 1.6
http://www3.ca.com/securityadvisor/pest/pest.aspx?id=23044
0
 

Author Comment

by:Gvigorus
Comment Utility
I tried following this process:

"Kill the following processes
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, hello$.exe, xzip.exe, packedserver.exe, server.exe
Remove the following files
592965-3bb.exe, backdoor.thething.16.exe, editsrv1.exe, file_id.diz, hello$.asm, hello$.exe, hello.asm, last.txt, make.bat, xzip.exe, mainform.dcu, mainform.dfm, mainform.pas, packedserver.exe, servcfg.dof, servcfg.dpr, servcfg.res, server.exe"

None of these processed were present and neither could I find any of these files on my hard drive (anywhere)...

I use Earthlink broad band cable. Earthlink has an email tool (similar to Outlook or Thunderbird), in basically connects to Earthlink email server via POP3 and SMTP and loads emails on to my machine. What happens is now when i click "Send/Receive" button to load my emails, a little window opens that shows "connecting to pop3 server" or something like that, then it waits for a little, shows me "you've got 50 new messages, downloading 0 of 50". Then it switches from "connecting to Pop3 server" to "virus blocker service" and that's when Norton Antivirus tells me "BD Thing 1.6 tries to hack your machine on port so and so". As a result, my emails do not load and that's why I opened up this question. Do you think this is something to do with my email server provider? Why would Norton say I had BD Thing 1.6 while i was loading my emails from my Earthlink pop3 account?

Thank you so much for all the help! I hope this can be resolved. I think there's some kind of incompatibility between Norton Antivirus and my ISP email software. Do you think Norton Antivirus thinks that Earthlink POP3 is like a BD Thing?
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
Can you uninstall the Earthlink email tool?? and retest?
0
 

Author Comment

by:Gvigorus
Comment Utility
I will try uninstalling and reinstalling. But do you think i may be getting this BD Thing 1.6 message from Norton because it doesn't like the Earthlink tool? Does that sound possibe? I don't understand why Norton would say I have BD Thing 1.6 when I couldn't find any of the listed malicious files or processes... weird stuff.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
It could be possible that its a false positive, from Norton.....
0
 

Author Comment

by:Gvigorus
Comment Utility
I downloaded and ran AntiVir. It found two trojans such that Norton Antivirus for some reason missed. Tried doing my email send/receive, but still no luck, same issue. I think I'm going to try shutting Norton Down and just leaving AntiVir running, then doing Send/Receive. I think Norton causes the issue...
0
 
LVL 66

Accepted Solution

by:
johnb6767 earned 125 total points
Comment Utility
Norton has a bad history with Trojan Detection, in the past.I used to swear by them, but I saw an article once that referred to their shortcomings with Trojan....In that Norton is antiVIRUS, not antiTROJAN. Thier Internet Security Suite helped more with Trojans, where the AV fell short.

$.02
0
 

Author Comment

by:Gvigorus
Comment Utility
Thanks John. I was under impression that Trojan's were still viruses, or type of viruses. Heh, so much crap for Windows out there, never had any of this on Fedora Core 4 (ranting)...
0
 

Author Comment

by:Gvigorus
Comment Utility
Okay, it was the security level of my email program, no Trojan's were found on my machine. Norton was false alarming... Thanks John!!
-=G=-
0
 
LVL 66

Expert Comment

by:johnb6767
Comment Utility
No problem, glad you figured it out.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
OfficeMate Freezes on login or does not load after login credentials are input.
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now