:: Your Computer Technical Resource Headquarters! :: Your Computer Technical Resource Headquarters!
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: BackDoor-CVT Trojan
June 05, 2020, 05:25:22 AM

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
June 05, 2020, 05:25:22 AM

Login with username, password and session length
 Featured Sites:
New  New Poll on our main page!
"My experience with Vista..."
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: BackDoor-CVT Trojan  (Read 748 times)

Karma: +0/-1
Offline Offline

Posts: 3

Bookmark and Share

View Profile
« on: September 19, 2007, 02:03:36 PM »

Hi folks.

I have a Trojan on my machine - BackDoor-CVT

This is what McAfee says about it;

When this dropper file is run, it creates the following file:

%SysDir%\winicd32.dll (18,944 bytes)This file is injected into Internet Explorer's memory space, to avoid triggering firewall software.

The following registry keys are created:


The dropped file will also try to connect to a remote website, like, where it can get an additional configuration file, named text.dat.

I have the latest update but the scan results say that the infected file
(C:\WINDOWS\SYSTEM32\WINBFI32.DLL) can not be removed.

If I delete these registry entries will the Trojan be removed or should I remove the WINBFI32.DLL file manually - or would I be screwing up my machine?

***** Enlargement Kamine
Global Moderator
Hero Member

Karma: +78/-0
Offline Offline

Gender: Male
Posts: 3915

Bookmark and Share

View Profile
« Reply #1 on: September 20, 2007, 12:36:49 AM »

Please download HijackThis to your desktop..

Alternate link

This program will help us determine if there are any spyware/malware on your computer. Double-click on the file you just downloaded.
Click on the "Unzip" button to install. It will by default install to the directory - C:\Program Files\Trend Micro\HijackThis

Upon install, HijackThis should open for you.

Should it not open, navigate to C:\Program Files\Trend Micro\HijackThis and double click on HijackThis.exe

1. If it gives you an intro screen, just choose 'Do a system scan and save a logfile'.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

An Australian Member of

Pages: [1] Go Up Print 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page August 03, 2017, 10:56:47 PM