PDA

View Full Version : b.exe


Diablo vt
11 Nov 2007, 16:32
There's a file on my computer called "b.exe". Everytime my computer starts up, it always says... "b.exe has encountered an error". I know it's a virus but I can't get rid of it and i've looked everywhere for a solution. I can't open the command prompt and it also slows my computer down.
So please help me get rid of this, as it's really annoying me! Thank you.

MrBunsy
11 Nov 2007, 17:19
Have you tried an anti-virus programme, using msconfig to stop it from starting up in the first place, or safe-mode?

Or deleting it?

Diablo vt
11 Nov 2007, 18:16
Thanks for the reply. Yes i've tried deleting it and it comes back. I've tried everything. I couldn't get my anti-virus program to work before for some reason but it's working now. So hopefully it'll find the wee bugger. Thanks again for the reply and yes I'll try safe mode.

Xinos
11 Nov 2007, 18:55
You are running Windows XP right? I've had the same problem where deleted viruses would come back after each boot-up, even if a anti-virus program tried to remove it. I was using NOD32 and their support told me that I had to disable System Restore before the virus could be removed, because for some reason windows thinks it's vital and therefor has saved it :rolleyes:



Click Start.
Right-click My Computer, and then click Properties.
On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
If you do not see the System Restore tab, you are not logged on to Windows as an Administrator.
Click Apply.
When you see the confirmation message, click Yes.
Click OK.



See if that helps..
You should be able to enable system restore again once the virus is gone.. but make a new restore point in that case. Personally I kept it off after that..

quakerworm
11 Nov 2007, 23:34
turning off system restore will not do much. in fact, if you forget to turn it on later, it might byte you in the behind later. system restore is the only reliable way to bring back a past configuration of your registry, and if you are going to be removing viruses by hand, that will come handy.

ok, now, you first need to figure out how b.exe gets called. most likely, it is executed directly on startup. there are two ways a program can be run on startup. first, there is a startup folder, which is usually under:

c:/documents and settings/[user name]/start menu/programs/startup

check for shortcuts there. however, the second way is more common. it is through registry. first, open registry editor by going to start->run and typing in regedit. hit ok, and it should open a registry editor window. you want to find the key that is under:

hkey_local_machine/software/microsoft/windows/current version/run

if you click on that run key, you should see the list of keys it contains. each key in that list is a program that will be executed on startup. data field contains path to the program, and that's where you should look for b.exe. if you find it, just delete that key.

there are more creative ways that a program can run itself through registry. if you don't find b.exe in run, try searching for b.exe in the registry using the search feature. if you see a key that has path to b.exe as a data field, you are almost certainly going to want to just delete it.

finally, there is a chance that b.exe is called by another program. in that case, you'll have to carefully go through your startup list in both the startup folder and the run key in the registry and find the programs that aren't supposed to be there. that might be a lot more difficult, and you might have to spend quite a bit of time searching for each program on internet and chekcing which are legitimate startup programs and which are potential viruses or whatnot.

FutureWorm
12 Nov 2007, 04:38
wipe hard drive, reinstall windows

quakerworm
12 Nov 2007, 05:54
wipe hard drive, reinstall windows
because of a single potentially malicious program? you must format your hdd bi-weekly.

AndrewTaylor
12 Nov 2007, 10:12
How To Kill All Known Viruses:

1. Scan them with something up to date.
2. Type the name of the virus into Google.
3. Follow the instructions on whatever site tells you how to kill it.

MtlAngelus
12 Nov 2007, 10:27
because of a single potentially malicious program? you must format your hdd bi-weekly.

I think he's a mac user, actually. So he doesn't really get that problem. :cool:

yauhui
12 Nov 2007, 12:26
I can't open the command prompt

Would you mind if i request for the method you use to open Command Prompt? like go to start menu > accessories or something.

this is the method i use to open command prompt when hacking a computer:

start menu > run > command

this will open command prompt.

I know it's a virus but I can't get rid of it and i've looked everywhere for a solution.

try AVG Free AntiVirus (http://www.grisoft.com/doc/download-free-anti-virus/us/crp/0). It may not be of much help, but maybe it could wipe the nasty virus.

Maybe this (http://www.grisoft.com/doc/34/us/crp/0) could come in handy too.

Trial versions (http://www.kaspersky.com/trials) of Kaspersky Antivirus/Internet Security may interest you.

You may not trust this (http://www.kaspersky.com/virusscanner) fully but give it a shot as a last resort.

if you successfully removed all viruses from your computer, get Kaspersky antivirus if you are willing to fork out some cash (US$40 per year). I really trust Kaspersky as it is the only antivirus i've known to actually check for all actions by every program that runs, may it be Messenger you opened or viruses in the background, and surprisingly you wouldnt even know because of its fast speed and reliability.

I'm running Kaspersky AntiVirus 6.0..

EDIT: New updates on how to fight b.exe.

(just google it and your results are satisfactory!)

OK heres explanation on "b.exe".

It is actually a worm (NOT A VIRUS) under the name WORM_SDBOT.BND which makes a copy of itself under the name "b.exe" and uses that copy to do all the work. if it is deleted, it will make another copy again. To ensure the automatic startup of the file everytime, it makes multiple entries in the registry.

How to ensure "b.exe" doesnt automatically start each time.

Registry editing time! REMOVE ALL "B.EXE" ENTRIES AS SHOWN IN THE FOLLOWING INFORMATION.

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\Run

HKEY_LOCAL_MACHINE\Software\Microsoft\
Windows\CurrentVersion\RunServices

HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Control\Lsa

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\Run

HKEY_CURRENT_USER\Software\Microsoft\
Windows\CurrentVersion\RunServices

HKEY_CURRENT_USER\Software\Microsoft\Ole

HKEY_CURRENT_USER\System\CurrentControlSet\
Control\Lsa

The worm also changes some registry values to allow anonymous access.

To reverse change, ... REGISTRY EDITING TIME!

CHANGE:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
EnableDCOM = "N"

TO:
HKEY_LOCAL_MACHINE\Software\Microsoft\OLE
EnableDCOM = "Y"

CHANGE:
HKEY_LOCAL_MACHINE\System\CurrentControlSet
Control\Lsa
restrictanonymous = "dword:00000001"

TO:
HKEY_LOCAL_MACHINE\System\CurrentControlSet
Control\Lsa
restrictanonymous = "dword:00000000"

Also, it takes advantage of the vulnerability by adding a registry key.

Remove the following registry key:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\
Services\msdirectx

OK, what if you dont trust me? TRUST TREND MICRO THEN (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM%5FSDBOT%2EBND&VSect=Sn). All the solutions you would need.

Full information (http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=WORM_SDBOT.BND&VSect=T)

Maybe it could help you but if you need more, I found this forum (http://en.allexperts.com/q/Windows-XP-3282/b-exe-1.htm).

Run
12 Nov 2007, 14:39
I think he's a mac user, actually. So he doesn't really get that problem. :cool:

oh no the thread :(

yauhui
12 Nov 2007, 15:01
http://img252.imageshack.us/img252/4397/kasperskypowervs4.png

This would be what you will see when Kaspersky Antivirus detects a suspicious program/action.

You wont see this kind of thorough check with most other antiviruses. So get Kaspersky. :cool:

*Splinter*
12 Nov 2007, 15:51
You wont see this kind of thorough check with most other antiviruses. So get Kaspersky. :cool:

Bah, Kaspersky is a virus in its own right. Even if you ask REALLY nicely it will never leave your pc once you get it :(

Diablo vt
12 Nov 2007, 16:09
Yauhui. I open command prompt by: Start -> run -> cmd.exe. Thanks for the replies, I'll try these methods once i've got some college work done.

thomasp
12 Nov 2007, 16:13
I think he's a mac user, actually. So he doesn't really get that problem. :cool:
There are malicious programmes out there for macs though. And not just ones made by Microsoft :p ;)

*Runs*


*Creeps back*

Seriously though, there was a trojan released for Mac OSX last week or so - it requires you to enter an admin password to run it though :p

Plasma
12 Nov 2007, 16:26
Seriously though, there was a trojan released for Mac OSX last week or so - it requires you to enter an admin password to run it though :p
EDIT: After thoughtful consideration, I retract my previous statement about how nobody would want to screw up a Mac anymore than it already is. Macs are the superior OS machines. They are better than Windows or Linux in every way. If god had a computer, it would certainly be a Mac.
I assure you that I am not being forced to post this by Thomas, who is certainly not holding me at gunpoint.
Have a nice day.

Muzer
12 Nov 2007, 18:44
thomasp edited it to say that and then made you at gunpoint to make a minor edit.

Diablo vt
12 Nov 2007, 21:36
No! None of this is working... There must be a way of doing this and i've tried everything, even a defrag which was just pointless. I must get rid of this wee bugger.

quakerworm
12 Nov 2007, 22:07
under xp, command prompt is start->run->cmd, not command.

diablo, what yauhui posted will work. just make sure you do it in safe mode. if you cannot follow simple instructions on how to remove a worm, you shouldn't ask about it in the forum. find someone who knows how to work the registry and ask them to remove it.

yauhui
13 Nov 2007, 03:12
well yeah, cmd, but when i tried hacking a computer using a limited account, my access is denied using the cmd

but i can use the MSDOS by using command.

both works the same. only that cmd is an exe whereas command is a com file, which somehow doesnt have restrictions.

maybe you cant run command prompt because somehow the worm made your account inaccessible to the cmd.

just try command. it works.

MtlAngelus
13 Nov 2007, 04:20
oh no the thread :(
Shush, you.

yauhui
13 Nov 2007, 05:47
defrag was just pointless

why would anyone defrag to get rid of malware? defrag doesnt do anything except rearrange your files in the hard disk just to make the HD more space-efficient.

Diablo vt
13 Nov 2007, 20:27
Finally I got rid of it! Thanks guys! My computer needed a defrag anyway I was bored at the time.

Melon
13 Nov 2007, 20:36
"Ah man, I'm really bored today. What could I do to help excite me? I know, I'll DEFRAG MY COMPUTER HELL YEAH!!!"

"Wheeeee..."

*Splinter*
13 Nov 2007, 20:50
"Ah man, I'm really bored today. What could I do to help excite me? I know, I'll DEFRAG MY COMPUTER HELL YEAH!!!"

"Wheeeee..."

It was more fun back when they used hundreds of coloured blocks :(

FutureWorm
14 Nov 2007, 00:49
"Ah man, I'm really bored today. What could I do to help excite me? I know, I'll DEFRAG MY COMPUTER HELL YEAH!!!"

"Wheeeee..."
somebody needs to develop a 3D disk defrag application that requires a top of the line video card and uses 16x msaa
well yeah, cmd, but when i tried hacking a computer using a limited account, my access is denied using the cmd

but i can use the MSDOS by using command.

both works the same. only that cmd is an exe whereas command is a com file, which somehow doesnt have restrictions.

maybe you cant run command prompt because somehow the worm made your account inaccessible to the cmd.

just try command. it works.

tell me more about hacking, yauhui

quakerworm
14 Nov 2007, 02:05
well yeah, cmd, but when i tried hacking a computer using a limited account, my access is denied using the cmd
why use limited account when you can have admin password in minutes by running a rainbow table off a bootable cd?

Run
14 Nov 2007, 08:13
somebody needs to develop a 3D disk defrag application that requires a top of the line video card and uses 16x msaa

i think there should be a tetris-like game which doubles as a manual defrag program

the most fun way to tidy your computer!

bonz
14 Nov 2007, 11:03
i think there should be a tetris-like game which doubles as a manual defrag program

the most fun way to tidy your computer!
Hehe!
Or a collection of such puzzle games.

Game mechanics like "same game" and "bust-a-move" would also fit perfectly.
Or minesweeper, where the reading head crashes onto a sector if you blow up the mine. :)

yauhui
14 Nov 2007, 12:37
tell me more about hacking, yauhui

I'll be banned then. :(

why use limited account when you can have admin password in minutes by running a rainbow table off a bootable cd?

I dont like to hack using cds. I'll look suspicious holding a cd around school, dont you think? and students are only allowed to use a limited account.

AndrewTaylor
14 Nov 2007, 13:38
students are only allowed to use a limited account.

I believe the idea of hacking is to achieve things you're not normally allowed to do.

FutureWorm
14 Nov 2007, 22:17
Or minesweeper, where the reading head crashes onto a sector if you blow up the mine. :)

that's a really good idea

SupSuper
14 Nov 2007, 22:35
I'll look suspicious holding a cd around schoolWait, what?

AndrewTaylor
14 Nov 2007, 23:13
that's a really good idea

I think all Windows applications like defrag and find and scandisk and so forth should cost money. It should be the money you earn for winning the default Windows card games and stuff.

Diablo vt
15 Nov 2007, 00:22
"Ah man, I'm really bored today. What could I do to help excite me? I know, I'll DEFRAG MY COMPUTER HELL YEAH!!!"

"Wheeeee..."

Yeah you just mock me.:mad:

FutureWorm
15 Nov 2007, 01:42
I think all Windows applications like defrag and find and scandisk and so forth should cost money. It should be the money you earn for winning the default Windows card games and stuff.
what happens when you go into debt in windows solitaire after one too many "vegas-style" games

quakerworm
15 Nov 2007, 06:24
I dont like to hack using cds.
you only really need a bootable cd if you have zero access to the system. if you have even a limited student account, you can run a rainbow table from a thumb drive or even by downloading it to hard drive. you are still going to want a table that is at least a few hundred mb to cover most passwords.

MtlAngelus
15 Nov 2007, 08:57
what happens when you go into debt in windows solitaire after one too many "vegas-style" games
You pawn microsoft office for some cash.

yauhui
15 Nov 2007, 09:24
Finally I got rid of it!

this thread has served its purpose.

Muzer
15 Nov 2007, 19:07
you only really need a bootable cd if you have zero access to the system. if you have even a limited student account, you can run a rainbow table from a thumb drive or even by downloading it to hard drive. you are still going to want a table that is at least a few hundred mb to cover most passwords.
It's also easier with a program like ophcrack, but those are tiny.

Pickleworm
15 Nov 2007, 19:30
*scribbles down hacking tips in tiny notebook*

Uh, don't mind me. I always wanted to know how to hack. I want to hack the school network so all the computers flash MR. JONES IS A NAZI (Heh... don't ask.) Anyone know how to do this?

*Splinter*
15 Nov 2007, 21:11
*scribbles down hacking tips in tiny notebook*

Uh, don't mind me. I always wanted to know how to hack. I want to hack the school network so all the computers flash MR. JONES IS A NAZI (Heh... don't ask.) Anyone know how to do this?

Do they have NetOp or a similarly retarded class-controlling program?

quakerworm
16 Nov 2007, 06:56
Uh, don't mind me. I always wanted to know how to hack. I want to hack the school network so all the computers flash MR. JONES IS A NAZI (Heh... don't ask.) Anyone know how to do this?
you probably want a custom-written worm that utilizes human stupidity. these never fail on school networks.

yauhui
16 Nov 2007, 10:37
the method i use doesnt work sometimes. so, to not disappoint you, i wont state my method.

and oh, how do you use ophcrack?

Run
16 Nov 2007, 21:24
*scribbles down hacking tips in tiny notebook*

Uh, don't mind me. I always wanted to know how to hack. I want to hack the school network so all the computers flash MR. JONES IS A NAZI (Heh... don't ask.) Anyone know how to do this?

you probably want a custom-written worm that utilizes human stupidity. these never fail on school networks.

trap sprung

franpa
21 Nov 2007, 10:28
Would you mind if i request for the method you use to open Command Prompt? like go to start menu > accessories or something.

this is the method i use to open command prompt when hacking a computer:

start menu > run > command

this will open command prompt.

that opens DOS which is a CLI ^^ the CP is accessed via start menu > run > cmd

quakerworm
21 Nov 2007, 23:07
command prompt is also a cli. the only difference is that cmd.exe is a windows application, while command is a com file, and so it runs under dos emulation.

Pickleworm
22 Nov 2007, 00:43
Do they have NetOp or a similarly retarded class-controlling program?

Yes... i dont know what it is. He totally sniped my friend Karl when he was on miniclip and made him clap erasers after school, so i want to get back at him.