i think there’s a virus that a boot-time scan with avast could not detect. that’s okay 'cos trend micro online scan didn’t and it also seems symantic database does not list it.

it’s called BBsatanus and it was detected by my firewall. the file responsible is csfix.exe in windows or windows system directory on my windows xp. I had to stop a task for cs.fix from the task monitor and then delete csfix.exe and another file that had csfix too.

does anyone know anything about this virus? what does csfix do? there’s not much online about this

If you still have the file you could send it to virus@asw.cz or check it here to give us an other name for the Virus.

I’m having the same problem to, even though this thread is 3 years old. Any help would be greatly considered. I blocked external and internal TCP ports 2003 and 2004 and deleted csfix.exe. But it seams to not work. :-
BB Satanus has 2 sources… cs.fix and another one… wich I can’t delete because i wont run .exe files anymore. >:( “WBDBASE.exe” And I think this is related to the fact that somethimes I can’t acces .exe files >:( , it just gives an error. What is there to do?? Please help I’m not a virus specialist(not even a virus basic knower : ) and I dont know what to do. ???
Ooh, and now when I open some .exe files it says “the file is already in use”. >:( >:( >:(

Hi Mih-4i,

Description

* Summary
* Description
* Recovery
*  

This section helps you to understand how it behaves

Troj/Satanus-A is a backdoor Trojan which allows unauthorised access and control of the computer from a remote network location.

Upon execution Troj/Satanus-A drops itself to the windows system folder and sets the following registry entry so that it is run on startup:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft =“”
Recovery

* Summary
* Description
* Recovery
*  

This section tells you how to remove the threat.

Please follow the instructions for removing Trojans.

Windows NT/2000/XP

In Windows NT/2000/XP you will also need to edit the following registry entry. The removal of this entry is optional in Windows 95/98/Me. Please read the warning about editing the registry.

At the taskbar, click Start|Run. Type ‘Regedit’ and press Return. The registry editor opens.

Before you edit the registry, you should make a backup. On the ‘Registry’ menu, click ‘Export Registry File’. In the ‘Export range’ panel, click ‘All’, then save your registry as Backup.

Locate the HKEY_LOCAL_MACHINE entry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Microsoft =“”

and delete it if it exists.

Close the registry editor.

polonus

Ok , thx. I’m at the deleting part. In the “Run” folder I see an Optional Components folder, i click it andthere are 3 folders in there : IMAIL, MAPI and MSFS Wich one should I delete?

P.S Sorry not to good on this. ;D

It always creates this file. WBDBASE. If I delete it , I can run . exe files but it always creates it back.

Hi,

Kill that file with killbox from here:
http://download.bleepingcomputer.com/spyware/KillBox.zip

And do this while you have system restore disabled, so the OS is not putting the trojan back all the time, after that restore system restore, well that is when your OS is WinXP.

polonus

Yes, I am using XP.

How do you disable sistem restore? I know I can find that out, but my computer is full of bugs , can’t acces almost anything. So i must do the sistem restore thing really fast after restarting the pc and deleting myself the problem-file (lame ) And, btw thanx for your help . Hope i’ll finish solving this mes up. >:(

I found it , but now I can’t run anything. :o

A day ago I just restarted and deleted that file quick and then doing my tasks. (because if I waited longer it would of give an error like :the program is already in use: ) But now I can’t do anything. Everything is in use. >:( >:( >: (Damn, this is complicated. Help please.

Enable/Disable System restore on Windows ME: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q264887
Enable/Disable System restore on Windows XP: http://support.microsoft.com/default.aspx?scid=kb;[LN];310405
System Restore cannot be disabled on Windows 9x and it’s not available in Windows 2k.

I have sistem restore off, and it still re-creates that file. ??? It’s a nasty copy of the real WBDBASE.exe that makes all .exe files inaccesible. How do I permanently delete it?

If a virus is replicant (coming and coming again), you should:

1. Disable System Restore as you’ve done
2. Clean your temporary files.
3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot.
4. Use a-squared, ewido or Spyware Terminator (trojan removers).

Hope this helps

I’ll see what I can do and I already used some trojan removers… none of them seem to detect it.

Temp folder seems to be full of “ZLTO” files. I think this si part of the problem.

hmmm… cant even delete files… says that they are already in use… everything is already in use. This is messed up.
But I saw that if I restart and delete the infected file quickly and I am still quick enough I can delete/run a file. lol

But this is getting annoying…

But did you scan boot time scanning of avast or not?
To delete blocked files try Try Unlocker (http://ccollomb.free.fr/unlocker/) or Delete FXP (http://www.jrtwine.com/).

How do I do all those things if I can’t run anything? : I fear I must reboot my Windows.

What? Can’t you run anything into Windows? What’s happening?

To schedule the Boot Time Scanning:

Click on the Menu button.
Choose Schedule Boot Time Scan.
Doing so displays a dialog allowing you to schedule virus scanning.
Check Archives, if you want scan all the archives.
Specify whether all the disks or just a specific folder should be scanned.
Select Advanced options for scheduling details.
Select how to automatically process infected files.
Choose how to automatically process infected system files.
Click the Schedule button to confirm the settings.