Re: Sinkin Virus, Continuing Problems

From: PHLguy (PHLguy_at_nospan.org)
Date: 11/18/03 

Date: Tue, 18 Nov 2003 13:48:36 GMT

Thanks Bill and Kent.

And sorry for the double post.

Here's what happens: I set up a new account with the same priviliges
(limited) then click on the shortcut to establish a connection. I run a DSL
connection. I get an error message stating the username and password were
not recognized on the domain and a "retry" button but there's a timer also
that will retry the connection automatically. I've tried both clicking the
retry and allowing the timer to run so it will retry itself both with no
success, the same error message appears.

I've deleted and set up local accounts before and this has never happened.
Just as another test, I used the other admin account that was set up on the
local machine but I had changed the password to that account as a
precaution. After I had changed the password I was unable to access the
connection in that account. So, it seems now that when ever I change
anything in the local accounts, it prevents those accounts from accessing
the connection.

My internet connection is a DSL through a WAN miniport (PPOE). It also has a
LAN connection through the Ethernet and something called a 1394 connection
that is enabled when I am connected.

I had changed the password in my DSL connection before the infection...but I
would expect a window with the username and password fields to appear first
on those new accounts, for some reason it's by passing that process and just
informing me that the username and password aren't recognized.

Thanks!

"Bill Sanderson" <Bill_Sanderson@msn.com.plugh.org> wrote in message
news:OyKuulYrDHA.2688@TK2MSFTNGP09.phx.gbl...
> I'm with Kent W. England:
>
> Please start from the beginning describing your connection issue--ignoring
> the virus/trojan for the moment.
>
> So--you've got an XP Home machine, and you "deleted the local account."
>
> What happens next, in detail?
>
> "PHLguy" <PHLguy@nospan.org> wrote in message
> news:snfub.30479$hB5.16162@nwrdny02.gnilink.net...
> > I've posted previously about getting the Trojan Sinkin. It came through
> one
> > of the local users use of AIM and was quarantined by NAV. But I'm still
> > showing signs of infection.
> >
> > I run Windows XP Home, Zone Alarm Pro and Norton AntiVirus. I am
fanatical
> > about installing the OS and the firewall and AV updates, still I got
this
> > thing.
> >
> > I've done what Symantec suggested, ie, shut off Sys Restore, reboot in
> Safe,
> > Run the Scan again. NAV found nothing after that scan. I ran regedit and
> > couldn't locate the registry entries Symantec and McAfee told me to
> expect.
> > BUT...I'm still showing signs of infection.
> >
> > I deleted the local XP account and its associated files but now I can't
> use
> > that account to access my internet connection.
> >
> > Any advice, words of wisdom would be greatly appreciated.
> >
> > Thanks
> >
> >
>
>