Re: Backdoor.Lateda.C
From: shuckie69 (shuckie69_at_discussions.microsoft.com)
Date: 05/26/05
- Next message: David H. Lipman: "Re: Backdoor.Lateda.C"
- Previous message: Derek N: "Ooops!"
- In reply to: David H. Lipman: "Re: Backdoor.Lateda.C"
- Next in thread: David H. Lipman: "Re: Backdoor.Lateda.C"
- Reply: David H. Lipman: "Re: Backdoor.Lateda.C"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 May 2005 05:04:03 -0700
Hi David
Just wanted to let you know that I think I have resolved the problem. I
managed to connect the PC to the internet via my router using a USB wireless
adapter and ran a variety of anti-virus scans. AntiVir detected and deleted
a couple of worms, and ZoneAlarm was stopping c:\windows\system32\winsci.exe
from connecting to the internet. According to the log it tried to connect
almost 1000 times in just a few minutes! I ran online scans at
www.antivirus.com, www.symantec.com and www.mcafee.com. The last one
detected a worm which was actually this winsci.exe file. I deleted the file
and I'm no longer getting the connection message re. l33t.freeshellz.org.
Apart from some minor spyware repeated scans haven't revealed any further
worms/viruses/trojans (touchwood!).
Many thanks for your help and advice, I will let you know if the problem
re-occurs when I return the PC to my friends this evening.
"David H. Lipman" wrote:
> From: "shuckie69" <shuckie69@discussions.microsoft.com>
>
> | Hi David
> |
> | As per my initial message; "...but the Trojan keeps the modem com port busy
> | preventing me from connecting to the Net most of the time, and even when I
> | can connect it stops me from downloading anything...". With this being an
> | XP machine, a message keep appearing approx every 10 seconds saying the a
> | program is trying to connect to the l33t.freeshellz.org domain. As a result
> | when I try to connect I get a message saying the modem COM port is busy. I
> | haven't been able to connect to the Net since I posted this message,
> | therefore I can't update Sysclean, Ad-Aware, AntiVir or anything else! If I
> | detach and reconnect the ADSL modem's USB cable, the trojan instantly tries
> | to connect.
> |
> | Any ideas???
>
> Shutdown as many applications as possible
> It would also help for you to read - "How to perform a clean boot in Windows XP"
> http://support.microsoft.com/kb/310353
>
> Copy and Paste the following command line on the; Start --> Run location
>
> %comspec% /c del %windir%\system32\drivers\etc\hosts
>
> Dump the contents of the IE Temporary Internet Folder cache (TIF)
> Start --> Settings --> Control Panel --> Internet Options --> Delete Files
>
> Dump the contents of the Mozilla FireFox Cache { if you use FireFox }
> Tools --> Options --> Privacy --> Cache --> Clear
>
>
> Download CLEAN.EXE from the URL --
> http://www.ik-cs.com/programs/virtools/clean.exe
>
> It is a self-extracting ZIP file that contains the Kixtart Script Interpreter
> { http://kixtart.org Kixtart is CareWare } three batch files, two Kixtart scripts, two Link
> (.lnk) files and a PDF instruction file.
>
> GETFILES.BAT -- For downloading (FTP) the files needed to run the McAfee Command Line
> Scanner. You may have to disable your FireWall or allow FTP.EXE to go through your FireWall
> to allow the FTP utility to download the needed files
>
> CLEAN.BAT -- For running within Windows after running c:\mcafee\GetFiles.BAT. If you choose
> to scan again at a future date, run this batch file. It will automatically check the date
> of the McAfee DAT files and if it is a couple of days old, it will download (FTP) the latest
> signature files and install them before performing the scan.
>
> DOSCLEAN.BAT -- For use on a Win9x/ME PC or on a Win2K/WinXP PC that is using FAT32 after
> you have booted from an Emergency Boot Disk or DOS disk and have already executed;
> c:\mcafee\GetFiles.BAT from within Windows. DOS disk boot images can be obtained from;
> http://www.bootdisk.com/bootdisk.htm
>
> I need you to perform the following...
>
> Execute; CLEAN.EXE
> Choose; Unzip
> Choose; Close
>
> Execute; c:\mcafee\GetFiles.BAT
> { or Double-click on 'GetFiles Link' in c:\mcafee }
>
> Reboot the PC into Safe Mode [F8 key during boot]
>
> Shutdown as many applications as possible !
> It would also help for you to read - "How to perform a clean boot in Windows XP"
> http://support.microsoft.com/kb/310353
>
> Execute; c:\mcafee\CLEAN.BAT
> { or Double-click on 'Clean Link' in c:\mcafee }
>
> A final report in HTML format called C:\mcafee\ScanReport.HTML will be generated. At the
> end of the scan, it will be displayed in your browser (Opera, FireFox or Internet Explorer).
> It is suggested that you move the report out of c:\mcafee before performing another scan.
> It would be a good idea to scan in Safe Mode and in Normal Mode and save a copy of the HTML
> report for each session.
>
>
> * * * Please report back your results * * *
>
>
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
>
- Next message: David H. Lipman: "Re: Backdoor.Lateda.C"
- Previous message: Derek N: "Ooops!"
- In reply to: David H. Lipman: "Re: Backdoor.Lateda.C"
- Next in thread: David H. Lipman: "Re: Backdoor.Lateda.C"
- Reply: David H. Lipman: "Re: Backdoor.Lateda.C"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
