Re: What is "Backdoor.Winbach" as reported by eTrust Pest Patrol?

• Previous message: Greg Ro: "Re: Spybot 1.4 corrupted display"
• In reply to: Michael: "What is "Backdoor.Winbach" as reported by eTrust Pest Patrol?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 17 Aug 2005 09:55:13 -0400

From: "Michael" <aaflyguy@gmail.com>

| I have XP sp2 running on my Compaq Presario M2105US notebook.
|
| RoadRunner provides my Internet connection and Time Warner also provides a
| suite of virus, firewall, spyware programs from Computer Associates. eTrust
| Pest Patrol is one of those programs and when I ran it just a while ago it
| indicated that I had "Backdoor.Winbach" and two files were singled out
| C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll
|
| When I went to the CA website to research removing this thing, it gave a
| long list of running processes that I was supposed to kill (none of them
| were running on my system as far as I could tell), a longer list of DLL's
| that I was supposed to unregister (over my head) and a long list of file I
| was supposed to remove (none of them existed when I searched for them).
|
| So is this a real threat or is it some sort of false alarm or what? If I do
| indeed have some sort of Backdoor trojan horse or whatever, won't my
| firewall alert me to someone trying to contact the program? Can I safely
| delete just the dscan16.dll and dscan32.dll files, or will that have an
| adverse effect on other aspects of my computer.
|
| In short, is this anything to worry about?
|
| Michael
|

These are Backdoor Trojans. Always something to worry about. Definitely have CA eTrust
remove them ! Manually deleting them may not be enough if they have made modifications to
the OS. Then the AV software needs to remove the files and correct those modifications.

You can use the following tool to scan your computer to make sure they have been removed and
no other viruses or Trojans have been dropped onto your computer.

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, a PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using; Sophos, Trend and McAfee Anti Virus Command Line Scanners to
remove
viruses, Trojans and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

* * * Please report back your results * * *

-- 
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

• Previous message: Greg Ro: "Re: Spybot 1.4 corrupted display"
• In reply to: Michael: "What is "Backdoor.Winbach" as reported by eTrust Pest Patrol?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]