Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dial Up Virus?


  • Please log in to reply
9 replies to this topic

#1 polconv

polconv

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 03 February 2006 - 12:19 PM

I have a problem, which i suspect may be a trojan.
I use broadband, however everso often, the dial up connection box keeps appearing. The dial up program is "c/windows/system32/li.exe.

When i go into the properties of this file, it says original program was "links.exe"

Any ideas how to remove this would be appreciated.

PS. i don't understand comlicated terms lol :thumbsup:

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:18 PM

Posted 03 February 2006 - 12:22 PM

Hi There :thumbsup:

I have read your post and I think it would be wise for you to post a HijackThis log for an expert to review. I bet you are wondering what HijackThis is. Well it's a program that is simply able to show others what's going on inside your computer, in terms of infection etc.. The orignal file name is a bad file. Take a read about it here. The whoe thing sounds a bit fishy, so i think it will be best to refer you to a security expert. :flowers:

I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem.

As the guide says, after you have completed the scans that are recommended, please post your "HijackThis" log in a new topic in the forum found here. Please add your system infomation and also what problems you are having. Please wait for a few days and one of our experts will get onto fixing your computer for you.

David

#3 Albert Frankenstein

Albert Frankenstein

  • Members
  • 2,707 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Michigan, USA
  • Local time:04:18 PM

Posted 03 February 2006 - 06:52 PM

A little info I found on links.exe:

links.exe is a process which is registered as a depress worm variant Trojan. This Trojan allows attackers to access your computer, stealing passwords, Internet banking and personal data. It is a registered security risk and should be removed immediately.


ALBERT FRANKENSTEIN
I'M SO SMART IT'S SCARY!


Currently home chillin' with the fam and my two dogs!


#4 polconv

polconv
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 04 February 2006 - 09:44 AM

Thanx for your advice. Just a progress report here.
i am half way through all the suggested scans. So far bit defender have deleted a few files. But was unable to delete one called BehavesLike:Trojan.LowZones which is from the "li.exe file" i decribed before. I'll continue with the hijackthis steps as decribed.

Many thanx

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:18 PM

Posted 04 February 2006 - 10:51 AM

:thumbsup:

#6 polconv

polconv
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 04 February 2006 - 04:50 PM

While i'm here, i have another problem which may or may not be related. When i try and clear temp internet files the auto comlete still brings up addresses i have used in the past. I'v tried deleting through deleting history, files and cookies in the internet options as well as trying to clear auto comlete forms in the "content" tab. Neither seem to work.

Any ideas would be great?

#7 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:03:18 PM

Posted 04 February 2006 - 08:26 PM

Run the suggested anti-malware programs and then follow the directions for downloading HJT and creating a HJT log explicitly>

Do not attempt to use the HJT program by yourself unless you are expert at the registry. Even making a "slight" mistake can render your computer's op system useless.

#8 Enthusiast

Enthusiast

  • Members
  • 5,898 posts
  • OFFLINE
  •  
  • Location:Florida, USA
  • Local time:03:18 PM

Posted 04 February 2006 - 08:32 PM

You clear those using reset or settings capability of your browser.

If you're using Internet Explorer:

(From IE 'Help")
You can configure AutoComplete to save and suggest only the information you want. You can choose whether to use AutoComplete for Web addresses, forms, and passwords, or not use it all. You can also clear the history for any of these.

In Internet Explorer, on the Tools menu, click Internet Options.
Click the Content tab.
Under Personal information, click AutoComplete.
Select the check boxes for the AutoComplete options you want to use.


To delete Autocomplete entries from the Address bar list

The AutoComplete feature saves previous entries you've made for Web addresses, forms, and passwords. To delete entries from the Address bar, you must clear your History folder. You cannot clear individual entries from the list of saved entries.

On the Tools menu in Internet Explorer, click Internet Options.
Click the General tab.
Under History, click Clear History.
Notes

When typing information in Web forms, and typing passwords, you can remove an item from the list of suggestions by clicking the item and then pressing the DELETE key.

Edited by Enthusiast, 04 February 2006 - 08:34 PM.


#9 polconv

polconv
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Local time:08:18 PM

Posted 05 February 2006 - 03:17 PM

I've posted a hijack log already, waiting review. I have attempted to clear the history etc in the normal way and as described above, however some addresses continue to appear. Just wondering if there are any other options and could it be related to the virus problem

Thanks again

#10 Herk

Herk

  • Members
  • 1,609 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:S.E. Idaho, USA
  • Local time:04:18 PM

Posted 05 February 2006 - 05:01 PM

If you don't have a dial-up connection but the thing pops up constantly, you can stop it by Opening Internet Explorer and clicking on "Tools" then "Internet Options." Once there, click on "Connections" and click the radio button that says "never dial a connection." That should stop the pop-ups until you get the baddies removed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users