Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I Am Infected Can't Find The Source


  • Please log in to reply
8 replies to this topic

#1 SuzanneMarie

SuzanneMarie

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Location:Rhyl, North Wales
  • Local time:10:54 AM

Posted 04 April 2006 - 05:31 AM

My boyfriend was browsing the internet last night, as far as I Know everything was fine. This morning when i try to logon to the internet Nortons informs me that it has detected a new network. Upon further investigation I notice that My dial Up Number and my logon details have been changed, I changed them back to what they should be and save but everytime I dial Up It goes back to the offending number.
Nortons did detect and fix a virus last night called Trojan.textcash.
I have run a check with Spybot, Nortons and Ad-aware they all come up with nothing.
I did notice when I Checked My start up Programmes with Spybot that there were to new Entries that I Did not recognize are these relevant C:\windows\system 32\Itunesff.exe.-go-c99-w and
Rundll32.exe Ptipmf.dll set writecachemode
Please help me find the source Thank You :thumbsup:

BC AdBot (Login to Remove)

 


#2 Arma

Arma

  • Members
  • 76 posts
  • OFFLINE
  •  
  • Local time:05:54 AM

Posted 04 April 2006 - 07:51 AM

Haaa looks like your boyfriend had fun with porn last night (^_^)

Use http://www.pandasoftware.com ActiveScan Pro, it will detect what and how much bad things your boyfriend aggroed while browsing porn...

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:54 AM

Posted 04 April 2006 - 09:06 AM

Trojan.Textcash is a Trojan horse that executes a CAB file in Internet Explorer cache folders by exploiting the Microsoft Internet Explorer CreateTextRange Remote Code Execution Vulnerability. Microsoft has not released a patch for this yet. Before the patch is available, one workaround is to disable the Active scripting from Internet Explorer.

See Workarounds for IE createTextRange() flaw here.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 SuzanneMarie

SuzanneMarie
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Location:Rhyl, North Wales
  • Local time:10:54 AM

Posted 04 April 2006 - 11:33 AM

Thank you very much for the link to scan the computer. I did the scan and it came up with these;
Dialer.xd, Dialer.Abr, Web3000, Fun Web, Searchcentrix.

Can anyone help me get rid of these as Spybot and Nortons are not detecting them
Thank you very much

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:54 AM

Posted 04 April 2006 - 01:20 PM

Searchcentrix removal instructions via Add/Remove can be found here.
Fun Web Products removal instructions are here.

To remove the dialers and other malware Download and scan with Ewido Anti-Malware v3.5
Ewido Install and Scan Instructions

Then perform these online Virus scans:
[Watch the Address bar in IE. You may receive alerts that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then Click Install ActiveX component]

Trend Micro Housecall Scan
a-squared Web Malware Scanner
There are three options: Quick Scan, Smart Scan, Deep Scan and Custom Scan. The default selection is Smart Scan which is fast and scans the most important folders.

Web3000 replaces wsock32.dll (C:\Windows\System\Wsock32.dll) and possibly other Windows system files so you have to be careful with removing it.

If this all seems a bit overwhelming for you, especially since it involves the wsock32.dll, you may want to read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log.

When you have done that, post a log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 SuzanneMarie

SuzanneMarie
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Location:Rhyl, North Wales
  • Local time:10:54 AM

Posted 04 April 2006 - 05:52 PM

Thank you very much for the advice I appreciate it very much.
I went to the Panda Software.com site and did a total scan and that removed all of the bugs as far as I can tell apart from the Fun Web Serch which it said it couldn't. Which I will deal with as Advised. Again Thank You

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:54 AM

Posted 04 April 2006 - 06:19 PM

Your welcome.

I still recommend that you download and scan with Ewido. It finds and removes a lot of malware. Its free and is an excellent supplement to your anti-spyware toolkit. No single program on the market can claim 100% detection/removal so using more than one is recommended. Each vendor has its own definition of what constitutes spyware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 SuzanneMarie

SuzanneMarie
  • Topic Starter

  • Members
  • 44 posts
  • OFFLINE
  •  
  • Location:Rhyl, North Wales
  • Local time:10:54 AM

Posted 06 April 2006 - 09:43 AM

Thank You For the Advice. I Downloaded the program you suggested in the last post(sorry I Can't remeber the name), That helped to get rid of some things that the other programs didn't pick up. Thank You

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,126 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:54 AM

Posted 06 April 2006 - 02:22 PM

Your welcome.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users