|
-
December 9th, 2004, 12:04 AM
#11
that is exactly what it is doing, it is bound into winlogon.exe and is making connections to that Ip:69.20.20.161 and whenever I delete or do anything it is finding its way back in through winlogon.exe and that rundll32.exe file. nasty crap
Duct tape.....A whole lot of Duct Tape 
Spyware/Adaware problem click
here
-
December 9th, 2004, 12:06 AM
#12
[off topic --- slightly]
I'm not capable of answering these type of problems, but one question that keeps coming up into my mind :
What size is the offending file ? I seem to recall reading that the average baddie is only [at most] a couple of kilobytes long, which isn't really a great deal of code to be able to do all that the newer species are apparently capable of.
Are there any places I can read up on these points ?
so now I'm in my SIXTIES FFS
WTAF, how did that happen, so no more alterations to the sig, it will remain as is now
Beware of Geeks bearing GIF's
come and waste the day :P at The Taz Zone
-
December 9th, 2004, 12:10 AM
#13
You probably have tried countless things, however NoAdware is the only one claiming they can remove it.
www.NoAdware.net
good luck.
Connection refused, try again later.
-
December 9th, 2004, 12:23 AM
#14
Thanks for that suggestion, Relyt... my customer is gone already, though, so I can't test it 
I checked a last time right before she came to pick it up with both AdAware and Spybot. Both gave clean results. Then when she was here, I fired up AdAware, took 10 seconds and BANG: four new entries... try explaining that...
-
December 9th, 2004, 12:37 AM
#15
Spyrus > Have you tried AdAware with the VX2-plugin? I can't test it to see if it works (since the customer is gone already)... I know the plug-in works, but not if it's efficient or not...
http://www.lavasoftusa.com/software/...2cleaner.shtml
-
December 9th, 2004, 12:41 AM
#16
Just ran noadaware which found some stuff but didnt really do anything and wants you to pay for it before it will clean.... But it leaves you the directories where the stuff is so you can manually delete (didnt fix the problem)
Neg: Adawares lil program didnt do anything for me
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click
here
-
December 9th, 2004, 12:54 AM
#17
Something else I tried was booting to Knoppix (Live cd), then trying to delete that winupdak.dll. The first time I checked, it wasn't there. Went back to Windows, scanned the entire box in safe mode with everything imagineable, and it came up clean. Rebooted to Knoppix, the winupdak.dll was there again (in system32\winupdak.dll) and Knoppix couldn't delete it! Rebooted to Windows, no winupdak.dll to be seen... it almost seems like it's physically attaching itself to the hard drive and is going in stealth mode 
-
December 9th, 2004, 01:08 AM
#18
I have been following both threads on this and just have one question(wish I could tell you how to remove it, but I can't).
Where does this baddy come from? Is it downloaded, or bundled with something else? Is there a comman web site that comprimises pc's, or what?
I have tried researching various sites to see what others are saying about this, but no one is mentioning where it comes from.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
-
December 9th, 2004, 01:12 AM
#19
Here's info on its origins, mox.
-
December 9th, 2004, 01:41 AM
#20
Thanks Neg.
After considering that this varient is an IE exploit, I might have a solution, but don't have anyway of testing it.
By default, Internet Explorer 6 is preinstalled in all versions of Windows XP and cannot be removed. To provide computer manufacturers more flexibility in configuring desktop versions of Windows XP, Microsoft has made it possible for OEMs, administrators, and users to remove user access to Internet Explorer while leaving the Internet Explorer code intact and fully functional to make sure the functionality of programs and operating system functions that rely on it. For example, Windows XP supports an "IEAccess=off" switch in the Unattend.txt file, and Internet Explorer has been added to the Add/Remove Windows Components section of the Add/Remove Programs tool in Control Panel. This does not reinstall Internet Explorer.
Then you can use some of the other tools and suggestion in this Microsoft artical http://support.microsoft.com/kb/318378/EN-US/ , which the above quote comes from.
Basically, you would be attempting to remove most of the registry entries dealing with IE and then reinstalling IE from a OS disc and redoing all the registry keys. Hopefully, this would remove the baddies base and registry exploits and allow you to do a clean install of IE.
I could go on and say.....just don't use IE, but I am sure that you have already tried to convince the users of that already.
\"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
Author Unknown
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote
