HELP VIRUS OR SOMETHING?!

Discussion in 'malware problems & news' started by psls, Apr 26, 2005.

Thread Status:
Not open for further replies.
  1. psls

    psls Guest

    Hi Guys

    Having following problems notwithstanding running NOD32 on XP P4 machine:

    1. Can't change homepage on internet options - goes to "about:blank" (tried CWS shredder without success);
    2. Can't open task manager to close file winpack.exe that was causing problems logging on net.
    3. In 2 above, everytime I get on explorer goes to a web address I enter for a few seconds and then reverts to "http:\\" with this screen duplicating until it stops (no internet access at all - running ADSL)
    4. NOD32 has detected files like trojanhorse and rooter but problem persisting.

    Any help is greatly appreciated!!
     
  2. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    have you tried scanning your system with any Anti-Trojan or spyware removal tools?

    If not, I highly recommend it.

    You can download a trial version of Ewido (http://www.ewido.net/en/download/) to scan for and clean Trojans.

    Free spyware removal tools:

    Ad-Aware
    http://www.lavasoftusa.com/software/adaware/

    Spybot S&D
    http://www.safer-networking.org/en/download/index.html

    SpywareBlaster
    http://www.javacoolsoftware.com/spywareblaster.html

    Microsoft Anti-Spyware (beta) (Win 2000/XP only)
    http://www.microsoft.com/athome/security/spyware/software/default.mspx
     
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    The other thing to do is to download, print, and walk through each of the step listed in General Cleaning Instructions. That sometimes suffices, sometimes not. Let us know how it turns out.

    Blue
     
  4. psls

    psls Guest

    Thanks Guys

    Only problem is I can't get on the net to download anything.

    I take it I'll have to download on another computer.

    Does anyone have an idea what the problem is?

    Thanx
     
  5. Sweetie(*)(*)

    Sweetie(*)(*) Registered Member

    Joined:
    Aug 10, 2004
    Posts:
    419
    Location:
    Venus
    Hi, winpack.exe is related to Troj/Dloader-JU Trojan.

    The Trojan may not be the problem as this particular one will download other spyware etc, so it would be wise to run a few Antispyware programs, CounterSPY is very good but only has a free trial, also adaware is still ok.

    First i would have a look at the add remove programs list for suspicious or new entries, also check the start programs, you can disable wincheck from auto starting go to start > run > type "msconfig" > startup.

    Also if you havent already tried, open the Nod32 scanner , in setup tick all options except; list all files and word wrap, then click clean.

    If thats not sucssesful try turning off system restore, boot into safe mode and scan. (clean)
     
  6. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    psls,

    Expanding one what Sweetie(*)(*) has already mentioned, a quick peek at CastleCops for winpack.exe indicates:

    So there are a lot of things that you could have, and none are things you want to have. There are a lot of options to proceed from here, though I would not recommend that you install a lot of software before the system is well stabilized. Just too many bad outcomes possible from compromised installations. Until things are somewhat stable, rely on standalone applications which can be run as is.

    Follow Sweetie(*)(*)'s advice and let us know how you are progressing. A major problem with the infestations is that the solution is both iterative and somewhat personalized. It can be slow going at first.

    Blue
     
  7. psls

    psls Guest

    Thanks Guys

    I'll give it a go and keep you advised.
     
  8. psls

    psls Guest

    Thanks sweetie(*)(*)

    In add remove programs I have a lot of win32 installed programs.

    Are these the ones causing the problem?
     
Loading...
Thread Status:
Not open for further replies.