unwanted connection

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

This is for WinXP pro 64bit

I believe I have a trogen that whenever I start my internet connection I get
an established connection to usedmoto.com. At the same time regsvr32 starts a
process called (gdgdshdhh.exe). I have deleted this program but it must be
hiding somewhere else, because it keeps coming back.

Until I figure out where the culprit is, is there anyway that the firewall
can block this connection? I have added it to the exception list (unchecked)
which doesn’t seem to help.

I have watched the packet send/receive and it shows no traffic.

Is there anywhere in the registry that I may take a look at?
 
Parmanian said:
This is for WinXP pro 64bit

I believe I have a trogen that whenever I start my internet connection I get
an established connection to usedmoto.com. At the same time regsvr32 starts a
process called (gdgdshdhh.exe). I have deleted this program but it must be
hiding somewhere else, because it keeps coming back.

Until I figure out where the culprit is, is there anyway that the firewall
can block this connection? I have added it to the exception list (unchecked)
which doesn’t seem to help.

I have watched the packet send/receive and it shows no traffic.

Is there anywhere in the registry that I may take a look at?
Click to expand...

=Run a scan from here online:
http://www3.ca.com/securityadvisor/virusinfo/scan.aspx
Download Avast Cleaner from here:
http://www.avast.com/eng/avast-virus-cleaner.html
Lots of tools to download and disinfect your machine:
http://www.bitdefender.co.uk/site/Downloads/browseFreeRemovalTool/

For Malwares download both these software:
http://www.lavasoft.com/products/ad-aware_se_personal.php
http://www.safer-networking.org ; for Spybot S&D

= Open the Windows
Explorer and locate this path:
C:\Windows\System32\drivers\etc = look in the Right Pane/window for this
file called the HOSTS file but not the one with the extension *.SAM* leave
this as is.
If you can't see it try to click Tools >> Folder Options and select show
Hidden files and folder, then right Click the Hosts file and select open with
Notepad.
There see any reference for that site and remove it, you Hosts file will
looks like this:
# 102.54.94.97 rhino.acme.com # Source server
# 38.25.63.10 x.acme.com # Client Host
127.0.0.1 LocalHost
------------------------------------------
Remove all other References other than those above.

If you still directed Download the Hijackthis and send the report to one of
many
forums for analysis and troubleshooting:
When all else fails, HijackThis v1.99.1
(http://aumha.org/downloads/hijackthis.zip) is the preferred tool to use.
It will help you to both identify and remove any hijackware/spyware. Post
your log to http://aumha.net/viewforum.php?f=30,
http://castlecops.com/forum67.html,
http://forums.subratam.org/index.php?showforum=7, or other appropriate
forums for expert analysis, not here.
HTH.
Let us know.
Regards,
nass
 
Back
Top