What is Backdoor.Winbach as reported by eTrust Pest Patrol scan?

[Michael]

I have XP sp2 running on my Compaq Presario M2105US notebook.

RoadRunner provides my Internet connection and Time Warner also provides a
suite of virus, firewall, spyware programs from Computer Associates. eTrust
Pest Patrol is one of those programs and when I ran it just a while ago it
indicated that I had "Backdoor.Winbach" and two files were singled out
C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll

When I went to the CA website to research removing this thing, it gave a
long list of running processes that I was supposed to kill (none of them
were running on my system as far as I could tell), a longer list of DLL's
that I was supposed to unregister (over my head) and a long list of file I
was supposed to remove (none of them existed when I searched for them).

So is this a real threat or is it some sort of false alarm or what? If I do
indeed have some sort of Backdoor trojan horse or whatever, won't my
firewall alert me to someone trying to contact the program? Can I safely
delete just the dscan16.dll and dscan32.dll files, or will that have an
adverse effect on other aspects of my computer.

In short, is this anything to worry about?

Michael

 

[Guest]

If it aint broke, dont fix it. While hackers may be using your machine to
serve thier latest warez or are planning to run DOS attacks from your
machine, its all good! You can still use the thing right? If ya can do that,
theres no problem there! Even if you know that you're being exploited to the
greatest degree imaginable, the bottom line is, you have a computer! You can
open up Word and use 'Internet' and play music! Woot!

Come on now. Lets get real. This is not a library. Google is. We dont know
about every piece of malicious software out there. Its not like we all sit
around and say, 'O yea...that Backdoor.Winbach...yep. thats real trouble. Be
on the lookout for that Backdoor.Winbach.'

Might I recommend www.antivirus.com. Run the free online scan. That should
help out.

 

[Maurice N ~ MVP]

This link at MS is a database of DLL files for MS Windows as well as other programs.
DLL Help Database http://support.microsoft.com/dllhelp/

DSCAN16 & DSCAN32 are not Windows or MS dlls. Delete them. Let them sit in your Recycle Bin for a while. Then rerun your antivirus.

Turn off your antivirus If and when you run another antivirus utility, and any malware detector.

Here's one free virus-cleanup tool to use, even though it will involve time and effort. I suggest you get & run SYSCLEAN from Trendmicro.

See PA Bear's notes on Sysclean from TrendMicro.
Scanning with SYSCLEAN Robear's way
http://aumha.net/viewtopic.php­?t=10610

 

[Leythos]

I have XP sp2 running on my Compaq Presario M2105US notebook.

RoadRunner provides my Internet connection and Time Warner also provides a
suite of virus, firewall, spyware programs from Computer Associates. eTrust
Pest Patrol is one of those programs and when I ran it just a while ago it
indicated that I had "Backdoor.Winbach" and two files were singled out
C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll

First and foremost, if you have Cable, get a NAT Router - even a simple
Linksys BEFSr41 will protect you better than anything that you can load
and run on your computer as a local administrator. With cable you don't
have to do anything, just connect, reboot all devices, done, you're
online.

Read up on NAT and how it protects your computer system.

 

[Michael]

First of all nitwit, I've done quite a bit of research on this before
posting to this NG. And I found scant information on this trojan. The only
thing I found was on the Computer Associates website, the makers of the
eTrust Pest Patrol software that discoverd this in the first place.

So in the hopes of alerting others to this trojan, and possibly finding
someone with a little more compassion and understanding and knowledge than
you have, I felt it prudent to post what info I had on it and see if anyone
could add productively to my query.

You obviously could not contribute anything of any value and assume that by
asking a question I am somehow inconveniencing the NG and more importantly
you.

Thanks for nothing. Get a life. Help an old lady cross the street or
something else useful.

 

[Michael]

Thanks for the tips.

Do you happen to know if I go back to a previous restore point whether that
might also get rid of whatever found its way onto my computer?

Thanks.

Michael


This link at MS is a database of DLL files for MS Windows as well as other
programs.
DLL Help Database http://support.microsoft.com/dllhelp/

DSCAN16 & DSCAN32 are not Windows or MS dlls. Delete them. Let them sit in
your Recycle Bin for a while. Then rerun your antivirus.

Turn off your antivirus If and when you run another antivirus utility, and
any malware detector.

Here's one free virus-cleanup tool to use, even though it will involve time
and effort. I suggest you get & run SYSCLEAN from Trendmicro.

See PA Bear's notes on Sysclean from TrendMicro.
Scanning with SYSCLEAN Robear's way
http://aumha.net/viewtopic.php­?t=10610

 

[Michael]

I have a LInksys WRT54G wireless router. Not sure about the NAT. But I will
look into it. I also have installed the Firewall provided by TimeWarner and
Computer Associates called eTrust EZ Firewall.

Michael

 

[Maurice N ~ MVP]

No, do not use prior restore points. Keep those just in case the cleanup
effort has a glitch.
First thing is to run a cleanup on your current system. Make sure it gets a
clean result.

You should not use an old restore point unless you know for certainty it is
clean.

Run your AV & see if it cleans system. But then be sure to follow with use
of SYSCLEAN. Well worth it.

 

[Leythos]

I have a LInksys WRT54G wireless router. Not sure about the NAT. But I will
look into it. I also have installed the Firewall provided by TimeWarner and
Computer Associates called eTrust EZ Firewall.

The crap that RR gives out is just that, crap. If you want to secure
your machine you are going to have to take the following actions:

1) The Linksys is a NAT device.
2) The Linksys should not have any of the default settings - if you have
wireless enabled in the default mode, you are possibly allowing
outsiders into your computer without you knowing - secure the wireless.
3) Get all your CD's, make sure you have the Windows XP CD and any
drivers you need
4) Boot from the CD and wipe all partitions - this will ERASE the drive
and ALL FILES (hope you backed up your files)
5) Reboot and BOOT from CD, create a new NTFS partition, install Windows
on it
6) Once on-line, open IE and download all windows updates and install
them - do not browse to anywhere other than the Microsoft Site. Reboot
as needed and keep running the Windows update until you get a message
about no more updates being available
7) Install antivirus software - Dump CA and get the free AVG and install
it: http://free.grisoft.com/doc/1
8) Update AVG with until no more updates are available
9) Download Mozilla FireFox - www.mozilla.org, install it, use it
instead of IE as much as possible.
10) For email, download ThunderBird - From www.mozilla.org, install it
and use it instead of Outlook Express
11) Reboot
12) Check for more Windows Updates manually
13) Install your programs, don't install anything that isn't reputable -
never install P2P file sharing programs.
14) Make a backup to DVD or External Disk or some way so that you can
restore the machine next time you compromise it.