[Metallica]

Not really. You closed both the doors that led back.

Un- and Re-install the MicroSoft .net Software if you think that is what got damaged.

Regards,

[Advertisements]

How do i uninstall and reinstall it ?

where do i reinstall it from ?

What does the microsoft.net passport do ?

Thanks

[cleverboy12]

How do i uninstall and reinstall it ?

where do i reinstall it from ?

What does the microsoft.net passport do ?

Thanks

[Metallica]

Under Add/Remove Software there should be an entry for MicroSoft .Net Framework and related Software.

If you don't see it straight away try the Add/Remove Windows Components option.

Regards,

[cleverboy12]

what exactly does the .net thing do ?

is it absolutely essential ?

thanks

[Metallica]

Hard to decide for someone else. It may be necessary for logging in at certain sites (like Hotmail) once it has been installed.

Regards,

[cleverboy12]

Thanks For Your Help.

I Have something worse than this now :

I was looking through the Windows And System 32 files and found a suspicious file. I decided to google it and I have a Backdoor,

The name of the file is Conime and I really dont know where to go from here.

[Metallica]

Can you tell me the full path and name of the file, where you found it was a backdoor and which scanner you used to confirm your suspicions?

Regards,

[cleverboy12]

Sorry im not sure how to find the full path. Its in the Windows-System32 folder and that may help.

I googled it and it seems to be a backdoor its called conime and is a RAT. It is 27 kb in size.

No Virus scanner found it.

[Metallica]

OK. So the Full path is C:\Windows\System32\conime

and you believe it's http://www.liutiliti...library/conime/

- Is it a running process?
- Did you check if it actually is an .exe file?
To view these extensions for all files in Windows Explorer, choose Folder Options from the Tools menu, click the View tab, and clear the check box next to "Hide file extensions for known file types."
- Did you upload the file here: http://virusscan.jotti.org/ ?
Let me know the results when you do?
- Are there any other files pointing to this infection?
Regsys.vxd
Service.dll
This backdoor was created in 2002 Any scanner not recognizing it now would not be worth the electrons used to download it.
Note there is also a Windows file with that name and extension:
The version tab of the latest would read: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)

Regards,

[cleverboy12]

I cant seem to upload it for some reason. And another thing it seems to be a Microsoft Corp file . Sounds legitimate.



Oh yes just out of curiosity do you know what cmdial32.dll is ?

Edited by cleverboy12, 25 September 2005 - 02:04 PM.

[Metallica]

Check the version number I gave you.

Same method applies for cmdial32.dll
There are two versions of the file Cmdial32.dll for 32-bit versions of Windows XP. Each of these files is specific to a service pack version:
• 7.2.2600.1621 will be installed on computers running Windows XP SP1
• 7.2.2600.2606 will be installed on computers running Windows XP SP2

http://support.micro...kb;en-us;893609

If it does not meet the specifications listed there, it is worth a second look, since there is also a dialre using that filename:
http://www.sophos.co...dialsevera.html

[cleverboy12]

yeah mine is legitimate microsoft service thankfully

Even if i did have a dialer it ouldnt dial anything because im connected through broadband and not connected to the phone.

Anyway enough about diallers.

Once again i would like to thank you for all your help

I have run ewido scan AVG scan and loads of other scans and my system is clean but i just think that there is something suspicious because something is accessing my hard drive too often even when im not active on the computer. My firewall logs have some chinese telecommunications company through inbound UDP and TCP.

Is there a way to be certain that my system is clean ?

[Metallica]

Is there a way to be certain that my system is clean ?

100% sure. No way.

99% sure. In your case, I dare to give you that.

Regards,

[cleverboy12]

Ok another thing i was a little curious and did a test with Dr something (forgot now sorry ) it found a trojan in the registry which i am aware of and have disabled from running and have deleted all the realted files from however it remains in the Reg. Im not sure about removing it incase it manages to get back in which i wouldnt imagine would happen.

[Metallica]

You'll have to povide more data then that, for me to be able to help you.

Regards,