Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Virus alert "W32.Randex.E"
#1
I had a fight with this thing last night for over 3 and a half hours.


I had a large post done up but windows decided to be fussy and not letting me post it and stupid me didn't write it to a text file like I normally do when I make large posts.

Any here is some info in what you need to know...

http://securityresponse.symantec.com/avcen...2.randex.e.html


I fought for hours to remover the win32sockdrv.dll file. It wouldn't let me till I closed down the program that was running the dll which was "mwsoemon.exe" I shut that down and did a bunch of editing to the reg and deleted a few other dlls that I didn't wany because they had to do with "mwsoemon.exe" and cleared out a few other things that had to do with files that autoinstall on your system without asking (flips the bird at microsoft for not feeling garbage like that and for not having more info for the files running in task manager or msconfig)

Anyway as you can tell I was not pleased at all last night. The virus came in on one of those programs that don't tell you that they are installing themselves from some webpage that a friend sent you to.


I'm not the type of people that falls for viruses often. I scan EVERYTHING that comes onto my system that I download. Before I install anything I always scan it for viruses and stuff.


Also something I found that you might find interesting...

Win-XP Search Assistant silently downloads files
http://theregister.co.uk/content/archive/24815.html

Its from 2002 but I didn't know about it till now. Good thing I don't use the wondows search to look for stuff, only google.
Reply
#2
Get a decent firewall ... it would have either told you to allow it or not, or simply denied it. I have mine on ask and it pop's up everytime I fire up search ...
Reply
#3
I have had too many firewalls screw me over so badly that I have had to reformat my system to get things working again.

They wouldn't let me see any websites even after I tell them that the website is good. I couldn't get my e-mail or anyhting. Basically I couldn't do anything that delt with connecting to the net.

I know how to use firewalls. I have many friends that use firewalls no problem. None of them could figure out why I was having problems.

I could shut down the firewall and it would still be causing the problems and even uninstall the firewalls and still problems. But I didn't have any connection problems before installing the firewalls.

I've tried black ice, zone alarm, norton firewall and at least 2 or 3 others. Everyone of them gave me problems.
Reply
#4
That is just weird..my norton works like a dream...
Reply
#5
Firewalls and XP only work properly if you disable the XP built in firewall, something most people forget to do, and even experienced technicians overlook.

If your system can't handle a firewall, you are an open machine for anything to attack, and quite frankly shouldn't be on the internet.

I am surprised you haven't got more viruses, or that maybe your virus software hasn't found all the virants of trojan horse programs than can be inserted without you even having to do anything.
Reply
#6
The XP firewall is disabled, has been from the start. I had problems with all those firewalls on 98, 2000 and XP.

As to why I haven't had more viruses, well thats because like I said, I scan EVERY file that I download, no matter what it is. I also don't use outlook express which is basically how most viruses get onto computers today.

I also use anti-trojan software and anti-spyware software but as you can see it don't always find the stuff its suppose to.

Don't get me wrong, firewalls are great things, if they work right, but so far I have never been able to get one to work right and I'm pretty computer smart. Even my own friends, who have software firewalls up and running perfectly and a couple of which have 2 or 3 firewalls running at once, (one of which runs a computer company that does programming and stuff) haven't been able to get software firewalls to work on any of my systems.

But when I go to places like https://www.grc.com they all say my systems are very secure. grc.com is basically the first place that I get recomended to when dealing with security to my computer. The shields up testing is great.
Reply
#7
Sounds like the other software you are using has a low level hook into the TCP/IP stack. Unfortunately, multiple low level hooks as used by firewalls can be a problem and is probably giving you the error if you install a fireall.

I'd be interested in knowing what software you do have installed just so I can see if I can spot something. I have personally experienced the TWO firewall issue... That gives you this low level TCP/IP stack problem because they are both competing, thus everything gets screwed up.

I was being security conscious and didn't wanna bring my PC up without a firewall ;-) Strangely, XP's built in firewall, and an external one I have used (which are a lot), have never had that issue.... go figure.
Reply
#8
I went to your site GB and this is what I got.

Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
Reply
#9
Thats basically what I used to get with windows 98 and 2000.

With XP I'm mostly bundled up, but I can't seem to find the net BIOS so I can't change it.


If anyone would like to point me in the right direction I would like to shut it off and close the ports. Once I close the 2 ports that it seems to be keeping open, I should get the same messages as you Jabba. :D
Reply
#10
NetBIOS over TCP. Registry tweak as I think the control panel stops you disabling this if you are using DHCP which you will be for your dialup (ADSL or 56k).
Reply
#11
ADSL is not dial up. At least when I had it I never had to dial up to connect. It might be going through the phone line but thats as close to a dialup connection as it gets.

I think I found where to shut off NetBIOS thou. Gonna go test it at grc.com after a reboot
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)