What is Backdoor.Winbach as reported by eTrust Pest Patrol..

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I have XP sp2 running on my Compaq Presario M2105US notebook.

RoadRunner provides my Internet connection and Time Warner also provides a
suite of virus, firewall, spyware programs from Computer Associates. eTrust
Pest Patrol is one of those programs and when I ran it just a while ago it
indicated that I had "Backdoor.Winbach" and two files were singled out
C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll

When I went to the CA website to research removing this thing, it gave a
long list of running processes that I was supposed to kill (none of them
were running on my system as far as I could tell), a longer list of DLL's
that I was supposed to unregister (over my head) and a long list of file I
was supposed to remove (none of them existed when I searched for them).

So is this a real threat or is it some sort of false alarm or what? If I do
indeed have some sort of Backdoor trojan horse or whatever, won't my
firewall alert me to someone trying to contact the program? Can I safely
delete just the dscan16.dll and dscan32.dll files, or will that have an
adverse effect on other aspects of my computer.

In short, is this anything to worry about?

Michael
7 answers Last reply
More about what backdoor winbach reported etrust pest patrol
  1. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    If it aint broke, dont fix it. While hackers may be using your machine to
    serve thier latest warez or are planning to run DOS attacks from your
    machine, its all good! You can still use the thing right? If ya can do that,
    theres no problem there! Even if you know that you're being exploited to the
    greatest degree imaginable, the bottom line is, you have a computer! You can
    open up Word and use 'Internet' and play music! Woot!

    Come on now. Lets get real. This is not a library. Google is. We dont know
    about every piece of malicious software out there. Its not like we all sit
    around and say, 'O yea...that Backdoor.Winbach...yep. thats real trouble. Be
    on the lookout for that Backdoor.Winbach.'

    Might I recommend www.antivirus.com. Run the free online scan. That should
    help out.
    --
    To err is human, but to really foul things up, you need a computer.


    "Michael" wrote:

    > I have XP sp2 running on my Compaq Presario M2105US notebook.
    >
    > RoadRunner provides my Internet connection and Time Warner also provides a
    > suite of virus, firewall, spyware programs from Computer Associates. eTrust
    > Pest Patrol is one of those programs and when I ran it just a while ago it
    > indicated that I had "Backdoor.Winbach" and two files were singled out
    > C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll
    >
    > When I went to the CA website to research removing this thing, it gave a
    > long list of running processes that I was supposed to kill (none of them
    > were running on my system as far as I could tell), a longer list of DLL's
    > that I was supposed to unregister (over my head) and a long list of file I
    > was supposed to remove (none of them existed when I searched for them).
    >
    > So is this a real threat or is it some sort of false alarm or what? If I do
    > indeed have some sort of Backdoor trojan horse or whatever, won't my
    > firewall alert me to someone trying to contact the program? Can I safely
    > delete just the dscan16.dll and dscan32.dll files, or will that have an
    > adverse effect on other aspects of my computer.
    >
    > In short, is this anything to worry about?
    >
    > Michael
    >
    >
    >
  2. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    This link at MS is a database of DLL files for MS Windows as well as other programs.
    DLL Help Database http://support.microsoft.com/dllhelp/

    DSCAN16 & DSCAN32 are not Windows or MS dlls. Delete them. Let them sit in your Recycle Bin for a while. Then rerun your antivirus.

    Turn off your antivirus If and when you run another antivirus utility, and any malware detector.

    Here's one free virus-cleanup tool to use, even though it will involve time and effort. I suggest you get & run SYSCLEAN from Trendmicro.

    See PA Bear's notes on Sysclean from TrendMicro.
    Scanning with SYSCLEAN Robear's way
    http://aumha.net/viewtopic.php­?t=10610

    --
    Maurice N
    MVP Windows - Shell / User
    -----

    Michael wrote:
    > I have XP sp2 running on my Compaq Presario M2105US notebook.
    >
    > RoadRunner provides my Internet connection and Time Warner also
    > provides a suite of virus, firewall, spyware programs from Computer
    > Associates. eTrust Pest Patrol is one of those programs and when I
    > ran it just a while ago it indicated that I had "Backdoor.Winbach"
    > and two files were singled out C:\WINDOWS.dscan16.dll and
    > C:\WINDOWS.dscan32.dll
    >
    > When I went to the CA website to research removing this thing, it
    > gave a long list of running processes that I was supposed to kill
    > (none of them were running on my system as far as I could tell), a
    > longer list of DLL's that I was supposed to unregister (over my head)
    > and a long list of file I was supposed to remove (none of them
    > existed when I searched for them).
    >
    > So is this a real threat or is it some sort of false alarm or what?
    > If I do indeed have some sort of Backdoor trojan horse or whatever,
    > won't my firewall alert me to someone trying to contact the program?
    > Can I safely delete just the dscan16.dll and dscan32.dll files, or
    > will that have an adverse effect on other aspects of my computer.
    >
    > In short, is this anything to worry about?
    >
    > Michael
  3. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    In article <_JyMe.3339$PM3.2894@twister.nyroc.rr.com>,
    aaflyguy@gmail.com says...
    > I have XP sp2 running on my Compaq Presario M2105US notebook.
    >
    > RoadRunner provides my Internet connection and Time Warner also provides a
    > suite of virus, firewall, spyware programs from Computer Associates. eTrust
    > Pest Patrol is one of those programs and when I ran it just a while ago it
    > indicated that I had "Backdoor.Winbach" and two files were singled out
    > C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll

    First and foremost, if you have Cable, get a NAT Router - even a simple
    Linksys BEFSr41 will protect you better than anything that you can load
    and run on your computer as a local administrator. With cable you don't
    have to do anything, just connect, reboot all devices, done, you're
    online.

    Read up on NAT and how it protects your computer system.

    --

    spam999free@rrohio.com
    remove 999 in order to email me
  4. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    First of all nitwit, I've done quite a bit of research on this before
    posting to this NG. And I found scant information on this trojan. The only
    thing I found was on the Computer Associates website, the makers of the
    eTrust Pest Patrol software that discoverd this in the first place.

    So in the hopes of alerting others to this trojan, and possibly finding
    someone with a little more compassion and understanding and knowledge than
    you have, I felt it prudent to post what info I had on it and see if anyone
    could add productively to my query.

    You obviously could not contribute anything of any value and assume that by
    asking a question I am somehow inconveniencing the NG and more importantly
    you.

    Thanks for nothing. Get a life. Help an old lady cross the street or
    something else useful.


    "Tim" <Tim@discussions.microsoft.com> wrote in message
    news:1BC86ED6-8185-4EC4-BADA-7194C8AA8F5A@microsoft.com...
    > If it aint broke, dont fix it. While hackers may be using your machine to
    > serve thier latest warez or are planning to run DOS attacks from your
    > machine, its all good! You can still use the thing right? If ya can do
    > that,
    > theres no problem there! Even if you know that you're being exploited to
    > the
    > greatest degree imaginable, the bottom line is, you have a computer! You
    > can
    > open up Word and use 'Internet' and play music! Woot!
    >
    > Come on now. Lets get real. This is not a library. Google is. We dont know
    > about every piece of malicious software out there. Its not like we all sit
    > around and say, 'O yea...that Backdoor.Winbach...yep. thats real trouble.
    > Be
    > on the lookout for that Backdoor.Winbach.'
    >
    > Might I recommend www.antivirus.com. Run the free online scan. That should
    > help out.
    > --
    > To err is human, but to really foul things up, you need a computer.
    >
    >
    > "Michael" wrote:
    >
    >> I have XP sp2 running on my Compaq Presario M2105US notebook.
    >>
    >> RoadRunner provides my Internet connection and Time Warner also provides
    >> a
    >> suite of virus, firewall, spyware programs from Computer Associates.
    >> eTrust
    >> Pest Patrol is one of those programs and when I ran it just a while ago
    >> it
    >> indicated that I had "Backdoor.Winbach" and two files were singled out
    >> C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll
    >>
    >> When I went to the CA website to research removing this thing, it gave a
    >> long list of running processes that I was supposed to kill (none of them
    >> were running on my system as far as I could tell), a longer list of DLL's
    >> that I was supposed to unregister (over my head) and a long list of file
    >> I
    >> was supposed to remove (none of them existed when I searched for them).
    >>
    >> So is this a real threat or is it some sort of false alarm or what? If I
    >> do
    >> indeed have some sort of Backdoor trojan horse or whatever, won't my
    >> firewall alert me to someone trying to contact the program? Can I safely
    >> delete just the dscan16.dll and dscan32.dll files, or will that have an
    >> adverse effect on other aspects of my computer.
    >>
    >> In short, is this anything to worry about?
    >>
    >> Michael
    >>
    >>
    >>
  5. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    Thanks for the tips.

    Do you happen to know if I go back to a previous restore point whether that
    might also get rid of whatever found its way onto my computer?

    Thanks.

    Michael


    "Maurice N ~ MVP" <maurice@mvps.org> wrote in message
    news:OFtll0xoFHA.3544@TK2MSFTNGP15.phx.gbl...
    This link at MS is a database of DLL files for MS Windows as well as other
    programs.
    DLL Help Database http://support.microsoft.com/dllhelp/

    DSCAN16 & DSCAN32 are not Windows or MS dlls. Delete them. Let them sit in
    your Recycle Bin for a while. Then rerun your antivirus.

    Turn off your antivirus If and when you run another antivirus utility, and
    any malware detector.

    Here's one free virus-cleanup tool to use, even though it will involve time
    and effort. I suggest you get & run SYSCLEAN from Trendmicro.

    See PA Bear's notes on Sysclean from TrendMicro.
    Scanning with SYSCLEAN Robear's way
    http://aumha.net/viewtopic.php­?t=10610

    --
    Maurice N
    MVP Windows - Shell / User
    -----

    Michael wrote:
    > I have XP sp2 running on my Compaq Presario M2105US notebook.
    >
    > RoadRunner provides my Internet connection and Time Warner also
    > provides a suite of virus, firewall, spyware programs from Computer
    > Associates. eTrust Pest Patrol is one of those programs and when I
    > ran it just a while ago it indicated that I had "Backdoor.Winbach"
    > and two files were singled out C:\WINDOWS.dscan16.dll and
    > C:\WINDOWS.dscan32.dll
    >
    > When I went to the CA website to research removing this thing, it
    > gave a long list of running processes that I was supposed to kill
    > (none of them were running on my system as far as I could tell), a
    > longer list of DLL's that I was supposed to unregister (over my head)
    > and a long list of file I was supposed to remove (none of them
    > existed when I searched for them).
    >
    > So is this a real threat or is it some sort of false alarm or what?
    > If I do indeed have some sort of Backdoor trojan horse or whatever,
    > won't my firewall alert me to someone trying to contact the program?
    > Can I safely delete just the dscan16.dll and dscan32.dll files, or
    > will that have an adverse effect on other aspects of my computer.
    >
    > In short, is this anything to worry about?
    >
    > Michael
  6. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    No, do not use prior restore points. Keep those just in case the cleanup
    effort has a glitch.
    First thing is to run a cleanup on your current system. Make sure it gets a
    clean result.

    You should not use an old restore point unless you know for certainty it is
    clean.

    Run your AV & see if it cleans system. But then be sure to follow with use
    of SYSCLEAN. Well worth it.
    --
    Maurice N
    MVP Windows - Shell / User
    --

    "Michael" wrote
    > Thanks for the tips.
    >
    > Do you happen to know if I go back to a previous restore point whether
    > that might also get rid of whatever found its way onto my computer?
    >
    > Thanks.
    >
    > Michael
    >
    >
    > "Maurice N ~ MVP" wrote
    > This link at MS is a database of DLL files for MS Windows as well as other
    > programs.
    > DLL Help Database http://support.microsoft.com/dllhelp/
    >
    > DSCAN16 & DSCAN32 are not Windows or MS dlls. Delete them. Let them sit
    > in your Recycle Bin for a while. Then rerun your antivirus.
    >
    > Turn off your antivirus If and when you run another antivirus utility, and
    > any malware detector.
    >
    > Here's one free virus-cleanup tool to use, even though it will involve
    > time and effort. I suggest you get & run SYSCLEAN from Trendmicro.
    >
    > See PA Bear's notes on Sysclean from TrendMicro.
    > Scanning with SYSCLEAN Robear's way
    > http://aumha.net/viewtopic.php­?t=10610
    >
    > --
    > Maurice N
    > MVP Windows - Shell / User
    > -----
    >
    > Michael wrote:
    >> I have XP sp2 running on my Compaq Presario M2105US notebook.
    >>
    >> RoadRunner provides my Internet connection and Time Warner also
    >> provides a suite of virus, firewall, spyware programs from Computer
    >> Associates. eTrust Pest Patrol is one of those programs and when I
    >> ran it just a while ago it indicated that I had "Backdoor.Winbach"
    >> and two files were singled out C:\WINDOWS.dscan16.dll and
    >> C:\WINDOWS.dscan32.dll
    >>
    >> When I went to the CA website to research removing this thing, it
    >> gave a long list of running processes that I was supposed to kill
    >> (none of them were running on my system as far as I could tell), a
    >> longer list of DLL's that I was supposed to unregister (over my head)
    >> and a long list of file I was supposed to remove (none of them
    >> existed when I searched for them).
    >>
    >> So is this a real threat or is it some sort of false alarm or what?
    >> If I do indeed have some sort of Backdoor trojan horse or whatever,
    >> won't my firewall alert me to someone trying to contact the program?
    >> Can I safely delete just the dscan16.dll and dscan32.dll files, or
    >> will that have an adverse effect on other aspects of my computer.
    >>
    >> In short, is this anything to worry about?
    >>
    >> Michael
    >
    >
  7. Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

    I have a LInksys WRT54G wireless router. Not sure about the NAT. But I will
    look into it. I also have installed the Firewall provided by TimeWarner and
    Computer Associates called eTrust EZ Firewall.

    Michael

    "Leythos" <void@nowhere.lan> wrote in message
    news:MPG.1d6ceaa3778be775989c1b@news-server.columbus.rr.com...
    > In article <_JyMe.3339$PM3.2894@twister.nyroc.rr.com>,
    > aaflyguy@gmail.com says...
    >> I have XP sp2 running on my Compaq Presario M2105US notebook.
    >>
    >> RoadRunner provides my Internet connection and Time Warner also provides
    >> a
    >> suite of virus, firewall, spyware programs from Computer Associates.
    >> eTrust
    >> Pest Patrol is one of those programs and when I ran it just a while ago
    >> it
    >> indicated that I had "Backdoor.Winbach" and two files were singled out
    >> C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll
    >
    > First and foremost, if you have Cable, get a NAT Router - even a simple
    > Linksys BEFSr41 will protect you better than anything that you can load
    > and run on your computer as a local administrator. With cable you don't
    > have to do anything, just connect, reboot all devices, done, you're
    > online.
    >
    > Read up on NAT and how it protects your computer system.
    >
    > --
    >
    > spam999free@rrohio.com
    > remove 999 in order to email me
Ask a new question

Read More

Windows XP