Sign in with
Sign up | Sign in
Your question

What is Backdoor.Winbach as reported by eTrust Pest Patrol..

Last response: in Windows XP
Share
August 17, 2005 8:07:22 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I have XP sp2 running on my Compaq Presario M2105US notebook.

RoadRunner provides my Internet connection and Time Warner also provides a
suite of virus, firewall, spyware programs from Computer Associates. eTrust
Pest Patrol is one of those programs and when I ran it just a while ago it
indicated that I had "Backdoor.Winbach" and two files were singled out
C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll

When I went to the CA website to research removing this thing, it gave a
long list of running processes that I was supposed to kill (none of them
were running on my system as far as I could tell), a longer list of DLL's
that I was supposed to unregister (over my head) and a long list of file I
was supposed to remove (none of them existed when I searched for them).

So is this a real threat or is it some sort of false alarm or what? If I do
indeed have some sort of Backdoor trojan horse or whatever, won't my
firewall alert me to someone trying to contact the program? Can I safely
delete just the dscan16.dll and dscan32.dll files, or will that have an
adverse effect on other aspects of my computer.

In short, is this anything to worry about?

Michael
August 17, 2005 8:07:23 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

If it aint broke, dont fix it. While hackers may be using your machine to
serve thier latest warez or are planning to run DOS attacks from your
machine, its all good! You can still use the thing right? If ya can do that,
theres no problem there! Even if you know that you're being exploited to the
greatest degree imaginable, the bottom line is, you have a computer! You can
open up Word and use 'Internet' and play music! Woot!

Come on now. Lets get real. This is not a library. Google is. We dont know
about every piece of malicious software out there. Its not like we all sit
around and say, 'O yea...that Backdoor.Winbach...yep. thats real trouble. Be
on the lookout for that Backdoor.Winbach.'

Might I recommend www.antivirus.com. Run the free online scan. That should
help out.
--
To err is human, but to really foul things up, you need a computer.


"Michael" wrote:

> I have XP sp2 running on my Compaq Presario M2105US notebook.
>
> RoadRunner provides my Internet connection and Time Warner also provides a
> suite of virus, firewall, spyware programs from Computer Associates. eTrust
> Pest Patrol is one of those programs and when I ran it just a while ago it
> indicated that I had "Backdoor.Winbach" and two files were singled out
> C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll
>
> When I went to the CA website to research removing this thing, it gave a
> long list of running processes that I was supposed to kill (none of them
> were running on my system as far as I could tell), a longer list of DLL's
> that I was supposed to unregister (over my head) and a long list of file I
> was supposed to remove (none of them existed when I searched for them).
>
> So is this a real threat or is it some sort of false alarm or what? If I do
> indeed have some sort of Backdoor trojan horse or whatever, won't my
> firewall alert me to someone trying to contact the program? Can I safely
> delete just the dscan16.dll and dscan32.dll files, or will that have an
> adverse effect on other aspects of my computer.
>
> In short, is this anything to worry about?
>
> Michael
>
>
>
Anonymous
August 17, 2005 10:16:42 AM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

This link at MS is a database of DLL files for MS Windows as well as other programs.
DLL Help Database http://support.microsoft.com/dllhelp/

DSCAN16 & DSCAN32 are not Windows or MS dlls. Delete them. Let them sit in your Recycle Bin for a while. Then rerun your antivirus.

Turn off your antivirus If and when you run another antivirus utility, and any malware detector.

Here's one free virus-cleanup tool to use, even though it will involve time and effort. I suggest you get & run SYSCLEAN from Trendmicro.

See PA Bear's notes on Sysclean from TrendMicro.
Scanning with SYSCLEAN Robear's way
http://aumha.net/viewtopic.php­?t=10610

--
Maurice N
MVP Windows - Shell / User
-----

Michael wrote:
> I have XP sp2 running on my Compaq Presario M2105US notebook.
>
> RoadRunner provides my Internet connection and Time Warner also
> provides a suite of virus, firewall, spyware programs from Computer
> Associates. eTrust Pest Patrol is one of those programs and when I
> ran it just a while ago it indicated that I had "Backdoor.Winbach"
> and two files were singled out C:\WINDOWS.dscan16.dll and
> C:\WINDOWS.dscan32.dll
>
> When I went to the CA website to research removing this thing, it
> gave a long list of running processes that I was supposed to kill
> (none of them were running on my system as far as I could tell), a
> longer list of DLL's that I was supposed to unregister (over my head)
> and a long list of file I was supposed to remove (none of them
> existed when I searched for them).
>
> So is this a real threat or is it some sort of false alarm or what?
> If I do indeed have some sort of Backdoor trojan horse or whatever,
> won't my firewall alert me to someone trying to contact the program?
> Can I safely delete just the dscan16.dll and dscan32.dll files, or
> will that have an adverse effect on other aspects of my computer.
>
> In short, is this anything to worry about?
>
> Michael
Related resources
Anonymous
August 17, 2005 3:33:34 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

In article <_JyMe.3339$PM3.2894@twister.nyroc.rr.com>,
aaflyguy@gmail.com says...
> I have XP sp2 running on my Compaq Presario M2105US notebook.
>
> RoadRunner provides my Internet connection and Time Warner also provides a
> suite of virus, firewall, spyware programs from Computer Associates. eTrust
> Pest Patrol is one of those programs and when I ran it just a while ago it
> indicated that I had "Backdoor.Winbach" and two files were singled out
> C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll

First and foremost, if you have Cable, get a NAT Router - even a simple
Linksys BEFSr41 will protect you better than anything that you can load
and run on your computer as a local administrator. With cable you don't
have to do anything, just connect, reboot all devices, done, you're
online.

Read up on NAT and how it protects your computer system.

--

spam999free@rrohio.com
remove 999 in order to email me
August 17, 2005 6:32:06 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

First of all nitwit, I've done quite a bit of research on this before
posting to this NG. And I found scant information on this trojan. The only
thing I found was on the Computer Associates website, the makers of the
eTrust Pest Patrol software that discoverd this in the first place.

So in the hopes of alerting others to this trojan, and possibly finding
someone with a little more compassion and understanding and knowledge than
you have, I felt it prudent to post what info I had on it and see if anyone
could add productively to my query.

You obviously could not contribute anything of any value and assume that by
asking a question I am somehow inconveniencing the NG and more importantly
you.

Thanks for nothing. Get a life. Help an old lady cross the street or
something else useful.


"Tim" <Tim@discussions.microsoft.com> wrote in message
news:1BC86ED6-8185-4EC4-BADA-7194C8AA8F5A@microsoft.com...
> If it aint broke, dont fix it. While hackers may be using your machine to
> serve thier latest warez or are planning to run DOS attacks from your
> machine, its all good! You can still use the thing right? If ya can do
> that,
> theres no problem there! Even if you know that you're being exploited to
> the
> greatest degree imaginable, the bottom line is, you have a computer! You
> can
> open up Word and use 'Internet' and play music! Woot!
>
> Come on now. Lets get real. This is not a library. Google is. We dont know
> about every piece of malicious software out there. Its not like we all sit
> around and say, 'O yea...that Backdoor.Winbach...yep. thats real trouble.
> Be
> on the lookout for that Backdoor.Winbach.'
>
> Might I recommend www.antivirus.com. Run the free online scan. That should
> help out.
> --
> To err is human, but to really foul things up, you need a computer.
>
>
> "Michael" wrote:
>
>> I have XP sp2 running on my Compaq Presario M2105US notebook.
>>
>> RoadRunner provides my Internet connection and Time Warner also provides
>> a
>> suite of virus, firewall, spyware programs from Computer Associates.
>> eTrust
>> Pest Patrol is one of those programs and when I ran it just a while ago
>> it
>> indicated that I had "Backdoor.Winbach" and two files were singled out
>> C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll
>>
>> When I went to the CA website to research removing this thing, it gave a
>> long list of running processes that I was supposed to kill (none of them
>> were running on my system as far as I could tell), a longer list of DLL's
>> that I was supposed to unregister (over my head) and a long list of file
>> I
>> was supposed to remove (none of them existed when I searched for them).
>>
>> So is this a real threat or is it some sort of false alarm or what? If I
>> do
>> indeed have some sort of Backdoor trojan horse or whatever, won't my
>> firewall alert me to someone trying to contact the program? Can I safely
>> delete just the dscan16.dll and dscan32.dll files, or will that have an
>> adverse effect on other aspects of my computer.
>>
>> In short, is this anything to worry about?
>>
>> Michael
>>
>>
>>
August 17, 2005 6:34:39 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

Thanks for the tips.

Do you happen to know if I go back to a previous restore point whether that
might also get rid of whatever found its way onto my computer?

Thanks.

Michael


"Maurice N ~ MVP" <maurice@mvps.org> wrote in message
news:o Ftll0xoFHA.3544@TK2MSFTNGP15.phx.gbl...
This link at MS is a database of DLL files for MS Windows as well as other
programs.
DLL Help Database http://support.microsoft.com/dllhelp/

DSCAN16 & DSCAN32 are not Windows or MS dlls. Delete them. Let them sit in
your Recycle Bin for a while. Then rerun your antivirus.

Turn off your antivirus If and when you run another antivirus utility, and
any malware detector.

Here's one free virus-cleanup tool to use, even though it will involve time
and effort. I suggest you get & run SYSCLEAN from Trendmicro.

See PA Bear's notes on Sysclean from TrendMicro.
Scanning with SYSCLEAN Robear's way
http://aumha.net/viewtopic.php­?t=10610

--
Maurice N
MVP Windows - Shell / User
-----

Michael wrote:
> I have XP sp2 running on my Compaq Presario M2105US notebook.
>
> RoadRunner provides my Internet connection and Time Warner also
> provides a suite of virus, firewall, spyware programs from Computer
> Associates. eTrust Pest Patrol is one of those programs and when I
> ran it just a while ago it indicated that I had "Backdoor.Winbach"
> and two files were singled out C:\WINDOWS.dscan16.dll and
> C:\WINDOWS.dscan32.dll
>
> When I went to the CA website to research removing this thing, it
> gave a long list of running processes that I was supposed to kill
> (none of them were running on my system as far as I could tell), a
> longer list of DLL's that I was supposed to unregister (over my head)
> and a long list of file I was supposed to remove (none of them
> existed when I searched for them).
>
> So is this a real threat or is it some sort of false alarm or what?
> If I do indeed have some sort of Backdoor trojan horse or whatever,
> won't my firewall alert me to someone trying to contact the program?
> Can I safely delete just the dscan16.dll and dscan32.dll files, or
> will that have an adverse effect on other aspects of my computer.
>
> In short, is this anything to worry about?
>
> Michael
Anonymous
August 17, 2005 6:34:40 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

No, do not use prior restore points. Keep those just in case the cleanup
effort has a glitch.
First thing is to run a cleanup on your current system. Make sure it gets a
clean result.

You should not use an old restore point unless you know for certainty it is
clean.

Run your AV & see if it cleans system. But then be sure to follow with use
of SYSCLEAN. Well worth it.
--
Maurice N
MVP Windows - Shell / User
--

"Michael" wrote
> Thanks for the tips.
>
> Do you happen to know if I go back to a previous restore point whether
> that might also get rid of whatever found its way onto my computer?
>
> Thanks.
>
> Michael
>
>
> "Maurice N ~ MVP" wrote
> This link at MS is a database of DLL files for MS Windows as well as other
> programs.
> DLL Help Database http://support.microsoft.com/dllhelp/
>
> DSCAN16 & DSCAN32 are not Windows or MS dlls. Delete them. Let them sit
> in your Recycle Bin for a while. Then rerun your antivirus.
>
> Turn off your antivirus If and when you run another antivirus utility, and
> any malware detector.
>
> Here's one free virus-cleanup tool to use, even though it will involve
> time and effort. I suggest you get & run SYSCLEAN from Trendmicro.
>
> See PA Bear's notes on Sysclean from TrendMicro.
> Scanning with SYSCLEAN Robear's way
> http://aumha.net/viewtopic.php­?t=10610
>
> --
> Maurice N
> MVP Windows - Shell / User
> -----
>
> Michael wrote:
>> I have XP sp2 running on my Compaq Presario M2105US notebook.
>>
>> RoadRunner provides my Internet connection and Time Warner also
>> provides a suite of virus, firewall, spyware programs from Computer
>> Associates. eTrust Pest Patrol is one of those programs and when I
>> ran it just a while ago it indicated that I had "Backdoor.Winbach"
>> and two files were singled out C:\WINDOWS.dscan16.dll and
>> C:\WINDOWS.dscan32.dll
>>
>> When I went to the CA website to research removing this thing, it
>> gave a long list of running processes that I was supposed to kill
>> (none of them were running on my system as far as I could tell), a
>> longer list of DLL's that I was supposed to unregister (over my head)
>> and a long list of file I was supposed to remove (none of them
>> existed when I searched for them).
>>
>> So is this a real threat or is it some sort of false alarm or what?
>> If I do indeed have some sort of Backdoor trojan horse or whatever,
>> won't my firewall alert me to someone trying to contact the program?
>> Can I safely delete just the dscan16.dll and dscan32.dll files, or
>> will that have an adverse effect on other aspects of my computer.
>>
>> In short, is this anything to worry about?
>>
>> Michael
>
>
August 17, 2005 6:36:24 PM

Archived from groups: microsoft.public.windowsxp.help_and_support (More info?)

I have a LInksys WRT54G wireless router. Not sure about the NAT. But I will
look into it. I also have installed the Firewall provided by TimeWarner and
Computer Associates called eTrust EZ Firewall.

Michael

"Leythos" <void@nowhere.lan> wrote in message
news:MPG.1d6ceaa3778be775989c1b@news-server.columbus.rr.com...
> In article <_JyMe.3339$PM3.2894@twister.nyroc.rr.com>,
> aaflyguy@gmail.com says...
>> I have XP sp2 running on my Compaq Presario M2105US notebook.
>>
>> RoadRunner provides my Internet connection and Time Warner also provides
>> a
>> suite of virus, firewall, spyware programs from Computer Associates.
>> eTrust
>> Pest Patrol is one of those programs and when I ran it just a while ago
>> it
>> indicated that I had "Backdoor.Winbach" and two files were singled out
>> C:\WINDOWS.dscan16.dll and C:\WINDOWS.dscan32.dll
>
> First and foremost, if you have Cable, get a NAT Router - even a simple
> Linksys BEFSr41 will protect you better than anything that you can load
> and run on your computer as a local administrator. With cable you don't
> have to do anything, just connect, reboot all devices, done, you're
> online.
>
> Read up on NAT and how it protects your computer system.
>
> --
>
> spam999free@rrohio.com
> remove 999 in order to email me
!