weston

For anyone who's interested, I finally figured out how to get this thing off my machine.

The malware, on my box, was c:/windows/system32/gdiwxp.dll

I could not delete it through Windows nor could I delete it via the DOS prompt, even though I used the "attrib" command to (supposedly) make it accessible (kept getting "access is denied").

I ran msconfig, disabled EVERYTHING in the startup menu and re-booted in "safe" mode. I logged in as the administrator, then (1) ran regedit, searched for "gdiwxp" and deleted all references it found from my registry and (2) went to the directory above (c:/windows/system32) and deleted the damn thing.

I'm not savvy enough to know if I was now able to delete it because I first deleted the registry items or if I rebooted without the standard stuff in the startup tab or because I was logged in as the admin (I thought my usual login had admin rights).

Anyhow, the farking thing is gone now. After installing the AV software below, I could see that it was trying to "phone home" constantly.

The other thing that helped (admin: edit this out if such things are not allowed, if it seems like an advertisement) was downloading and running PCTools AntiVirus suite and their "Registry Mechanic" and "Spyware Doctor" ... and I now leave the AV and Spyware software running at all times.

Whew! What a pain!

jambutty

That nasty that disables Sentinel Settings is back but I don’t know from which site although Total Rune, Instant Money Flow and Fair Dinkum Surf have all sent warnings that one of the sites on their rotators spawns a virus. It may or may not be the culprit.

How do I know?

After logging in to E-Gold and inputting the CORRECT Turing number and the PIN number, instead of being taken to the page that shows the current Sentinel Settings I get taken to a page that requires another Turing number. Then I get taken to my account balance page.

Checking the Sentinel Settings reveals that they have been altered.

So if your experience is the same before you do anything else once you get into E-Gold CHECK YOUR SENTINEL SETTINGS. The opening post in this thread explains how you can do that.

This time, however, the nasty avoids being deleted with a System Restore.

Seeing as my OS and DOS knowledge is as little as it is possible to have I will try and follow weston’s instructions and if I mess things up there is always a re-format and re-install everything.

jambutty

Sadly I had to go down the re-formatting and re-installing everything road. It only took 11 hours with more mugs of tea, coffee, cocoa, Ovaltine, Horlicks than I’ve ever had in one day/night.

In the good old Amiga days it was possible to set the protection of any file to ‘read only’, which meant that the file could not be overwritten, so I wonder if this would be possible.

Create a text file name it gdiwxp.dll and set the protection to ‘read only’ and place it in C:/WINDOWS/SYSTEM32/ so that if whatever it is that writes the file will not be able to.

However this brings me back to my pet subject about E-Gold security. Whenever the Sentinel Settings are changed an email is sent to the email address registered in that account to notify the owner of the account that a change had been made. If there were a confirmation link in the email that had to be clicked to complete the changes then half the E-Gold accounts thieving problems would be solved. No click – no change.

papote

Another victim here. ;-(

Yes, I contacted them via landline and all they said was to keep the highest security measures and they send me an E-mail with all the details. The funny thing is that I have all set up to the highest and still they hacked my account twice the last 10 days. The second time just got off the phone with E-gold and they sent me an E-mail with all the details, but then I access my account using all the security measures they mention and during this process already loged in making the changes it requested that I insert a PIN # that was never sent to my E-mail. At the same time I got this E-mail right before that saying that my security measures were changed. So I have tried 4 times to access my account since yesterday and all 4 times it ask me to verify my account with a PIN # which I never received. I called then again and so far no asnwer. ;-(

By the way, after the first problem I reformatted my computer and still the same problem.

Forgot, both times my setting were changed to the lowest.

Thanks
Jose

jambutty

Hello papote! Glad you could join us.

Sorry that you join us under such circumstances. I hope that your loss has been minimal.

It sounds like whoever got into your account has changed your email address.

Whether you are an experienced HYIP investor or new to the HYIP world a very warm welcome to you from our happy band of forum members.

I’m jambutty (the ancient one) and betsybee will give a much needed female slant on things with peterg adding to experience. jeFF is around here somewhere and if you see a shark swimming around don’t panic, it’s only the boss. He doesn’t bite! All that lot out there are the members and without them there would not be a forum.

Please read the rules at http://goldentalk.com/t7526.html

We look forward to you being an active member of this forum and reading what you have to say. We hope that the information and advice that you find on here will be useful to you.

If you have some time to spare maybe you would consider having a read of the following threads.
http://goldentalk.com/faq.html
http://goldentalk.com/t563.html
http://goldentalk.com/t2504.html
http://goldentalk.com/t2510.html
http://goldentalk.com/t2270.html
http://goldentalk.com/t2413.html

You should find them useful.
Jim
(jambutty)