I uninstalled the Belkin Wireless and reinstalled it. Everything went OK. I have a new (to me) "Wireless Network Connection" window (perhaps this has to do with the new SP 2 for Windows XP) asking which connection I would like to use - there are two: mine & my very nearby neighbor's. Of course, I chose mine - however it says "unsecured wireless network" under the name of my connection (my neighbor's says "security-enabled" ...hmmm). What now? --V
If your connection is "unsecure", try enabling your hardware's wireless security feature (I assume it should have one). The most typical for wireless routers would be a WEP key. You provide an alpha-numeric key phrase, then the hardware generates keys. Then your connection should be secure. btw this is a simple, generic process, not specific to Belkin. I use Linksys myself.
On my router, the WEP key is controlled by the router. The Drivers allow me to go to a website dedicated to the router. Once I give the site the correct router name and password (the manufacturer usually provides this--check your manuel.) I'm able to access all the router's security features.
I think you are on the right track - since I did not install all the wireless stuff, I don't know where to find this WEP key. On the Dell? Or router itself? The Dell is not directly connected to the router - the router is connected to a Compaq in another room and the Dell is networked to that machine via cards. Do I sound like I know what I am talking about?!
Yes, I looked into the settings on the driver and there is a way to enable the wep key - but I am still confused. If I change the setting to enable, I am then asked for a word which will then give me four keys...I chose one key. Then what? Do I then go to the Dell with that key, enable WEP key and enter that key? Oh, and should I have chosen 64 or 128 bit? Is all this necessary? Why didn't my friend do this already!!!!
Here's a few other things i'd do to help 'lock' down the security on your wireless router:
1. Set the router to:
a. Disable broadcasting SSID.
b. Allow only known ethernet addresses
2. When you set the WEP key on your router and it generates 4 encryptions keys, select one, then make sure the wireless card in your computer is set to the same WEP key and encryption key index. Use the highest number of encryption bits (64 - 128) allowed by both your router and wireless adapter card (in your computer).
-
Step 1 will keep alot of unauthorized people off your network (unless they're good at hacking wireless connections), and the second will keep the information being tramsitted wireless less easy to read if it's being 'sniffed'.
-
Remember, if both your wireless adapter's (router and computer) must match exactly, otherwise you won't have a internet/intranet connection.
-
They guys over in the "Wireless Networking" forums might be able to help you with your Dell router and getting your security settings configured; mine is a Linksys.
Hi, when using internet, our home page changes on it's own to search-paga.com - I have tried to change our default home page to one of my choice and this works for a short time and then it changes back again to search ... again. Can you offer advice please.
It sounds like your system hass 'acquired' a home-page hijacker; normal anti-spyware and anti-virus programs usually can't remove them. I'll need to see what's currently running on that system first; post up a HiJackThis log for analysis and start a new message thread so it won't get confused with this one.
Download, then unzip to "
C:\HJT", the newest version of
HiJackThis;
version 1.99.0. Now, let's do the following:
1. Click "
Scan"
2. Click "
Save log"
Notepad will pop-up with a copy of your system long, then:
1. "
Edit | Select all"
2. "
Edit | Copy"
Next, let's "
Reply" back to this post, then:
1. Right-click on the message body.
2. Select "
Paste"
Then just "
Post" the message, and we'll analyze your log shortly, then post back any recommendation(s).
It looks like a trojan somehow has found it's way onto your system. Let's see if the online scan can recognize and remove it, then use HiJackThis for the rest.
It'll take a few minutes to download (especially with a dialup connection), so be patient. When it's down:
1. Select all available drives.
2. Check(tick) "
Auto Clean".
3. Click "
Scan".
When it completes, post back the full filename of any files that cannot be cleaned or deleted.
Run
HiJackThis then:
1. Click "
Config..."
2. Click "
Misc Tools"
3. Click "
Open Process manager"
-
Next, while holding down the
CTRL key, locate (
if present) and click on (
highlight) each of the following:
C:\WINDOWS\inetm\winlogon.exe
Now double-check and make sure that only those item(s) above are highlighted, then click "
Kill process". Now, click "
Refresh", check again, and repeat this step if any remain.
Before we begin, let's move
HiJackThis to it's own folder; like
c:\HJT. When we're done '
cleaning' off your system, we're going to '
flush' the temporary folders which, with
HiJackThisin it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Also move the "
Backups" folder, for
HiJackThis, if present.
Run
HiJackThis and click "
Scan", then check(tick) the following, if present:
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe O4 - Global Startup: Digital Line Detect.lnk = ?
Now, with all windows closed except
HiJackThis, click "
Fix checked".
Locate and
delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
folders...
C:\WINDOWS\inetm
(Check the contents of the above folder if more than one file is located in it, and post back the results).
Mike, Thanks for your help I have done this and it seems to work, however now on start up I get message; Windows cannot find c:windows\intem\winlogon.exe - its says its in the registry, thank you for all your help. Nick
Hi new log file below, windows now starts up saying that windows is missing C:windows\inetm\winlogon.exe - its says its specified in the registry - windows still work fine. Thanks for you support it is greatly appreciated Nick
Logfile of HijackThis v1.99.0 Scan saved at 13:24:37, on 31/01/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Midnight Star
4.8K Posts
0
January 23rd, 2005 00:00
There's nothing in your log that stands out as a problem. If your using broadband, try a repair on your wireless adapter and see what happens.
Mike.
V from CA
127 Posts
0
January 23rd, 2005 02:00
Dogen
5 Posts
0
January 23rd, 2005 17:00
Dogen
5 Posts
0
January 23rd, 2005 20:00
On my router, the WEP key is controlled by the router. The Drivers allow me to go to a website dedicated to the router. Once I give the site the correct router name and password (the manufacturer usually provides this--check your manuel.) I'm able to access all the router's security features.
hope this helps!
V from CA
127 Posts
0
January 23rd, 2005 20:00
I think you are on the right track - since I did not install all the wireless stuff, I don't know where to find this WEP key. On the Dell? Or router itself? The Dell is not directly connected to the router - the router is connected to a Compaq in another room and the Dell is networked to that machine via cards. Do I sound like I know what I am talking about?!
I think I need some step-by-step help...help! --V
V from CA
127 Posts
0
January 23rd, 2005 21:00
Midnight Star
4.8K Posts
0
January 24th, 2005 05:00
Nick B
5 Posts
0
January 24th, 2005 08:00
Midnight Star
4.8K Posts
0
January 24th, 2005 09:00
It sounds like your system hass 'acquired' a home-page hijacker; normal anti-spyware and anti-virus programs usually can't remove them. I'll need to see what's currently running on that system first; post up a HiJackThis log for analysis and start a new message thread so it won't get confused with this one.
Download, then unzip to " C:\HJT", the newest version of HiJackThis; version 1.99.0. Now, let's do the following:
1. Click " Scan"
2. Click " Save log"
Notepad will pop-up with a copy of your system long, then:
1. " Edit | Select all"
2. " Edit | Copy"
Next, let's " Reply" back to this post, then:
1. Right-click on the message body.
2. Select " Paste"
Then just " Post" the message, and we'll analyze your log shortly, then post back any recommendation(s).
Mike.
Nick B
5 Posts
0
January 24th, 2005 11:00
Thanks for your help on this problem, Log file below, Nick B
Logfile of HijackThis v1.99.0
Scan saved at 13:42:06, on 24/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\inetm\winlogon.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\inetm\explorer.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\MSIMN.EXE
C:\DOCUME~1\Rob\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.search-paga.com/10040/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
F3 - REG:win.ini: run=C:\WINDOWS\inetm\winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Midnight Star
4.8K Posts
0
January 24th, 2005 20:00
Nick B,
It looks like a trojan somehow has found it's way onto your system. Let's see if the online scan can recognize and remove it, then use HiJackThis for the rest.
-
Let's get started...
Go to www.trendmicro.com, and then:
2. Click " Scan now, it's free".
2. Check(tick) " Auto Clean".
3. Click " Scan".
Run HiJackThis then:
2. Click " Misc Tools"
3. Click " Open Process manager"
Before we begin, let's move HiJackThis to it's own folder; like c:\HJT. When we're done ' cleaning' off your system, we're going to ' flush' the temporary folders which, with HiJackThis in it's current location, we'll lose both the program and the backups it creates. These backups are important in case we need to restore any 'fixed' entry(s) later.
Run HiJackThis and click " Scan", then check(tick) the following, if present:
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inetm\winlogon.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
Now, with all windows closed except HiJackThis, click " Fix checked".
Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:
Post back a new log.
Nick B
5 Posts
0
January 26th, 2005 07:00
Midnight Star
4.8K Posts
0
January 27th, 2005 03:00
Post back a new log and let's see what left (if anything).
-
Mike.
Nick B
5 Posts
0
January 31st, 2005 11:00
Hi new log file below, windows now starts up saying that windows is missing C:windows\inetm\winlogon.exe - its says its specified in the registry - windows still work fine. Thanks for you support it is greatly appreciated Nick
Logfile of HijackThis v1.99.0
Scan saved at 13:24:37, on 31/01/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\DOCUME~1\Rob\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.maywhetter.co.uk/login.php
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.euro.dell.com/countries/uk/enu/gen/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Tiscali 10.0
F3 - REG:win.ini: run=C:\WINDOWS\inetm\winlogon.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpyKiller] C:\Program Files\SpyKiller\spykiller.exe /startup
O4 - HKCU\..\Run: [BestPopUpKiller] C:\Program Files\BestPopUpKiller\BestPopupKiller.exe /startup
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AOL 8.0 Tray Icon.lnk = C:\Program Files\AOL 8.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Midnight Star
4.8K Posts
0
January 31st, 2005 17:00
Nick B,
My software missed that entry, sorry ... :( I've just added it to my 'bug-list'!
-
Let's go ahead and have HiJackThis fix this...
F3 - REG:win.ini: run=C:\WINDOWS\inetm\winlogon.exe