[TrashMan]

I formatted my HDD and re-installe dwindows, and just for protection I got NOD32 and SpyBot S&D.

Alltough I got both up and running, something is wrong.

My internet connection broke, and when I clicked on the connection icon, I noticed that the username and phone number were changed!
SpyBot reported some SDO Exploit or something after I preformed a scann (some 5 thing I removed), but it appeared again (I immunized my Pc)!!!

anyway, anyone got a clue to what this is?

[Swamp_Thing]

As a rule of humb, when reinstalling Windows you should update and install all anti-virus and firewalls you´ll need, BEFORE you connect to the net. Leave the cable unplugged, just in case. Then when everything is running nice and secure, then you can go online.

As for your particular problem, i had a similar one back in the day when i still used 56k. I had to wite to my ISP warning them that my connection had been tampered with. I didn´t want to receive a 1000 Euro phone bill. I discovered that the guy had changed username and was messing with my network.
Get a solid firewall and deny access to everything. Then as programs need access, you manually allow or deny permission.
If i were you, i would format again and start over. If you need something that you can only get online, get it first and save it somewhere, so that you don´t need to go online before your system is secure.
A good firewall and anti-virus is Trend Micro PC-cillin. Easy to use, always up to date, and goes easy on the system resources, unlike Norton.

[Grey Wolf]

The exploit it recorded is a DSO Exploit, which is an internal flaw in Windows you can't remove at the current moment.

[Thrilla]

Anybody ever heard of this?

isass.exe or sbak.exe?

[Windrunner]

Originally posted by Thrilla
Anybody ever heard of this?

isass.exe or sbak.exe?

do you mean lsass.exe?

IF thats it then its the sasser virus, that disconnects you from the net and reboots youe comp.

And thrilla try using Giant antyspyware to find that spyware. That software has the highest rate in finding spyware.

[TrashMan]

A fried of mine told me this was a dailer program. It changes your connection seeting evey half an hour or so...

There is a program to remove it.. And I better get Service Pack 2..

[Thrilla]

Originally posted by Windrunner


do you mean lsass.exe?

IF thats it then its the sasser virus, that disconnects you from the net and reboots youe comp.

And thrilla try using Giant antyspyware to find that spyware. That software has the highest rate in finding spyware.

I was wondering what that was.  It was on my old computer for about a year.  At first it would kick me off every once in awhile, but never rebooted my computer.  That computer is long and buried now.  I was just wondering, so I don't get it on my new one.  Thx.  Personaly the sbak.exe file is the more annoying of the two.  It just slows down you computer really really slow.  I could never get it off the computer, but I was able to turn it off when my computer started up however.

[SadisticSid]

Originally posted by Windrunner


do you mean lsass.exe?

IF thats it then its the sasser virus, that disconnects you from the net and reboots youe comp.

And thrilla try using Giant antyspyware to find that spyware. That software has the highest rate in finding spyware.

No, lsass.exe is a vital part of Windows - but it can be overwritten with Sasser code. There's no way to tell short of having a program examine it, but it's unlikely unless you're using 3 year old definition files.

GIANT antispyware is great, but it's now been bought up by Microsoft who've made it free to Windows users - you can download a beta version of it from here.

[TrashMan]

No..this ain't npo dialer program.. The ani-dialing software didn't work...

I tried going trough the Processes tree and looking for something unfamiliar and killing it. After all, whatever it is, it's on my Pc.
I think I found it...