Here is my problem and I am told that you are the guys to ask.
The computer involved is running Windows XP SP2 with all updates installed dealing with the OS and has IE v 6.0.
Whenever I attempt to connect via dialup to the Internet (using IE) something odd happens. I connect for about 30 seconds but then I get disconnected causing the connection window to pop up but it doesn?t show any dialing information. The computer then appears to be dialing a phone number that is disconnected, I say this because I can hear through the external speaker the ?Please redial? message that one gets on the phone when you dial a wrong number. The computer continuously dials this number even with all IE and dialup windows closed until you restart the computer. After the reboot I have noticed a new dialup connection under Network Connections titled ?ENTER,? which has ?5? for the phone number.
I have tried several things to fix this which have included updating and running McAfee VirusScan Enterprise 7.1, using the newest McAfee Stinger, installing different anti-spyware/adware software, turning XP?s auto-update from Notify but don?t download to off, and researching online all the processes that appear on Windows Task Manager. Of these only three appear questionable: _p9hEPQkbj.exe, wuaclt.exe, and wmiprvse.exe
_p9hEPQkbj.exe
This appears to be directly connected to the problem being that it shows up in Windows Task Manager when the computer starts to disconnect.
Have found no info on this online
windows search results have this located in:
C:\ WINDOWS
_p9hEPQkbj.exe-3358166B.PF in C:\WINDOWS\Prefetch
wuaclt.exe
Shows up when it is not supposed to be in use, and when I use end _p9hEPQkbj.exe this will sometimes appear before _p9hEPQkbj.exe restarts.
Microsoft Auto-Upgrade process that has been known as a cover for a Trojan.
windows search results have this located in:
C:\WINDOWS\system32
C:\WINDOWS\ServicePackFiles\i386
WUAUCLT.EXE-399a8E72.PF in C:\WINDOWS\Prefetch
wmiprvs.exe
Sometimes appears along with wuaclt.exe.
Known windows process that could be used to cover a Trojan
windows search results have this located in:
C:\WINDOWS\system32\wbem
C:\WINDOWS\ServicePackFiles\i386
WMIPRVSE.EXE-28F301A9.pf in C:\WINDOWS\Prefetch
I have attempted to delete all occurrences of _p9hEPQkbj.exe and those located in C:\WINDOWS\Prefetch as well as removing the new connection account, but to no avail. They eventually return when I try to go online again and have to restart.
I personally believe that this is a newer Trojan like backdoor.clt I am at my wit's end and unfortunately I am a novice when it comes to this. I know just enough to get into some real trouble possibly enough too make things worse.
Please Help.
The computer involved is running Windows XP SP2 with all updates installed dealing with the OS and has IE v 6.0.
Whenever I attempt to connect via dialup to the Internet (using IE) something odd happens. I connect for about 30 seconds but then I get disconnected causing the connection window to pop up but it doesn?t show any dialing information. The computer then appears to be dialing a phone number that is disconnected, I say this because I can hear through the external speaker the ?Please redial? message that one gets on the phone when you dial a wrong number. The computer continuously dials this number even with all IE and dialup windows closed until you restart the computer. After the reboot I have noticed a new dialup connection under Network Connections titled ?ENTER,? which has ?5? for the phone number.
I have tried several things to fix this which have included updating and running McAfee VirusScan Enterprise 7.1, using the newest McAfee Stinger, installing different anti-spyware/adware software, turning XP?s auto-update from Notify but don?t download to off, and researching online all the processes that appear on Windows Task Manager. Of these only three appear questionable: _p9hEPQkbj.exe, wuaclt.exe, and wmiprvse.exe
_p9hEPQkbj.exe
This appears to be directly connected to the problem being that it shows up in Windows Task Manager when the computer starts to disconnect.
Have found no info on this online
windows search results have this located in:
C:\ WINDOWS
_p9hEPQkbj.exe-3358166B.PF in C:\WINDOWS\Prefetch
wuaclt.exe
Shows up when it is not supposed to be in use, and when I use end _p9hEPQkbj.exe this will sometimes appear before _p9hEPQkbj.exe restarts.
Microsoft Auto-Upgrade process that has been known as a cover for a Trojan.
windows search results have this located in:
C:\WINDOWS\system32
C:\WINDOWS\ServicePackFiles\i386
WUAUCLT.EXE-399a8E72.PF in C:\WINDOWS\Prefetch
wmiprvs.exe
Sometimes appears along with wuaclt.exe.
Known windows process that could be used to cover a Trojan
windows search results have this located in:
C:\WINDOWS\system32\wbem
C:\WINDOWS\ServicePackFiles\i386
WMIPRVSE.EXE-28F301A9.pf in C:\WINDOWS\Prefetch
I have attempted to delete all occurrences of _p9hEPQkbj.exe and those located in C:\WINDOWS\Prefetch as well as removing the new connection account, but to no avail. They eventually return when I try to go online again and have to restart.
I personally believe that this is a newer Trojan like backdoor.clt I am at my wit's end and unfortunately I am a novice when it comes to this. I know just enough to get into some real trouble possibly enough too make things worse.
Please Help.
Facebook
Twitter