winDSL.exe?

  • Thread starter Thread starter Angus Rodgers
  • Start date Start date
A

Angus Rodgers

Yesterday evening my daughter opened a couple of files
apparently sent to her by friends using MSN Messenger.

Her Win98SE system acquired a new file:
C:\WINDOWS\SYSTEM\winDSL.exe
which started trying to connect to the Net, but Kerio
caught the attempts, and I created a rule to stop the
connections.

Today I used Mike Lin's Startup Control Panel to stop
this program being executed at startup. It defended
itself by creating further startup entries, but in the
end I managed to disable all these, and move the file
to what I hope is a safe location. (I'm a bit vague as
to what exactly happened: perhaps there were initially
two entries, of which I only spotted one?)

Avast! antivirus failed to detect anything amiss. I
haven't yet run Ad-aware, Spybot, or Stinger (I haven't
updated them recently, because I resent every minute
spent dealing with this kind of ******* ****, and I
admit to having become lazy).

A Google search didn't turn anything up, either.

Does anyone here know anything about this particular
*&$!£#* nuisance?

The only symptom I noticed today was that streaming
audio playback by RealPlayer stuttered all the time.
I think this may have been caused by a high level of
CPU activity, but I didn't look into the problem very
carefully - I just wanted to get rid of the wretched
thing.

(For all I know, this may just have been a diversion,
and the real intrusion may be continuing. I'm under
no illusion that just deleting this one file will
necessarily have fixed the problem.)
 
From: "Angus Rodgers" <[email protected]>

| Yesterday evening my daughter opened a couple of files
| apparently sent to her by friends using MSN Messenger.
|
| Her Win98SE system acquired a new file:
| C:\WINDOWS\SYSTEM\winDSL.exe
| which started trying to connect to the Net, but Kerio
| caught the attempts, and I created a rule to stop the
| connections.
|
| Today I used Mike Lin's Startup Control Panel to stop
| this program being executed at startup. It defended
| itself by creating further startup entries, but in the
| end I managed to disable all these, and move the file
| to what I hope is a safe location. (I'm a bit vague as
| to what exactly happened: perhaps there were initially
| two entries, of which I only spotted one?)
|
| Avast! antivirus failed to detect anything amiss. I
| haven't yet run Ad-aware, Spybot, or Stinger (I haven't
| updated them recently, because I resent every minute
| spent dealing with this kind of ******* ****, and I
| admit to having become lazy).
|
| A Google search didn't turn anything up, either.
|
| Does anyone here know anything about this particular
| *&$!£#* nuisance?
|
| The only symptom I noticed today was that streaming
| audio playback by RealPlayer stuttered all the time.
| I think this may have been caused by a high level of
| CPU activity, but I didn't look into the problem very
| carefully - I just wanted to get rid of the wretched
| thing.
|
| (For all I know, this may just have been a diversion,
| and the real intrusion may be continuing. I'm under
| no illusion that just deleting this one file will
| necessarily have fixed the problem.)
|
| --
| Angus Rodgers
| (twirlip@ eats spam; reply to angusrod@)
| Contains mild peril

Please submit "winDSL.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against 18 different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results.
 
From: "Angus Rodgers" <[email protected]>

| Yesterday evening my daughter opened a couple of files
| apparently sent to her by friends using MSN Messenger.
|
| Her Win98SE system acquired a new file:
| C:\WINDOWS\SYSTEM\winDSL.exe
| which started trying to connect to the Net, but Kerio
| caught the attempts, and I created a rule to stop the
| connections.
| [...]
Click to expand...
Please submit "winDSL.exe" to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against 18 different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results.
Click to expand...

I just listed across the LAN from my own PC, and Kapersky
identified it instantly as "Backdoor.Win32.SdBot.gen" and
blocked access. If it's still worth submitting it to that
website, I'll either have to disable Kapersky temporarily
or else set up an e-mail program on the other PC. (Maybe
tomorrow.)
 
Angus said:
Yesterday evening my daughter opened a couple of files
apparently sent to her by friends using MSN Messenger.

Her Win98SE system acquired a new file:
C:\WINDOWS\SYSTEM\winDSL.exe
which started trying to connect to the Net, but Kerio
caught the attempts, and I created a rule to stop the
connections.

Today I used Mike Lin's Startup Control Panel to stop
this program being executed at startup. It defended
itself by creating further startup entries, but in the
end I managed to disable all these, and move the file
to what I hope is a safe location. (I'm a bit vague as
to what exactly happened: perhaps there were initially
two entries, of which I only spotted one?)

Avast! antivirus failed to detect anything amiss. I
haven't yet run Ad-aware, Spybot, or Stinger (I haven't
updated them recently, because I resent every minute
spent dealing with this kind of ******* ****, and I
admit to having become lazy).

A Google search didn't turn anything up, either.

Does anyone here know anything about this particular
*&$!£#* nuisance?

The only symptom I noticed today was that streaming
audio playback by RealPlayer stuttered all the time.
I think this may have been caused by a high level of
CPU activity, but I didn't look into the problem very
carefully - I just wanted to get rid of the wretched
thing.

(For all I know, this may just have been a diversion,
and the real intrusion may be continuing. I'm under
no illusion that just deleting this one file will
necessarily have fixed the problem.)
Click to expand...

hi, if you google for windsl you find lots of info about it,
but mostly in german. Looks like it is a dialer setup of some sort.
rw
 
Back
Top