Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: Overstock.com and Bizrate.com alerts

  1. #1
    ekutay Guest

    Default Overstock.com and Bizrate.com alerts

    I have been getting outbound alerts that winlogin.exe is attempting to contact both overstock.com and bizrate.com. I already have the firewall configured to block access to both of these hosts.

    It's driving me crazy that I cannot determine where on my computer the origin for these alerts lies. On my old computer, I had many access attempts. When I bought a new computer, I really locked it down tight before even going onto the web. I use zone alarm pro, spyware blaster, spybot - search & destroy and grisoft's anti-virus.

    Can anyone help me with how to eliminate bizrate and overstock alerts?

    Win Xp Service Pack 2 (updated with latest security patches)
    Firefox browser

    (I'm a newbie to forums...I hope I posted this in the right areas.)

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.1

  2. #2
    Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: Overstock.com and Bizrate.com alerts



    Hi ekutay,












    PLEASE go to the following site and download Ewido.
    If any type of nasty bug is installed in your computer, Ewido will find and remove the problem.
    Here is the link and instructions.










    http://www.ewido.net/en/










    After the installaton, search for updates and download any available. Start your computer in safe mode , open Ewido,press scanner, complete system scan, fix anything that is found, next run a full virus scan also fix any problems you have. Restart your computer normally and run some more scans with Ewido and your virus scanner, to make sure your clean. If after the second round of scans the trojan still exist we will have to turn off system restore , go back into safe mode again going through the same procedure as before but see if this works first.








    Hope this info has helped you, if not PLEASE post back.








    Thank you for your time and have a nice day!






























    SlyFox:8}
    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













  3. Default Re: Overstock.com and Bizrate.com alerts

    I do believe you have the "nasty bug" as SlyFox puts it known as W32.Randex.E. Symantec Security Response is a place to look if after using Ewido it is not found. If you have an Antivirus program already installed, I'd suggest you run it first.

  4. #4
    ekutay Guest

    Default Re: Overstock.com and Bizrate.com alerts

    Slyfox and Bill,

    Thanks to both of you for the replies. Slyfox, I followed all of your instructions carefully. Ran them in normal mode, safe mode and safe mode (with System Restore disabled.) I ran AVG antivirus and also downloaded AntiVir (in all modes), as it is good at unpacking and scanning all files. No virus' detected.

    I ran ewido (in all modes). Nothing detected.

    I have Webroots Spysweeper and that (in all modes). Nothing detected.

    I ran Spybot - Search & Destroy (in all modes). Nothing detected.

    I ran AdAware (in all modes). Nothing detected.

    Bill, I read up on the W32.Randex.E. According to the Symantec post, I checked the running processes and don't have any of the registry keys affected (as stated by Symantec.) The only process close to the description in the bulletin that I have running is "winlogon.exe," which Symantec says is valid. The infected copy is called "Winlogin," with an "i". I also didn't have any of ini entries that would show that I had W32.Randex.E.

    My thanks to both of you for the quick responses. I'll keep looking to see if there is something that I missed. The only thing that I can think of is running hijackthis and posting a log on that site to see if someone can spot something.

    Again, thank you both...

  5. #5
    Join Date
    Apr 2004
    Location
    East Coast of Florida - Lightening/Shark Bite Capital of the World
    Posts
    2,477

    Default Re: Overstock.com and Bizrate.com alerts



    Hi ekutay,













    You are very welcome!

    Good Luck!



























    SlyFox
    "Politeness costs nothing and gains everything".

    Click here for ZA Support

    Avail. 24x7 - Excl. Holiday













  6. Default Re: Overstock.com and Bizrate.com alerts

    I'm glad you don't seem to have an infection. The reason for my thoughts is that in your first post, you said the application was winlogin.exe not winlogon.exe as you now state. The winlogin.exe is a nasty.

  7. #7
    ekutay Guest

    Default Re: Overstock.com and Bizrate.com alerts

    You are quite right, Bill...I did accidentally state that it was winlogin instead of winlogon...sorry for the sloppy reporting...again, thanks for your help...

  8. #8
    billc Guest

    Default Re: Overstock.com and Bizrate.com alerts

    No problem. It's good to know you don't have the "wrong" one.

  9. #9
    nitascript Guest

    Default Re: Overstock.com and Bizrate.com alerts

    Winlogon.exe is the windows logon process, but there is also
    the W32.Netsky
    mass mailing worm that copies itself as winlogon.exe and the Backdoor.Padador trojan using winIogon.exe.
    I think that last one is a capital
    i instead of an L (winiogon).
    Read this
    Trend Micro
    advisory on W32.Netsky at: http://uk.trendmicro-europe.com/enterprise/vinfo/encyclopedia.php?LYstr=VMAINDATA&VName=WORM_NE TSKY.D
    You can also do an online virus scan there, or I actually prefer Symantec.
    Symantechttp://securityresponse.symantec.com...tsky.d@mm.html
    Interesting you mentioned Overstock.com, since they are one of the biggest spammers.
    Contrary to all their press about anti-spam, they sell your email address to porn lists.
    If you order anything from them, always use a disposable email address.

  10. #10
    wbenton Guest

    Default Re: Overstock.com and Bizrate.com alerts

    Did you ever find out what caused the winlogon.exe process to try and access those sites?

    Walt

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •