UDP datagram trying to be sent?, Unwise problem
08 March 2003, 11:39 AM
#1
Scooby Regular
Thread Starter
08 March 2003, 07:56 PM
#2
Thanks for that.
Just downloaded a virus checker, found BugBear.A on my computer, done a search for it, something to do with emails and controlling my printer. Also downloaded a special BugBear remover and all seems to be successful.
But I still have Unwise problem that only allows me to fully start windows xp only when I have moved 3 processes for Unwise.exe from the task manager.
Any ideas?
Just downloaded a virus checker, found BugBear.A on my computer, done a search for it, something to do with emails and controlling my printer. Also downloaded a special BugBear remover and all seems to be successful.
But I still have Unwise problem that only allows me to fully start windows xp only when I have moved 3 processes for Unwise.exe from the task manager.
Any ideas?
08 March 2003, 09:28 PM
#5
Scooby Regular
Thread Starter
Look at the removal procedure regarding the registry settings (ie all the info about RunOnce & Unwise.exe).
Check that your machine does not have these settings.
and so on.
Which Virus checker to you get ??? Has it got the latest definition file ???
3. Deleting the value from the registry
CAUTION: Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
a. Click Start, and then click Run. (The Run dialog box appears.)
b. Type regedit, and then click OK. (The Registry Editor opens.)
c. Navigate to each of these keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServicesOnce
NOTE: All the keys do not exist on all the systems.
d. In the right pane, delete the value:
WinLoader %windir%\UNWISE.EXE
NOTE: This value may vary. Look for any value that refers to the files detected as Backdoor.NetTrojan.
e. Exit the Registry Editor.
Check that your machine does not have these settings.
and so on.
Which Virus checker to you get ??? Has it got the latest definition file ???
3. Deleting the value from the registry
CAUTION: Symantec strongly recommends that you back up the registry before you make any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.
a. Click Start, and then click Run. (The Run dialog box appears.)
b. Type regedit, and then click OK. (The Registry Editor opens.)
c. Navigate to each of these keys:
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServicesOnce
NOTE: All the keys do not exist on all the systems.
d. In the right pane, delete the value:
WinLoader %windir%\UNWISE.EXE
NOTE: This value may vary. Look for any value that refers to the files detected as Backdoor.NetTrojan.
e. Exit the Registry Editor.
08 March 2003, 09:33 PM
#6
I tried deleting the winloader/unwise from the registry but I delete them in the order below
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServicesOnce
and when I click back on the first one the winloader/unwise.exe is back as it is on all of them, I delete them and they come back.
I got something called Gladiator antivirus
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServices
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\
CurrentVersion\RunServicesOnce
and when I click back on the first one the winloader/unwise.exe is back as it is on all of them, I delete them and they come back.
I got something called Gladiator antivirus
08 March 2003, 10:50 PM
#7
Scooby Regular
Thread Starter
One or more of your files is infected ....
Try and get a version of Norton AV or Symantec which should find the relevant files. I've never heard of Gladiator
Try and get a version of Norton AV or Symantec which should find the relevant files. I've never heard of Gladiator
Trending Topics
08 March 2003, 10:58 PM
#8
just got norton and it said like you did that a backdoor trojan was detected, said it can't repair and gave me a link to the page you did.
Trouble is norton didn't finish installing properly and something happened and every time I click on norton or my gladiator virus checkers i get an error pop up saying;
windows cannot access the specified device, path or file. You may not have the appropriate permission to access the item.
Trouble is norton didn't finish installing properly and something happened and every time I click on norton or my gladiator virus checkers i get an error pop up saying;
windows cannot access the specified device, path or file. You may not have the appropriate permission to access the item.
09 March 2003, 06:11 AM
#9
Scooby Regular
Thread Starter
Which files did it say where infected ? You need to delete the ones that are infected.
I suggest that you uninstall both your AV products and then try and install Norton again.
I suggest that you uninstall both your AV products and then try and install Norton again.
09 March 2003, 09:08 AM
#10
Scooby Regular
Join Date: May 2001
Location: Scotland
Posts: 4,580
Likes: 0
Received 0 Likes
on
0 Posts
My bruv asked me to check out his pc last week, he'd been on ADSL for a week without a firewall 
I think the ISP's should provide some basic firewall software as the majority of people don't have a clue what's going on with their PC's.
You should have seen the amount of connections established on his PC
It's tighter than a ducks ar5se now though
I think the ISP's should provide some basic firewall software as the majority of people don't have a clue what's going on with their PC's.
You should have seen the amount of connections established on his PC
It's tighter than a ducks ar5se now though
09 March 2003, 10:45 AM
#11
Scooby Regular
Thread Starter
People still think that Hackers/Script Kiddies etc will only go after large corporates....the reverse is true....I see upwards of 20 scans of my broadband connection per day.
If you have an always on connection get a firewall & Anti Virus software!
Simply really.
James
How far have you got with your machine ?
If you have an always on connection get a firewall & Anti Virus software!
Simply really.
James
How far have you got with your machine ?
09 March 2003, 10:52 AM
#12
I wish I could uninstall both my av programs but when I click on control panel for example, a box with a red cross pops up saying 'cannot find C:\windows\etc\etc...' for whatever I click on, Norton, etc, can't even use the 'Run, regedit function.
Only the internet works!
Only the internet works!
03 August 2003, 10:45 AM
#15
Someone from 218.74.45.187, port 1653 wants to send UDP datagram to port 1434 owned by 'UNWISE.EXE' on your computer
This is what keeps happening (shown up by my firewall.
I have real problems with Unwise??, every time I turn the computer on it wont load until you remove Unwise from the proccesses in the task manager 3 times!
What is it?, and as I say I get lots of requests from IP addresses either trying to get to Unwise or Unwise trying to send stuff out?
I put a new firewall on yesterday and it actually said that an IP wanted to contact Unwise as soon as Windows XP started loading.
Any ideas?
[Edited by jameswrx - 3/8/2003 10:52:05 AM]
This is what keeps happening (shown up by my firewall.
I have real problems with Unwise??, every time I turn the computer on it wont load until you remove Unwise from the proccesses in the task manager 3 times!
What is it?, and as I say I get lots of requests from IP addresses either trying to get to Unwise or Unwise trying to send stuff out?
I put a new firewall on yesterday and it actually said that an IP wanted to contact Unwise as soon as Windows XP started loading.
Any ideas?
[Edited by jameswrx - 3/8/2003 10:52:05 AM]
Thread
Thread Starter
Forum
Replies
Last Post
