Hi Guys,
I am new here and have a problem that the "Experts" say can't have!!!
To start from the beginning, i have been running XP Pro, on a Dell Inspirion 1525 4gb Ram, running AVG Anti-Virus Ver 8.5, and tuning up regularly with IOBits Advanced System Care Ver 3. ( i find this one good, less services on later versions) IE7 is my default browser, though i never use it,, Chrome or Firefox.
I have been using a mobile broadband stick(Huawei E180) for the last 18 months, from the 3 network, with no problems.
About a month ago it got physically damaged and was out of warranty.
So i bought a WHITE unlocked Huawei E173 dongle (brand new boxed) from a down town phone / computer repair shop.
I was playing poker online and found i was being timed out in hands and there was lag in the chat box. I put this down to the dongle being a slower model.
Throwing good money after bad, i bought a second hand BLACK Huawei E1750 locked to my network.
Still seeing no improvement, i ran a full system scan with AVG, no viruses.
Not happy with the results ran I Advanced System care, again nothing out of the ordinary.
Ran Malware Bytes, found a Trojan, Banker6 DKV !! removed this.
I went online with IExplorer and noticed that my homepage(Google.com) wasn't loading and instead i was being taken to www.bXXXXXXX3.ie. Checked my homepage status and found that Google.com is being skipped.
Ran Netstat in the CMD prompt and found that my new page is opening lots of connections and ports
I delved a little deeper and found that not has only my homepage been skipped but also my Windows updates have been uninstalled, AVG has been rendered useless. and there is around 60 changes to the registry.
I would also appear that there is a console connection via the web to my machine.
There has been a new user account added named "Default User"
Numerous changes to the privileges in the Services.
Having used the dongle on a second machine, (Fujitsu Tower PC) i ran the above tests and got the same result, compromised browser, although no Trojans yet.
I enquired in the store if there are any known security risks with the dongles, containing viuses/Trojans/Worms. They said NO.
Seeking a second opinion i went to a main stream phone repair agent they said NO too. Not possible.
Fearing the SIM card was carrying the infection, i requested a new one.
Performed a fresh OS install, long format on the drive, on the Tower, inserted the BLACK dongle with the new sim.
Browser Compromised !!!!!!!!!!!! back to the fake page
Has the WHITE dongle infected the laptop ?? Has the laptop infected the BLACK White dongle? Compromised the firmware? Is this possible?
I can access the the advanced settings on the stick and there are a bunch of files that appear to be transferred on start up, there are import / export folders.
I Ran Super-anti Spyware, Malware-Bytes, Stinger, TDS Killer, All negative an online scan with ESAT negative.
I ran GMER with the with the dongle plugged in and it found a rootkit on the dongle.
I am downloading A new AVG programme and tried AVG's Tune up.
In the processes scan it is showing WiloGapp.exe and a few instances of Exploere.exe I have ended these processes.
Is recovery possible??
Any help would be greatly appreciated.
I can provide any outputs that you require.
Thanks in advance
RK
I am new here and have a problem that the "Experts" say can't have!!!
To start from the beginning, i have been running XP Pro, on a Dell Inspirion 1525 4gb Ram, running AVG Anti-Virus Ver 8.5, and tuning up regularly with IOBits Advanced System Care Ver 3. ( i find this one good, less services on later versions) IE7 is my default browser, though i never use it,, Chrome or Firefox.
I have been using a mobile broadband stick(Huawei E180) for the last 18 months, from the 3 network, with no problems.
About a month ago it got physically damaged and was out of warranty.
So i bought a WHITE unlocked Huawei E173 dongle (brand new boxed) from a down town phone / computer repair shop.
I was playing poker online and found i was being timed out in hands and there was lag in the chat box. I put this down to the dongle being a slower model.
Throwing good money after bad, i bought a second hand BLACK Huawei E1750 locked to my network.
Still seeing no improvement, i ran a full system scan with AVG, no viruses.
Not happy with the results ran I Advanced System care, again nothing out of the ordinary.
Ran Malware Bytes, found a Trojan, Banker6 DKV !! removed this.
I went online with IExplorer and noticed that my homepage(Google.com) wasn't loading and instead i was being taken to www.bXXXXXXX3.ie. Checked my homepage status and found that Google.com is being skipped.
Ran Netstat in the CMD prompt and found that my new page is opening lots of connections and ports
I delved a little deeper and found that not has only my homepage been skipped but also my Windows updates have been uninstalled, AVG has been rendered useless. and there is around 60 changes to the registry.
I would also appear that there is a console connection via the web to my machine.
There has been a new user account added named "Default User"
Numerous changes to the privileges in the Services.
Having used the dongle on a second machine, (Fujitsu Tower PC) i ran the above tests and got the same result, compromised browser, although no Trojans yet.
I enquired in the store if there are any known security risks with the dongles, containing viuses/Trojans/Worms. They said NO.
Seeking a second opinion i went to a main stream phone repair agent they said NO too. Not possible.
Fearing the SIM card was carrying the infection, i requested a new one.
Performed a fresh OS install, long format on the drive, on the Tower, inserted the BLACK dongle with the new sim.
Browser Compromised !!!!!!!!!!!! back to the fake page
Has the WHITE dongle infected the laptop ?? Has the laptop infected the BLACK White dongle? Compromised the firmware? Is this possible?
I can access the the advanced settings on the stick and there are a bunch of files that appear to be transferred on start up, there are import / export folders.
I Ran Super-anti Spyware, Malware-Bytes, Stinger, TDS Killer, All negative an online scan with ESAT negative.
I ran GMER with the with the dongle plugged in and it found a rootkit on the dongle.
I am downloading A new AVG programme and tried AVG's Tune up.
In the processes scan it is showing WiloGapp.exe and a few instances of Exploere.exe I have ended these processes.
Is recovery possible??
Any help would be greatly appreciated.
I can provide any outputs that you require.
Thanks in advance
RK