difficulties with bigpond internet security: cryptextq.dll, browselect.exe infection (and a faulty CD drive)
Ah, another learning experience…
Customer can’t connect to the internet… it suddenly stopped 2 days ago (and the PC seems to be running slower since then).
I quickly pinpoint that the PC cannot get its dhcp information from the modem.
In fact, it behaves like the ethernet port has developed a fault (an ipconfig returns: an internal error occurred… Unable to query host name).
I can see the system is running bigpond internet security (BIS)… a quick look shows that it protects against viruses, spyware, spam, etc etc. It looks like a norton wannabe.
So, since an infection shouldn’t be a problem, I decide to boot from my bartPE CD… but it won’t boot.
I look at the bios, make sure the CD needs to boot before the HDD, but it still won’t boot (it boots from the HDD instead).
While in XP, it cannot read the contents of the CD…
Hmmm, do I have a faulty CD drive and a faulty ethernet port? … possible, but unlikely.
I try plugging in an ethernet card, but that also doesn’t work.
I decide to take the PC back to the office and carefully check it out.
I find the CD drive is faulty (a spare one works just fine).
I get annoyed with the slow PC, so I uninstall Bigpond internet security (BIS), and install antivir and windows defender… I’ll update them once I’m connected to the net.
I boot bartPE, and it has no problem connecting to the internet over the ethernet port.
I try running LSPfix and winsockfix, but I start getting weird errors when running ipconfig (An error occurred while renewing interface local area network: An operation was attempted on something that is not a socket).
I take a look at the xp services, and many are disabled (bits, firewall, Computer browser, Application layer gateway service, ipsec services, logical disk manager). Trying to start them gives a few errors:
- 1068 (The dependency service or group failed to start)
- error 10044: the support for the specified socket type does not exist in this address family
- error 10047: An address is incompatible with the requested protocol was used
- error code -2147014852
I try “netsh winsock reset catalog” but it replies with: Unable to reset the winsock catalog. The system cannot find the file specified.
I also try “netsh int ip reset reset.log
I try copying tcpip.sys and ndis.sys from another system: ahh, this works better: ipconfig shows ethernet has a 169 ip address range… not quite what I wanted, but better than before.
I run “sfc /scannow”… and I can finally connect to the internet (yay!).
I update antivir and defender, and antivir immediately complains about: a5vdmow5yog.exe, cryptextq.dll, browselect.exe
So the system was infected! and Bigpond I.S. didn’t even hint at there being a problem… Once again: a free antivirus beats a payed-for one…
But as expected, antivir cannot delete the infected files… soon after that, the internet connection drops out again… but I’m not worried now.
I remove the hard drive, scan it from the office PC (and remove the nasties), plug the HDD back to its home PC, and the network is fine (after I reset winsock again using “netsh winsock reset catalog”).
I put my usual suite of internet protection software, and return the PC to the customer.
He is happy to have the PC back (I had the PC for about 1 week). I explain what I found, and he is understandably concerned about the infection.
He becomes even more concerned when I explain how spyware operates. He does internet banking, so, as usual, I urge him to change his password once I leave.
He does admit that his confidence in internet banking has been shaken. Partly because the idea of something monitoring your keystrokes is unsettling, and partly because he paid for protection which seemed to be ineffective.
And I’ve learned to not assume a security program will do what it should.
BIGPOND SECURITY IS A PIECE OF CRAP AND I WANT TO KILL IT!!!!!!
NONE SHOULD USE IT!
Do not under any circumstances get big pond security. Its a rip off. I incurred a Trojan virus. Did Big pond security pick it up? No way Jose.
yep bigpond is crap, it cannot delete certain spyware, viruses it seems to be fairly good, and anti spam is no such thing with the program, always displays; cannot connect with anti spam server. also much failed updates. recommended programs to download are; Avast antivirus, and spybot.
Hope that is enough info guys n gals.
Thank for the feedback people.
Its good to hear that I’m not the only one to have problems with BIS.
I’d like to expand on Samurai’s list and say that avira antivir is really good… I use it together with windows defender, winpatrol, spyware blaster.
Always remember: there is NO security software that can always guarantee against infection. Just beware when using P2P filesharing, IM, and make sure you always update your software (including windows updates).
CAN ANYONE TELL ME HOW TO UNINSTALL BIS!! IT IS HAUNTING ME!!
Have you spoken to BP and asked them ? There is a removal tool that can be emailed to you to remove it .
Afterwards empty the recycle bin and delete temp internet files.
or try this..
http://www.authentium.com/rntimages/kb/2664/BPS_Removal.exe
save to desktop and run.
When finished restart
DO NOT GET, USE, SNIFF EVEN. RIP OFF. I HAVE SPENT 2 DAYS SORTING OUT THE MESS IT HAS ALLOWED ONTO MY COMPUTER. GRRRRRRRRRRRRRRRRR
Big thankyou to Grrrrrrrrrr, for the authentium link, I’m not a techie and have been having computer problems for months with BIS and after days of useless phone calls and emails Telstra still could not help me get rid of it! Finally it looks like its gone !!!!!
hmnn….
If you want to get rid of bis, call bigpond security tech support at 133 933 then option 1, option 1 , option 1. Just request for the removal tool so that it will automatically delete the residual files stored on your pc. for further help on any bis problem, u might want to try their online technical support at http://bp-iss.custhelp.com , it will help a lot and would save much of your time calling their telephone support
if bis is installed on ur pc and u cant access certain site, click the “x” button on top right of your bis console, then select bp security set-up. then untick block ads, bloc pop-up and anti-phishing. then click save or apply and click ok.. then try again to visit the site. this should work.
Daryl,
you just have to call BIS and request for a removal tool, that is ofcourse you have to follow the instructions carefully,even if your not a “techy person” you can still do it just as long you know some basic knowledge in computer.simple as that.
And guys,if you know that BIS is a crap,,then why the hell people are still subsribing to BIS?….
and also regarding SPYBOT?…that is only a false positive,so even if your try to delete it several times,,that wont work.:)
After many different installs on customers machines and many different problems with connecting after install. I rang bigpond security tech support and after discussing with the third tech found solution to all problems.
You do at own risk
First remove all real time scanners e.g. spybot search and destroy, ad-aware etc. (malware anti bytes is ok as long as you do not use real time protection)
Remove any anti-virus programs
Obtain bigpond security toolkit via email link sent when requested from tech support and use to uninstall bigpond security to remove all traces left in registry after previous install attempts.
Scan and Clean registry till no problems reported (3x on one machine) I used ccleaner.
Turn off windows defender
Turn off internet explorer’s phishing filter and privacy settings.
Open email sent by bigpond containing product code and link to installer.
Read carefully as it contains special instructions for vista UAC installation.
When ready disable windows firewall and immediatly click install link in email.
Follow install instructions.
When finished install and update you will need to shut down computer shut down all routers and modems then restart modem first, when fully booted the router next if used, and then computer. This is needed to set correct firewall settings.
WARNING
You can use either windows to control phishing sites or bigpond security not both, same applies to internet explorer inprivate filtering or bigpond inprivate filtering not both also use windows firewall or bigpond firewall not both and realtime scanning such as windows defender or bigpond anti-spyware not both.
My computer fly’s now after weeks of false spyware positives, 30 second page loads sometimes unable to display at all. sudden freezes requiring reboot etc.
All problems gone after doing above
Hi amarkrieder,
Thanks for the detailed information.
But it also proves that most people should stay away from BIS.
Your information will be useful for technically competent people who want to use BIS (if there is anyone like that out there).
But for an average (non-technical) person … ie most people who get “convinced” into buying BIS… removing and re-installing BIS is probably too complex, and unlikely to be done correctly.
28th OCt 2009. BIS. 3 months of my internet usage being blow over the limit, last month 25gb gone in 5 days after the billing cycle, never had any probs with internet usage till I tried BIS, being told many times its d/l’s are unmetered, then was told max of 15mb, well this piece of **** the whole 3 months Ive had it downloads/fails/downloads/fails. Silly me read some crap about it but was nearly 1 year ago was thinking they should have the crap sorted out NO. I agree KEEP AWAY from this piece of crap security, uses so much resources, pc runs hell slow, internet is hell slow. BIS people recommended I try turning it off and seeing if net runs faster (it did) but they want me to pay for it, but turn it off so I have quicker internet access? What a ****ing joke.
Thank you fr3stiler for your comments. Same has been happening to me with BPS since took it on mid August on changing to broadband after 11 happy years on dial up doing everything that I want at under 300mb per month. In the last 3 weeks have more than 900mb with spikes each time the BPS is updated. Only 6 of which are unmetered. Accounts told me today that updates have been unmtered but as from last week there will be a ‘charge’ of 15mb per month but didn’t know why subscribers hadn’t been notified.
Hi there, I enjoy reading through your post.
I like to write a little comment to support you.