Hey all,
I was working on my bros computer that I haven't worked on in quite awhile. While taking some things out of the windows/runservices registry key, I noticed that dnetc was being run with the -hidden command line. Since I didn't put it on my brothers computer, and he didn't even know what it was, I became suspicious.
It was in the windows/system folder, so I opened up the ini and the email address was something like bymer@????.kiev.ua Not sure on the ua or on what the ??? were. I wrote it down but left it at his house of course. http://www.sysopt.com/forum/smile.gif
So, I'm assuming this got on his machine by way of a virus or a worm, and that just makes me really mad!!!
The guy doing this should go to jail, not the kid from the south!
So, how did he do it? Have any of you heard of this happening before? And are you as mad about it as I am?
thanks,
dragonB

And dont forget to unload the "bymer-scanner".
This was what I had additionally installed on my machine and it always tried to establish a connection to the internet to send some data. It too runs in hidden mode, disguised as some win program, only way to say which one is the wrong one is to verify the folder it runs in.

Get the info and send it off to Dnet to let them knowwhat happened, so that that guy doesn't get any credit for the blocks that came off your brothers system.
Dete

Oh I forgot. Simply deleting it from the registry doesn´t help. It writes itself into the registry again upon boot over and over again. First delete the file (I think it was in the win\system folder too) and then the registry keys.

Check http://www.distributed.net/trojans.html.en for a utility to get rid of the Bymer worm. You may also want to hit www.symantec.com (http://www.symantec.com) and download the trialware Norton AntiVirus, since the trojan has been known to compound itself with the CIH virus, making it a compound threat.

erm you might have yourselves a case of hackeritis. that kiev.ua would be Kiev Ukraine (former USSR).

the ???? may be Cyrillic script that isn't read properly under English windows.

Unless you or your brother have any Russian software installed on that PC, I would follow the advice of others who have posted and run an anti-virus or trojan/worm sweep of that PC quickly.

If it's writing itself back, the problem is hiding elsewhere.

Good luck with getting it sorted out.

thanks guys,
I figured it wouldn't be too hard to get rid of(with the virus scanning stuff.) but it just really bugged me.
Oh and the email address was
bymer@inec.kiev.ua

my brother emailed it to me.
dragonb