I have scan and found recently this Dialer on a computer in my network with
the Microsoft Antispyware (Beta) program.
Registry entries:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
Units\11010101-1001-1111-1000-110112345678

The Microsoft antispyware removes this key from the regestry but the Dialer
activeX is steel running... so if you try to run IE it will infect the
registry again.
There wore some other files running on the system. I suspect other dialer is
running and the sotware didn't detect.
The files are:
SVCHOP.EXE, VXH8JKN1.EXE, VXH8JKN2.EXE, VXH8JKN3.EXE, VXH8JKN4.EXE,
VXH8JKN5.EXE, VXH8JKN8.EXE, NEWDIAL.EXE, PAYDIAL.EXE, TIBS.EXE and
KERNELS32.EXE

I can send this files and the report by email if you want.

Bye, bye
<: Niendertal :>

Hi Niendertal;
It's important in this situation to attempt removal with the latest definition
updates, in Safe boot mode, using a full deep scan before reporting the problem.
Getting to Safe mode:
http://service1.symantec.com/SUPPORT...01052409420406

If the problem remains, use MSAS > Tools > Suspected Spyware Report to notify
SpyNet of the failure to remove.
--
Regards, Dave


Niendertal wrote:
> I have scan and found recently this Dialer on a computer in my network with
> the Microsoft Antispyware (Beta) program.
> Registry entries:
> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution
> Units\11010101-1001-1111-1000-110112345678
>
> The Microsoft antispyware removes this key from the regestry but the Dialer
> activeX is steel running... so if you try to run IE it will infect the
> registry again.
> There wore some other files running on the system. I suspect other dialer is
> running and the sotware didn't detect.
> The files are:
> SVCHOP.EXE, VXH8JKN1.EXE, VXH8JKN2.EXE, VXH8JKN3.EXE, VXH8JKN4.EXE,
> VXH8JKN5.EXE, VXH8JKN8.EXE, NEWDIAL.EXE, PAYDIAL.EXE, TIBS.EXE and
> KERNELS32.EXE
>
> I can send this files and the report by email if you want.
>
> Bye, bye
> <: Niendertal :>