Dialer got in through internet and can't get to remove it.. any cl

[Guest]

Navigating in Internet a dialer snicked into my computer and I am not able to
remove it. I was connecting using ADSL, but had also a normal modem to the
telephone line for normal dialing (which has now been disconnected for good)
.. I do have Norton AV and ADAwarePersonal updated at latest release and
active, but that would not stop it from getting through.
I have tried an old version of mcafee clean sdat that deleted 20 and more
suspected files including several dialers... which made me think I solved it,
but at the next connection to the internet the same dialer stepped in... and
there is no way to get rid of it unless I kill the application through task
manager, but that does not last for long... I am going to download a latest
version of sdat from mcafee... and try, hoping it works.. Anyway does anyone
one have any clue on how to protect from illegal dialer and also how to
remove it?

 

[Dave Patrick]

Since you now know the name of the executable search it out and delete it.
Natively you can; Start\Settings\Control Panel\Administrative Tools\Computer
Management(Local)\System Information\Software Environment\Startup
Programs|View|Advanced, then in the "Location" column, you'll find the path
to the "Startup" location either in the "Startup" directories or from the
registry's "Run" keys. (note that this windows is read-only so you must
manually navigate to the location below to edit or otherwise delete)

%ALLUSERSPROFILE%\Start Menu\Programs\Startup
%USERPROFILE%\Start Menu\Programs\Startup

You can delete the shortcuts that you no longer want to run.


HKLM\Software\Microsoft\Windows\CurrentVersion\Run
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

You can delete the string value for the program you no longer want to run.

or copy msconfig from Windows XP to the "windows" directory
or AutoRuns from sysinternals
http://www.sysinternals.com/ntw2k/freeware/autoruns.shtml


--
Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Navigating in Internet a dialer snicked into my computer and I am not able
to
| remove it. I was connecting using ADSL, but had also a normal modem to
the
| telephone line for normal dialing (which has now been disconnected for
good)
| . I do have Norton AV and ADAwarePersonal updated at latest release and
| active, but that would not stop it from getting through.
| I have tried an old version of mcafee clean sdat that deleted 20 and more
| suspected files including several dialers... which made me think I solved
it,
| but at the next connection to the internet the same dialer stepped in...
and
| there is no way to get rid of it unless I kill the application through
task
| manager, but that does not last for long... I am going to download a
latest
| version of sdat from mcafee... and try, hoping it works.. Anyway does
anyone
| one have any clue on how to protect from illegal dialer and also how to
| remove it?
| --
| Ciao. Giorgio

 

[David H. Lipman]

From: "Giorgio" <[email protected]>

| Navigating in Internet a dialer snicked into my computer and I am not able to
| remove it. I was connecting using ADSL, but had also a normal modem to the
| telephone line for normal dialing (which has now been disconnected for good)
| . I do have Norton AV and ADAwarePersonal updated at latest release and
| active, but that would not stop it from getting through.
| I have tried an old version of mcafee clean sdat that deleted 20 and more
| suspected files including several dialers... which made me think I solved it,
| but at the next connection to the internet the same dialer stepped in... and
| there is no way to get rid of it unless I kill the application through task
| manager, but that does not last for long... I am going to download a latest
| version of sdat from mcafee... and try, hoping it works.. Anyway does anyone
| one have any clue on how to protect from illegal dialer and also how to
| remove it?
| --
| Ciao. Giorgio


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using up to 3 different Anti Virus Command Line Scanners to remove
viruses and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
through your FireWall to allow them to download the needed AV vendor related files.

* * * Please report back your results * * *

 

[Guest]

Using
-- MULTI_AV.EXE fixed the problem. There were 12 dialers deleted with mcafee
and two trojans deleted using Trend. Thanks a lot. The question still
arise... how did they get in with NAV and ADAWARE_SE active and at latest
level. Any suggestion how I can prevent them or just run the sysclean when
problem arises? Another question, is the AV_CLS tool dynamic in the sense
that it always gets the latest version of clean software from the three
brands?
Ciao. Giorgio

From: "Giorgio" <[email protected]>

| Navigating in Internet a dialer snicked into my computer and I am not able to
| remove it. I was connecting using ADSL, but had also a normal modem to the
| telephone line for normal dialing (which has now been disconnected for good)
| . I do have Norton AV and ADAwarePersonal updated at latest release and
| active, but that would not stop it from getting through.
| I have tried an old version of mcafee clean sdat that deleted 20 and more
| suspected files including several dialers... which made me think I solved it,
| but at the next connection to the internet the same dialer stepped in... and
| there is no way to get rid of it unless I kill the application through task
| manager, but that does not last for long... I am going to download a latest
| version of sdat from mcafee... and try, hoping it works.. Anyway does anyone
| one have any clue on how to protect from illegal dialer and also how to
| remove it?
| --
| Ciao. Giorgio


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

It is a self-extracting ZIP file that contains the Kixtart Script Interpreter {
http://kixtart.org Kixtart is CareWare } three batch files, five Kixtart scripts, one Link
(.LNK) file, this PDF instruction file and two utilities; UNZIP.EXE and WGET.EXE. It will
simplify the process of using up to 3 different Anti Virus Command Line Scanners to remove
viruses and various other malware.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode. This
way all the components can be downloaded from each AV vendor’s web site.
The choices are; Sophos, Trend, McAfee, Exit the menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file.

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE and/or FTP.EXE to go
through your FireWall to allow them to download the needed AV vendor related files.

* * * Please report back your results * * *

 

[Never anonymous Bud]

how did they get in with NAV and ADAWARE_SE active and at latest
level. Any suggestion how I can prevent them or just run the sysclean when
problem arises?

Check out Spyware Blaster (http://www.javacoolsoftware.com/)

It's freeware, and stops many things from ever infecting your system.

 

[David H. Lipman]

From: "Giorgio" <[email protected]>

| Using
| -- MULTI_AV.EXE fixed the problem. There were 12 dialers deleted with mcafee
| and two trojans deleted using Trend. Thanks a lot. The question still
| arise... how did they get in with NAV and ADAWARE_SE active and at latest
| level. Any suggestion how I can prevent them or just run the sysclean when
| problem arises? Another question, is the AV_CLS tool dynamic in the sense
| that it always gets the latest version of clean software from the three
| brands?
| Ciao. Giorgio
|

There were no signatures for them when you were infected, thus not detected.

Also one must realize while there is overlap in coverage between anti spyware and anti
virus, that overlap is small. That's why one must use multiple scanners to cover all
malware and one *must* practice Safe Hex to prevent infections in the first place.

As for my Multi AV vendor scanner tool, it will always try to get the latest signature files
and engines for the three respective AV vendors; McAfee, Sophos and Trend.

I am glad it was able to help you and thanx for updating the thread.