How to Delete Trojan Dialer dra.exe?

J

Jack Barrett

My kids computer has had this Trojan Dialer dra.exe for 2 days now and I
have run the following virus scans to no avail:

1. AVG Free 7.1 - Quarantines it but does not delete it

2. Trend Micro online virus scanner - Seemed to work ...but now the AVG
Virus Warning for dra.exe keeps coming up. When I click delete file, it does
not get rid of it. =(

3. Running BitDefender online scan as we speak. Says it picked up the virus.
Waiting to see if it cleans it.

Any help or suggestions would be greatly appreciated.
The kids pc gets access to the internet thru a (DSL)Netgear router. Both our
pc's running XP Pro with all the updates.

Many Thanks,

Dad called Jack
 
D

David H. Lipman

From: "Jack Barrett" <[email protected]>

| My kids computer has had this Trojan Dialer dra.exe for 2 days now and I
| have run the following virus scans to no avail:
|
| 1. AVG Free 7.1 - Quarantines it but does not delete it
|
| 2. Trend Micro online virus scanner - Seemed to work ...but now the AVG
| Virus Warning for dra.exe keeps coming up. When I click delete file, it does
| not get rid of it. =(
|
| 3. Running BitDefender online scan as we speak. Says it picked up the virus.
| Waiting to see if it cleans it.
|
| Any help or suggestions would be greatly appreciated.
| The kids pc gets access to the internet thru a (DSL)Netgear router. Both our
| pc's running XP Pro with all the updates.
|
| Many Thanks,
|
| Dad called Jack
|


Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *
 
J

Jack Barrett

Hi David,

Great piece of software!
Ran the AV software in normal mode. All of these Sophos, Trend, McAfee,
Kaspersky.
Not working in Normal mode. Still have dialer after reboot. =(
Keeps popping up in AVG Free asking me to delete. When I do click
delete...it keeps popping back up telling me that I have a virus. dra.exe is
the file which wont delete.
I will try it in safe mode next and let you know how I make out.
Thanks for your help. Hope safe mode works.

Dad called Jack
 
S

Steve & Chris Clark

There are Trojan removal softwares if you do a search.
They were recommended to me here before.
Try that.
Also if you're in XP go to Microsoft and there is a program that will scan
your system for spyware and malicious sites etc and trojans.
 
D

David H. Lipman

From: "Steve & Chris Clark" <[email protected]>

| There are Trojan removal softwares if you do a search.
| They were recommended to me here before.
| Try that.
| Also if you're in XP go to Microsoft and there is a program that will scan
| your system for spyware and malicious sites etc and trojans.
|

What he is using *IS* a Trojan removal utility. Some Trojans are just more difficult to
remove than others.
 
J

Jack Barrett

I have tried Microsoft's Live Beta which has a virus scanner/Cleaner which
did NOT remove this dialer.
I also tried McAfee's Stinger which is for Trojan removal. It also did not
work. =(

Process of elimination I guess. I consider it a learning process. I just
need a little help(from this newsgroup), patience and besides....I am
finding out about free virus scanners.

I am wondering if system restore will fix it?
What do you think?

Thanks Steve, Chris & David.

jack
 
D

David H. Lipman

From: "Jack Barrett" <[email protected]>

| I have tried Microsoft's Live Beta which has a virus scanner/Cleaner which
| did NOT remove this dialer.
| I also tried McAfee's Stinger which is for Trojan removal. It also did not
| work. =(
|
| Process of elimination I guess. I consider it a learning process. I just
| need a little help(from this newsgroup), patience and besides....I am
| finding out about free virus scanners.
|
| I am wondering if system restore will fix it?
| What do you think?
|
| Thanks Steve, Chris & David.
|
| jack

McAfee Stinger is basically an Internet worm remover and only targets ~54 infectors and
their variants. There are a few Trojans it will remove but only those associated with the
Internet worms it removes.

Microsoft's Live Beta is just plain junk and should NOT be used and remember, it is a Beta.
Its catch rate is at the bottom of the anti malware list.

I gave it a zoo of infectors and it only detected ~22%.

I think you need to finish scanning in Safe Mode.

It would also help to identify this infector.

What is the fully qualified name and path to this infector ?

What is the exact name that AVG is calling this Trojan Dialer ?
 
J

Jack Barrett

The exact name is dra.exe which AVG has identified as: Trojan Horse
Dialer.Generic.MUM

States that it's located in temp internet files which I'll be damned if I
can find it.

Thanks again for your patience.

Dad called Jack




Trojan Horse Dialer.Generic.MUM
 
D

David H. Lipman

From: "Jack Barrett" <[email protected]>

| The exact name is dra.exe which AVG has identified as: Trojan Horse
| Dialer.Generic.MUM
|
| States that it's located in temp internet files which I'll be damned if I
| can find it.
|
| Thanks again for your patience.
|
| Dad called Jack

Jack:

DRA.EXE is the name of the file, I asked -- "What is the fully qualified name and path to
this infector ?"

The answer would be somthing like...


C:\Documents and Settings\jack\Local Settings\Temporary Internet
Files\Content.IE5\IO7RZ34H\dra.exe

That is what I am looking for.


The IE Temp folder is a protected folder and its contents, by default, is hidden from view.
You either have to have the folder display "Hidden" files or when you search for DRA.EXE
have it search for "Hidden" files.
 
J

junkmail

jack, if you are using XP, disable system restore before trying to remove
this virus. otherwise, it will keep comming back. once you have done this,
try the method again.

after it states it is cleaned, then reboot re run to ensure it is truely
clean then you may turn system restore back on.
 
D

David H. Lipman

From: "junkmail" <[email protected]>

| jack, if you are using XP, disable system restore before trying to remove
| this virus. otherwise, it will keep comming back. once you have done this,
| try the method again.
|
| after it states it is cleaned, then reboot re run to ensure it is truely
| clean then you may turn system restore back on.

No, it will only come back *if* he restores the system to a point where the Trojan is
present.

I have learned that it is *BEST* to leave the system Restore cache as is until the PC is
thoroughly cleaned of malware. Then once that is deemed to be clean, disable the System
Restore cache and reboot the PC. Then re-enable the System Restore cache and then create a
new restore point.

The reason you don't want to dump the System Restore cache PRIOR to cleaning the PC is if
the cleaning process kills the PC and it no longer works correctly. Then you can restore
the PC to a state prior to cleaning process and then you can proceeed the cleaning process
again but differently. It is better to have a PC that has malware that works then a PC that
doesn't work at all.
 
P

pcbutts1

Download, install, update and run all of the following in that order.

Crap Cleaner
http://www.pcbutts1.com/downloads/ccsetup126.exe

Ad-Aware
http://www.pcbutts1.com/downloads/aawsepersonal.exe

Spybot search and destroy
http://www.pcbutts1.com/downloads/spybotsd14.exe

Ewido Security Suite Trial version
http://www.pcbutts1.com/downloads/ewidosetup.exe

If none of the above fixes the issue then download Hijack this, run it, save
a copy of the log file and cut and paste it back here to this group so that
I can analyze it. Ignore anyone especially the troll Leythos, who will tag
along a nonsense post to this message, who tells you to post it elsewhere. I
need to see it not them.

--


The best live web video on the internet http://www.seedsv.com/webdemo.htm
NEW Embedded system W/Linux. We now sell DVR cards.
See it all at http://www.seedsv.com/products.htm
Sharpvision simply the best http://www.seedsv.com
 
L

Leythos

Download, install, update and run all of the following in that order.
Click to expand...

Only download software you can validate as uncompromised - in the case
of non-vendor site you have no guarantee that the files are unmodified
or uncompromised. Anyone providing a link to a non-vendors site with a
direct download should not be trusted, the vendors sites are the safest
place to download their application.

No person of sound mind would download files from a hack site that
requires a password to access the unknown files when they are available
directly from the vendors.

Always remember - only download files from Trusted Sites.

The following links will take you to vendors sites for Spy Ware / Ad
ware
removal tools and also for Antivirus tools. After you install any of
these applications and update them, run them in SAFE MODE to allow
them to properly clean your system.

These sites are for downloading Anti-Spyware tools, in order that I
would use them myself:

Secured2K's AntiPauper (download link/info at)
http://forums.mcafeehelp.com/viewtopic.php?t=65072

AdAwareSE can be found here:
http://www.lavasoft.de/support/download/

SpyBot Search and Destroy can be found here:
http://www.safer-networking.org/en/download/index.html

HiJack can be found here:
http://www.spywareinfo.com/~merijn/downloads.html

Ewido Security Suite Trial can be found here:
http://www.ewido.net/en/download/

CrapCleaner can be found at the vendors site here:
http://www.ccleaner.com/ccdownload.asp

CleanUp can be found at the vendors site here:
http://www.stevengould.org/software/cleanup/download.html
or from another reputable source:
http://www.tucows.com/get/405276_152071

The following are two links to Antivirus software in order that I would
use them:

You can also download Symantec Trial version of their Antivirus software
from here:
http://www.symantec.com/downloads/

Download AVG Personal Free edition from here:
http://free.grisoft.com/freeweb.php/doc/2/

These are the actual vendors sites, not some unknown or authorized no-
name site. They also don't artificially increase the hits for sites that
get paid for the amount of traffic they can generate like one poster has
admitted to in this group.
 
L

Leythos

Watch how many times he tags along his BS repetitive post reply to mine.
Click to expand...

Is that why you post under so many different names, and why your posts
are deleted from all of the Microsoft groups?

If you had any ethics you would post vendors links to those files
instead of the ones they've asked you to remove.
 
S

Shawn

David H. Lipman said:
From: "Jack Barrett" <[email protected]>
Click to expand...

David and Max

I used the info ( http://www.ik-cs.com/programs/virtools/Multi_AV.exe ) you
provided at http://home.neo.rr.com/manna4u/
and finally got rid of that bugger. (The same one as listed
above......dra.exe) My daughter had it
so I have to assume that it came from AOL IM or some other downloaded
nonsense. I had tried until 2:00 AM
using malware type programs and anti-virus programs, to no avail. Using
sophos while in safe mode was the key I think.

Thanks again.

shawn
 
D

David H. Lipman

From: "Shawn" <[email protected]>


| David and Max
|
| I used the info ( http://www.ik-cs.com/programs/virtools/Multi_AV.exe ) you
| provided at http://home.neo.rr.com/manna4u/
| and finally got rid of that bugger. (The same one as listed
| above......dra.exe) My daughter had it
| so I have to assume that it came from AOL IM or some other downloaded
| nonsense. I had tried until 2:00 AM
| using malware type programs and anti-virus programs, to no avail. Using
| sophos while in safe mode was the key I think.
|
| Thanks again.
|
| shawn
|

Fantastic !

Thanx for the feedback.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

dialer 9. trojan virus 11
Trojan from using VNC Viewer Software 15
Trojan Dialer 2
Is this really a trojan? How to eliminate? 6
How to remove 8DF1484C.dll, 8DF1484C.dat, SysInfo1.dll virus 7
Virus Infected..plz help 1
Patches for Zero-Day Vulnerability ineffective? 12
Virus help, please.. 3

Top