PERSISTANT DIALER WORM

[ARNOLD PACKER]

DIALER PROBLEM

Win2K…..SP 4 ….All Patches
Dial up ….ISP..ATT WorldNet

Constant dialing to the ISP at 10 minute intervals when off-line

I have tried to rid me of this worm using:
NAV updated; run in Safe Mode
Ad-aware 1.05
Spybot
SpySweeper
Stinger

· I was flagged by NAV that W32 Randex was removed while on-line
a while back. I have searched Symantec's site for removal information.
Nothing that I could understand came up.

Is there a way out of this curse ?
TIA
A.Packer

 

[David H. Lipman]

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download SYSCLEAN.COM and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt351.zip

Extract the contents of the ZIP file and place the contents in the same directory as
SYSCLEAN.COM.

2) Update Adaware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode and shutdown as many applications as possible.
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point

* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html




| DIALER PROBLEM
|
| Win2K...SP 4 ..All Patches
| Dial up ..ISP..ATT WorldNet
|
| Constant dialing to the ISP at 10 minute intervals when off-line
|
| I have tried to rid me of this worm using:
| NAV updated; run in Safe Mode
| Ad-aware 1.05
| Spybot
| SpySweeper
| Stinger
|
| · I was flagged by NAV that W32 Randex was removed while on-line
| a while back. I have searched Symantec's site for removal information.
| Nothing that I could understand came up.
|
| Is there a way out of this curse ?
| TIA
| A.Packer
|

 

[Peter Seiler]

David H. Lipman - 15.01.2005 19:08 :

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

[...]

you post your kind help several time a week. What I can not understand
is that all this people having that specific prob can not read the NG
and your hints *before* asking the same or similar questions again and
again.

IMO, an additional solution avoiding this and many other probs should be
installing a good image backup program (TrueImage for example) because
it's more than often difficult erasing a worm (and others) completely
and without deeper knowledge in computing.

Perhaps you may supplement your help with this recommendation.

 

[David H. Lipman]

Peter:

The fact that readers tend NOT to read a News Group to seek out their respective answers is
a well known problem. During the height of the Lovsan/Blaster I-worm, in the Microsoft AV
News Groups, the same question would be asked over and over. Sometimes within the same
hour, often just succeeding a similar post.

In one MS News Group a MS MVP would post a Daily FAQ and still many would not read that.
Some would read it and actually complain. I thought the FAQ was good. However it was too
long. A reader would read it, or try, and usually could not weed out what was needed to
correct their problem.

So while it is redundant to regulars, the same post gets posted. I try to keep them
succinct as possible and try not to add too much advice or peripheral information. Many
have complimented me on the direct and simple instructions. Others STILL need their hand to
be held.

I'm a networking and IS administrator type and I don't do web sites but if I did, I would
have that peripheral information on a web site and point to it there and leave a specific
set of instructions in the News Group.

Clay of Claymania.Com has provided a section of his web site for information. The problem
is the time that would be needed to update, modify and alter information that often changes
regularly.

In the Telnet protocol you can post a text file that when a person makes a Telnet connection
the user is confronted with the text. Often this is a site FAQ. It is too bad that NNTP
does not have this capability. It would have been great if whenever you move into a News
Group, the NG FAQ is seen. This way every newbie poster would see the FAQ when they
connected to the News Group and it would be similar to web based discussions "boards" which
have "sticky" subjects that stay at the top.

I agree with your idea about backups and imaging. However it is prevention information and
not correction information that posters are looking for. Posting information on the use of
backup software and imaging software such as Acronis TrueImage and Symantec Ghost would be
that peripheral information that I mentioned previously in this diatribe.

--
Dave





| you post your kind help several time a week. What I can not understand
| is that all this people having that specific prob can not read the NG
| and your hints *before* asking the same or similar questions again and
| again.
|
| IMO, an additional solution avoiding this and many other probs should be
| installing a good image backup program (TrueImage for example) because
| it's more than often difficult erasing a worm (and others) completely
| and without deeper knowledge in computing.
|
| Perhaps you may supplement your help with this recommendation.
|
| --
| by(e) PS
|
| spam will be killed
|

 

[ARNOLD PACKER]

On Sun, 16 Jan 2005 14:35:48 GMT, "David H. Lipman"

I asked for help to solve a problem, not for a sermon by 2
pontificating FART HEADS.

WHO DIED AND LEFT YOU 2 IMBECILES IN CHARGE ?

 

[pete]

WHO DIED AND LEFT YOU 2 IMBECILES IN CHARGE ?

You are a top posting twerp.

 

[David H. Lipman]

Excuse me ?

I gave you help, if you don't like it or any discussions that end up in the thread -- Don't
Post To UseNet !

--
Dave




| On Sun, 16 Jan 2005 14:35:48 GMT, "David H. Lipman"
|
| I asked for help to solve a problem, not for a sermon by 2
| pontificating FART HEADS.
|
| WHO DIED AND LEFT YOU 2 IMBECILES IN CHARGE ?
|
|
| >Peter:
| >
| >The fact that readers tend NOT to read a News Group to seek out their respective answers
is
| >a well known problem. During the height of the Lovsan/Blaster I-worm, in the Microsoft
AV
| >News Groups, the same question would be asked over and over. Sometimes within the same
| >hour, often just succeeding a similar post.
| >
| >In one MS News Group a MS MVP would post a Daily FAQ and still many would not read that.
| >Some would read it and actually complain. I thought the FAQ was good. However it was
too
| >long. A reader would read it, or try, and usually could not weed out what was needed to
| >correct their problem.
| >
| >So while it is redundant to regulars, the same post gets posted. I try to keep them
| >succinct as possible and try not to add too much advice or peripheral information. Many
| >have complimented me on the direct and simple instructions. Others STILL need their hand
to
| >be held.
| >
| >I'm a networking and IS administrator type and I don't do web sites but if I did, I would
| >have that peripheral information on a web site and point to it there and leave a specific
| >set of instructions in the News Group.
| >
| >Clay of Claymania.Com has provided a section of his web site for information. The
problem
| >is the time that would be needed to update, modify and alter information that often
changes
| >regularly.
| >
| >In the Telnet protocol you can post a text file that when a person makes a Telnet
connection
| >the user is confronted with the text. Often this is a site FAQ. It is too bad that NNTP
| >does not have this capability. It would have been great if whenever you move into a
News
| >Group, the NG FAQ is seen. This way every newbie poster would see the FAQ when they
| >connected to the News Group and it would be similar to web based discussions "boards"
which
| >have "sticky" subjects that stay at the top.
| >
| >I agree with your idea about backups and imaging. However it is prevention information
and
| >not correction information that posters are looking for. Posting information on the use
of
| >backup software and imaging software such as Acronis TrueImage and Symantec Ghost would
be
| >that peripheral information that I mentioned previously in this diatribe.
|

 

[James Egan]

Nothing that I could understand came up.

Not much of a surprise there, then.


Jim.

 

[Jafo]

I asked for help to solve a problem, not for a sermon by 2
pontificating FART HEADS.

WHO DIED AND LEFT YOU 2 IMBECILES IN CHARGE ?

Hey Arnold, do you still have the box the computer came in...?