Premium rate dialer escapes BT Modem Protection Software

[Guest]

I have a dialer (0871 4714994) that seems to prevent a lot of activities on
my computer currently. Eg. I cannot send a report using the Microsoft Spyware
reporting tool, i cannot open a chat window to McAfee, i cannot trap the
dialer as it ATd's on the modem. Neither Norton AV nor McAfee V8 pick it up
with their latest dats. Stinger has found nothing. A dos based boot sector
scanner found nothing. SFC came back with no files found changed. Microsoft
Spyware Beta prog did not find anything but Spyware doctor free scan came
back with a report of w32/r bot- All but on two consecutive scans could not
agree on where the file was found. Chkdisk in dos reported 4 files in the
system/download folder but in windows the folder seemed empty but would not
delete. I am using Zone Alarm to prevent internet access where possible but
have left all access to be questioned. I have looked at processes and
programs running and compared these with their identities on Bleeping
Computer's site.
I have fully updated my W2k os and IE6.

Has anyone any idea of how I can determine where the trojan is hiding?

 

[Dave M]

Oh my, Spyware Doctor at it again. Well Windy, if you look through these forums
you'll notice that Spyware Doctor seems to report false positives in a seemingly
high proportion of threads it's mentioned in... So even though it's on
Spywarewarriors recommended list, I have my doubts about it. Why not run
through a few other free online AV scans and see what you pick up... if
anything. And I'm not surprised about the MSAS reporting tool failure... 50% of
the people in here have the same situation.

Kaspersky On Line Scan > An On-Line Virus Scanner
http://www.kaspersky.com/virusscanner

Housecall On Line Scan > An On-Line Virus Scanner By Trend Micro

http://housecall.antivirus.com/

 

[Guest]

If its a trojan or dialer installed Ewido Security Suite is worth a try (It
says its a 14 day free trial but still works fine after that has expired) and
Ccleaner to delete temp and usused files, Go with Dave's suggestion first as
they may be able to fix the problem for you but If you are finding folders
that appear empty and you cannot delete them its likely there is files inside
but they are set as hidden or operating system files, I will post details on
showing them at the bottom of this reply,

Download, install, and update the free version of ewido security suite

http://www.ewido.net/en/download/

When installing, under "Additional Options" uncheck "Install background
guard" and "Install scan via context menu". Click on update in the left menu,
then click the Start update button. After the update finishes close Ewido

Download Ccleaner

http://download.ccleaner.com/download124bin.asp

Install Then close

Reboot into safe mode (Reboot and keep tapping F8 then choose safe mode from
the list)

Once in safe mode run Ewido again.

From the main menu click on 'scanner' then click 'Complete System Scan'
When ewido finds something, it will pop up a notification. Select "Remove"
and check the boxes "Perform action with all infections" and "Create
encrypted backup" then click on ok.When the scan finishes, click on "Save
Report" and save it to your desktop or c:/drive incase you need it again.

Run Ccleaner and press "Run Cleaner"

Reboot back to normal mode,

To Enable Hidden files and Folder's : ( Get advise for any entries your
unsure about)

Open My Computer.

Select the Tools menu on the top bar and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and
folders.
Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.
Click OK.

When you are finished go back to that page and press Restore defaults to
re-hide the folders

All The Best

Andy

 

[Randy Knobloch]

I have a dialer (0871 4714994) that seems to prevent a lot of activities on
my computer currently. Eg. I cannot send a report using the Microsoft Spyware
reporting tool, i cannot open a chat window to McAfee, i cannot trap the
dialer as it ATd's on the modem. Neither Norton AV nor McAfee V8 pick it up
with their latest dats. Stinger has found nothing. A dos based boot sector
scanner found nothing. SFC came back with no files found changed. Microsoft
Spyware Beta prog did not find anything but Spyware doctor free scan came
back with a report of w32/r bot- All but on two consecutive scans could not
agree on where the file was found. Chkdisk in dos reported 4 files in the
system/download folder but in windows the folder seemed empty but would not
delete. I am using Zone Alarm to prevent internet access where possible but
have left all access to be questioned. I have looked at processes and
programs running and compared these with their identities on Bleeping
Computer's site.
I have fully updated my W2k os and IE6.

Has anyone any idea of how I can determine where the trojan is hiding?

SpyBot Search & Destroy does an admirable job of detecting diallers.
http://www.safer-networking.org/en/download/index.html
Download update *immediately* since it does not have the latest definition
files out-of-the-box.
Read the documentation and FAQ's.
Run a scan and post back your findings.
For your bookmarks -
SpyBot support here:
http://forums.net-integration.net/index.php?showforum=28

Silj

--
siljaline

MS - MVP Windows (IE/OE) & Security, AH-VSOP
_________________________________________
Security Tools Updates
http://aumha.net/viewforum.php?f=31

Reply to group, as return address
is invalid that we may all benefit.