[Help! Dialer Infection!] -
Help! Dialer Infection!
Discuss Help! Dialer Infection!
Posted by: windwhistler
Im on a Dell computer with Windows XP (maybe a month old).
I have both Norton Antivirus and Ad-ware which did NOT detect this problem (and I have the most recent updates for both). It was detected by a spyware scanner called XoftSpy.
Vendor: MSConnect
Category: Malware
Object Type: Registry Key
Danger: HIGH THREAT
Location: Software\Netscape\Netscape Navigator\User Trusted External Applications
Description: DIALER
The problem is that XoftSpy only scans your computer for free, you have to buy the product ($40) in order for it to remove anything.
I did a manual search of my computer and I DONT EVEN HAVE Netscape or Netscape Navigator folders.
Im concerned because it says "high threat" but I also think it might be a made-up problem so I will buy their product.
I havent noticed anything wrong going on with my computer yet. Perhaps I will have to wait til my next phone bill, though?
Does anyone know what it is or how to fix it for free?
Posted by: chrönik04
[url]http://www.pestpatrol.com/PestInfo/m/msconnect_dialer.asp#Detection%20and%20Removal[/url]
;)
Posted by: windwhistler
Thanx for the help. But do you know how to do this:
"Begin by backing up your registry and your system, and/or setting a Restore Point, to prevent trouble if you make a mistake." ??
is there a fast way to backup your computer?
Posted by: preet2u
Start > Programs> Accessories > System Tools > System Restore.
Posted by: windwhistler
thanx guys for all your help.
I went to RegEdit and got as far as HKEY_CLASSES_ROOT\clsid\ but I dont have the number-folder that they listed as my problem.
Does that mean I dont have the problem or could it be something else?
Posted by: Lobos
Please do this. Click here: [url]http://www.sherrylynn.us/HijackThis.exe[/url] to download Hijack This. Save it to it’s own folder (not temporary files or the desktop).
Close all open windows and open HIJACK THIS. Click “Scan”. When the scan is finished (it only takes a second), the scan button will change to “Save Log”. Click on “Save Log” and save it to NotePad. Copy the entire log and paste it here.
DO NOT FIX ANYTHING YET, most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.
Posted by: windwhistler
Logfile of HijackThis v1.97.7
Scan saved at 12:10:20 PM, on 4/25/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\WINDOWS\SYSTEM32\Mounter.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe
C:\WINDOWS\wt\updater\wcmdmgr.exe
C:\PROGRA~1\AIM\aim.exe
C:\Documents and Settings\Lana\My Documents\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://rd.yahoo.com/customize/sbcy/defaults/sb/*http://www.yahoo.com/search/ie.html[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://rd.yahoo.com/customize/sbcy/defaults/sp/*http://www.yahoo.com[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://login.passport.net/uilogin.srf?id=2[/url]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dell4me.com/myway[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://yahoo.sbc.com/dial[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://rd.yahoo.com/customize/sbcy/defaults/sb/*http://www.yahoo.com/search/ie.html[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://yahoo.sbc.com/dial[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://rd.yahoo.com/customize/sbcy/defaults/su/*http://www.yahoo.com[/url]
F1 - win.ini: load= C:\IOMG_NT\REGISTER\remind.exe
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {576EB0AD-6980-11D5-A9CD-0001032FEE17} - C:\Program Files\Yahoo!\Common\ycheckh.dll
O2 - BHO: (no name) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp4,0,2,6.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mmtask] c:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [Mustek MDC 3000] C:\WINDOWS\SYSTEM32\Mounter.exe
O4 - HKLM\..\Run: [SBC Yahoo! Connection Manager] "C:\Program Files\SBC Yahoo!\Connection Manager\ConnectionManager.exe"
O4 - HKLM\..\Run: [wcmdmgr] C:\WINDOWS\wt\updater\wcmdmgrl.exe -launch
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\PROGRA~1\AIM\aim.exe -cnetwait.odl
O4 - Startup: Iomega Quick Tools NT.lnk = C:\Iomg_NT\Quick.exe
O4 - Startup: Iomega Startup Options.lnk = C:\Iomg_NT\startnt.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Yahoo! Login (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Login (HKLM)
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - [url]http://download.yahoo.com/dl/installs/ymail/ymmapi.dll[/url]
O17 - HKLM\System\CCS\Services\Tcpip\..\{B375C8F5-243D-4CF4-9BF0-813A7D6F2F07}: NameServer = 151.164.1.8 206.13.28.12
Posted by: Lobos
Download AdAware 6 181 from here: [url]http://www.lavasoftusa.com/[/url]
Before you scan with AdAware, check for updates of the reference file by using the "webupdate".
Then ........
Make sure the following settings are made and on -------"ON=GREEN"
From main window :Click "Start" then " Activate in-depth scan"
Then......
Click "Use custom scanning options>Customize" and have these options on: "Scan within archives" ,"Scan active processes","Scan registry", "Deep scan registry" ,"Scan my IE Favorites for banned URL" and "Scan my host-files"
Then.........
Go to settings(the gear on top of AdAware)>Tweak>Scanning engine and tick "Unload recognized processes during scanning" and "Let windows remove files in use at next reboot"
Then...... click "proceed" to save your settings.
Now to scan it´s just to click the "Scan" button.
When scan is finished mark everything for removal and get rid of it.(Right-click the window and choose"select all" from the drop down menu)
Then
Download Spybot - Search & Destroy from [url]http://security.kolla.de[/url]
After installing, first press Online, and search for, put a check mark at, and install all updates.
Next, close all Internet Explorer and OE windows, hit 'Check for Problems', and have SpyBot remove all it finds that is marked in RED
Posted by: windwhistler
I did everything you said and deleted like 140 things but re-ran the XoftSpy ware again and its still there.
Got any other ideas?
Posted by: Lobos
im beginning to believe that it probably is a false positive
if you un hid all folders and still havent found the folder
personally i cant really say weather it is a good program or not
since ive never used it
but i did do a google search for it and the first two links were search engines
here are two forums that is worth reading about xoftspy
[url]http://www.dslreports.com/forum/remark,9877664~mode=flat[/url]
[url]http://www.spywareinfo.com/forums/index.php?showtopic=37543[/url]