Spyware, viruses, & security : How can I get rid of a dialer?
How can I get rid of a dialer?
by zeebell - 10/8/08 10:07 PMWindows XP w/SP3 IE 7
Compac PresarioProcessor - 2.40 gigahertz
AMD Athlon64Memory - 1.37GB of Ram
200 GB hard drive
When running an AVAST scan, it finds this:
MALWARE: C:System Volume Information/_restore (2466A83D-1B81-456E-9766
I've done a search for the file and also tried to find it using EXPLORE and am unable to come up with it.
I did go into the registry and searched for 2466A83D and did find this under SystemRestore:
(Default) REG_SZ (value not set)
DiskPercent REG_DWORD 0x0000000c(12)
MachineGuid REG_SZ {2466A83D-1881-456E-9766-38C2B7E4821
Would this perhaps be the culprit and if so, would someone be able to help me get this off my PC please?
Thanks,
Julea
Additional information
by zeebell - 10/8/08 10:13 PM In reply to: How can I get rid of a dialer? by zeebellI forgot to mention this:
It will not let me move it to the Virus Chest nor will it let me delete it. In both cases, it tells me that "Error occurred during moving file to chest (deleting). The operation is not supported for this type of archive."
Julea
help
by micro327 - 10/9/08 4:44 AM In reply to: Additional information by zeebelltry turning off your system restore before it spreads because i had the same prob then switch your comp to safe mode and try running avast if it doesn't run or it finds nothing get a legit Antivirus and spyware program do not download anything off the net i had the same prob and dowloading things off the net made it worse opened up doors to trojan horses and downloaders and joke.infects that give you false positives and it ruined da heck out of m comp so b careful. i have verizon so i used their security suite but if your service provider doesn't provide security opts then it would be best to buy one because it will save you big bucks in the end trust me his stuff messes with your registry and everything. it can screw up your comp to the point you'll have to waste big money to fix it or throw it out. *** also make sure you don't purchase your software online if you do decide to because most are hoaxes and because your comp is suceptible to that spyware it can't create doors to other things like a backdoor agent it also happened to me.
now i'm pretty sure your sayin if verizon is so great why didn't it protect me it's because i hadn't installed it until after i had the problems which could have been easily avoided if i had it instead of avast,avira,or spyware terminator.
gdluck
C:System Volume Information/_restore
by Marianna Schmudlach
- 10/8/08 10:15 PM
In reply to: How can I get rid of a dialer? by zeebell
Disable your system restore > right click on "My Computer" icon then choose Properties, System Restore and check the box: "Turn off System Restore on all drives" - click "apply" - reboot your computer > scan again with your anti virus IF everything is clean - then enable system restore again.
Will try
by zeebell - 10/8/08 10:36 PM In reply to: C:System Volume Information/_restore by Marianna Schmudlach
Currently I'm scanning with Lavasoft Ad-aware and thus far, it's found 8 infections - YIKES! I'm used to never finding anything with that utility. I also ran Spybot and it found nothing -- it congratulated me -- little does it know (LOL).
Question -- I'm not on dialup, but am on cable. Can this thing be operable even though not on a phone line?
I'll try your suggestion, but probably won't get it done until tomorrow. Hope that's not too late. It's scarry to find this stuff when I'm used to having a clean PC.
We got a new modem today as our other one shot craps -- wonder if that's what caused this. We used to have a router and modem would not work with it. Cox told us since we only had 1 PC that we really didn't need the router and to disconnect and not use, but to connect modem directly to PC. Hope that wasn't a mistake -- they're the pros afterall, but then again, are they?
Julea
different name
by zeebell - 10/9/08 8:40 AM In reply to: C:System Volume Information/_restore by Marianna Schmudlach
Marianna,
I followed your suggestion and ran the scan again last night. I stopped the scan at 52% completed to go to bed. At that time it had found nothing. Before, it had found the file in the 3% completion range. I turned the system restore back on, shut down PC, and went to bed.
This morning I booted up and ran the scan again. This time, it did not find what I did last night; however, found this:
c:Windows\Installer\f78b92msi\ISSetupFiles\SetupFile33
It's a WIN32:Dialer-gen[Trj] VPS Version 081009-0,10/0/2008
Again, I went into the registry and searched for f78b92msi and it did found this:
Local Package Reg_SZ c:Windows/Installer/f78b92.msi
Can't either of these finds (what I found in registry last night, mentioned in previous post) be removed directly from the registry and the problem go away ???
I use Ad-aware which I ran this morning and it only found 1 MRU. My spyware blaster program is working and up to date. Spybot continues to find nothing. I use the pay version of Kerio Personal Firewall. From the post of other person in this thread, it sounds like I should not even have the Kerio Firewall, but for now, I'm keeping it.
Thanks
Julea
Julea, run the following......
by Marianna Schmudlach - 10/9/08 8:43 AM
In reply to: different name by zeebell
Please download Malwarebytes Anti-Malware or alternate download link
* Make sure you are connected to the Internet.
* Double-click on Download_mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
* - Update Malwarebytes' Anti-Malware
* - Launch Malwarebytes' Anti-Malware
* Then click Finish.
* MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
* On the Scanner tab:
* - Make sure the "Perform Quick Acan" option is selected.
* - Then click on the Scan button.
* The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
* Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
* -- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
**If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll
..
Download and scan with SUPERAntiSpyware Free for Home Users
* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".
What did they find?
I'll digest but ------
by zeebell - 10/9/08 9:09 AM In reply to: Julea, run the following...... by Marianna Schmudlach
at this point, should I have my system restore on or off?
Thanks for your help Marianna.
Julea
Leave it on........ IF the other scans......
by Marianna Schmudlach - 10/9/08 9:12 AM
In reply to: I'll digest but ------ by zeebell
find MORE "ugly stuff" you can purge your system restore again.
Take it easy 
(NT) Thanks - I'm just used to not ever having anything bad on PC
by zeebell - 10/9/08 9:15 AM In reply to: Leave it on........ IF the other scans...... by Marianna Schmudlach
Oops -- here we go -- any other suggestions please?
by zeebell - 10/9/08 9:30 AM In reply to: Leave it on........ IF the other scans...... by Marianna Schmudlach
This doesn't make sense -- here are the results. Where is that dude (LOL)? I can't believe it only took almost 3 minutes to scan my drives. A screen never appeared in the program for me to check which drives I wanted scanned, but am guessing it scanned the C: drive.
Scan type: Quick Scan
Objects scanned: 51179
Time elapsed: 2 minute(s), 48 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
(NT) I forgot to do the superantispyware -- will do now!
by zeebell - 10/9/08 9:33 AM In reply to: Oops -- here we go -- any other suggestions please? by zeebell(NT) Did you run BOTH scans? MBAM + SAS?
by Marianna Schmudlach - 10/9/08 9:33 AM
In reply to: Oops -- here we go -- any other suggestions please? by zeebell
(NT) currently working on the last one - sorry about that!
by zeebell - 10/9/08 9:41 AM In reply to: (NT) Did you run BOTH scans? MBAM + SAS? by Marianna Schmudlach
OK -- here's what it found
by zeebell - 10/9/08 12:15 PM In reply to: (NT) Did you run BOTH scans? MBAM + SAS? by Marianna Schmudlach
Memory Items detected - 0
Files detected - 1
Registry items detected - 0
Total Threats - 1
Scan time 2:20 -- I also have a 250 gig external which it scanned -- I told it C: but that was evidently included, even though it shows me it's K: drive.
It said it was an adware tracking cookie.
The removing processing info said: compaqowner@revci(2).txt
Now --- surely that isn't the dialer thingie is it?
Do I need to do another scan with my Avast or where to now?
Thanks,
Julea
| Forum legend: | |
 |
Locked thread |
 |
Moderator |
 |
CNET staff |
 |
Samsung staff |
 |
Norton Authorized Support team |
 |
AVG staff |
 |
Windows Outreach team |
 |
Dell staff |
 |
Intel staff |
