Author Topic: win32:Dialer-520 [trj]  (Read 4492 times)

0 Members and 1 Guest are viewing this topic.

pscraja

  • Guest
win32:Dialer-520 [trj]
« on: April 15, 2006, 03:54:50 PM »
I have an AMD sempron 2400+ with asus mother board on winxp home platform protected by avast antivirus.

Yesterday avast detected win32:dialer-520 [trj] infected my system.  I tried to remove it by invoking a command delete from the message screen. It was not able to remove it since it was in the system background. I then forced a  boot time scan. During the boot time scan it was able to catch and delete it.  After the system got booted,again the trojan started appearing again and again. Since I am not able to delete it, I choose 'no action' to temporarily suspend that appearing. After a few minutes, it appears again.

Can some expert help me in getting rid of the trojan. Since Avast is able to detect, I am sure it will heal it.  Expecting an advice.

thanks

pscraja

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: win32:Dialer-520 [trj]
« Reply #1 on: April 15, 2006, 04:21:55 PM »
There would appear to be other elements to this trojan, which may be reinstating it.

Do you have a firewall, if so what ?

If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode, Ewido Security Suite.

Some light reading for you - Virus, Trojan, Malware Removal, etc.:
Advice & Tools for virus/trojan/malware Removal & Prevention
Also see - How to remove a Trojan, Virus, Worms, or other Malware
Also see - worms general info How To: Remove a worm virus from your computer
If you need more help, come back here with more info....
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

CharleyO

  • Guest
Re: win32:Dialer-520 [trj]
« Reply #2 on: April 15, 2006, 07:30:52 PM »
***

Ewido is very good at removing dialers ... Spybot-Search & Destroy also cures some dialers.

Also, if you do not remove it with David's suggestions above, please post the complete location of this dialer as this will give us some more ideas of how to rid your computer of this dialer ... or why it is returning.


***

pscraja

  • Guest
Re: win32:Dialer-520 [trj]
« Reply #3 on: April 16, 2006, 02:57:01 AM »
I have zone alarm free edition.

I dont know where it stays. But when it appears it is from the following folder
d:\documents and settings\pscraja\local settings\temp internet files\

Avast located it from d: \windows\temp\win396.temp.exe for the first time
I had deleted all temp files using ccleaner.
Today when I checked there are many files The latest one which is jus on my screen is from :
d:\windows\temp\win1d.exe\[upx]
the earlier one was win1c.exe.

I have attached my todays avast log

Atomic_Ed

  • Guest
Re: win32:Dialer-520 [trj]
« Reply #4 on: April 16, 2006, 05:12:36 AM »
I have zone alarm free edition.

I dont know where it stays. But when it appears it is from the following folder
d:\documents and settings\pscraja\local settings\temp internet files\

Avast located it from d: \windows\temp\win396.temp.exe for the first time
I had deleted all temp files using ccleaner.
Today when I checked there are many files The latest one which is jus on my screen is from :
d:\windows\temp\win1d.exe\[upx]
the earlier one was win1c.exe.

I have attached my todays avast log


Since you are running XP then I would suggest that you disable the System Restore function in windows as that is a place alot of nasties can hide and respawn from after you have removed them. Once you disable system restore and then delete all temporary internet files, run whatever anti-spyware program you are using and then reboot and re-run the antispyware program again to ensure the unwanted programs are truly gone. If the system comes back clean then re-enable your System Restore function.

A good program to try would be Webroot Spysweeper. I have found that it detects and removes more nasties than most others and is alot safer to your registry than alot of the other solutions out there.

Good luck.

j173

  • Guest
Re: win32:Dialer-520 [trj]
« Reply #5 on: April 17, 2006, 07:24:06 AM »
ok the way a trojen comes back is because ithas reminents in the registery, go to sarc.com look up the trojen and dowhat it says to edit the registery


dont forget to backup the registery first

and

dont forget to try somthing like trendmicro online viruscan to remove it before you do this might be easier

pscraja

  • Guest
Re: win32:Dialer-520 [trj]
« Reply #6 on: April 17, 2006, 11:52:12 AM »
Atomic_Ed

I think what you say is true. Yesterday I used ewido anti malware and it found a dialer entry in winpoet which is a dialer for one of the service providers for our broad band cable. It removed a few others from other files. Avast also cleaned some of the entries in the temp. internet files folder and windows temp folder.

I have two main doubts.

1.    I tried to turn off the system restore function, it says that all the existing restore points would be deleted. Is it possible to turnoff the restore function without running the risk of losing all the previous restore points?

2.    If I turn my system to a previous restore point on which my system was free from this trojan, would it solve the problem.

Guide me.

pscraja.

Offline FreewheelinFrank

  • Avast Evangelist
  • Ultra Poster
  • ***
  • Posts: 4872
  • I'm a GNU
    • Don't Surf in the Nude!
Re: win32:Dialer-520 [trj]
« Reply #7 on: April 17, 2006, 12:44:41 PM »
Ewido does find dialers in ISP dial up programs: it also detects my British Telecom dialer as malware. This is a false positive.

Turning off system restore will result in all the all the restore points being deleted on reboot.

Restoting the system will possibly disable Trojans if their start up entries are not in the restored registry, but you may reactivate malware which you removed but which is present in the restored files.

If you can post a HijackThis! log, we can disable and remove the Trojan:

http://www.bleepingcomputer.com/tutorials/tutorial42.html
     Bambleweeny 57 sub-meson brain     Don't Surf in the Nude Blog

anbu

  • Guest
Re: win32:Dialer-520 [trj]
« Reply #8 on: April 17, 2006, 12:46:56 PM »
Quote
1.    I tried to turn off the system restore function, it says that all the existing restore points would be deleted. Is it possible to turnoff the restore function without running the risk of losing all the previous restore points?
1.turning off system restore will delete all the restore points
Quote
2.    If I turn my system to a previous restore point on which my system was free from this trojan, would it solve the problem.
2.yes. turning off system restore deletes all the files in the system restore folder.
so the trojan also deleted.you can always create a restore point after turning on the system restore.

pscraja

  • Guest
Re: win32:Dialer-520 [trj]
« Reply #9 on: April 18, 2006, 02:47:51 AM »
Thank you gentlemen.

I will follow your advice

pscraja