Author Topic: dialer  (Read 4255 times)

0 Members and 1 Guest are viewing this topic.

hko041

  • Guest
dialer
« on: April 15, 2006, 06:40:01 PM »
I have a PC running on windows- SP1.
I am using avast4.6 as a virus scanner and zone alarm as a firewall. This combination work good until now.
Since yesterday I have an autodialer on my system.
It shows itself every 20 minutes by trying to dial an number 09060400180, which  is a very expensive phonenumber in the Netherlands. As far as I can find, it doesn't do something else. Still it worries me a lot.
The autodialer is not recognized by the virusscanner, nor by programs like spybot or adaware. In google I cannot find very much about this troublemaker. It shows itself as c:\WINDOWS\TEMP\WINxxx.TMP.EXE. In stead of xxx is always a binair number. It is also not possible to find the causer in \WINDOWS\PREFETCH. When I restart the microsoft internet explorer it starts itself within about a minute and then retry every 20 minutes. . My fear is, that it has attached itself to IEXPLORE.EXE.
Does someone know what this is and especially: how can I remove it without causing too much damage.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89239
  • No support PMs thanks
Re: dialer
« Reply #1 on: April 15, 2006, 06:55:36 PM »
Firstly I advise you to get to windows update and get XP SP2 and also get the other security updates after SP2 as these close many vulnerabilities that may allow malware like this access to your system.

Are you on a dial-up connection or broadband ?
If broadband, it shouldn't be able to dial out if you no longer have a modem.

Diallers aren't generally recognised by anti-virus programs as they aren't viruses as such, avast does recognise some of them.

This looks like a trojan, which should be detected by Ewido.
If you haven't already got this software (freeware), download, install, update and run it, preferably in safe mode, Ewido Security Suite.

Also this once you are clean, Spywareblaster Don't install this until you are clean.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

hko041

  • Guest
Re: dialer
« Reply #2 on: April 15, 2006, 07:04:38 PM »
Hello.

In the past I went to SP2, but this caused problems on my PC, therefore I went back.
I am working with a broadband connection, but I also have an oldfashioned modem in my PC. Of course I have broken the connection of it, when I remarked the problem.

Spywareblaster is always running on my system, updated weekly.

Ewido is good idea, I am running it now. It seems to find some trojans, hope this will solve the problem.

Thank you very much for your quick and helpfull answer. I will let you know, if it is solved.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89239
  • No support PMs thanks
Re: dialer
« Reply #3 on: April 15, 2006, 08:49:31 PM »
I think it would be wise to try a and resolve the problems with SP2 for the added security, upgrading to SP2 would also allow for updating IE 6 to SP2 also, further improving security.

I would also recommend the use of an alternative browser, firefox or opera, which since they don't have activeX, Browser Helper Objects (BHOs) or integration within the OS, they aren't the magnets for malware that IE is and since they aren't an integral part of the OS, if they are exploited you haven't also exploited the OS.

Also useful as a diagnostic tool - Download HiJackThis.zip - HJT Information HiJackThis Tutorial 1 or HiJackThis Tutorial 2
For an on-line analysis - HiJackThis Log file - On-line Analysis OR HiJackThis Log file - On-line Analysis 2
Ignore any 023 reference to avast processes, this is a hiccup in the HJT 1.99.1 (especially missing file entry for avast), if you need any help with any of the analysis let us know.

Welcome to the forums.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

hko041

  • Guest
Re: dialer
« Reply #4 on: April 15, 2006, 11:56:32 PM »
Hello David

It seems to me, that Ewido did the trick. I have run it, and it found some trojans and suspected files.
The source of the problem was probably a file called winzlo32.dll.
I will install Ewido on my system, for scanning purposes, next to spybot and adaware.
I run hijackthis for some years, and I check it almost every week. I didn't find unusual entries in the log, which could lead me to something usefull. And also the program BHODemon did not show anything particular.
Last evening I installed Prevx1. This found and blocked the winxxx.tmp.exe, but wasn't able to detect the real criminal.

When I ran SP2 on my system, I had a lot problems to enter my own system. It is so safe, that it was almost impossible to logon with our own accounts. Therefore I removed it again.

Last is to thank very much for your quick and usefull reactions. I think you are better and more helpfull than many other helpdesks.

Kind regards, Henk

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89239
  • No support PMs thanks
Re: dialer
« Reply #5 on: April 16, 2006, 01:37:24 AM »
Thank you for the compliment, here there are many avast users just like me who want to help other avast users get the best out of avast, a little different from someone on a help desk whose job it might be. It certainly is one that many wouldn't like to do, it really is a difficult job, too many permutations and up against a stop watch in many companies.

Check out the link to DropMyRights (in my signature below) - Browsing the Web and Reading E-mail Safely as an Administrator. This obviously applies to those NT based OSes that have administrator settings, winNT, win2k, winXP.

Whilst browsing or collecting email, etc. if you get infected then the malware by default inherits the same permissions that you have for your user account. So if the user account has administrator rights, the malware has administrator rights and can reap havoc. With limited rights the malware can't put files in the system folders, create registry entries, etc. This greatly reduces the potential harm that can be done by an undetected or first day virus, etc.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

jerofish

  • Guest
Re: dialer
« Reply #6 on: April 30, 2006, 04:20:09 PM »
Hey Henk,

My father has had the same problem and his KPN bill went up  € 326,- in a short period of time. He has reported this incident at police office. I am curious if you noticed something too with your phonebill. Please let me know, and if other people read this who had the same experience, please, feel free to contact me at jerofish@gmail.com.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 89239
  • No support PMs thanks
Re: dialer
« Reply #7 on: April 30, 2006, 05:20:54 PM »
jerofish, I would suggest that you remove your email address from a publicly available web site that can be trawled by email address harvester bots. This can lead to more spam in you email account and possibly receive various phishing and scam emails.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.4.6112 (build 24.4.9067.762) UI 1.0.803/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security