Author Topic: cant remove all win32:dialer-1026 after boots time scan  (Read 121122 times)

0 Members and 1 Guest are viewing this topic.

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #15 on: September 10, 2007, 10:46:48 AM »
also this item looks strange:

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce

Yea, it is 1 of the threat. It make me headaches because i follow Tech™'s step it harm my system and avast. Now i also want to fix it or take no action. And my pc still infected by the win32 dialer

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3369
  • Avast shall conquer the whole world
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #16 on: September 10, 2007, 02:34:48 PM »
also this item looks strange:

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce

Yea, it is 1 of the threat. It make me headaches because i follow Tech™'s step it harm my system and avast. Now i also want to fix it or take no action. And my pc still infected by the win32 dialer

The only way to solve your dead problem if those virus are very hard to remove, it time to KILL your PC good bye and reformat your HD from scratch.

You should have cloned your HD long ago before you get your backside for a good hard scratching sand paper........Ouch! that virus must have got you stone COLD you couldn't even move to your next task to KILL win32 dialer.
ASUS G75VX-T4153H | Avast Premium v22.12.6044 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | W8.1 64bit | Firefox 64bit | Thunderbird 64bit | MBAM Premium | Adguard Premium | CryptoPrevent Premium | CCleaner Portable | MCShield | Macrium Reflect | 7-Zip

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87304
  • No support PMs thanks
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #17 on: September 10, 2007, 03:05:37 PM »
Then you most likely haven't clicked the User Files section icon on the left as you can't Add to the Infected Files section, that is the preserve of the avast scanner for files it detected as infected.

after that i nid to add what file??
The one/s which you say are detected as infected file and you wanted to email, I though you knew what they were from your previous posts.

thx for ur help. I wan to send the infected files to avast but dont know how to setting the outlook, so it cant b send. Can know how to setting the mail setting when wan to send those files??

erm... I try but cant add. Add cant b choosen
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #18 on: September 10, 2007, 05:50:09 PM »
Then you most likely haven't clicked the User Files section icon on the left as you can't Add to the Infected Files section, that is the preserve of the avast scanner for files it detected as infected.

after that i nid to add what file??
The one/s which you say are detected as infected file and you wanted to email, I though you knew what they were from your previous posts.

thx for ur help. I wan to send the infected files to avast but dont know how to setting the outlook, so it cant b send. Can know how to setting the mail setting when wan to send those files??

erm... I try but cant add. Add cant b choosen

yes, i know where the infected files but i remove all to chest alrdy. after that i should take no action and attach to avast mail next time i hv detect it?? Or hv other way??

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87304
  • No support PMs thanks
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #19 on: September 10, 2007, 06:32:27 PM »
In theory there should be no need to send files to avast that are already detected by avast unless you feel that the detection isn't correct.
So no need to take any action other than leave them in the chest foe a few weeks, scan the file again inside the chest (right click on the file) and if it is still detected then delete it from within the chest.

The only reason for giving the information was because you expressed you wanted to email the files to avast and were trying to find out how to do this in outlook. So I said they could be sent from the chest.

If you have already sent the files to the chest when they were detected there is no need to add them as they would be in the Infected Files section and could be sent from there.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #20 on: September 11, 2007, 09:06:52 AM »
In theory there should be no need to send files to avast that are already detected by avast unless you feel that the detection isn't correct.
So no need to take any action other than leave them in the chest foe a few weeks, scan the file again inside the chest (right click on the file) and if it is still detected then delete it from within the chest.

The only reason for giving the information was because you expressed you wanted to email the files to avast and were trying to find out how to do this in outlook. So I said they could be sent from the chest.

If you have already sent the files to the chest when they were detected there is no need to add them as they would be in the Infected Files section and could be sent from there.

Thx. But that virus still attacking my pc, have any ways to protect from that virus?? Or just Like SpeedPc say just kill my Pc??  :'(

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #21 on: September 11, 2007, 02:13:04 PM »
But that virus still attacking my pc
I generally suggest that will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

Also, if you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

If after that, you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.
The best things in life are free.

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87304
  • No support PMs thanks
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #22 on: September 11, 2007, 02:32:44 PM »
Personally I discounted SpeedyPCs comment as I don't believe we are that far down the road yet.

What did you do about the items I mentioned in my reply #8 in this topic, http://forum.avast.com/index.php?topic=30139.msg250229#msg250229, did you fix them in HJT, etc. ?
Did you send the files to VirusTotal and Jotti as suggested, you never mentioned if you had ?

Take some time in rereading that post again, there are a number of links for the different entries that you should visit

You should also include in the fix the item mentioned by Maxx_original:
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce

Also I have been rereading the topic and your comment after my reply (link above) had me thinking you want to send the suspect files mentioned in my reply rather than infected files in the chest. The location of the files you get from your HJT log entries that I quoted.

I wan to send the infected files to avast but dont know how to setting the outlook, so it cant b send. Can know how to setting the mail setting when wan to send those files??

Do you connect by dial-up to the internet ?
If not a dialler isn't such a great issue as it can't do what its purpose is, to dial premium rate number to connect to the internet rather than your ISPs dial-up number. But, we still want to get rid of it.

How is it attacking your PC, do you simply mean it keeps coming back and avast keeps detecting it, or do you mean something more ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #23 on: September 11, 2007, 07:04:42 PM »
yes, i hv rereading the post. But actually i have do it all. Some ways like SuperAntiSpyware i hv try it too but after i quarentine the threat, it harm my pc and force to release those files. And i send the files to VirusTotal and Jotti already. "O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll", i dont dare to fix it. This is because i have use SuperAntiSpyware quarrentine this file and my pc could'nt work properly. Yes, i connected by dial-up to the internet. It have modified some files and make it cant work. My avast! antivirus also modified by it and cant be work. After i repair the Avast! only can work back. I already solve many virus problem in my pc, this is the last i cant settle :'(

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #24 on: September 12, 2007, 05:30:25 AM »
i do 1 more scan 1 of the files and this is result:

AhnLab-V3 2007.9.11.1 2007.09.11 -
AntiVir 7.6.0.5 2007.09.12 TR/Dialer.VUB
Authentium 4.93.8 2007.09.12 W32/Trojan.BWCN
Avast 4.7.1043.0 2007.09.11 Win32:Dialer-1026
AVG 7.5.0.485 2007.09.11 SHeur.AID
BitDefender 7.2 2007.09.12 Dropped:Trojan.Dialer.VUB
CAT-QuickHeal 9.00 2007.09.11 -
ClamAV 0.91.2 2007.09.12 -
DrWeb 4.33 2007.09.11 Dialer.Doing
eSafe 7.0.15.0 2007.09.11 suspicious Trojan/Worm
eTrust-Vet 31.1.5127 2007.09.12 -
Ewido 4.0 2007.09.11 Trojan.Dialer.tn
FileAdvisor 1 2007.09.12 -
Fortinet 3.11.0.0 2007.09.12 W32/Dialer.TN!tr
F-Prot 4.3.2.48 2007.09.12 W32/Trojan.BWCN
F-Secure 6.70.13030.0 2007.09.11 Trojan.Win32.Dialer.tn
Ikarus T3.1.1.12 2007.09.12 Trojan-Dialer.VUB
Kaspersky 4.0.2.24 2007.09.12 Trojan.Win32.Dialer.tn
McAfee 5117 2007.09.11 -
Microsoft 1.2803 2007.09.12 -
NOD32v2 2523 2007.09.12 probably a variant of Win32/Dialer
Norman 5.80.02 2007.09.11 W32/Malware.ABDY
Panda 9.0.0.4 2007.09.11 Suspicious file
Prevx1 V2 2007.09.12 -
Rising 19.40.20.00 2007.09.12 -
Sophos 4.21.0 2007.09.12 -
Sunbelt 2.2.907.0 2007.09.12 -
Symantec 10 2007.09.12 -
TheHacker 6.1.10.184 2007.09.11 -
VBA32 3.12.2.4 2007.09.12 Trojan.Win32.Dialer.tn
VirusBuster 4.3.26:9 2007.09.11 -
Webwasher-Gateway 6.0.1 2007.09.12 Trojan.Dialer.VUB

mauserme

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #25 on: September 12, 2007, 06:20:21 AM »
"O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll", i dont dare to fix it. This is because i have use SuperAntiSpyware quarrentine this file and my pc could'nt work properly.
What went wrong when you did this?

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #26 on: September 12, 2007, 08:44:48 AM »
My pc will go very slow and many application going error

Offline SpeedyPC

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3369
  • Avast shall conquer the whole world
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #27 on: September 12, 2007, 09:54:08 AM »
Time to reformat your HD as I said before.

Just wait for DavidR to reply first before you go ahead and kill your HD.
ASUS G75VX-T4153H | Avast Premium v22.12.6044 | Avast SecureLine VPN | Avast Secure Browser | Avast Driver Updater | Avast BreachGuard | W8.1 64bit | Firefox 64bit | Thunderbird 64bit | MBAM Premium | Adguard Premium | CryptoPrevent Premium | CCleaner Portable | MCShield | Macrium Reflect | 7-Zip

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 87304
  • No support PMs thanks
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #28 on: September 12, 2007, 01:53:41 PM »
Why do you feel it is time to format, you didn't offer a reason why that is necessary.

If the only problem on the system is this dialler then there is absolutely no way I would format for that, especially since avast detects it every time it rears its ugly head.

Yes there is most certainly a downloader hidden on the system and I still don't know if calciver has done everything that has bee suggested because answers have been sparce and no details given on results, just answers like I have done it all don't give information to suggest other actions.

calciver hasn't posted a new hijackthis log to show us what he has fixed and if things have been dealt with or not. This lack of confirmation just makes the task harder as we keep having to ask for confirmation.

The most important I feel are the anti-rootkit tools to try and find what is hiding the downloader and we don't know exactly what has been run or what results returned.

@ mauserme
Do you think Combofix would be a worthwhile option as doesn't it use the GMER anti-rootkit, which is one of the best but not for the novice to use as a stand alone application ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 22.12.6044 (build 22.12.7758.768) UI 1.0.741/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67235
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #29 on: September 12, 2007, 02:16:03 PM »
I see no reason for reformatting (yet).
Why don't you test antispyware tools?
AVG Antispyware
SUPERantispyware
Spyware Terminator
a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.
The best things in life are free.