Author Topic: cant remove all win32:dialer-1026 after boots time scan  (Read 130738 times)

0 Members and 1 Guest are viewing this topic.

calciver

  • Guest
cant remove all win32:dialer-1026 after boots time scan
« on: August 26, 2007, 07:42:00 PM »
i try for scan many time, keep scan and scan. it show safe, but i stil; atked by that trj virus. Any1 can help me :'(?? some file cant b delete coz file not found.

this is example:
File C:\Documents and Settings\Calciver\Local Settings\Temp\00DNw2jl.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\00DNw2jl.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\037jr4aR.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\037jr4aR.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\07Ch74T0.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\07Ch74T0.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\07J051fa.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\07J051fa.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\15G8axY3.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\15G8axY3.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\3c22FnTJ.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\3c22FnTJ.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\3hyd3rhe.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\3hyd3rhe.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\4P6MkGK7.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\4P6MkGK7.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\5wK6GF7W.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\5wK6GF7W.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\gT25fiTd.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\gT25fiTd.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\knTd335c.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\knTd335c.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\ny78Pq1U.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\ny78Pq1U.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\qN5KmxV0.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\qN5KmxV0.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\radBYlxD.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\radBYlxD.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\s3dj30G4.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\s3dj30G4.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\SEELdLN1.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\SEELdLN1.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\tFxx5G1m.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\tFxx5G1m.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\VjuSL3N5.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\VjuSL3N5.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\Xmu4f873.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\Calciver\Local Settings\Temp\Xmu4f873.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\Calciver\Local Settings\Temp\_avast4_\unp248327569.tmp\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\Documents and Settings\NetworkService\Local Settings\Temp\D76c8ypA.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\NetworkService\Local Settings\Temp\D76c8ypA.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Documents and Settings\NetworkService\Local Settings\Temp\V77h1Wgp.exe\[Embedded#0e00] is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\Documents and Settings\NetworkService\Local Settings\Temp\V77h1Wgp.exe is infected by Win32:Dialer-1026 [Trj], Delete: Error 0xC0000034 {Object Name not found.}
File C:\Program Files\Internet Explorer\RAVCHDMON.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP43\A0009476.exe is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024288.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024323.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024505.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024530.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024544.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024558.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024570.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024586.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP51\A0024777.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP58\A0028814.exe is infected by Win32:Dialer-1026 [Trj], Deleted
File C:\System Volume Information\_restore{1E41D85E-4584-4A78-BC24-538BBC0D7034}\RP58\A0028816.exe\[Upack]\[Embedded#5060]\[Upack] is infected by Win32:Onlinegames-ATY [Trj], Deleted

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #1 on: August 26, 2007, 08:34:02 PM »
Deletion isn't really a good first option (you have none left), 'first do no harm' don't delete, send virus to the chest and investigate. So those that you have already deleted you have no options left.

For the other ones classed as not found, did you empty the Temp folder ?
They could have been placed in the temp folder as a result of another security application unpacking archives into the Temp folder and avast is detecting these files. However at the end of a scan the other scanner usually cleans up after its scan removing the files.
So does this ring any bells, what were you doing when these alerts happened ?
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #2 on: August 27, 2007, 03:39:28 AM »
General cleaning procedure:

1. Disable System Restore on Windows ME or Windows XP. System Restore cannot be disabled on Windows 9x and it's not available in Windows 2k. After boot you can enable System Restore again after step 3.

2. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

3. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

4. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).
If any infection is detected, better and safer is send the file to Quarantine than to simple delete than.

5. If you still detecting any strange behavior or even you're sure you're not clean, maybe it will be good to test your machine with anti-rootkit applications. I suggest AVG, Panda and/or F-Secure BlackLight.

6. Also, if you still detecting strange behaviors or you want to be sure you're clean, maybe making a HijackThis log to post here and, specially, scan and submit to on-line analysis the RunScanner log would help to identify the problem and the solution.

7. After you're clean, use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

8. Finally, when you're clean, check for insecure applications with Secunia Software Inspector to update insecure applications and avoid reinfection.
The best things in life are free.

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #3 on: August 27, 2007, 09:18:06 AM »
your "file not found" problem is only a misinterpretation of scan results.. the infection was found in some embedded PE file... when some infection is found in embedded file, then its parent file is deleted.. the same infection was found in the parent file (loaded in memory), but the file can't be deleted, cause it was deleted by previous (underlaying) detection already...

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #4 on: September 06, 2007, 08:17:45 AM »
i choosing the take no action and then starting boots time scan but it appear this problem. Now this problem is gone but the same virus keep attacking my pc. I move all the files to the chest but dont know how to do it then. Hv another suggestion??

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #5 on: September 06, 2007, 10:08:08 AM »
there must be some dropper.. can you post a HJT log here? you can find many tutorials on this forum how to do it...

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67194
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #6 on: September 06, 2007, 02:47:07 PM »
If you want to do it by yourself, click here to download HJTsetup.exe

  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
The best things in life are free.

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #7 on: September 07, 2007, 04:18:35 PM »
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:17:08 PM, on 9/7/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TM Net\Diagnostic Tool\tmnet connect.exe
C:\Program Files\TM Net\tmnet streamyx dialer\fwportal.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bitcomet.com/client/install-finish/?l=en_us
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll
O2 - BHO: (no name) - {a5edcd28-669c-44d7-afa0-6e6649e7fde4} - C:\WINDOWS\system32\comard.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [%FP%TM Net fts.exe] "C:\Program Files\TM Net\tmnet streamyx dialer\fts.exe"
O4 - HKLM\..\Run: [YLive.exe] C:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Storm Codec\StormSet.exe" /S /opti
O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce
O4 - HKLM\..\Run: [commomds] C:\WINDOWS\system32\win32.exe
O4 - HKLM\..\Run: [RAVGJMON] C:\Program Files\Internet Explorer\RAVGJMON.exe
O4 - HKLM\..\Run: [RAVDTHXMON] C:\Program Files\Internet Explorer\RAVDTHXMON.exe
O4 - HKLM\..\Run: [RAVCHDMON] C:\Program Files\Internet Explorer\RAVCHDMON.exe
O4 - HKLM\..\Run: [win32] C:\WINDOWS\system32\win32.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [RAVWLMON] C:\WINDOWS\system32\RAVWLMON.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\Storm Codec\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {5F5F9FB8-878E-4455-95E0-F64B2314288A} (ijjiPlugin2 Class) - http://gamedownload.ijjimax.com/gamedownload/dist/hgstart/HGPlugin11USA.cab
O16 - DPF: {7606693A-C18D-4567-AF85-6194FF70761E} (GomWeb Control) - http://app.gomtv.com/gom/GomWeb.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1AC7128B-89DD-482E-9BAB-F1114D458B8F}: NameServer = 202.188.0.133 202.188.1.5
O20 - AppInit_DLLs: jzgpri.dll
O20 - Winlogon Notify: comard - comard.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files\WinPcap\rpcapd.exe

--
End of file - 7760 bytes

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #8 on: September 07, 2007, 04:38:21 PM »
Fix these:
O2 - BHO: (no name) - {a5edcd28-669c-44d7-afa0-6e6649e7fde4} - C:\WINDOWS\system32\comard.dll (file missing) - apart from the file is missing, check and make sure, a google search for this file returns zero hits, which in itself is suspicious
O20 - Winlogon Notify: comard - comard.dll (file missing)
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\qwerty12.exe (file missing)


These are reported nasty and if avast hasn't detected it a sample should be sent to avast I would also confirm using VT and Jotti (see below).
O2 - BHO: WebAssist - {85589B5D-D53D-4237-A677-46B82EA275F3} - C:\WINDOWS\WebAssist.dll - see http://www.google.com/search?q=WebAssist.dll
O4 - HKLM\..\Run: [RAVWLMON] C:\WINDOWS\system32\RAVWLMON.exe - see http://www.prevx.com/filenames/3417583867049942784-X1/RAVWLMON.EXE.html

O20 - AppInit_DLLs: jzgpri.dll - see http://www.castlecops.com/p981744-MD5_228b2084b7ade49987c38d87f84e1903_jzgpri_dll.html

Send the sample to virus@avast.com zipped and password protected with password in email body and false positive/undetected malware in the subject.
Or you can also add the file to the User Files (File, Add) section of the avast chest where it can do no harm and send it from there (select the file, right click, email to Alwil Software). No need to zip and PW protect when the sample is sent from chest. A copy of the file/s will remain in the original location, so any further action you take can remove that.

You could also check the offending/suspect file at: VirusTotal - Multi engine on-line virus scanner I feel virustotal is the better option as it uses the windows version of avast (more packers supported) and there are currently 30 different scanners.
Or Jotti - Multi engine on-line virus scanner if any other scanners here detect them it is less likely to be a false positive. Whichever scanner you use, you can't do this with the file in the chest, you will need to move it out.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #9 on: September 07, 2007, 07:52:25 PM »
thx for ur help. I wan to send the infected files to avast but dont know how to setting the outlook, so it cant b send. Can know how to setting the mail setting when wan to send those files??

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #10 on: September 07, 2007, 09:06:39 PM »
Do you mean outlook express ?
You shouldn't have to do anything to it to send the zipped password protected files, however, OE might need the security settings sorted (Tools, Options, Security tab, uncheck the arrowed option in the image below), this was changed after a security update.

I don't use MS Outlook so I can't be any practical help there.

By far the best option is to add them to the user files section of the chest and send them from there as I mentioned above.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #11 on: September 08, 2007, 08:21:46 AM »
erm... I try but cant add. Add cant b choosen

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88900
  • No support PMs thanks
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #12 on: September 08, 2007, 02:14:55 PM »
Then you most likely haven't clicked the User Files section icon on the left as you can't Add to the Infected Files section, that is the preserve of the avast scanner for files it detected as infected.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Offline Maxx_original

  • Avast team
  • Super Poster
  • *
  • Posts: 1479
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #13 on: September 10, 2007, 10:20:09 AM »
also this item looks strange:

O4 - HKLM\..\Run: [SystemOptimizer] rundll32.exe "C:\WINDOWS\xxxvvw.dll",forkonce

calciver

  • Guest
Re: cant remove all win32:dialer-1026 after boots time scan
« Reply #14 on: September 10, 2007, 10:42:49 AM »
Then you most likely haven't clicked the User Files section icon on the left as you can't Add to the Infected Files section, that is the preserve of the avast scanner for files it detected as infected.

after that i nid to add what file??