General discussion

Locked

Its got me beat !!

By gbrownlee ·
I just returned from holidays and before I left, I thought I had rid my system of virus dialer.x.x.

I just went on line and updated AVG (free edition), ad-aware and spy bot. In this short period of time, my system was reinfected.

I have searched my registry and used windows explorer and found some suspicous entries which I have deleted; and yet the virus returns every time I access the web (within 15 minutes). Obviously there is something in my system that is calling home, but I cannot find it and I have already wasted countless hours trying to do so.

I do not wish to repartion and format my HDD; my internet access is POTS and updating all my software will take 8 hrs (max. file tranfer rate 2.6 KBytes/sec.)

System specs: XP Home,adaware,browserhijacker blaster, spybot, hijackthis, noadware, stinger, cwshredder, dsostop2. I also previosly tried trial versions of other related software.

System restore is not in use and I have found an index.dat file that I cannot remove, Also, I am unable to run AVG in safe mode.

Any assistance you may be able to render will be greatly appreciated by this ole farmer.

Thank you
Greg

ps: I have also used online virus checkers etc.

This conversation is currently closed to new comments.

28 total posts (Page 1 of 3)   01 | 02 | 03   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by pctech In reply to Its got me beat !!

Hello Greg,
AVG is pretty good for a free anti virus program but, it doesn't have what it takes to combat some of the more agressive viruses. Free will only get you so far. Invest in Norton or McAffe anti virus for more complete protection.
Dialer will usually put a dialerxxx.exe, or some variant of the name, in the root of C: or the root of the Windows directory. Boot the computer in Safe mode and do a search for "dialer", without the quotation marks. Windows has a dialer file that is legit, dialer.exe. To verify the authenticity of any dialers the search uncovers for you, right click on each executable dialer and sellect "Properties". Under "Version" you will find if this is a Microsoft file or an imposter. Rename the file extension, of any non Microsoft dialers to bad, such as dialerxxx.bad. Next, run msconfig and uncheck any box that refers to dialer. Now go to the Control Panel>Internet Options and delete your Temporary Internet Files and clear the History. While under the Internet Options, click on the Programs tab and reset your programs to Default, including your Home page. Now you can open Internet Explorer and click on Favorites and remove anything from your Favorites list that you do not want there. Check this list closely.
Check your host file for redirects. Do a search on host and double click the file " hosts " without a file extention at the end of it. Make sure that the listing is -
127.0.0.1 localhost
remove any other entries.
OK, boot back into Normal mode, whatever that is suppose to infer, and go to :
http://securityresponse.symantec.com/
and click on Check for security risks. Do an online virus scan of your computer and follow Symantec's removal instructions for any viruses the scan may find.
...... continued

Collapse -

by gbrownlee In reply to

Poster rated this answer.
thank you for your suggestions. I have previously done everything suggested, except search for host. I found the file that you mentioned, but am unable to open it. AVG finds and quarantines dialer.8.u and dialer.9.a, but my system seems to have something well hidden that is leaving it vulnerable to attack. I must admit that dialer.8.u is a bit of a pig to get rid of. Thanks again.

regards
Greg

Collapse -

by pctech In reply to Its got me beat !!

...... from previous post
Once you are certain that your system is virus free, remove AVG and install a fresh copy of either Norton or McAfee. Get all the updates available and then get all of the Windows Critical Updates. Considering your download speed(?), you will be better off ordering the update disk from Microsoft. A small shipping charge is the only fee.

I hope this helps you.

Collapse -

by gbrownlee In reply to

Poster rated this answer.
All my software is always fully updated.

Collapse -

by pcnetworktech In reply to Its got me beat !!

I worked on PC with same problem, tried the spybot,adware, cwsheredder and no luck. Finally spyblaster program. Took care of it.
http://www.javacoolsoftware.com/spywareblaster.html

or
http://majorgeeks.com/download2858.html
Hope this helped.

Collapse -

by gbrownlee In reply to

Poster rated this answer.
Thank you for your suggestion. I apologize for not mentioning that I installed spywareblaster and bhblaster already.

Collapse -

by LMon In reply to Its got me beat !!

If you dont wanna spend money. Get stinger.exe by mscaffee. It's a free download and will remove any new viruses. Once that is gone. updte and run avg you should then be fine.

Collapse -

by LMon In reply to

Also, update windows with any service packs or updates that way you dont keep getting the virus.

Collapse -

by gbrownlee In reply to

Poster rated this answer.
Thank you for your suggestion. I already use Stinger, along with a whole lot of other programs.

Collapse -

by CG IT In reply to Its got me beat !!

hummm if you use an always on DSL connection and you don't have a router, but use Windows XP Home's built in firewall AND have more than one computer connecting to the internet, I suggest you get one. Routers have the ability to block at the WAN port ICMP ping, IGMP multicast, PPTP, L2TP along with providing NAT to LAN computers. Think of a router as the first layer, and the firewall on the LAN computer as the second layer, the spybot programs as a 3rd layer, the AV program the 4th layer, and machine security like requiring passwords, and machine security settings as the 5th layer of protection. The more layers they have to go through the harder it is to get in.

Some bug/virus/trojan writers are now using the IGMP broadcast to get their programs out. So if you leave your computer running [sometimes even when it's not running it can happen] while away on vacation thinking you've got a firewall and AV and your safe, that might not be the case.
taken from IGMP article on
IGMP Overview http://www.zyxel.com/support/supportnote/ves1012/app/igmpsnoop.htm

Traditionally, IP packets are transmitted in one of either two ways - Unicast (1 sender to 1 recipient) or Broadcast (1 sender to everybody on the network). Multicast delivers IP packets to just a group of hosts on the network. If your computer firewall doesn't block IGMP broadcast traffic, your vunderable. multicast traffic is treated in the same manner as broadcast traffic, that is , it is forwarded to all ports

Back to Desktop Forum
28 total posts (Page 1 of 3)   01 | 02 | 03   Next

Related Discussions

Related Forums