ned
|
| posted on 15/2/05 at 02:03 PM |
|
|
Dial up no's changing to international no's
Trying to help out a friend who's pc I discovered had something nasty on which is reseting the dialup software to dial international (possibly
premium rate type) numbers. It also rotates the international numbers each time you dialup, so far I've looked up finland and phillipines in the
bt phone book based on the international dialing codes...
I've been through the process list in taskmanager trying to identify dodgy stuff, I've been through the registry ie
ntlm\software\microsoft\windows\current control set\run etc and searched on the dodgy processes i found to remove them.
I removed a few dodgy looking bits last time and told him to get a new isp disc and reregister with an isp but it's still doing it/doing it
again.
Don't wanna spend a lot of time trying to solve it as he's 20+ miles away so don't wanna have to keep going back with new ideas.
Anyone got any suggestions/come across this sorta thing before? I know it's obviously some sort of spyware or trojan most likely, it's
just identifying and disinfecting it...
Machine is a late dell desktop, win xp (home i think)
cheers,
Ned.
beware, I've got yellow skin
|
|
|
|
|
flak monkey
|
| posted on 15/2/05 at 02:37 PM |
|
|
He has a rogue dialler on his system.
Run all the upto date anti virus scanners, adaware SE and hijack this (attached). Be careful using hijack this though as you can destroy the system if
you dont know what is safe to delete. If you arent sure look through the listings for anything unusual and delete them.
Deleting the registry entries wont help, unless you actually delete the program as well, as it will simply create a new registry entry next time you
run it.
David 
Sera
http://www.motosera.com
|
|
|
flak monkey
|
| posted on 15/2/05 at 02:38 PM |
|
|
Also run this attached file, it lists all of the start up processes that run when windows boots. Look for any unusual/dodgy ones and go to the
location and delete them...(its a manual tool)
Run also windows update, they release a trojan killer every month. It automatically scans and deletes anything dodgy it finds. Only looks for very
specific thigs though. Highly recommend using McAfee or Symantec virus scanner to scan system fully.
David
[Edited on 15/2/05 by flak monkey]
Sera
http://www.motosera.com
|
|
|
simonH
|
 posted on 15/2/05 at 02:40 PM |
|
|
Spy Ware / Trojan / dialer
Very Common occurance you may need to use a number of things to remove the problem. most current AV Signatures
also a combination of SpyBot s&D and
adaware
Spybot Home Page
Adaware Home Page
Run them more than once as they can remove one thing that is hidding another
Never be afraid to try something new. Remember that a lone amateur built the Ark. A large group of professionals built the Titanic.
|
|
|
flak monkey
|
| posted on 15/2/05 at 02:53 PM |
|
|
Spybot posted by SimonH is also a very very good tool which searches for diallers and trojans as well system weaknesses.
I forgot about that one!
David
Sera
http://www.motosera.com
|
|
|
ned
|
| posted on 15/2/05 at 03:06 PM |
|
|
Thanks guys, I'll burn them to disc to take with me tonight, fingers crossed 
cheers,
Ned.
beware, I've got yellow skin
|
|
|
britishtrident
|
| posted on 15/2/05 at 03:44 PM |
|
|
Dialers are a major problem and Xp seems more prone to them than other windows versions. First thing to do is disable "system restore"
until you have the the dialer cleared out -- if you don't Xp will keep reinstalling it.
After that a sweep with Hi-jack should show any likely suspects. Do a disk search for file with similar names to the suspect entires Hijack this has
found because in my experience hijack programs tend to scatter additional copies around the C: drive.
Dialers and browser hijackers usually originate on dodgy music download sites sites so look for any clues to the originating site and clear it from
the browser favourites.
After that a scan with AVG or Avast (good but can give false posatives) followed by Ad-aware. Only once you are sure everything is ok re-instate auto
system restore.
[Edited on 15/2/05 by britishtrident]
|
|
|
DaveFJ
|
| posted on 15/2/05 at 04:28 PM |
|
|
One other thing
before trying to remove any spyware or other nasties from a windows XP based system; make sure you switch off system restore or you will just be
pissing into the wind.
to switch it off right click on 'my computer' and select properties then select the 'system restore ' tab
HTH
(you could also try installing a firewall which should block these rogue dialers getting out - try kerio, it works well for me)
Dave
"In Support of Help the Heroes" - Always
|
|
|
.jpg)
