Dial Up connection infected

Discussion in 'System Security & Infection Support' started by Nickweb, Jan 29, 2007.

  1. Nickweb

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    hello guys, I'm making my second attempt at cleaning my dial up connection, on the family computer, and run HiJack this, anyone have a look at it for me? cheers

    Logfile of HijackThis v1.98.2
    Scan saved at 20:13:38, on 28/01/2007
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2919.6304)
    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\SYSTEM\MSTASK.EXE
    C:\WINDOWS\SYSTEM\WINMODEM.101\wmexe.exe
    C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\SCHEDM.EXE
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\TASKMON.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\WINDOWS\SYSTEM\STIMON.EXE
    C:\PROGRAM FILES\TWINMOS\MOBILE DISK V3.0\MOBMON.EXE
    C:\PROGRAM FILES\TWINMOS\MOBILE DISK V3.0\USBTD.EXE
    C:\WINDOWS\SYSTEM\LVCOMS.EXE
    C:\WINDOWS\SYSTEM\BTMODEMPROTECTION.EXE
    C:\PROGRAM FILES\VISIONEER ONETOUCH\ONETOUCHMON.EXE
    C:\PROGRAM FILES\ANTIVIR PERSONALEDITION CLASSIC\AVGCTRL.EXE
    C:\WINDOWS\SYSTEM\MSWHEEL.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE
    C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE
    C:\PROGRAM FILES\MICROSOFT MONEY\SYSTEM\REMINDER.EXE
    C:\PROGRAM FILES\DIALERZAPPER\DIALERZAPPER.EXE
    C:\PROGRAM FILES\MSWORKS\CALENDAR\WKCALREM.EXE
    C:\PROGRAM FILES\3COM\MODEMMGR\PROGRAM\MDMMGR.EXE
    C:\PROGRAM FILES\WINDOWS MEDIA COMPONENTS\ENCODER\WMENCAGT.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\MY DOCUMENTS\HIJACKTHIS1-98-2.EXE
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    F1 - win.ini: run=HPFSCHED
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
    O3 - Toolbar: @msdxmLC.dll,[email protected],&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [POINTER] C:\PROGRA~1\MICROS~1\point32.exe
    O4 - HKLM\..\Run: [StillImageMonitor] C:\WINDOWS\SYSTEM\STIMON.EXE
    O4 - HKLM\..\Run: [UFD Monitor] C:\Program Files\TwinMOS\Mobile Disk V3.0\MobMon.exe
    O4 - HKLM\..\Run: [UFD Utility] C:\Program Files\TwinMOS\Mobile Disk V3.0\UsbTD.exe
    O4 - HKLM\..\Run: [LVComs] C:\WINDOWS\SYSTEM\LVComS.exe
    O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
    O4 - HKLM\..\Run: [BTModemProtection] BTModemProtection.lnk
    O4 - HKLM\..\Run: [OneTouch Monitor] C:\Program Files\Visioneer OneTouch\OneTouchMon.exe
    O4 - HKLM\..\Run: [avgctrl] "C:\Program Files\AntiVir PersonalEdition Classic\avgctrl.exe" /min
    O4 - HKLM\..\Run: [avast! Web Scanner] C:\PROGRA~1\ALWILS~1\AVAST4\ASHWEBSV.EXE
    O4 - HKLM\..\Run: [ashMaiSv] C:\PROGRA~1\ALWILS~1\AVAST4\ashmaisv.exe
    O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
    O4 - HKLM\..\RunServices: [winmodem] WINMODEM.101\wmexe.exe
    O4 - HKLM\..\RunServices: [schedm] "C:\Program Files\AntiVir PersonalEdition Classic\schedm.exe"
    O4 - HKLM\..\RunServices: [avast!] C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O4 - HKCU\..\Run: [Reminder] C:\Program Files\Microsoft Money\System\reminder.exe
    O4 - HKCU\..\Run: [DialerZapper] C:\PROGRAM FILES\DIALERZAPPER\DIALERZAPPER.EXE
    O4 - Startup: Microsoft Works Calendar Reminders.lnk = C:\Program Files\MSWorks\Calendar\WKCALREM.EXE
    O4 - Startup: 3Com Modem Manager.lnk = C:\Program Files\3Com\ModemMgr\Program\mdmMgr.exe
    O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Startup: Encoder Agent.lnk = C:\Program Files\Windows Media Components\Encoder\WMENCAGT.EXE
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
    O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
    O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin2.dll
    O12 - Plugin for .mp3: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O12 - Plugin for .mpeg: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin3.dll
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\PROGRAM FILES\ASKSAM\SURFSAVER\AS_AIPP.DLL (file missing)

    I dont really want to have to wipe the disk and start again, as I think I've lost the disk with the dellnet free net access (Still have to pay for phone bill) and I dont want to have to go to broadband, too pricey at the moment

    cheers guys
     
    Nickweb, Jan 29, 2007
    #1
    1. Advertisements

  2. Nickweb

    Codex85 Mouse Potato VIP Member

    Joined:
    Apr 19, 2005
    Messages:
    776
    Likes Received:
    18
    Location:
    US
    Codex85, Jan 29, 2007
    #2
    1. Advertisements

  3. Nickweb

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    Ok, so how do I go about fixing this? I know cra* all about the registry settings, and stuff, is there anything in there that could be a rogue dialler?
     
    Nickweb, Jan 29, 2007
    #3
  4. Nickweb

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Remove these entries. Reboot. Run HijackThis to verify they're gone. Download AVG AntiVirus and AdAware. Update them to the newest versions, and run a full system scan with them both. Should help a lot.

    C:\PROGRAM FILES\DIALERZAPPER\DIALERZAPPER.EXE
    O4 - HKCU\..\Run: [DialerZapper] C:\PROGRAM FILES\DIALERZAPPER\DIALERZAPPER.EXE
    O16 - DPF: {AE9DCB17-F804-11D2-A44A-0020182C1446} (IntraLaunch.MainControl) - file://D:\SuperCD\IntraLaunch.CAB
    O16 - DPF: {24311111-1111-1121-1111-111191113457} - file://c:\eied_s7.cab
    O18 - Protocol: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - C:\PROGRAM FILES\ASKSAM\SURFSAVER\AS_AIPP.DLL (file missing)
     
    Fenis-Wolf, Jan 29, 2007
    #4
    Nickweb likes this.
  5. Nickweb

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    sorry to be very very dumb, but how do I remove them, is it inside HiJackThis? Step by steps would be the best way to help me on this, as I know crap all about registry settings/entries.

    I have tried to run AVG and downloaded AdAware on my laptop and copied over to my family comp, but I think that my proc is not fast enough to run them, its a P3 455 mhz, off the top of my head.
     
    Nickweb, Jan 30, 2007
    #5
  6. Nickweb

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    It will run them, it will just take forever.
    To remote the entries in HijackThis you either check or uncheck the box next to the entry you want to remove, then click 'Fix' down at the bottom.
     
    Fenis-Wolf, Jan 30, 2007
    #6
  7. Nickweb

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    thanks, I'll give it a whirl tonight, when I go home from uni
     
    Nickweb, Jan 31, 2007
    #7
  8. Nickweb

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    Ok, sorry for the looooooong delay in replying to this, but I tried it last night, and then dialled up, i have BT Modem Protection active which tells me if another number is being dialled, and i got no messages, so it looks like it worked.

    Now, the thing is, its a 28k modem (go on, laugh..) SO, if i rip it out, and whack a 56k modem in, would I keep the dial up settings? as i think i had to enter a password when we set it up 4-5 years ago, and I am certain I've lost the password
     
    Nickweb, Feb 15, 2007
    #8
  9. Nickweb

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    Ok, no it hasnt worked, I got another dial made last night, it only seems to happen when I go on hotmail, I'm thinking its got something to do with MSN messenger, you know, when MSN will download temporarally download messenger while you are on a .net site? I really dont know whats doing this now, but Its really getting on my nerves, as last time I had a bill for £45 more than usual
     
    Nickweb, Feb 26, 2007
    #9
  10. Nickweb

    Fenis-Wolf VIP Member

    Joined:
    Apr 30, 2003
    Messages:
    2,951
    Likes Received:
    35
    Location:
    Ann Arbor, Mi
    Did you run Spybot?
     
    Fenis-Wolf, Feb 26, 2007
    #10
  11. Nickweb

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    I've done Adaware, tired Spybot a while back, but it didnt find anything of relevance. I'm still running IE5 (I know) would this problem be helped a bit if I installed IE6?
     
    Nickweb, Feb 27, 2007
    #11
  12. Nickweb

    Crimson Devil's Advocate VIP Member

    Joined:
    Aug 21, 2006
    Messages:
    479
    Likes Received:
    3
    Location:
    Norfolk, VA
    If something compromised IE5, an upgrade will not fix it. You need to fix the problem, then upgrade.

    ...or do an OS reload and upgrade.
     
    Crimson, Feb 28, 2007
    #12
  13. Nickweb

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    I really dont want to have to wipe the disk and start again
     
    Nickweb, Feb 28, 2007
    #13
  14. Nickweb

    Crimson Devil's Advocate VIP Member

    Joined:
    Aug 21, 2006
    Messages:
    479
    Likes Received:
    3
    Location:
    Norfolk, VA
    I'm not saying that's the way to go. What I'm saying is if something was already on your computer right now the upgrade will not fix it, it'll only protect from new intrusions. And, that's only if IE6 was updated for it.
     
    Crimson, Feb 28, 2007
    #14
  15. Nickweb

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    Are there any dialler blockers out there that work properly? Seeing as how I cant seem to find out what is doing this, is there a program that can monitor and block dial attempts?
     
    Nickweb, Feb 28, 2007
    #15
  16. Nickweb

    Core in pounce mode Moderator

    Joined:
    Jun 30, 2003
    Messages:
    1,557
    Likes Received:
    24
    Location:
    Akaa, Finland
    Probably. How easy this is to find, I don't know. You could try password protection for your Internet connection, with shareware progs like iNet Protector.

    I'd recommend you keep trying to find a solution to this issue though. I would feel very uncomfortable knowing that something on my computer was even attempting to establish connections outside without my consent.

    Does your computer dial up even when you're not using it? Have you tried using Firefox?
     
    Last edited: Feb 28, 2007
    Core, Feb 28, 2007
    #16
  17. Nickweb

    Nickweb Resident Filmaker Moderator

    Joined:
    Nov 7, 2003
    Messages:
    2,532
    Likes Received:
    27
    Location:
    North Wales, Britain
    I only have the computer turned on and connected to the phone line when I want to go online, so when it dials, I know about it, due to BT Modem Protection informing me of the dial, but it doesnt block it, just tells me - ARG!

    I havent tried using firefox, I could give it a whirl.
     
    Nickweb, Mar 1, 2007
    #17
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.