bubomb Posted November 17, 2003 Report Share Posted November 17, 2003 please can anyone help - the most aggresive dialer I have ever seen is hijacking my pc. I know all the dialer tricks that fool you into installing it, but this one appears from nowhere, disconnects my ntl dial up, and the only way to stop it is to pull the plug. It happens no matter what I am looking. I've tried anti virus, spybot, ad-aware, deleted all reference from the the registry, but I cannot stop it. The dialer continues to self install itself roughly once every 2 days. I managed to get some details of it - it's called AdultX, connects to xxxserver and dials the number 5551212. I would be very grateful if anyone has some advice. I must be missing something in my system, maybe something in the windows folder or registry. I manually uninstall the dialer under my network connections and remove all visible trace of it, but still it reappears. I can't download anything for fear of this dialer appearing - any ideas?p.s - it also changes my home page to www.123found.comcheers Quote Link to comment Share on other sites More sharing options...
bvw Posted November 17, 2003 Report Share Posted November 17, 2003 http://www.javacoolsoftware.com/spywareblaster.htmlInstall Spywareblaster. Quote Link to comment Share on other sites More sharing options...
Guest northamuk Posted November 17, 2003 Report Share Posted November 17, 2003 Surely it must dial a premium rate number beginning 09 etc. 555 sounds like an American movie number? Quote Link to comment Share on other sites More sharing options...
mark2 Posted November 18, 2003 Report Share Posted November 18, 2003 Download HijackThis , look at the tutorial on site,Run HJT, by pressing the scan button, the scan buuton then changes to a save log button, save the log then copy /paste the results to this thread and we can deal with the dialer. Quote Link to comment Share on other sites More sharing options...
moon Posted November 18, 2003 Report Share Posted November 18, 2003 Unusual. Quote Link to comment Share on other sites More sharing options...
bubomb Posted November 18, 2003 Author Report Share Posted November 18, 2003 Logfile of HijackThis v1.97.6Scan saved at 19:13:49, on 18/11/2003Platform: Windows XP (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 (6.00.2600.0000)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\System32\nvsvc32.exeC:\WINDOWS\SOINTGR.EXEC:\WINDOWS\System32\RUNDLL32.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Stuart Cameron\Local Settings\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://uk.f250.mail.yahoo.com/ym/login?.ra...jqetfel&login=1O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocxO3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocxO4 - HKLM\..\Run: [sO5 Integrator Pass Two] C:\WINDOWS\SOINTGR.EXEO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exeO4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInitO8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htmO8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htmO9 - Extra button: Messenger (HKLM)O9 - Extra 'Tools' menuitem: Messenger (HKLM)O12 - Plugin for .bcf: C:\Program Files\Internet Explorer\Plugins\NPBelv32.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwa...ector/swdir.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cabO16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://lw9fd.law9.hotmail.msn.com/activex/HMAtchmt.ocxO17 - HKLM\System\CCS\Services\Tcpip\..\{1176EF3B-D5EB-4908-B12E-49665C12FE9A}: NameServer = 194.168.4.100 194.168.8.100O17 - HKLM\System\CS2\Services\Tcpip\..\{1176EF3B-D5EB-4908-B12E-49665C12FE9A}: NameServer = 194.168.4.100 194.168.8.100There is no sign of it as far as I can tell. I have downloaded spyblaster, and it has no reference to the AdultX dialer. My homepage changes to www.123found.com, but I cannot find any information on this hijack address. It looks like I have managed to remove all trace of this dialer, but then it reappears out of nowhere.There is definitely something still hidden in my pc. Any ideas? Quote Link to comment Share on other sites More sharing options...
moon Posted November 18, 2003 Report Share Posted November 18, 2003 It gets out through your firewall ? Quote Link to comment Share on other sites More sharing options...
mark2 Posted November 18, 2003 Report Share Posted November 18, 2003 Nothing obvious there at present. :( When it comes back, run HJT again and post the log, we may then be able to see where it's being launched from. Quote Link to comment Share on other sites More sharing options...
bubomb Posted November 18, 2003 Author Report Share Posted November 18, 2003 I found out this additional information - XXXDialer - Adult_Chat dialer Creates a dialup connection in the Dial-Up Network folder set to dial 5551212 which appears to be a local number but leads to a Solomon Island number 011 67706018. Quote Link to comment Share on other sites More sharing options...
mark2 Posted November 18, 2003 Report Share Posted November 18, 2003 Have you tried running a dedicated antitrojan prog, Swatit have a free version, may possibly detect it and be able to fix it. Quote Link to comment Share on other sites More sharing options...
mark2 Posted November 18, 2003 Report Share Posted November 18, 2003 found this which has instructions for manually removing it Quote Link to comment Share on other sites More sharing options...
mark2 Posted November 18, 2003 Report Share Posted November 18, 2003 also symantec have removal instructionsI don't see an antivirus running in your log ?? Quote Link to comment Share on other sites More sharing options...
bubomb Posted November 18, 2003 Author Report Share Posted November 18, 2003 Thanks Mark. I have tried all the good anti virus and trojan stuff. With a bit of luck that's the bugger gone, those links hopefully have fixed everything. If it comes back, I will post the hijachthis report. I'm off now to watch the Scotland U21 game. Thanks for the help everybody. Quote Link to comment Share on other sites More sharing options...
mark2 Posted November 18, 2003 Report Share Posted November 18, 2003 Hopefully it won't be back.Keep your a/v updated and running. Quote Link to comment Share on other sites More sharing options...
Guest northamuk Posted November 18, 2003 Report Share Posted November 18, 2003 If it dials 011 (an American dial-out prefix) you may not have a problem unless it is sophisticated enough toknow that it has to change the prefix to 00677 from the UK - naturally presupposing that you are NOT in the USA. Quote Link to comment Share on other sites More sharing options...
Guest ellas Posted November 18, 2003 Report Share Posted November 18, 2003 do you think they will be showing the scotland u21 game in the united states :D Quote Link to comment Share on other sites More sharing options...
Guest northamuk Posted November 18, 2003 Report Share Posted November 18, 2003 Well it was on Sky Sports 2 so maybe he's in the Costa Brava? Quote Link to comment Share on other sites More sharing options...
bubomb Posted November 18, 2003 Author Report Share Posted November 18, 2003 I'm in Glasgow, Scotland. We came so close to qualifing, but once again the same old story. The big game's tomorrow. Quote Link to comment Share on other sites More sharing options...
Guest ellas Posted November 18, 2003 Report Share Posted November 18, 2003 hey guess what,northamuk's from scotland :D Quote Link to comment Share on other sites More sharing options...
Guest Grim Reaper Posted November 19, 2003 Report Share Posted November 19, 2003 hey guess what,northamuk's from scotland :Di knew that there was something wierd about him!! :D Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.