Dialer.exe

[~Candy~]

Have a user with this file in the c: directory........can I just delete it? I would guess it's some kind of dialer program that phones somewhere for something........thank God I've had his modem unplugged for months.........I'm assuming with a wireless connection it couldn't do too much by itself...........

 

[TonyKlein]

They often have startup entries and/or are accompanied by ActiveX objects.

Did you have a look at his startups?

Also, SpyBot detects and removes a lot of dialers.

 

[~Candy~]

It doesn't appear to be running in the startups......I saw it as I hit the ESC key to see behind the splash screen......then I did a search for it, and found it in the c: directory, and also it appears in the windows directory with a different date.......grrrrrr......

I had adaware on his system.....but I guess that isn't the bestest and greatest anymore.......let me install spybot and see what I can find..........


Here's the msinfo32 software startups: (looks pretty clean to me)


McAfee.InstantUpdate.Monitor Registry (Per-User Run) "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
ScanRegistry Registry (Machine Run) C:\WINDOWS\scanregw.exe /autorun
SystemTray Registry (Machine Run) SysTray.Exe
LoadPowerProfile Registry (Machine Run) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
InstallNAIProduct Registry (Machine Run) "E:\MIS\VSC\SETUP.EXE" /RUNKEY
VsecomrEXE Registry (Machine Run) C:\VirusScan\VSEcomR.EXE
Vshwin32EXE Registry (Machine Run) C:\VIRUSSCAN\VSHWIN32.EXE
VsStatEXE Registry (Machine Run) C:\VirusScan\VSSTAT.EXE /SHOWWARNING
McAfeeWebScanX Registry (Machine Run) C:\VIRUSSCAN\WebScanX.Exe
AlogServEXE Registry (Machine Run) C:\VirusScan\AlogServ.exe
AvconsoleEXE Registry (Machine Run) C:\VirusScan\avconsol.exe /minimize
Alogserv Registry (Machine Run) C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
McAfeeWebScanX Registry (Machine Service) C:\VIRUSSCAN\WebScanX.Exe /RUNSERVICES
McAfeeVirusScanService Registry (Machine Service) C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE

 

[TonyKlein]

That's a good idea.

You might also want to have him run Hijack This, and post the log.

It will show all ActiveX objects, startups, and more, and it will even remove them for you.

http://www.spywareinfo.com/downloads.php#de

 

[TonyKlein]

Oops, didn't see that last one.

Yup, the startups look pretty clean. But that dialer has to be launched somehow to be active, you'd think.

Maybe post the Hijack This log anyway

 

[~Candy~]

Originally posted by TonyKlein:
Oops, didn't see that last one.

Yup, the startups look pretty clean. But that dialer has to be launched somehow to be active, you'd think.

Maybe post the Hijack This log anyway

Gotta train them all to have startups like like, huh?

I'm not sure the dialer is even loading........but the fact that it is in the C: directory was my first concern, then seeing it again in the windows directory.......makes one wonder what's going on........

 

[TonyKlein]

Oops, wait a moment: MS has a totally legit file called dialer.exe. It's the Win NT Phone Dialer accessory, and I hope that's not what we're dealing with

Did you check the properties of the file?

Mine (XP) is is Program Files\Windows NT

Anyway, If it's in C:, it probably is malware, I should think.

 

[~Candy~]

Actually, I did check one of them, and it gave no details......but he's running 98.......would that matter......and still, I've never seen it scroll by when windows is loading (prior to the desktop)..........

I'm doing a full scandisk on it now (which has nothing to do with this problem, it's been crying for one for awhile now, and I've been hitting cancel), and the hard drive is pretty full, it's only 6 gigs or so, and it's at 45% --- I'll take another look when it's finished.......


I did uninstall a couple of programs earlier to free up disk space....one was some type of net to phone kinda deal, I should know better and write this crap down....and another one was some kind of pc to phone communication program.........but still, I wouldn't think the c: directory is a good place for an .exe file......

 

[TonyKlein]

In Win 98 I have Dialer.exe in C:\Windows, and it's the Windows telephone dialer.

If it's a legitimate file, you'd surely know by its properties.

Why not just rename it? That should do the trick.

 

[~Candy~]

I didn't look at the properties for the one in Windows........just the c: directory.........will take a look when scandisk is done.......I think in any event, I'm going to delete the one in the c: directory

ok....maybe I'll rename it.......

 

[TonyKlein]

Yeah, maybe I'm making this look a lot more complicated than it really is..

 

[~Candy~]

I guess it could be worse, the last time this guy had a problem, the tech recommended format c:

aaaaaaaaahhhhhhhhhh

gotta wonder where those guys come from sometimes.......

 

[~Candy~]

Ok, the one in Windows, is a Windows file.......the one in c: doesn't say, but if I execute it, I get a nice little Movie Icon (Movie Networks, wanna guess ) on the desktop.........grrrrrrrr......it's out of here.......I can't imagine that it's being called from anywhere else........or has any other attached files.......what do you think Tony?

 

[TonyKlein]

Probably not, but you may want to check his Downloaded Program Files folder anyway.

 

[~Candy~]

Ok, will do.........scandisk wasn't happy after it finished in dos mode.....it cried about running it thru windows....so it's running now......gonna call it a night and let scandisk run away.......

Thanks for your excellent help as always........