1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Dialer.exe

Discussion in 'Virus & Other Malware Removal' started by ~Candy~, Jan 20, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. ~Candy~

    ~Candy~ Retired Administrator Thread Starter

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Have a user with this file in the c: directory........can I just delete it? I would guess it's some kind of dialer program that phones somewhere for something........thank God I've had his modem unplugged for months.........I'm assuming with a wireless connection it couldn't do too much by itself........... :confused:
     
  2. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    They often have startup entries and/or are accompanied by ActiveX objects.

    Did you have a look at his startups?

    Also, SpyBot detects and removes a lot of dialers.
     
  3. ~Candy~

    ~Candy~ Retired Administrator Thread Starter

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    It doesn't appear to be running in the startups......I saw it as I hit the ESC key to see behind the splash screen......then I did a search for it, and found it in the c: directory, and also it appears in the windows directory with a different date.......grrrrrr......

    I had adaware on his system.....but I guess that isn't the bestest and greatest anymore.......let me install spybot and see what I can find..........


    Here's the msinfo32 software startups: (looks pretty clean to me)


    McAfee.InstantUpdate.Monitor Registry (Per-User Run) "C:\Program Files\McAfee\McAfee Shared Components\Instant Updater\RuLaunch.exe" /startmonitor
    ScanRegistry Registry (Machine Run) C:\WINDOWS\scanregw.exe /autorun
    SystemTray Registry (Machine Run) SysTray.Exe
    LoadPowerProfile Registry (Machine Run) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
    InstallNAIProduct Registry (Machine Run) "E:\MIS\VSC\SETUP.EXE" /RUNKEY
    VsecomrEXE Registry (Machine Run) C:\VirusScan\VSEcomR.EXE
    Vshwin32EXE Registry (Machine Run) C:\VIRUSSCAN\VSHWIN32.EXE
    VsStatEXE Registry (Machine Run) C:\VirusScan\VSSTAT.EXE /SHOWWARNING
    McAfeeWebScanX Registry (Machine Run) C:\VIRUSSCAN\WebScanX.Exe
    AlogServEXE Registry (Machine Run) C:\VirusScan\AlogServ.exe
    AvconsoleEXE Registry (Machine Run) C:\VirusScan\avconsol.exe /minimize
    Alogserv Registry (Machine Run) C:\Program Files\McAfee\McAfee VirusScan\alogserv.exe
    McAfeeWebScanX Registry (Machine Service) C:\VIRUSSCAN\WebScanX.Exe /RUNSERVICES
    McAfeeVirusScanService Registry (Machine Service) C:\Program Files\McAfee\McAfee VirusScan\AVSYNMGR.EXE
     
  4. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    That's a good idea.

    You might also want to have him run Hijack This, and post the log.

    It will show all ActiveX objects, startups, and more, and it will even remove them for you.

    http://www.spywareinfo.com/downloads.php#de
     
  5. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Oops, didn't see that last one.

    Yup, the startups look pretty clean. But that dialer has to be launched somehow to be active, you'd think.

    Maybe post the Hijack This log anyway
     
  6. ~Candy~

    ~Candy~ Retired Administrator Thread Starter

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Gotta train them all to have startups like like, huh?

    I'm not sure the dialer is even loading........but the fact that it is in the C: directory was my first concern, then seeing it again in the windows directory.......makes one wonder what's going on........
     
  7. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Oops, wait a moment: MS has a totally legit file called dialer.exe. It's the Win NT Phone Dialer accessory, and I hope that's not what we're dealing with :eek:

    Did you check the properties of the file?

    Mine (XP) is is Program Files\Windows NT

    Anyway, If it's in C:, it probably is malware, I should think.
     
  8. ~Candy~

    ~Candy~ Retired Administrator Thread Starter

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Actually, I did check one of them, and it gave no details......but he's running 98.......would that matter......and still, I've never seen it scroll by when windows is loading (prior to the desktop)..........

    I'm doing a full scandisk on it now (which has nothing to do with this problem, it's been crying for one for awhile now, and I've been hitting cancel), and the hard drive is pretty full, it's only 6 gigs or so, and it's at 45% --- I'll take another look when it's finished.......


    I did uninstall a couple of programs earlier to free up disk space....one was some type of net to phone kinda deal, I should know better and write this crap down....and another one was some kind of pc to phone communication program.........but still, I wouldn't think the c: directory is a good place for an .exe file......
     
  9. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    In Win 98 I have Dialer.exe in C:\Windows, and it's the Windows telephone dialer.

    If it's a legitimate file, you'd surely know by its properties.

    Why not just rename it? That should do the trick.
     
  10. ~Candy~

    ~Candy~ Retired Administrator Thread Starter

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    I didn't look at the properties for the one in Windows........just the c: directory.........will take a look when scandisk is done.......I think in any event, I'm going to delete the one in the c: directory :D :D

    ok....maybe I'll rename it.......:p
     
  11. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Yeah, maybe I'm making this look a lot more complicated than it really is.. :D
     
  12. ~Candy~

    ~Candy~ Retired Administrator Thread Starter

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    I guess it could be worse, the last time this guy had a problem, the tech recommended format c:

    aaaaaaaaahhhhhhhhhh :eek:

    gotta wonder where those guys come from sometimes....... :confused:
     
  13. ~Candy~

    ~Candy~ Retired Administrator Thread Starter

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Ok, the one in Windows, is a Windows file.......the one in c: doesn't say, but if I execute it, I get a nice little Movie Icon (Movie Networks, wanna guess ;) ) on the desktop.........grrrrrrrr......it's out of here.......I can't imagine that it's being called from anywhere else........or has any other attached files.......what do you think Tony?
     
  14. TonyKlein

    TonyKlein Malware Specialist

    Joined:
    Aug 26, 2001
    Messages:
    10,392
    Probably not, but you may want to check his Downloaded Program Files folder anyway.
     
  15. ~Candy~

    ~Candy~ Retired Administrator Thread Starter

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    Ok, will do.........scandisk wasn't happy after it finished in dos mode.....it cried about running it thru windows....so it's running now......gonna call it a night and let scandisk run away....... ;)

    Thanks for your excellent help as always........ :)
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/114359

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice