1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Porn dialler

Discussion in 'Virus & Other Malware Removal' started by murdo7, Sep 24, 2003.

Thread Status:
Not open for further replies.
Advertisement
  1. murdo7

    murdo7 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    29
    I have allowed ( not on purpose ) a porn dialler to "infect" my XP. It was only on for a couple of seconds ( i hope ) when i pulled the plug on it.

    I got a mass of pop ups hitting my machine and, thinking i was giving permission to scan my pc for problems, i said yes to a porn dialler - I think. Anyway, something was rattling through my phone line, and it was not me.

    I looked, and found a file named xxxsomething and deleted it, ran adaware and it found it again. I deleted this. Then i went to uninstal and found it there also - I uninstalled it and it stayed where it was. I uninstalled it a second and a third time and that seemed to get rid of it. I then found it on my desktop- deleted that. I then looked at the certificates and could not find out which one might be the one i said ok to.
    So i then switched of my PC and re-booted. all ok - tried to go on line - Nothing - checked my modem - ok. Checked my Dialler - everything seemed ok. when ever i try to dial out there is no sound from my computer - it usually beeps and blips on dialling.

    Help - I am begining to suffer from isolation and growing a beard.

    Murdo7
     
  2. EvileYe

    EvileYe

    Joined:
    Aug 30, 2003
    Messages:
    1,281
    Go here and download Spybot search and destroy, Make sure you update it first ! http://tomcoyote.org/SPYBOT/index1.html

    Close all browser windows and run Spybot, delete all entries in red that it finds.


    Also make sure you have upated Ad-Aware and run once again, delete everything it finds.

    Then download "Hijack This" from here http://www.tomcoyote.org/hjt/

    Run HJT and copy and paste your log in here.
     
  3. murdo7

    murdo7 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    29
    I will try that. I have Spybot S&D and done the scans with it.

    As my laptop cannot get on line! I am in an internet Cafe trying to get information to fix the on-line problem first then the porn stuff when i can get my laptop on line.

    Thanks for the help.:)
     
  4. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Delete temp files , cookies and off lline content
     
  5. murdo7

    murdo7 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    29
    Is that all i had to do to get my dialler to work?

    Thanks for the info.
    I will go and try it just now, and if it works i will be back in about 10 mins, on my laptop.
     
  6. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Boot into safe mode and search for the name again and this time delete it in safe mode and that should get rid of if till you get online then post a Hijack log .
     
  7. KeithKman

    KeithKman

    Joined:
    Dec 28, 2002
    Messages:
    1,983
    Heres how:

    Open Internet Explorer -> Tools -> Internet Options -> delete cookies, delete files (select off-line content), clear history. Then click ok and exit Internet Explorer.
     
  8. murdo7

    murdo7 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    29
    I'm Back.
    Well that did'nt work. I cleared temp files , cookies and off lline content. However I still could'nt log on to the internet.
    Is it possible that chopping out the other dialler could have corrupted some file or other that is required to help get me on line?
     
  9. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Go to start/ search / and type ie.inf . As well set the search for hidden files and folders. hen found right click and select install.
     
  10. greensleeve

    greensleeve Guest

  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,163
    First Name:
    Derek
    why would anybody in their right minds want to pay you $25 to get what they get for free with adaware/spybot & hjt and all the free advice and genuine help from some of the most knowledgeable experts in the field of spyware on these forums

    Kindly stop spamming these forums with your unwanted program
     
  12. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
    I can see you're not heeding my previous warnings....adios ;)
     
  13. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Been putting that link in a few threads :mad:
     
  14. murdo7

    murdo7 Thread Starter

    Joined:
    Sep 24, 2003
    Messages:
    29
    Lucky i have not been able to get on line or i might have followed that link.

    My laptop is still not working.

    It only boots up every 3-4 times i turn it on.
    It can not get on line with my usual dialer ( British Telecom )
    It can get me through to my office back office system (VAX) via my terminal emulator software.

    Here is the hijack this file.

    Logfile of HijackThis v1.97.2
    Scan saved at 09:26:12, on 26/09/2003
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\Murdo Macleod\Desktop\hijack this\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {3C4E691E-50E0-4163-8E94-37F72E994272} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
    O4 - HKLM\..\Run: [TFncKy] c:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe /Type 10
    O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
    O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
    O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [User Logger] C:\DOCUME~1\MURDOM~1\LOCALS~1\Temp\mCodex\ClientInstalls\msi6F.tmp\msi70.tmp\UsrLog.exe run
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
    O4 - HKLM\..\RunServices: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O9 - Extra button: Money Viewer (HKLM)
    O9 - Extra button: Messenger (HKLM)
    O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
    O16 - DPF: ChatSpace Full Java Client 2.1.0.84 - http://about.chatspace.com/Java/cs4fs084.cab
    O16 - DPF: ChatSpace Java Client 2.1.0.84N - http://about.chatspace.com/Java/cs4msn084.cab
    O16 - DPF: Yahoo! Chat - http://cs8.chat.sc5.yahoo.com/c381/chat.cab
    O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v45/yacscom.cab
    O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
     
  15. mobo

    mobo

    Joined:
    Feb 23, 2003
    Messages:
    16,274
    Try removing theses as well as reloading the isp software ..


    - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: (no name) - {3C4E691E-50E0-4163-8E94-37F72E994272} - (no file)
    O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
    O4 - HKLM\..\Run: [User Logger] C:\DOCUME~1\MURDOM~1\LOCALS~1\Temp\mCodex\ClientInstalls\msi6F.tmp\msi70.tmp\UsrLog.exe run
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/167056

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice