Porn dialler

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

murdo7

Thread Starter
Joined
Sep 24, 2003
Messages
29
I have allowed ( not on purpose ) a porn dialler to "infect" my XP. It was only on for a couple of seconds ( i hope ) when i pulled the plug on it.

I got a mass of pop ups hitting my machine and, thinking i was giving permission to scan my pc for problems, i said yes to a porn dialler - I think. Anyway, something was rattling through my phone line, and it was not me.

I looked, and found a file named xxxsomething and deleted it, ran adaware and it found it again. I deleted this. Then i went to uninstal and found it there also - I uninstalled it and it stayed where it was. I uninstalled it a second and a third time and that seemed to get rid of it. I then found it on my desktop- deleted that. I then looked at the certificates and could not find out which one might be the one i said ok to.
So i then switched of my PC and re-booted. all ok - tried to go on line - Nothing - checked my modem - ok. Checked my Dialler - everything seemed ok. when ever i try to dial out there is no sound from my computer - it usually beeps and blips on dialling.

Help - I am begining to suffer from isolation and growing a beard.

Murdo7
 

murdo7

Thread Starter
Joined
Sep 24, 2003
Messages
29
I will try that. I have Spybot S&D and done the scans with it.

As my laptop cannot get on line! I am in an internet Cafe trying to get information to fix the on-line problem first then the porn stuff when i can get my laptop on line.

Thanks for the help.:)
 

murdo7

Thread Starter
Joined
Sep 24, 2003
Messages
29
Is that all i had to do to get my dialler to work?

Thanks for the info.
I will go and try it just now, and if it works i will be back in about 10 mins, on my laptop.
 
Joined
Feb 23, 2003
Messages
16,274
Boot into safe mode and search for the name again and this time delete it in safe mode and that should get rid of if till you get online then post a Hijack log .
 
Joined
Dec 28, 2002
Messages
1,983
Originally posted by motherboard:
Delete temp files , cookies and off lline content
Heres how:

Open Internet Explorer -> Tools -> Internet Options -> delete cookies, delete files (select off-line content), clear history. Then click ok and exit Internet Explorer.
 

murdo7

Thread Starter
Joined
Sep 24, 2003
Messages
29
I'm Back.
Well that did'nt work. I cleared temp files , cookies and off lline content. However I still could'nt log on to the internet.
Is it possible that chopping out the other dialler could have corrupted some file or other that is required to help get me on line?
 
Joined
Feb 23, 2003
Messages
16,274
Go to start/ search / and type ie.inf . As well set the search for hidden files and folders. hen found right click and select install.
 

dvk01

Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
First Name
Derek
Originally posted by greensleeve:
download diagnose windows here and diagnose your LSP,post the result
why would anybody in their right minds want to pay you $25 to get what they get for free with adaware/spybot & hjt and all the free advice and genuine help from some of the most knowledgeable experts in the field of spyware on these forums

Kindly stop spamming these forums with your unwanted program
 

murdo7

Thread Starter
Joined
Sep 24, 2003
Messages
29
Lucky i have not been able to get on line or i might have followed that link.

My laptop is still not working.

It only boots up every 3-4 times i turn it on.
It can not get on line with my usual dialer ( British Telecom )
It can get me through to my office back office system (VAX) via my terminal emulator software.

Here is the hijack this file.

Logfile of HijackThis v1.97.2
Scan saved at 09:26:12, on 26/09/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Murdo Macleod\Desktop\hijack this\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {3C4E691E-50E0-4163-8E94-37F72E994272} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1.1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Tpwrtray] TPWRTRAY.EXE
O4 - HKLM\..\Run: [TFncKy] c:\Program Files\Toshiba\Toshiba Controls\TFncKy.exe /Type 10
O4 - HKLM\..\Run: [TosHKCW.exe] C:\Program Files\TOSHIBA\Wireless Hotkey\TosHKCW.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [CreateCD50] C:\PROGRA~1\COMMON~1\ADAPTE~1\CreateCD\CREATE~1.EXE -r
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [User Logger] C:\DOCUME~1\MURDOM~1\LOCALS~1\Temp\mCodex\ClientInstalls\msi6F.tmp\msi70.tmp\UsrLog.exe run
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe -startgui
O4 - HKLM\..\RunServices: [SmcService] C:\PROGRA~1\Sygate\SPF\Smc.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: Money Viewer (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Windows Messenger (HKLM)
O16 - DPF: ChatSpace Full Java Client 2.1.0.84 - http://about.chatspace.com/Java/cs4fs084.cab
O16 - DPF: ChatSpace Java Client 2.1.0.84N - http://about.chatspace.com/Java/cs4msn084.cab
O16 - DPF: Yahoo! Chat - http://cs8.chat.sc5.yahoo.com/c381/chat.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://cs8.chat.sc5.yahoo.com/v45/yacscom.cab
O16 - DPF: {CD17FAAA-17B4-4736-AAEF-436EDC304C8C} (ContentAuditX Control) - http://a840.g.akamai.net/7/840/5805...ch.com/audit/includes/ContentAuditControl.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DF6A0F17-0B1E-11D4-829D-00C04F6843FE} (Microsoft Office Tools on the Web Control) - http://officeupdate.microsoft.com/TemplateGallery/downloads/outc.cab
 
Joined
Feb 23, 2003
Messages
16,274
Try removing theses as well as reloading the isp software ..


- HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about :blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about :blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about :blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.searchalot.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {3C4E691E-50E0-4163-8E94-37F72E994272} - (no file)
O3 - Toolbar: WebFerret - {A58686ED-FC46-44C3-95C6-4A812AB776F1} - C:\Program Files\FerretSoft\WebFerret\FerretBand.dll
O4 - HKLM\..\Run: [User Logger] C:\DOCUME~1\MURDOM~1\LOCALS~1\Temp\mCodex\ClientInstalls\msi6F.tmp\msi70.tmp\UsrLog.exe run
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Top