October 4th, 2003, 03:51 AM
Plz help...dialer problem
Hi everyone, I'm having a big problem with some stupid dialer thats installed on my laptop. Every time I open Internet Exploere my startup page is changed to something else. As soon As i open IE, a program pops up trying to dial to a servfer which is like 40 bucks a minute. Also, when i'm surfing, a MILLION pop up websites open up all being porn sites. I've ran my antivirus, THECLEANER and spybot S&D, and after clearing up whatever spybot picked up its still there. please help...thank you very much
P.S. I'm using winxp and it keeps popping up the error message saying that Internet explorer has encountered a problem and needs to close thingie
October 4th, 2003, 04:04 AM
Sounds like your dialer has installed itself to multiple places on your pc....
As far as the popups are concerned, I use adsgone adblocker, if it doesnt block a popup ad you can add it to the block list.
I would start manually going through your hd looking for the dialer program and seeing if it put any entries in the registry. Other than that you may have to reinstall to totally rid yourself of it.
<chsh> I've read more interesting technical discussion on the wall of a public bathroom than I have at AO at times
October 4th, 2003, 04:38 AM
If the start-page has changed then of course it did...
Originally posted here by Darksnake
and seeing if it put any entries in the registry.
set TS = createobject("wscript.shell")
TS.regwrite "Hkey_local_machine\software\microsoft\internet explorer\main\start page""HTTP://www.antionline.com"
This^ of course being a script which could have been done right off of the site itself.
October 4th, 2003, 04:50 AM
The ultimate fix:
Back up important files, and reinstall. If spybot, and the cleaner still can't get rid of everything then its in your OS really deep. Your best bet is to format and reinstall.
October 4th, 2003, 05:08 AM
a couple of icons shortcuts were placed in my destktop and they lead to these URLs:
as I was typing this my av just caught a virus called java.nocheat
is there any way i could go to through my registries and find the bloody thing and delete it?
are there any dialer removers out there?
the website that it changes it to is: http://xwebsearch.biz/. And every tim ethis website runs, it triest to install something. Looking at my proceses running, sometimes I see like 10 word documents running iwith outlook like they'r etrying to sende a message. And also, every time the http://xwebsearch.biz/ runs, there's always a new link to an url in my desktop running to a pornsite
October 4th, 2003, 10:07 AM
Is your anti-virus software up to date ?
Does it scan in real time ?
From Trend Micro JAVA_NOCHEAT.A Technical Details
This Trojan only works on Windows systems with unpatched installations of Java Virtual Machine.
" And maddest of all, to see life as it is and not as it should be" --Miguel Cervantes
October 4th, 2003, 10:24 AM
I'm actually kinda suprised SpyBot didn't detect it-- make sure the definitions for it are updated too.
Try ad-aware, http://www.lavasoftusa.com/ . If Im not mistaken, ad-aware has a real-time ad-removal feature. Try that.
And if you really want to get your hands dirty, try my personal fav, jv16 Power Tools. It includes a powerful registry tool, so you can sift through and find those miscreant pests.
Also make sure nothing out-of-the-ordinary is booting up with Windows. Compare whats booting up to the list at http://www.pacs-portal.co.uk/startup...artup_full.htm
It\'s 106 miles to Chicago, we\'ve got a full tank of gas, half a pack of cigarettes, it\'s dark and we\'re wearing sunglasses.
October 4th, 2003, 10:45 AM
If you have inadvertantley downloaded a Dialer, you could do a sys restore, if you know when you may have down loaded it.
Or, if you right click on your Explorer icon on your D/T, then goto Internet Properties, then Settings, then View Objects can sometimes find the dialer there.
If that does not work, try, Start > All Programs > Accsessories > System Tools > System Information, then goto the View Tab and select, View System History.
If you look under the Software Enviroment tab any, every and ALL software app's that have been either removed, added or changed will be recorded here. Look at this very closley and see if you can find anything you dont recognise, the usefull thing about this is that it gives you the location as to where it has been installed to.
If you find something out the ordinary, go to where it lives and delete it but then run a Reg Cleaner prog to delete the reg entries to!!(MAKE SURE YOU KNOW WHAT IT IS BEFORE YOU DELETE IT THOUGH!!)
O, and dont forget the check you ADD/REMOVE programs in your control pannel, you might get lucky and see your dialer there.
There are three or four more things you could do, so if these dont work let me know and I will explain them for you.
October 4th, 2003, 11:10 AM
go to http://www.tomcoyote.org/hjt/ and dowload hijack this and run it (do not delete anything) then go to www.cexx.org (forums) and post your hijack this log and someone will tell you what should be taken out (btw this is a good tool for detecting trojans as well as spyware)
Do unto others as you would have them do unto you.
The international ban against torturing prisoners of war does not necessarily apply to suspects detained in America\'s war on terror, Attorney General John Ashcroft told a Senate oversight committee
-- true colors revealed, a brown shirt and jackboots
October 4th, 2003, 11:52 AM
You want Swat IT! v2.1, make sure you have updated definitions. This one takes a long time to run but digs pretty deep, and sometimes catches stuff the others miss.
You might also like to try the 30 day trial of Pest Patrol?
The problem with this kind of malware is that it is not as obvious as virus or trojan apps. so you may have to use several tools to get rid of everything.
Hijack This has already been suggested, you should see some of what it shows as obvious dialer crap. If in doubt select and hit the button down the bottom left "Info on selected item", it should tell you if it is a dialer. REMEMBER...it shows you everything, not just the bad stuff so be careful!