Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Trojan dialler problem

Reply
Thread Tools

Trojan dialler problem

 
 
baglady
Guest
Posts: n/a
 
      10-28-2004
I have a Trojan 11BD dialler virus. I have various spyware, (AVG,
Spysweeper, Ad-aware) and have downloaded various free monthly trial Trojan
removers. The Trojan virus has been detected and `removed' several times
over but the warning window from the AVG virus program keeps appearing every
20 minutes even though the Anti-Virus programs give me a clean bill of
health. Where do I go from here? How do I stop this warning from appearing?
Do I still have the virus? Please help (in simple terms)
Thanks.




 
Reply With Quote
 
 
 
 
°Mike°
Guest
Posts: n/a
 
      10-28-2004
Install HijackThis and post the contents of your
saved log here.

HijackThis
http://mjc1.com/mirror/hjt/
http://www.spywareinfo.com/~merijn/files/hijackthis.zip
http://209.133.47.12/~merijn/files/HijackThis.exe
http://aumha.org/downloads/hijackthis.zip
http://aumha.org/downloads/hijackthis.exe


On Thu, 28 Oct 2004 18:52:23 +0100, in
<(E-Mail Removed)>
baglady scrawled:

>I have a Trojan 11BD dialler virus. I have various spyware, (AVG,
>Spysweeper, Ad-aware) and have downloaded various free monthly trial Trojan
>removers. The Trojan virus has been detected and `removed' several times
>over but the warning window from the AVG virus program keeps appearing every
>20 minutes even though the Anti-Virus programs give me a clean bill of
>health. Where do I go from here? How do I stop this warning from appearing?
>Do I still have the virus? Please help (in simple terms)
>Thanks.
>


--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
 
 
 
baglady
Guest
Posts: n/a
 
      10-28-2004

"°Mike°" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Install HijackThis and post the contents of your
> saved log here.
>
> HijackThis
> http://mjc1.com/mirror/hjt/
> http://www.spywareinfo.com/~merijn/files/hijackthis.zip
> http://209.133.47.12/~merijn/files/HijackThis.exe
> http://aumha.org/downloads/hijackthis.zip
> http://aumha.org/downloads/hijackthis.exe
>
>
> On Thu, 28 Oct 2004 18:52:23 +0100, in
> <(E-Mail Removed)>
> baglady scrawled:
>
>>I have a Trojan 11BD dialler virus. I have various spyware, (AVG,
>>Spysweeper, Ad-aware) and have downloaded various free monthly trial
>>Trojan
>>removers. The Trojan virus has been detected and `removed' several times
>>over but the warning window from the AVG virus program keeps appearing
>>every
>>20 minutes even though the Anti-Virus programs give me a clean bill of
>>health. Where do I go from here? How do I stop this warning from
>>appearing?
>>Do I still have the virus? Please help (in simple terms)
>>Thanks.
>>

>
> --
> Basic computer maintenance
> http://uk.geocities.com/personel44/maintenance.html


Mike....um er..is this wise? what am I disclosing for all to see??? Will you
be able to help from my results??


 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      10-28-2004
On Thu, 28 Oct 2004 19:28:10 +0100, in
<(E-Mail Removed)>
baglady scrawled:

>
>"°Mike°" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> Install HijackThis and post the contents of your
>> saved log here.


<snip>

>Mike....um er..is this wise?


If it wasn't wise I wouldn't have asked you to do it.

>what am I disclosing for all to see???


Only what programs are running/set to run at startup, and
maybe, just maybe, your user profile name, which you can
obfuscate if you like. But please, ONLY obfuscate such
user data; do NOT alter, edit, snip or otherwise tamper with
the log, else any attempted help could be rendered pointless.
Dozens of people have posted the contents of their log here,
and I have yet to see ANY damning information.

>Will you be able to help from my results??


No come on...why would I ask you to do it if I couldn't help?

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
baglady
Guest
Posts: n/a
 
      10-28-2004

"°Mike°" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Thu, 28 Oct 2004 19:28:10 +0100, in
> <(E-Mail Removed)>
> baglady scrawled:
>
>>
>>"°Mike°" <(E-Mail Removed)> wrote in message
>>news:(E-Mail Removed)...
>>> Install HijackThis and post the contents of your
>>> saved log here.

>
> <snip>
>
>>Mike....um er..is this wise?

>
> If it wasn't wise I wouldn't have asked you to do it.
>
>>what am I disclosing for all to see???

>
> Only what programs are running/set to run at startup, and
> maybe, just maybe, your user profile name, which you can
> obfuscate if you like. But please, ONLY obfuscate such
> user data; do NOT alter, edit, snip or otherwise tamper with
> the log, else any attempted help could be rendered pointless.
> Dozens of people have posted the contents of their log here,
> and I have yet to see ANY damning information.
>
>>Will you be able to help from my results??

>
> No come on...why would I ask you to do it if I couldn't help?
>
> --
> Basic computer maintenance
> http://uk.geocities.com/personel44/maintenance.html


ok ok here goes..

Logfile of HijackThis v1.98.2
Scan saved at 19:56:33, on 28/10/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
C:\Program Files\Canon\BJCard\Bjmcmng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\sstray.exe
C:\Program Files\Msapps\sbs\Pcm40.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Canon\BJPV\TVMon.exe
C:\Program Files\Canon\BJCard\BJLaunch.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\NoAds\NoAds.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe
C:\Program Files\Spyware Doctor\spydoctor.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
C:\Program Files\Logitech\Video\Launcher.exe
C:\Program Files\pdaBusiness\Qlock\Qlock.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\lotus\register\remind32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Local Settings\Temp\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.meshcomputers.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
http://omegasearch.com/searchbar.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
http://www.thebestse.com/search.shtml
O1 - Hosts: 127.0.0.0 localhost
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program
files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft
Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [PCStart] C:\Program Files\Msapps\sbs\Pcm40.exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program
Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program
Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [DASH PROC] C:\PROGRA~1\ERRORT~1\Inter Ping Intra.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [MediaFace Integration] C:\Program
Files\Fellowes\MediaFACE 4.0\SetHook.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
/background
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
Messenger\8876480\Program\BackWeb-8876480.exe
O4 - HKCU\..\Run: [atiupdate] C:\WINDOWS\system32\atiupdate2.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
Doctor\spydoctor.exe" /Q
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program
Files\Washer\washidx.exe
O4 - Startup: Lotus SmartSuite 97 Registration.lnk =
C:\lotus\register\remind32.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM
F@st800\DSLMON.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Qlock.lnk = C:\Program
Files\pdaBusiness\Qlock\Qlock.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program
files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program
files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Save with Download Manager... - C:\Program
Files\J River\Media Jukebox\DMDownload.htm
O8 - Extra context menu item: Similar Pages - res://c:\program
files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program
files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no
file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} -
http://akamai.downloadv3.com/binarie...tc32_EN_XP.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
http://62.202.2.58/activex/AxisCamControl.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment
1.4.1_01) -
O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
http://download.abacast.com/download...basetup131.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
http://download.mcafee.com/molbin/is...84/mcfscan.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
O17 -
HKLM\System\CCS\Services\Tcpip\..\{22756A5F-AF5E-46D0-82C4-7E600E54ED58}:
NameServer = 80.225.252.58 80.225.252.50

You have helped me in the past I remember. Thanks. Please tell me in simple
terms as I get confused Thanks Mike.


 
Reply With Quote
 
baglady
Guest
Posts: n/a
 
      10-28-2004

"baglady" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "°Mike°" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> On Thu, 28 Oct 2004 19:28:10 +0100, in
>> <(E-Mail Removed)>
>> baglady scrawled:
>>
>>>
>>>"°Mike°" <(E-Mail Removed)> wrote in message
>>>news:(E-Mail Removed)...
>>>> Install HijackThis and post the contents of your
>>>> saved log here.

>>
>> <snip>
>>
>>>Mike....um er..is this wise?

>>
>> If it wasn't wise I wouldn't have asked you to do it.
>>
>>>what am I disclosing for all to see???

>>
>> Only what programs are running/set to run at startup, and
>> maybe, just maybe, your user profile name, which you can
>> obfuscate if you like. But please, ONLY obfuscate such
>> user data; do NOT alter, edit, snip or otherwise tamper with
>> the log, else any attempted help could be rendered pointless.
>> Dozens of people have posted the contents of their log here,
>> and I have yet to see ANY damning information.
>>
>>>Will you be able to help from my results??

>>
>> No come on...why would I ask you to do it if I couldn't help?
>>
>> --
>> Basic computer maintenance
>> http://uk.geocities.com/personel44/maintenance.html

>
> ok ok here goes..
>
> Logfile of HijackThis v1.98.2
> Scan saved at 19:56:33, on 28/10/2004
> Platform: Windows XP SP2 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
> Running processes:
> C:\WINDOWS\System32\smss.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\system32\services.exe
> C:\WINDOWS\system32\lsass.exe
> C:\WINDOWS\system32\svchost.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\spoolsv.exe
> C:\PROGRA~1\Grisoft\AVG6\avgserv.exe
> C:\Program Files\Canon\BJCard\Bjmcmng.exe
> C:\WINDOWS\System32\svchost.exe
> C:\WINDOWS\system32\ZoneLabs\vsmon.exe
> C:\WINDOWS\system32\winlogon.exe
> C:\WINDOWS\Explorer.EXE
> C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
> C:\WINDOWS\system32\sstray.exe
> C:\Program Files\Msapps\sbs\Pcm40.exe
> C:\Program Files\Logitech\Video\LogiTray.exe
> C:\Program Files\QuickTime\qttask.exe
> C:\Program Files\Canon\BJPV\TVMon.exe
> C:\Program Files\Canon\BJCard\BJLaunch.exe
> C:\Program Files\Logitech\iTouch\iTouch.exe
> C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe
> C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
> C:\WINDOWS\system32\LVCOMSX.EXE
> C:\Program Files\NoAds\NoAds.exe
> C:\Program Files\Logitech\Video\FxSvr2.exe
> C:\Program Files\MSN Messenger\MsnMsgr.Exe
> C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BackWeb-8876480.exe
> C:\Program Files\Spyware Doctor\spydoctor.exe
> C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
> C:\Program Files\SAGEM\SAGEM F@st800\DSLMON.exe
> C:\Program Files\Logitech\Video\Launcher.exe
> C:\Program Files\pdaBusiness\Qlock\Qlock.exe
> C:\Program Files\WinZip\WZQKPICK.EXE
> C:\lotus\register\remind32.exe
> C:\Program Files\Outlook Express\msimn.exe
> C:\Program Files\Kazaa Lite K++\KazaaLite.kpp
> C:\Program Files\Internet Explorer\iexplore.exe
> C:\PROGRA~1\WINZIP\winzip32.exe
> C:\Documents and Settings\Local Settings\Temp\HijackThis.exe
>
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
> http://www.meshcomputers.com
> R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
> http://omegasearch.com/searchbar.html
> R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
> http://www.thebestse.com/search.shtml
> O1 - Hosts: 127.0.0.0 localhost
> O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
> c:\program files\google\googletoolbar1.dll
> O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no
> file)
> O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} -
> C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
> O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} -
> c:\program files\google\googletoolbar1.dll
> O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft
> Hardware\Keyboard\type32.exe"
> O4 - HKLM\..\Run: [CARPService] carpserv.exe
> O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
> O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
> O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
> O4 - HKLM\..\Run: [PCStart] C:\Program Files\Msapps\sbs\Pcm40.exe
> O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program
> Files\LiveUpdate\LiveUpdate.exe
> O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program
> Files\Logitech\Video\ISStart.exe
> O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program
> Files\Logitech\Video\LogiTray.exe
> O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program
> Files\Logitech\Video\ISStart.exe
> O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
> Files\QuickTime\qttask.exe" -atboottime
> O4 - HKLM\..\Run: [BJPD HID Control] C:\Program Files\Canon\BJPV\TVMon.exe
> O4 - HKLM\..\Run: [BJLaunchEXE] C:\Program Files\Canon\BJCard\BJLaunch.exe
> O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program
> Files\Logitech\iTouch\iTouch.exe
> O4 - HKLM\..\Run: [DASH PROC] C:\PROGRA~1\ERRORT~1\Inter Ping Intra.exe
> O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P
> Networking.exe /AUTOSTART
> O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
> O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone
> Labs\ZoneAlarm\zlclient.exe"
> O4 - HKLM\..\Run: [MediaFace Integration] C:\Program
> Files\Fellowes\MediaFACE 4.0\SetHook.exe
> O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
> O4 - HKCU\..\Run: [NoAds] "C:\Program Files\NoAds\NoAds.exe"
> O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe"
> /background
> O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop
> Messenger\8876480\Program\BackWeb-8876480.exe
> O4 - HKCU\..\Run: [atiupdate] C:\WINDOWS\system32\atiupdate2.exe
> O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware
> Doctor\spydoctor.exe" /Q
> O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program
> Files\Logitech\Video\ManifestEngine.exe" boot
> O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
> Sweeper\SpySweeper.exe" /0
> O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program
> Files\Washer\washidx.exe
> O4 - Startup: Lotus SmartSuite 97 Registration.lnk =
> C:\lotus\register\remind32.exe
> O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common
> Files\Adobe\Calibration\Adobe Gamma Loader.exe
> O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM
> F@st800\DSLMON.exe
> O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program
> Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
> O4 - Global Startup: Qlock.lnk = C:\Program
> Files\pdaBusiness\Qlock\Qlock.exe
> O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program
> Files\WinZip\WZQKPICK.EXE
> O8 - Extra context menu item: &Google Search - res://c:\program
> files\google\GoogleToolbar1.dll/cmsearch.html
> O8 - Extra context menu item: Backward Links - res://c:\program
> files\google\GoogleToolbar1.dll/cmbacklinks.html
> O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program
> files\google\GoogleToolbar1.dll/cmcache.html
> O8 - Extra context menu item: Save with Download Manager... - C:\Program
> Files\J River\Media Jukebox\DMDownload.htm
> O8 - Extra context menu item: Similar Pages - res://c:\program
> files\google\GoogleToolbar1.dll/cmsimilar.html
> O8 - Extra context menu item: Translate into English - res://c:\program
> files\google\GoogleToolbar1.dll/cmtrans.html
> O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
> (no file)
> O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
> C:\Program Files\Messenger\msmsgs.exe
> O9 - Extra 'Tools' menuitem: Windows Messenger -
> {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program
> Files\Messenger\msmsgs.exe
> O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com
> O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} -
> http://akamai.downloadv3.com/binarie...tc32_EN_XP.cab
> O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
> http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
> O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
> http://ak.imgfarm.com/images/nocache...tup1.0.0.6.cab
> O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -
> http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
> O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
> http://a1540.g.akamai.net/7/1540/52/...eInstaller.exe
> O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
> http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
> O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} -
> http://toolbar.google.com/data/GoogleActivate.cab
> O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield
> International Setup Player) -
> http://www.installengine.com/engine/isetup.cab
> O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -
> http://62.202.2.58/activex/AxisCamControl.cab
> O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime
> Environment 1.4.1_01) -
> O16 - DPF: {E7DBFB6C-113A-47CF-B278-F5C6AF4DE1BD} -
> http://download.abacast.com/download...basetup131.cab
> O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) -
> http://download.mcafee.com/molbin/is...84/mcfscan.cab
> O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
> http://us.dl1.yimg.com/download.comp...bio5_1_6_0.cab
> O17 -
> HKLM\System\CCS\Services\Tcpip\..\{22756A5F-AF5E-46D0-82C4-7E600E54ED58}:
> NameServer = 80.225.252.58 80.225.252.50
>
> You have helped me in the past I remember. Thanks. Please tell me in
> simple terms as I get confused Thanks Mike.


I tampered with this a little and saw a dialler in the list and deleted
it....was this a bad thing. I panicked and deleted it as I knew this was the
thing that is bugging me. Should I have left it???Ahhh too late..I am a
silly woman.
>
>



 
Reply With Quote
 
foxtrot
Guest
Posts: n/a
 
      10-28-2004
are you on xp?
if so are you turning off system restore before running your anti virus
facility?
you need to do this then turn it back on afterwards


"baglady" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
>
> "°Mike°" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Install HijackThis and post the contents of your
>> saved log here.
>>
>> HijackThis
>> http://mjc1.com/mirror/hjt/
>> http://www.spywareinfo.com/~merijn/files/hijackthis.zip
>> http://209.133.47.12/~merijn/files/HijackThis.exe
>> http://aumha.org/downloads/hijackthis.zip
>> http://aumha.org/downloads/hijackthis.exe
>>
>>
>> On Thu, 28 Oct 2004 18:52:23 +0100, in
>> <(E-Mail Removed)>
>> baglady scrawled:
>>
>>>I have a Trojan 11BD dialler virus. I have various spyware, (AVG,
>>>Spysweeper, Ad-aware) and have downloaded various free monthly trial
>>>Trojan
>>>removers. The Trojan virus has been detected and `removed' several times
>>>over but the warning window from the AVG virus program keeps appearing
>>>every
>>>20 minutes even though the Anti-Virus programs give me a clean bill of
>>>health. Where do I go from here? How do I stop this warning from
>>>appearing?
>>>Do I still have the virus? Please help (in simple terms)
>>>Thanks.
>>>

>>
>> --
>> Basic computer maintenance
>> http://uk.geocities.com/personel44/maintenance.html

>
> Mike....um er..is this wise? what am I disclosing for all to see??? Will
> you be able to help from my results??
>



 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      10-28-2004
On Thu, 28 Oct 2004 20:03:01 +0100, in
<(E-Mail Removed)>
baglady scrawled:

<snip>

>ok ok here goes..
>
>Logfile of HijackThis v1.98.2
>Scan saved at 19:56:33, on 28/10/2004
>Platform: Windows XP SP2 (WinNT 5.01.2600)
>MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
>
>Running processes:


>C:\Program Files\Msapps\sbs\Pcm40.exe


Terminate the above spyware process (CTRL+ALT+DEL).



>C:\Program Files\Spyware Doctor\spydoctor.exe
>C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe


The above two aren't helping you, are they?


>C:\Program Files\Kazaa Lite K++\KazaaLite.kpp


As long as you use P2P you will always be bothered with
spyware, viruses, trojans, etc.


>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
>http://www.meshcomputers.com


Have HijackThis fix the above unless it's your preferred default page.


>R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
>http://omegasearch.com/searchbar.html


Have HijackThis fix the above.


>R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
>http://www.thebestse.com/search.shtml


Have HijackThis fix the above.


>O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)


Have HijackThis fix the above.


>O4 - HKLM\..\Run: [PCStart] C:\Program Files\Msapps\sbs\Pcm40.exe


Have HijackThis fix the above. Delete the Msapps folder.
For more information see:
http://www.symantec.com/avcenter/ven...pcmonitor.html


>O4 - HKLM\..\Run: [DASH PROC] C:\PROGRA~1\ERRORT~1\Inter Ping Intra.exe


I cannot find any information about the above.


>O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no
>file)


Have HijackThis fix the above.


>O14 - IERESET.INF: START_PAGE_URL=http://www.meshcomputers.com


Unless the above is your computer manufacturer, have
HijackThis fix it.


>O16 - DPF: {093F9CF8-0DE1-491C-95D5-5EC257BD4CA3} -


Have HijackThis fix all of your 016-DPF entries. They are ActiveX controls
that will be re-downloaded as and when necessary.


>O17 - HKLM\System\CCS\Services\Tcpip\..\{22756A5F-AF5E-46D0-82C4-7E600E54ED58}:
>NameServer = 80.225.252.58 80.225.252.50


Unless the above IPs (Tiscali) are from your network or ISP, have HijackThis
fix the above.

>You have helped me in the past I remember. Thanks. Please tell me in simple
>terms as I get confused Thanks Mike.


All you have to do is to put a checkmark in the box
corresponding to the items I have indicated and
press 'Fix Checked'. Don't forget to terminate the
first mentioned process with CTRL+ALT+DEL. Highlight
the Pcm40.exe process and click 'End Process' -- do
this FIRST.

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
°Mike°
Guest
Posts: n/a
 
      10-28-2004
On Thu, 28 Oct 2004 20:10:51 +0100, in
<(E-Mail Removed)>
baglady scrawled:

<snip>

>I tampered with this a little


AIIIEEEEEEEEEEE!

> and saw a dialler in the list and deleted
>it....was this a bad thing. I panicked and deleted it as I knew this was the
>thing that is bugging me. Should I have left it???Ahhh too late..I am a
>silly woman.


What did you delete?

--
Basic computer maintenance
http://uk.geocities.com/personel44/maintenance.html
 
Reply With Quote
 
baglady
Guest
Posts: n/a
 
      10-28-2004

"foxtrot" <(E-Mail Removed)> wrote in message
news:clrgsn$d0b$(E-Mail Removed)...
> are you on xp?
> if so are you turning off system restore before running your anti virus
> facility?
> you need to do this then turn it back on afterwards
>
>
> "baglady" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>>
>> "°Mike°" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Install HijackThis and post the contents of your
>>> saved log here.
>>>
>>> HijackThis
>>> http://mjc1.com/mirror/hjt/
>>> http://www.spywareinfo.com/~merijn/files/hijackthis.zip
>>> http://209.133.47.12/~merijn/files/HijackThis.exe
>>> http://aumha.org/downloads/hijackthis.zip
>>> http://aumha.org/downloads/hijackthis.exe
>>>
>>>
>>> On Thu, 28 Oct 2004 18:52:23 +0100, in
>>> <(E-Mail Removed)>
>>> baglady scrawled:
>>>
>>>>I have a Trojan 11BD dialler virus. I have various spyware, (AVG,
>>>>Spysweeper, Ad-aware) and have downloaded various free monthly trial
>>>>Trojan
>>>>removers. The Trojan virus has been detected and `removed' several times
>>>>over but the warning window from the AVG virus program keeps appearing
>>>>every
>>>>20 minutes even though the Anti-Virus programs give me a clean bill of
>>>>health. Where do I go from here? How do I stop this warning from
>>>>appearing?
>>>>Do I still have the virus? Please help (in simple terms)
>>>>Thanks.
>>>>
>>>
>>> --
>>> Basic computer maintenance
>>> http://uk.geocities.com/personel44/maintenance.html

>>
>> Mike....um er..is this wise? what am I disclosing for all to see??? Will
>> you be able to help from my results??
>>

>
>


Yes to Windows XP and um..er.. no to turning off system restore...what
next??? what??? how???


 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Internet Dialler problem Mike Newman NZ Computing 5 03-01-2006 01:10 AM
New trojan spam tells you where to download trojan as "MS beta antispy" Joel Rubin Computer Support 2 03-07-2005 02:26 AM
Trojan Horse dialler 124782.exe. Little Bugger wont die. Nlon Computer Support 2 10-13-2004 06:31 PM
trojan horse dialler fun web.a jennyjh18 Computer Support 3 08-15-2004 03:44 AM
double dialler problem miss calm Computer Support 18 09-12-2003 05:26 PM



Advertisments