«

Hi
Has anyone any experience with Dialers changing the dial up password?

I have cleaned a friends mothers machine up, seems the dial up account has
changed password in the last 24 hours. An updated AVG found and healed 3
dialers and two trojans. Wondering if the two events are related.

TIA
Warwick

"Warwick" <> wrote in message
news:riw868gys2i1$.1e1jki038s4vw$... .
> Hi
> Has anyone any experience with Dialers changing the dial up password?
>
> I have cleaned a friends mothers machine up, seems the dial up account has
> changed password in the last 24 hours. An updated AVG found and healed 3
> dialers and two trojans. Wondering if the two events are related.
>
> TIA
> Warwick

....and K&S wonders why I bother with an AV program that is always running in
the background. Herein lies the reason.

Norton Antivirus with Auto-Protect feature enabled would stop the trojan in
its tracks. Any other solution is an ambulance at the bottom of the cliff.
What were the names of the trojans and dialers?

On Sun, 8 Feb 2004 09:33:46 +1300, Lebowski wrote:

> "Warwick" <> wrote in message
> news:riw868gys2i1$.1e1jki038s4vw$... .
>> Hi
>> Has anyone any experience with Dialers changing the dial up password?
>>
>> I have cleaned a friends mothers machine up, seems the dial up account has
>> changed password in the last 24 hours. An updated AVG found and healed 3
>> dialers and two trojans. Wondering if the two events are related.
>>
>> TIA
>> Warwick
>
> ...and K&S wonders why I bother with an AV program that is always running in
> the background. Herein lies the reason.
>
> Norton Antivirus with Auto-Protect feature enabled would stop the trojan in
> its tracks. Any other solution is an ambulance at the bottom of the cliff.
> What were the names of the trojans and dialers?

The dialer was called 'dailer', same name 3 separate files.
Trojans I forget the name.
One of the dialers tried twice to get out yesterday - I saw the attempts in
the ZA log file.

The password thing is curioius.

"Warwick" <> wrote in message
news:...
> On Sun, 8 Feb 2004 09:33:46 +1300, Lebowski wrote:
>
> > "Warwick" <> wrote in message
> > news:riw868gys2i1$.1e1jki038s4vw$... .
> >> Hi
> >> Has anyone any experience with Dialers changing the dial up password?
> >>
> >> I have cleaned a friends mothers machine up, seems the dial up account
has
> >> changed password in the last 24 hours. An updated AVG found and healed
3
> >> dialers and two trojans. Wondering if the two events are related.
> >>
> >> TIA
> >> Warwick
> >
> > ...and K&S wonders why I bother with an AV program that is always
running in
> > the background. Herein lies the reason.
> >
> > Norton Antivirus with Auto-Protect feature enabled would stop the trojan
in
> > its tracks. Any other solution is an ambulance at the bottom of the
cliff.
> > What were the names of the trojans and dialers?
>
> The dialer was called 'dailer', same name 3 separate files.
> Trojans I forget the name.

Was it NIMDA? I once received that one a couple of years ago while trying
out AVG and had to revert back to Nortons to weed it out. Made a mess of my
system too, aargh

> One of the dialers tried twice to get out yesterday - I saw the attempts
in
> the ZA log file.
>
> The password thing is curioius.

On Sun, 8 Feb 2004 11:42:40 +1300, Lebowski wrote:

> "Warwick" <> wrote in message
> news:...
>> On Sun, 8 Feb 2004 09:33:46 +1300, Lebowski wrote:
>>
>>> "Warwick" <> wrote in message
>>> news:riw868gys2i1$.1e1jki038s4vw$... .
>>>> Hi
>>>> Has anyone any experience with Dialers changing the dial up password?
>>>>
>>>> I have cleaned a friends mothers machine up, seems the dial up account
> has
>>>> changed password in the last 24 hours. An updated AVG found and healed
> 3
>>>> dialers and two trojans. Wondering if the two events are related.
>>>>
>>>> TIA
>>>> Warwick
>>>
>>> ...and K&S wonders why I bother with an AV program that is always
> running in
>>> the background. Herein lies the reason.
>>>
>>> Norton Antivirus with Auto-Protect feature enabled would stop the trojan
> in
>>> its tracks. Any other solution is an ambulance at the bottom of the
> cliff.
>>> What were the names of the trojans and dialers?
>>
>> The dialer was called 'dailer', same name 3 separate files.
>> Trojans I forget the name.
>
> Was it NIMDA? I once received that one a couple of years ago while trying
> out AVG and had to revert back to Nortons to weed it out. Made a mess of my
> system too, aargh
>
>> One of the dialers tried twice to get out yesterday - I saw the attempts
> in
>> the ZA log file.
>>
>> The password thing is curioius.

No nothing as serious as that, AVG seemed to handle it without me going
thru any special routines.
The problem here is that the password changed, and my friend went off at
the grandchildren in the house for messing with the dial up settings, extra
****ed off that he cannot access the net, and the grandmother (account
holder) is on holiday. I was embarassed and immediately said that it was
possibly not malicious behaviour on a household member but a side effect of
one of the viri/trojans/dialers. I was guessing but I had to put a stop to
the bitching and yelling, it was making me very uncomfortable.
It is all I want to know really, do any dialers change password? I had
hoped someone here would know, and need to give my friend a definitive
answer.

best
Warwick

On Sun, 8 Feb 2004 17:35:17 +1300, Warwick <> wrote:

<snip>
>No nothing as serious as that, AVG seemed to handle it without me going
>thru any special routines.
>The problem here is that the password changed, and my friend went off at
>the grandchildren in the house for messing with the dial up settings, extra
>****ed off that he cannot access the net, and the grandmother (account
>holder) is on holiday. I was embarassed and immediately said that it was
>possibly not malicious behaviour on a household member but a side effect of
>one of the viri/trojans/dialers. I was guessing but I had to put a stop to
>the bitching and yelling, it was making me very uncomfortable.
>It is all I want to know really, do any dialers change password? I had
>hoped someone here would know, and need to give my friend a definitive
>answer.
>

No they don't change a password, well not any I've seen and I've seen
plenty. No reason to, it wouldn't achieve anything.

If you're getting diallers then look at updating Internet Explorer or
check the security settings. Almost all diallers now are being
installed via Activex, and they will install without user intervention
if "download signed activex controls" is set to 'enable' in the
internet zone. That was a default setting on older (unpatched)
versions of IE. If it's set to 'prompt' then the user will be asked
whether they want to download (and run) the control, and can say no.

And btw antivirus software isn't very reliable at catching diallers &
trojans, they're not generally perceived as a virus or worm. I've
found Adaware to do a good job of cleaning out diallers & accompanying
nasties.

Cheers

Gavin

On Sun, 08 Feb 2004 17:35:17 +1300, Warwick wrote:

{snip]

> The problem here is that the password changed, and my friend went off at
> the grandchildren in the house for messing with the dial up settings, extra
> ****ed off that he cannot access the net, and the grandmother (account
> holder) is on holiday. I was embarassed and immediately said that it was
> possibly not malicious behaviour on a household member but a side effect of
> one of the viri/trojans/dialers. I was guessing but I had to put a stop to
> the bitching and yelling, it was making me very uncomfortable.
> It is all I want to know really, do any dialers change password? I had
> hoped someone here would know, and need to give my friend a definitive
> answer.

http://www.smoothwall.org

Go on make the effort and operate in stealth mode. Firewalls are FWN these
days. (FWN F***ing well needed)

--
Fairy stories exist so children get used to real life

"Gavin Tunney" <> wrote in message
news:...
> On Sun, 8 Feb 2004 17:35:17 +1300, Warwick <> wrote:
>
> <snip>
> >No nothing as serious as that, AVG seemed to handle it without me going
> >thru any special routines.
> >The problem here is that the password changed, and my friend went off at
> >the grandchildren in the house for messing with the dial up settings,
extra
> >****ed off that he cannot access the net, and the grandmother (account
> >holder) is on holiday. I was embarassed and immediately said that it was
> >possibly not malicious behaviour on a household member but a side effect
of
> >one of the viri/trojans/dialers. I was guessing but I had to put a stop
to
> >the bitching and yelling, it was making me very uncomfortable.
> >It is all I want to know really, do any dialers change password? I had
> >hoped someone here would know, and need to give my friend a definitive
> >answer.
> >
>
> No they don't change a password, well not any I've seen and I've seen
> plenty. No reason to, it wouldn't achieve anything.
>
> If you're getting diallers then look at updating Internet Explorer or
> check the security settings. Almost all diallers now are being
> installed via Activex, and they will install without user intervention
> if "download signed activex controls" is set to 'enable' in the
> internet zone. That was a default setting on older (unpatched)
> versions of IE. If it's set to 'prompt' then the user will be asked
> whether they want to download (and run) the control, and can say no.
>
> And btw antivirus software isn't very reliable at catching diallers &
> trojans, they're not generally perceived as a virus or worm. I've
> found Adaware to do a good job of cleaning out diallers & accompanying
> nasties.
>
> Cheers
>
> Gavin

AdAware and Spybot are great for cleaning out dialer nasties.

NAV 2003 (about as hated here as Microsoft) includes a worm-blocking feature
and has stopped a couple of trojans in their tracks during my time with it.

On Sun, 08 Feb 2004 05:15:24 GMT, Gavin Tunney wrote:

> On Sun, 8 Feb 2004 17:35:17 +1300, Warwick <> wrote:
>
> <snip>
>>No nothing as serious as that, AVG seemed to handle it without me going
>>thru any special routines.
>>The problem here is that the password changed, and my friend went off at
>>the grandchildren in the house for messing with the dial up settings, extra
>>****ed off that he cannot access the net, and the grandmother (account
>>holder) is on holiday. I was embarassed and immediately said that it was
>>possibly not malicious behaviour on a household member but a side effect of
>>one of the viri/trojans/dialers. I was guessing but I had to put a stop to
>>the bitching and yelling, it was making me very uncomfortable.
>>It is all I want to know really, do any dialers change password? I had
>>hoped someone here would know, and need to give my friend a definitive
>>answer.
>>
>
> No they don't change a password, well not any I've seen and I've seen
> plenty. No reason to, it wouldn't achieve anything.
>
> If you're getting diallers then look at updating Internet Explorer or
> check the security settings. Almost all diallers now are being
> installed via Activex, and they will install without user intervention
> if "download signed activex controls" is set to 'enable' in the
> internet zone. That was a default setting on older (unpatched)
> versions of IE. If it's set to 'prompt' then the user will be asked
> whether they want to download (and run) the control, and can say no.
>
> And btw antivirus software isn't very reliable at catching diallers &
> trojans, they're not generally perceived as a virus or worm. I've
> found Adaware to do a good job of cleaning out diallers & accompanying
> nasties.
>
> Cheers
>
> Gavin

Thank you very much Gavin, precisely what I needed to know. I can pass that
on and my friend can discipline the grandkids when I am not there

Advice re ActiveX noted, I'll make those changes for him as well.

cheers
Warwick

In article <1k5ow5p340y0p$.>,
says...
> The problem here is that the password changed, and my friend went off at
> the grandchildren in the house for messing with the dial up settings, extra
> ****ed off that he cannot access the net, and the grandmother (account
> holder) is on holiday. I was embarassed and immediately said that it was
> possibly not malicious behaviour on a household member but a side effect of

I've had XP Pro just drop a dialler password on me several times. One
moment I can connect fine, the next I get login error 'wrong password'.
No idea just what the hey is responsible. Neither NAV nor F-prot nor
AdAware can find any active nasties on my computer. Go figure. Bugs the
**** out of me when it happens though

-Peter