Dial Up Networking window popping up problem.

Discussion in 'Computer Security' started by sh4d03, Jan 12, 2005.

  1. sh4d03

    sh4d03 Guest

    Rubicon wrote:
    > Hello,
    >
    > I have a recent problem with the Dial Up Networking window continually
    > popping up to dail in. It starts the moment the machine (WIN98 SE)
    > reaches the desktop and I can't go any further unless I let it dial in
    > or Work Offline. If I Work Offline it goes away then returns a little
    > time later.
    >
    > The latest version of AVG Free with updated definitions has found
    > nothing and I cant find anything unusual checked in MSCONFIG/STARTUP.
    > The Dial up window contains only my ISP details and there's no other
    > connection in the Dial Up Networking folder. My firewall shows nothing
    > trying to "get-out" but I'm experiencing a few small Explorer crashes
    > where any open folders closedown.
    >
    > Any suggestions to rid me of this greatfully appreciated?
    >
    > Cheers,


    You've got two options.

    One: Tell Internet Explorer to not dial up a connection by default. You
    can do this by openin IE and clicking Tools | Options | Connections and
    checking "Never dial a connection" If you do this you'll need to make a
    shortcut icon to your connection on the desktop in order to connect.

    But more importatnly... option two:
    You should check for spyware or other programs which are trying to
    access the Internet. The moment you've ticked the option in an
    application to "dial the default connection if Application can't access
    the internet" you'll run into trouble. Common ones are Antivirus
    programs attempting to update themselves, seeing there is no internet
    connection and trying to connect. Windows Update could do it. Any number
    of malware applications.

    To remove spyware do the following:

    www.downloads.com
    AdAware SE 1.05 - install, update, run in full mode, remove everything
    SpyBot SD 1.3 - install, update, run, remove everything.

    www.webroot.com
    SpySweeper - install, update, run, remove.

    www.google.com
    SpyWareBlaster - install, update, close - this is a shield for more spyware.

    Let me know how you go.

    Sh4d03

    P.S. don't forget to check the programs that are running for anything
    that may need or want the Internet... possibly THE most common cause of
    this is KaZaA or other P2P applications.

    Sh4d03

    --
    If you require more assistance or if my suggestion works please E-mail me at
    sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
    assistance to me and wish to E-mail me directly please also feel free to
    contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
    in the
    subject line. Please pay attention to the capitilisation. Emails sent to
    this the above address which do NOT contain "Newsgroup_sh4d03" in the
    subject line will fail to reach me.
    Thanks,
    Sh4d03
     
    sh4d03, Jan 12, 2005
    #1
    1. Advertising

  2. sh4d03

    donnie Guest

    On Thu, 13 Jan 2005 06:23:30 GMT, (Rubicon) wrote:

    >Hello,
    >
    >I have a recent problem with the Dial Up Networking window continually
    >popping up to dail in. It starts the moment the machine (WIN98 SE)
    >reaches the desktop and I can't go any further unless I let it dial in
    >or Work Offline. If I Work Offline it goes away then returns a little
    >time later.
    >
    >The latest version of AVG Free with updated definitions has found
    >nothing and I cant find anything unusual checked in MSCONFIG/STARTUP.
    >The Dial up window contains only my ISP details and there's no other
    >connection in the Dial Up Networking folder. My firewall shows nothing
    >trying to "get-out" but I'm experiencing a few small Explorer crashes
    >where any open folders closedown.
    >
    >Any suggestions to rid me of this greatfully appreciated?
    >
    >Cheers,

    #########################
    Let it dial and connect, then go to a command prompt and run
    netstat -an. Note the coonnections in the foreign address column.
    Make sure that no other windows are opened. If you don't know how to
    analyse the output, post it here. If you see a connected that isn't
    supposed to be there, search the HD and the registry for it and get
    rid of it. Also d/l fport and run that from the command prompt.
    BTW, what version of windows is it? I'm guessing 98 since you have
    msconfig and DUN.
    donnie.
     
    donnie, Jan 12, 2005
    #2
    1. Advertising

  3. sh4d03

    Rubicon Guest

    Hello,

    I have a recent problem with the Dial Up Networking window continually
    popping up to dail in. It starts the moment the machine (WIN98 SE)
    reaches the desktop and I can't go any further unless I let it dial in
    or Work Offline. If I Work Offline it goes away then returns a little
    time later.

    The latest version of AVG Free with updated definitions has found
    nothing and I cant find anything unusual checked in MSCONFIG/STARTUP.
    The Dial up window contains only my ISP details and there's no other
    connection in the Dial Up Networking folder. My firewall shows nothing
    trying to "get-out" but I'm experiencing a few small Explorer crashes
    where any open folders closedown.

    Any suggestions to rid me of this greatfully appreciated?

    Cheers,
     
    Rubicon, Jan 13, 2005
    #3
  4. > BTW, what version of windows is it? I'm guessing 98 since you have
    > msconfig and DUN.
    > donnie.


    Hey mate,

    I have Win XP, and have msconfig on that. I also have Dial-up Connection
    (not dial up networking, but from the description he gave, I think he quoted
    the wrong title.

    Please be my guest to correct me if I am wrong, it was just an observation.

    Adrian
     
    Adrian Pavone, Jan 13, 2005
    #4
  5. <Rubicon> wrote in message news:...
    > Hello,
    >
    > I have a recent problem with the Dial Up Networking window continually
    > popping up to dail in. It starts the moment the machine (WIN98 SE)
    > reaches the desktop and I can't go any further unless I let it dial in
    > or Work Offline. If I Work Offline it goes away then returns a little
    > time later.
    >
    > The latest version of AVG Free with updated definitions has found
    > nothing and I cant find anything unusual checked in MSCONFIG/STARTUP.
    > The Dial up window contains only my ISP details and there's no other
    > connection in the Dial Up Networking folder. My firewall shows nothing
    > trying to "get-out" but I'm experiencing a few small Explorer crashes
    > where any open folders closedown.
    >
    > Any suggestions to rid me of this greatfully appreciated?
    >
    > Cheers,


    Hey mate, I had a similar problem.

    I found that using Zone Alarm I was finally able to box in the programs that
    were trying to access the internet, so that only the ones I wanted could get
    through. I know Zone Alarm isn't perfect (it is pretty good though,
    depending on user settings), but its program control is rather good if that
    is all you have it for.

    Adrian.
     
    Adrian Pavone, Jan 13, 2005
    #5
  6. sh4d03

    sh4d03 Guest

    Rubicon wrote:
    > Sh4d03
    >
    > Thankyou for the advice. My Ad-Aware version was too old with outdated
    > definitions. Downloading the new version and getting the latest
    > updates plus Spybot again with updated definitions got rid of more
    > than I suspected was there and solved another couple of problems I
    > had.
    >
    > Unfortunately it's still trying to dial in (removed Password) upon
    > startup and every minute or two. I haven't yet found any settings in
    > my programs ticked to do that. Using NETSTAT -AN and letting it
    > connect many times it seems to just connect to my ISP and that's it.
    > All TCP foreign addresses are 0 with the UDP as *.*.
    > Hold on there even as I write I let it connect again and it went to
    > FOREIGN ADDRESS 38.113.207.121:80 SYN_SENT and...
    >
    > Well everything just froze up and with CTRL-ALT-DEL Explorer was "not
    > responding" and then everything else went south like some sort of
    > program conflict "not responding". Managed to save this before cold
    > booting.
    >
    > It seems to dial in to my ISP immediately at startup and every minute
    > or so afterwards if not connected but only connects to the above
    > address occasionally.
    >
    > Any help is greatly appreciated here.
    >
    > PS As soon as I dailed in to send this message after setting the dial
    > up window to Work Offline to stop it popping up NETSTAT showed it
    > immediately connecting to the above address yet again.
    >
    > Cheers.
    >
    >
    >
    >
    >
    > On Wed, 12 Jan 2005 23:00:42 +1100, sh4d03 <> wrote:
    >
    >
    >>Rubicon wrote:
    >>
    >>>Hello,
    >>>
    >>>I have a recent problem with the Dial Up Networking window continually
    >>>popping up to dail in. It starts the moment the machine (WIN98 SE)
    >>>reaches the desktop and I can't go any further unless I let it dial in
    >>>or Work Offline. If I Work Offline it goes away then returns a little
    >>>time later.
    >>>
    >>>The latest version of AVG Free with updated definitions has found
    >>>nothing and I cant find anything unusual checked in MSCONFIG/STARTUP.
    >>>The Dial up window contains only my ISP details and there's no other
    >>>connection in the Dial Up Networking folder. My firewall shows nothing
    >>>trying to "get-out" but I'm experiencing a few small Explorer crashes
    >>>where any open folders closedown.
    >>>
    >>>Any suggestions to rid me of this greatfully appreciated?
    >>>
    >>>Cheers,

    >>
    >>You've got two options.
    >>
    >>One: Tell Internet Explorer to not dial up a connection by default. You
    >>can do this by openin IE and clicking Tools | Options | Connections and
    >>checking "Never dial a connection" If you do this you'll need to make a
    >>shortcut icon to your connection on the desktop in order to connect.
    >>
    >>But more importatnly... option two:
    >>You should check for spyware or other programs which are trying to
    >>access the Internet. The moment you've ticked the option in an
    >>application to "dial the default connection if Application can't access
    >>the internet" you'll run into trouble. Common ones are Antivirus
    >>programs attempting to update themselves, seeing there is no internet
    >>connection and trying to connect. Windows Update could do it. Any number
    >>of malware applications.
    >>
    >>To remove spyware do the following:
    >>
    >>www.downloads.com
    >>AdAware SE 1.05 - install, update, run in full mode, remove everything
    >>SpyBot SD 1.3 - install, update, run, remove everything.
    >>
    >>www.webroot.com
    >>SpySweeper - install, update, run, remove.
    >>
    >>www.google.com
    >>SpyWareBlaster - install, update, close - this is a shield for more spyware.
    >>
    >>Let me know how you go.
    >>
    >>Sh4d03
    >>
    >>P.S. don't forget to check the programs that are running for anything
    >>that may need or want the Internet... possibly THE most common cause of
    >>this is KaZaA or other P2P applications.
    >>
    >>Sh4d03
    >>
    >>--
    >>If you require more assistance or if my suggestion works please E-mail me at
    >>sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
    >>assistance to me and wish to E-mail me directly please also feel free to
    >>contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
    >>in the
    >>subject line. Please pay attention to the capitilisation. Emails sent to
    >>this the above address which do NOT contain "Newsgroup_sh4d03" in the
    >>subject line will fail to reach me.
    >>Thanks,
    >>Sh4d03

    >
    >


    Can you post a hijack this log file? I'm strongly feeling malware is the
    cause here. Maybe try contacting your ISP and asking them if they can
    tell you anything else about the connection once you've allowed the
    'thing' to connect.

    Also can you please try SpySweeper. AdAware doesn't detect everything
    out there... no application does... but AdAware combined with SpySweeper
    make a pretty mean combination.

    As well as the hijack this log can you also tell me everything that is
    running in the processes tab on a normal boot?

    MSN messenger is also a common application for requesting the internet
    connection.

    Sh4d03

    --
    If you require more assistance or if my suggestion works please E-mail me at
    sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
    assistance to me and wish to E-mail me directly please also feel free to
    contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
    in the
    subject line. Please pay attention to the capitilisation. Emails sent to
    this the above address which do NOT contain "Newsgroup_sh4d03" in the
    subject line will fail to reach me.
    Thanks,
    Sh4d03
     
    sh4d03, Jan 14, 2005
    #6
  7. sh4d03

    donnie Guest

    On Sat, 15 Jan 2005 20:26:15 GMT, (Rubicon) wrote:

    >Hold on there even as I write I let it connect again and it went to
    >FOREIGN ADDRESS 38.113.207.121:80 SYN_SENT and...

    #################################
    Ok, here's what you do. That IP belongs to Performace Systems
    International PSINETA
    The name COGENT-NB is also connected w/ that IP
    Search the HD and the registry for both of those and see what you
    find. Let me know.
    donnie
     
    donnie, Jan 15, 2005
    #7
  8. <Rubicon> wrote in message news:...
    > Adrian,
    >
    > I have both Zone Alarm Free and Sygate Free and you're right about the
    > Zone Alarm program control being easy to use


    Yep, Zone Alarm is easy to use (unless you have a network with dynamic IP
    addresses ;). Don't worry), but as anyone who knows anything about security
    will tell you, if it is simple, it is compromising security (the good old
    convenience/security trade-off).

    In ZoneAlarms case, it is convenient (and can be lacking in security) if you
    just install it and use all the defaults. However, it also has more then
    enough options for advanced users to make it reasonably secure for a third
    party system. If you aren't happy with the security of it once looking at
    all the options, try hiring a comp sec pro to create you a specific firewall
    for your system (I know you never said it was bad Rubi, that is my advice
    for if anyone is going to tell me ZAP is bad).

    Also Zonealarm free does not let you customise any where near as manys
    security options I have found, and keeps a lot of stuff hidden (which it
    doesn't do anywhere near as much in Pro)..

    >
    > The folder is Dial Up Networking with a Make New Connection icon
    > inside and yes you're right again, the window is Dial-up Connection.
    >
    > Cheers.


    No problem. I just thought I would correct if anyone was having trouble
    reproducing the effects or finding a source, not to be correct or noble in
    my own right (It actually made me feel really uneasy to see you say twice in
    a message that I was right :). It is just me I guess, I feel really uneasy
    when appreciated.)

    Adrian
     
    Adrian Pavone, Jan 15, 2005
    #8
  9. sh4d03

    Rubicon Guest

    Sh4d03

    Thankyou for the advice. My Ad-Aware version was too old with outdated
    definitions. Downloading the new version and getting the latest
    updates plus Spybot again with updated definitions got rid of more
    than I suspected was there and solved another couple of problems I
    had.

    Unfortunately it's still trying to dial in (removed Password) upon
    startup and every minute or two. I haven't yet found any settings in
    my programs ticked to do that. Using NETSTAT -AN and letting it
    connect many times it seems to just connect to my ISP and that's it.
    All TCP foreign addresses are 0 with the UDP as *.*.
    Hold on there even as I write I let it connect again and it went to
    FOREIGN ADDRESS 38.113.207.121:80 SYN_SENT and...

    Well everything just froze up and with CTRL-ALT-DEL Explorer was "not
    responding" and then everything else went south like some sort of
    program conflict "not responding". Managed to save this before cold
    booting.

    It seems to dial in to my ISP immediately at startup and every minute
    or so afterwards if not connected but only connects to the above
    address occasionally.

    Any help is greatly appreciated here.

    PS As soon as I dailed in to send this message after setting the dial
    up window to Work Offline to stop it popping up NETSTAT showed it
    immediately connecting to the above address yet again.

    Cheers.





    On Wed, 12 Jan 2005 23:00:42 +1100, sh4d03 <> wrote:

    >Rubicon wrote:
    >> Hello,
    >>
    >> I have a recent problem with the Dial Up Networking window continually
    >> popping up to dail in. It starts the moment the machine (WIN98 SE)
    >> reaches the desktop and I can't go any further unless I let it dial in
    >> or Work Offline. If I Work Offline it goes away then returns a little
    >> time later.
    >>
    >> The latest version of AVG Free with updated definitions has found
    >> nothing and I cant find anything unusual checked in MSCONFIG/STARTUP.
    >> The Dial up window contains only my ISP details and there's no other
    >> connection in the Dial Up Networking folder. My firewall shows nothing
    >> trying to "get-out" but I'm experiencing a few small Explorer crashes
    >> where any open folders closedown.
    >>
    >> Any suggestions to rid me of this greatfully appreciated?
    >>
    >> Cheers,

    >
    >You've got two options.
    >
    >One: Tell Internet Explorer to not dial up a connection by default. You
    >can do this by openin IE and clicking Tools | Options | Connections and
    >checking "Never dial a connection" If you do this you'll need to make a
    >shortcut icon to your connection on the desktop in order to connect.
    >
    >But more importatnly... option two:
    >You should check for spyware or other programs which are trying to
    >access the Internet. The moment you've ticked the option in an
    >application to "dial the default connection if Application can't access
    >the internet" you'll run into trouble. Common ones are Antivirus
    >programs attempting to update themselves, seeing there is no internet
    >connection and trying to connect. Windows Update could do it. Any number
    >of malware applications.
    >
    >To remove spyware do the following:
    >
    >www.downloads.com
    >AdAware SE 1.05 - install, update, run in full mode, remove everything
    >SpyBot SD 1.3 - install, update, run, remove everything.
    >
    >www.webroot.com
    >SpySweeper - install, update, run, remove.
    >
    >www.google.com
    >SpyWareBlaster - install, update, close - this is a shield for more spyware.
    >
    >Let me know how you go.
    >
    >Sh4d03
    >
    >P.S. don't forget to check the programs that are running for anything
    >that may need or want the Internet... possibly THE most common cause of
    >this is KaZaA or other P2P applications.
    >
    >Sh4d03
    >
    >--
    >If you require more assistance or if my suggestion works please E-mail me at
    >sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
    >assistance to me and wish to E-mail me directly please also feel free to
    >contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
    >in the
    >subject line. Please pay attention to the capitilisation. Emails sent to
    >this the above address which do NOT contain "Newsgroup_sh4d03" in the
    >subject line will fail to reach me.
    >Thanks,
    >Sh4d03
     
    Rubicon, Jan 15, 2005
    #9
  10. sh4d03

    Rubicon Guest

    donnie,

    Sorry to you and all for my late reply - had trouble connecting after
    messing with settings.

    I love that NETSTAT -AN command.

    Yes I'm running WIN98 SE which is too old apparently for f/port to
    work on.

    Please read my first reply post for more details.
    FOREIGN ADDRESS 38.113.207.121:80 SYN_SEN

    Thanks for the advice and help.

    Cheers.







    On Wed, 12 Jan 2005 14:49:50 GMT, donnie <> wrote:

    >On Thu, 13 Jan 2005 06:23:30 GMT, (Rubicon) wrote:
    >
    >>Hello,
    >>
    >>I have a recent problem with the Dial Up Networking window continually
    >>popping up to dail in. It starts the moment the machine (WIN98 SE)
    >>reaches the desktop and I can't go any further unless I let it dial in
    >>or Work Offline. If I Work Offline it goes away then returns a little
    >>time later.
    >>
    >>The latest version of AVG Free with updated definitions has found
    >>nothing and I cant find anything unusual checked in MSCONFIG/STARTUP.
    >>The Dial up window contains only my ISP details and there's no other
    >>connection in the Dial Up Networking folder. My firewall shows nothing
    >>trying to "get-out" but I'm experiencing a few small Explorer crashes
    >>where any open folders closedown.
    >>
    >>Any suggestions to rid me of this greatfully appreciated?
    >>
    >>Cheers,

    >#########################
    >Let it dial and connect, then go to a command prompt and run
    > netstat -an. Note the coonnections in the foreign address column.
    >Make sure that no other windows are opened. If you don't know how to
    >analyse the output, post it here. If you see a connected that isn't
    >supposed to be there, search the HD and the registry for it and get
    >rid of it. Also d/l fport and run that from the command prompt.
    >BTW, what version of windows is it? I'm guessing 98 since you have
    >msconfig and DUN.
    >donnie.
     
    Rubicon, Jan 15, 2005
    #10
  11. sh4d03

    Rubicon Guest

    Adrian,

    I have both Zone Alarm Free and Sygate Free and you're right about the
    Zone Alarm program control being easy to use

    The folder is Dial Up Networking with a Make New Connection icon
    inside and yes you're right again, the window is Dial-up Connection.

    Cheers.


    On Thu, 13 Jan 2005 22:02:35 +0800, "Adrian Pavone"
    <> wrote:

    >
    ><Rubicon> wrote in message news:...
    >> Hello,
    >>
    >> I have a recent problem with the Dial Up Networking window continually
    >> popping up to dail in. It starts the moment the machine (WIN98 SE)
    >> reaches the desktop and I can't go any further unless I let it dial in
    >> or Work Offline. If I Work Offline it goes away then returns a little
    >> time later.
    >>
    >> The latest version of AVG Free with updated definitions has found
    >> nothing and I cant find anything unusual checked in MSCONFIG/STARTUP.
    >> The Dial up window contains only my ISP details and there's no other
    >> connection in the Dial Up Networking folder. My firewall shows nothing
    >> trying to "get-out" but I'm experiencing a few small Explorer crashes
    >> where any open folders closedown.
    >>
    >> Any suggestions to rid me of this greatfully appreciated?
    >>
    >> Cheers,

    >
    >Hey mate, I had a similar problem.
    >
    >I found that using Zone Alarm I was finally able to box in the programs that
    >were trying to access the internet, so that only the ones I wanted could get
    >through. I know Zone Alarm isn't perfect (it is pretty good though,
    >depending on user settings), but its program control is rather good if that
    >is all you have it for.
    >
    >Adrian.
    >
    >
     
    Rubicon, Jan 15, 2005
    #11
  12. sh4d03

    donnie Guest

    On Sun, 16 Jan 2005 06:19:48 GMT, (Rubicon) wrote:

    >donnie,
    >
    >Nothing on the HD or in the Registry using your suggested words with
    >and without wildcards and in different combinations or segments.
    >
    >Proving troublesome indeed.
    >
    >Cheers.

    ###########################
    I ran netcat on that address.
    C:\netcat>nc -v 38.113.207.121 80
    38.113.207.121.svwh.net [38.113.207.121] 80 (http) open

    It seems to be connected w/ svwh.net I did a whois on that and it's
    Silicon Valley Web Hosting. However, the IPs on their DNSs don't seem
    to match that block. Be that as it may. Search the HD and registry
    again, this time for: svwh Search for the IP too.
    Their contact is in case you want to contact
    them.
    donnie.
     
    donnie, Jan 16, 2005
    #12
  13. sh4d03

    donnie Guest

    On Sun, 16 Jan 2005 19:59:34 GMT, (Rubicon) wrote:

    >I set it to ask me next time and it wanted to connect to dapsol.com.


    ############################
    Here is something else.
    Pinging dapsol.com [38.113.207.121] with 32 bytes of data:
    Dapsol has that address. I wonder if dapsol.com is hosted by svwh.net
    Hmmm
    Search the HD and registry for dapsol
    donnie
     
    donnie, Jan 16, 2005
    #13
  14. sh4d03

    Rubicon Guest

    donnie,

    Nothing on the HD or in the Registry using your suggested words with
    and without wildcards and in different combinations or segments.

    Proving troublesome indeed.

    Cheers.


    On Sat, 15 Jan 2005 00:37:32 GMT, donnie <> wrote:

    >On Sat, 15 Jan 2005 20:26:15 GMT, (Rubicon) wrote:
    >
    >>Hold on there even as I write I let it connect again and it went to
    >>FOREIGN ADDRESS 38.113.207.121:80 SYN_SENT and...

    >#################################
    >Ok, here's what you do. That IP belongs to Performace Systems
    >International PSINETA
    >The name COGENT-NB is also connected w/ that IP
    >Search the HD and the registry for both of those and see what you
    >find. Let me know.
    >donnie
     
    Rubicon, Jan 16, 2005
    #14
  15. In article <>, on Mon, 17 Jan 2005 06:35:29 GMT, (Rubicon)
    wrote:

    | donnie,
    |
    | No hits at all on any of the recommended search words or the IP
    | address.
    |
    | Tried SpySweeper also but too no avail.

    Have you tried the new MS AntiSpyware Beta? I ran it on
    a friends machine yesterday and it got rid of a bunch of stuff
    that both AdAware and SpybotS&D had missed.

    Cheers


    --
    <davidp />
    DavidPostill
     
    David Postill, Jan 16, 2005
    #15
  16. sh4d03

    donnie Guest

    On Mon, 17 Jan 2005 06:35:29 GMT, (Rubicon) wrote:

    >donnie,
    >
    >No hits at all on any of the recommended search words or the IP
    >address.
    >
    >Tried SpySweeper also but too no avail.
    >
    >Cheers.

    #############################
    I assume you saw my second post suggesting to search for dapsol and
    nothing came up either. That's a tough one. At least you have it
    blocked on your firewall. Here's something else.
    http://computercops.biz/postp415482.html
    http://computercops.biz/print-1-95618.html
    Those are just 2 of the many results from a google search for dapsol.
    I didn't see a solution but it seems to be common. There are some
    references to HKLM and Trusted Zones.
    Wait a minute. I just went to internet options, security in IE. I
    highlited Trusted Zones and clicked on sites. In there was aol.com
    which I never put there and certainly don't trust them. Look in
    there.
    donnie.
     
    donnie, Jan 16, 2005
    #16
  17. sh4d03

    Rubicon Guest

    Hello,

    I saw the address 38.113.207.121 pop up in Sygate Personal Firewall so
    I set it to ask me next time and it wanted to connect to dapsol.com.
    It's now blocked (I hope) but my computer is still slow and open
    explorer windows still crash.
    Found this page
    http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41267
    and managed to download HijackThis before it crashed. Navigating is
    becomming more and more difficult now.

    Here's the HijackThis logfile:

    Logfile of HijackThis v1.99.0
    Scan saved at 11:50:58, on 16/01/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2919.6304)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.co.nz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://yoursearch.ws/?id=197
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
    =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
    {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [VoodooBanshee] rundll32.exe
    3dfxVBps.dll,BansheeLoadSettings
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE
    /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR]
    C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE
    -startgui
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
    Sweeper\SPYSWEEPER.EXE" /0
    O8 - Extra context menu item: Download with GetRight - C:\Program
    Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program
    Files\GetRight\GRbrowse.htm
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.pcworld.co.nz
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: (HKLM)
    O16 - DPF: {11111111-1111-1111-1111-111111113458} -
    file://C:\WINDOWS\Tempor~1\Content.IE5\HSP3LJJP\packld[1].cab

    Again thanks for your help.









    On Sun, 16 Jan 2005 06:19:48 GMT, (Rubicon) wrote:

    >donnie,
    >
    >Nothing on the HD or in the Registry using your suggested words with
    >and without wildcards and in different combinations or segments.
    >
    >Proving troublesome indeed.
    >
    >Cheers.
    >
    >
    >On Sat, 15 Jan 2005 00:37:32 GMT, donnie <> wrote:
    >
    >>On Sat, 15 Jan 2005 20:26:15 GMT, (Rubicon) wrote:
    >>
    >>>Hold on there even as I write I let it connect again and it went to
    >>>FOREIGN ADDRESS 38.113.207.121:80 SYN_SENT and...

    >>#################################
    >>Ok, here's what you do. That IP belongs to Performace Systems
    >>International PSINETA
    >>The name COGENT-NB is also connected w/ that IP
    >>Search the HD and the registry for both of those and see what you
    >>find. Let me know.
    >>donnie

    >
     
    Rubicon, Jan 16, 2005
    #17
  18. sh4d03

    Rubicon Guest

    donnie,

    No hits at all on any of the recommended search words or the IP
    address.

    Tried SpySweeper also but too no avail.

    Cheers.


    On Sun, 16 Jan 2005 01:38:09 GMT, donnie <> wrote:

    >On Sun, 16 Jan 2005 06:19:48 GMT, (Rubicon) wrote:
    >
    >>donnie,
    >>
    >>Nothing on the HD or in the Registry using your suggested words with
    >>and without wildcards and in different combinations or segments.
    >>
    >>Proving troublesome indeed.
    >>
    >>Cheers.

    >###########################
    >I ran netcat on that address.
    >C:\netcat>nc -v 38.113.207.121 80
    >38.113.207.121.svwh.net [38.113.207.121] 80 (http) open
    >
    >It seems to be connected w/ svwh.net I did a whois on that and it's
    >Silicon Valley Web Hosting. However, the IPs on their DNSs don't seem
    >to match that block. Be that as it may. Search the HD and registry
    >again, this time for: svwh Search for the IP too.
    >Their contact is in case you want to contact
    >them.
    >donnie.
     
    Rubicon, Jan 17, 2005
    #18
  19. sh4d03

    Rubicon Guest

    Sh4d03

    Tried SpySweeper as you suggested but it didn't find it.

    I saw the address 38.113.207.121 pop up in Sygate Personal Firewall so
    I set it to ask me next time and it wanted to connect to dapsol.com.
    It's now blocked (I hope) but my computer is still slow and open
    explorer windows still crash.
    Found this page
    http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41267
    and managed to download HijackThis before it crashed. Navigating is
    becomming more and more difficult now.

    Here's the HijackThis logfile:

    Logfile of HijackThis v1.99.0
    Scan saved at 11:50:58, on 16/01/05
    Platform: Windows 98 SE (Win9x 4.10.2222A)
    MSIE: Internet Explorer v5.00 (5.00.2919.6304)

    Running processes:
    C:\WINDOWS\SYSTEM\KERNEL32.DLL
    C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    C:\WINDOWS\SYSTEM\MPREXE.EXE
    C:\WINDOWS\SYSTEM\mmtask.tsk
    C:\WINDOWS\EXPLORER.EXE
    C:\WINDOWS\SYSTEM\RPCSS.EXE
    C:\WINDOWS\SYSTEM\RNAAPP.EXE
    C:\WINDOWS\SYSTEM\TAPISRV.EXE
    C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    C:\WINDOWS\SYSTEM\WMIEXE.EXE
    C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    http://www.google.co.nz/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    http://yoursearch.ws/?id=197
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
    =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
    {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    powrprof.dll,LoadCurrentPwrScheme
    O4 - HKLM\..\Run: [VoodooBanshee] rundll32.exe
    3dfxVBps.dll,BansheeLoadSettings
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE
    /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    O4 - HKLM\..\Run: [AVG7_AMSVR]
    C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE
    -startgui
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
    Sweeper\SPYSWEEPER.EXE" /0
    O8 - Extra context menu item: Download with GetRight - C:\Program
    Files\GetRight\GRdownload.htm
    O8 - Extra context menu item: Open with GetRight Browser - C:\Program
    Files\GetRight\GRbrowse.htm
    O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    O14 - IERESET.INF: START_PAGE_URL=http://www.pcworld.co.nz
    O15 - Trusted IP range: 206.161.125.149
    O15 - Trusted IP range: (HKLM)
    O16 - DPF: {11111111-1111-1111-1111-111111113458} -
    file://C:\WINDOWS\Tempor~1\Content.IE5\HSP3LJJP\packld[1].cab

    Again thanks for your help.






    On Sat, 15 Jan 2005 10:41:52 +1100, sh4d03 <> wrote:

    >Rubicon wrote:
    >> Sh4d03
    >>
    >> Thankyou for the advice. My Ad-Aware version was too old with outdated
    >> definitions. Downloading the new version and getting the latest
    >> updates plus Spybot again with updated definitions got rid of more
    >> than I suspected was there and solved another couple of problems I
    >> had.
    >>
    >> Unfortunately it's still trying to dial in (removed Password) upon
    >> startup and every minute or two. I haven't yet found any settings in
    >> my programs ticked to do that. Using NETSTAT -AN and letting it
    >> connect many times it seems to just connect to my ISP and that's it.
    >> All TCP foreign addresses are 0 with the UDP as *.*.
    >> Hold on there even as I write I let it connect again and it went to
    >> FOREIGN ADDRESS 38.113.207.121:80 SYN_SENT and...
    >>
    >> Well everything just froze up and with CTRL-ALT-DEL Explorer was "not
    >> responding" and then everything else went south like some sort of
    >> program conflict "not responding". Managed to save this before cold
    >> booting.
    >>
    >> It seems to dial in to my ISP immediately at startup and every minute
    >> or so afterwards if not connected but only connects to the above
    >> address occasionally.
    >>
    >> Any help is greatly appreciated here.
    >>
    >> PS As soon as I dailed in to send this message after setting the dial
    >> up window to Work Offline to stop it popping up NETSTAT showed it
    >> immediately connecting to the above address yet again.
    >>
    >> Cheers.
    >>
    >>
    >>
    >>
    >>
    >> On Wed, 12 Jan 2005 23:00:42 +1100, sh4d03 <> wrote:
    >>
    >>
    >>>Rubicon wrote:
    >>>
    >>>>Hello,
    >>>>
    >>>>I have a recent problem with the Dial Up Networking window continually
    >>>>popping up to dail in. It starts the moment the machine (WIN98 SE)
    >>>>reaches the desktop and I can't go any further unless I let it dial in
    >>>>or Work Offline. If I Work Offline it goes away then returns a little
    >>>>time later.
    >>>>
    >>>>The latest version of AVG Free with updated definitions has found
    >>>>nothing and I cant find anything unusual checked in MSCONFIG/STARTUP.
    >>>>The Dial up window contains only my ISP details and there's no other
    >>>>connection in the Dial Up Networking folder. My firewall shows nothing
    >>>>trying to "get-out" but I'm experiencing a few small Explorer crashes
    >>>>where any open folders closedown.
    >>>>
    >>>>Any suggestions to rid me of this greatfully appreciated?
    >>>>
    >>>>Cheers,
    >>>
    >>>You've got two options.
    >>>
    >>>One: Tell Internet Explorer to not dial up a connection by default. You
    >>>can do this by openin IE and clicking Tools | Options | Connections and
    >>>checking "Never dial a connection" If you do this you'll need to make a
    >>>shortcut icon to your connection on the desktop in order to connect.
    >>>
    >>>But more importatnly... option two:
    >>>You should check for spyware or other programs which are trying to
    >>>access the Internet. The moment you've ticked the option in an
    >>>application to "dial the default connection if Application can't access
    >>>the internet" you'll run into trouble. Common ones are Antivirus
    >>>programs attempting to update themselves, seeing there is no internet
    >>>connection and trying to connect. Windows Update could do it. Any number
    >>>of malware applications.
    >>>
    >>>To remove spyware do the following:
    >>>
    >>>www.downloads.com
    >>>AdAware SE 1.05 - install, update, run in full mode, remove everything
    >>>SpyBot SD 1.3 - install, update, run, remove everything.
    >>>
    >>>www.webroot.com
    >>>SpySweeper - install, update, run, remove.
    >>>
    >>>www.google.com
    >>>SpyWareBlaster - install, update, close - this is a shield for more spyware.
    >>>
    >>>Let me know how you go.
    >>>
    >>>Sh4d03
    >>>
    >>>P.S. don't forget to check the programs that are running for anything
    >>>that may need or want the Internet... possibly THE most common cause of
    >>>this is KaZaA or other P2P applications.
    >>>
    >>>Sh4d03
    >>>
    >>>--
    >>>If you require more assistance or if my suggestion works please E-mail me at
    >>>sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
    >>>assistance to me and wish to E-mail me directly please also feel free to
    >>>contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
    >>>in the
    >>>subject line. Please pay attention to the capitilisation. Emails sent to
    >>>this the above address which do NOT contain "Newsgroup_sh4d03" in the
    >>>subject line will fail to reach me.
    >>>Thanks,
    >>>Sh4d03

    >>
    >>

    >
    >Can you post a hijack this log file? I'm strongly feeling malware is the
    >cause here. Maybe try contacting your ISP and asking them if they can
    >tell you anything else about the connection once you've allowed the
    >'thing' to connect.
    >
    >Also can you please try SpySweeper. AdAware doesn't detect everything
    >out there... no application does... but AdAware combined with SpySweeper
    >make a pretty mean combination.
    >
    >As well as the hijack this log can you also tell me everything that is
    >running in the processes tab on a normal boot?
    >
    >MSN messenger is also a common application for requesting the internet
    >connection.
    >
    >Sh4d03
    >
    >--
    >If you require more assistance or if my suggestion works please E-mail me at
    >sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
    >assistance to me and wish to E-mail me directly please also feel free to
    >contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
    >in the
    >subject line. Please pay attention to the capitilisation. Emails sent to
    >this the above address which do NOT contain "Newsgroup_sh4d03" in the
    >subject line will fail to reach me.
    >Thanks,
    >Sh4d03
     
    Rubicon, Jan 17, 2005
    #19
  20. sh4d03

    sh4d03 Guest

    Rubicon wrote:
    > Sh4d03
    >
    > Tried SpySweeper as you suggested but it didn't find it.
    >
    > I saw the address 38.113.207.121 pop up in Sygate Personal Firewall so
    > I set it to ask me next time and it wanted to connect to dapsol.com.
    > It's now blocked (I hope) but my computer is still slow and open
    > explorer windows still crash.
    > Found this page
    > http://www3.ca.com/securityadvisor/virusinfo/virus.aspx?id=41267
    > and managed to download HijackThis before it crashed. Navigating is
    > becomming more and more difficult now.
    >
    > Here's the HijackThis logfile:
    >
    > Logfile of HijackThis v1.99.0
    > Scan saved at 11:50:58, on 16/01/05
    > Platform: Windows 98 SE (Win9x 4.10.2222A)
    > MSIE: Internet Explorer v5.00 (5.00.2919.6304)
    >
    > Running processes:
    > C:\WINDOWS\SYSTEM\KERNEL32.DLL
    > C:\WINDOWS\SYSTEM\MSGSRV32.EXE
    > C:\WINDOWS\SYSTEM\MPREXE.EXE
    > C:\WINDOWS\SYSTEM\mmtask.tsk
    > C:\WINDOWS\EXPLORER.EXE
    > C:\WINDOWS\SYSTEM\RPCSS.EXE
    > C:\WINDOWS\SYSTEM\RNAAPP.EXE
    > C:\WINDOWS\SYSTEM\TAPISRV.EXE
    > C:\WINDOWS\SYSTEM\SYSTRAY.EXE
    > C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
    > C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE
    > C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
    > C:\WINDOWS\SYSTEM\WMIEXE.EXE
    > C:\UNZIPPED\HIJACKTHIS\HIJACKTHIS.EXE
    >
    > R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    > http://www.google.co.nz/
    > R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
    > http://yoursearch.ws/?id=197
    > R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch
    > =
    > R3 - Default URLSearchHook is missing
    > O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    > - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
    > O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
    > C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    > O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio -
    > {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
    > O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
    > O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    > O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe
    > powrprof.dll,LoadCurrentPwrScheme
    > O4 - HKLM\..\Run: [VoodooBanshee] rundll32.exe
    > 3dfxVBps.dll,BansheeLoadSettings
    > O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE
    > /STARTUP
    > O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE
    > O4 - HKLM\..\Run: [AVG7_AMSVR]
    > C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
    > O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\SYGATE\SPF\SMC.EXE
    > -startgui
    > O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
    > Sweeper\SPYSWEEPER.EXE" /0
    > O8 - Extra context menu item: Download with GetRight - C:\Program
    > Files\GetRight\GRdownload.htm
    > O8 - Extra context menu item: Open with GetRight Browser - C:\Program
    > Files\GetRight\GRbrowse.htm
    > O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
    > O14 - IERESET.INF: START_PAGE_URL=http://www.pcworld.co.nz
    > O15 - Trusted IP range: 206.161.125.149
    > O15 - Trusted IP range: (HKLM)
    > O16 - DPF: {11111111-1111-1111-1111-111111113458} -
    > file://C:\WINDOWS\Tempor~1\Content.IE5\HSP3LJJP\packld[1].cab
    >
    > Again thanks for your help.
    >
    >
    >
    >
    >
    >
    > On Sat, 15 Jan 2005 10:41:52 +1100, sh4d03 <> wrote:
    >
    >
    >>Rubicon wrote:
    >>
    >>>Sh4d03
    >>>
    >>>Thankyou for the advice. My Ad-Aware version was too old with outdated
    >>>definitions. Downloading the new version and getting the latest
    >>>updates plus Spybot again with updated definitions got rid of more
    >>>than I suspected was there and solved another couple of problems I
    >>>had.
    >>>
    >>>Unfortunately it's still trying to dial in (removed Password) upon
    >>>startup and every minute or two. I haven't yet found any settings in
    >>>my programs ticked to do that. Using NETSTAT -AN and letting it
    >>>connect many times it seems to just connect to my ISP and that's it.
    >>>All TCP foreign addresses are 0 with the UDP as *.*.
    >>>Hold on there even as I write I let it connect again and it went to
    >>>FOREIGN ADDRESS 38.113.207.121:80 SYN_SENT and...
    >>>
    >>>Well everything just froze up and with CTRL-ALT-DEL Explorer was "not
    >>>responding" and then everything else went south like some sort of
    >>>program conflict "not responding". Managed to save this before cold
    >>>booting.
    >>>
    >>>It seems to dial in to my ISP immediately at startup and every minute
    >>>or so afterwards if not connected but only connects to the above
    >>>address occasionally.
    >>>
    >>>Any help is greatly appreciated here.
    >>>
    >>>PS As soon as I dailed in to send this message after setting the dial
    >>>up window to Work Offline to stop it popping up NETSTAT showed it
    >>>immediately connecting to the above address yet again.
    >>>
    >>>Cheers.
    >>>
    >>>
    >>>
    >>>
    >>>
    >>>On Wed, 12 Jan 2005 23:00:42 +1100, sh4d03 <> wrote:
    >>>
    >>>
    >>>
    >>>>Rubicon wrote:
    >>>>
    >>>>
    >>>>>Hello,
    >>>>>
    >>>>>I have a recent problem with the Dial Up Networking window continually
    >>>>>popping up to dail in. It starts the moment the machine (WIN98 SE)
    >>>>>reaches the desktop and I can't go any further unless I let it dial in
    >>>>>or Work Offline. If I Work Offline it goes away then returns a little
    >>>>>time later.
    >>>>>
    >>>>>The latest version of AVG Free with updated definitions has found
    >>>>>nothing and I cant find anything unusual checked in MSCONFIG/STARTUP.
    >>>>>The Dial up window contains only my ISP details and there's no other
    >>>>>connection in the Dial Up Networking folder. My firewall shows nothing
    >>>>>trying to "get-out" but I'm experiencing a few small Explorer crashes
    >>>>>where any open folders closedown.
    >>>>>
    >>>>>Any suggestions to rid me of this greatfully appreciated?
    >>>>>
    >>>>>Cheers,
    >>>>
    >>>>You've got two options.
    >>>>
    >>>>One: Tell Internet Explorer to not dial up a connection by default. You
    >>>>can do this by openin IE and clicking Tools | Options | Connections and
    >>>>checking "Never dial a connection" If you do this you'll need to make a
    >>>>shortcut icon to your connection on the desktop in order to connect.
    >>>>
    >>>>But more importatnly... option two:
    >>>>You should check for spyware or other programs which are trying to
    >>>>access the Internet. The moment you've ticked the option in an
    >>>>application to "dial the default connection if Application can't access
    >>>>the internet" you'll run into trouble. Common ones are Antivirus
    >>>>programs attempting to update themselves, seeing there is no internet
    >>>>connection and trying to connect. Windows Update could do it. Any number
    >>>>of malware applications.
    >>>>
    >>>>To remove spyware do the following:
    >>>>
    >>>>www.downloads.com
    >>>>AdAware SE 1.05 - install, update, run in full mode, remove everything
    >>>>SpyBot SD 1.3 - install, update, run, remove everything.
    >>>>
    >>>>www.webroot.com
    >>>>SpySweeper - install, update, run, remove.
    >>>>
    >>>>www.google.com
    >>>>SpyWareBlaster - install, update, close - this is a shield for more spyware.
    >>>>
    >>>>Let me know how you go.
    >>>>
    >>>>Sh4d03
    >>>>
    >>>>P.S. don't forget to check the programs that are running for anything
    >>>>that may need or want the Internet... possibly THE most common cause of
    >>>>this is KaZaA or other P2P applications.
    >>>>
    >>>>Sh4d03
    >>>>
    >>>>--
    >>>>If you require more assistance or if my suggestion works please E-mail me at
    >>>>sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
    >>>>assistance to me and wish to E-mail me directly please also feel free to
    >>>>contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
    >>>>in the
    >>>>subject line. Please pay attention to the capitilisation. Emails sent to
    >>>>this the above address which do NOT contain "Newsgroup_sh4d03" in the
    >>>>subject line will fail to reach me.
    >>>>Thanks,
    >>>>Sh4d03
    >>>
    >>>

    >>Can you post a hijack this log file? I'm strongly feeling malware is the
    >>cause here. Maybe try contacting your ISP and asking them if they can
    >>tell you anything else about the connection once you've allowed the
    >>'thing' to connect.
    >>
    >>Also can you please try SpySweeper. AdAware doesn't detect everything
    >>out there... no application does... but AdAware combined with SpySweeper
    >>make a pretty mean combination.
    >>
    >>As well as the hijack this log can you also tell me everything that is
    >>running in the processes tab on a normal boot?
    >>
    >>MSN messenger is also a common application for requesting the internet
    >>connection.
    >>
    >>Sh4d03
    >>
    >>--
    >>If you require more assistance or if my suggestion works please E-mail me at
    >>sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
    >>assistance to me and wish to E-mail me directly please also feel free to
    >>contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
    >>in the
    >>subject line. Please pay attention to the capitilisation. Emails sent to
    >>this the above address which do NOT contain "Newsgroup_sh4d03" in the
    >>subject line will fail to reach me.
    >>Thanks,
    >>Sh4d03

    >
    >

    Install Internet Explorer 6.0 SP1 from the Microsoft Website. That
    should hopefully reset all your system files relating to Internet
    Connections. Before you do that do the following - I think it's the same
    for IE 5.0 (what you have) I can't remember though.

    Open IE, click tools, options, programs tab, then reset all settings.

    Now install IE6 and see how you go.

    Sh4d03

    --
    If you require more assistance or if my suggestion works please E-mail me at
    sh4d03 [at] TPG [dot] com [dot] au. Additionally, if you are able to provide
    assistance to me and wish to E-mail me directly please also feel free to
    contact me in this manner. Please ensure you include "Newsgroup_sh4d03"
    in the
    subject line. Please pay attention to the capitilisation. Emails sent to
    this the above address which do NOT contain "Newsgroup_sh4d03" in the
    subject line will fail to reach me.
    Thanks,
    Sh4d03
     
    sh4d03, Jan 17, 2005
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JohnF

    speakers fading out and popping

    JohnF, Oct 29, 2003, in forum: Computer Support
    Replies:
    8
    Views:
    506
    anthonyberet
    Oct 30, 2003
  2. Robert H. Risch

    Obnoxious Webpages Popping Up

    Robert H. Risch, Nov 20, 2003, in forum: Computer Support
    Replies:
    3
    Views:
    518
  3. Brian

    problem 'popping' my ears

    Brian, Jun 18, 2005, in forum: Computer Support
    Replies:
    27
    Views:
    13,178
    Robert Sabrizio
    Jun 19, 2005
  4. milo

    dial up pop up keeps popping up

    milo, Apr 9, 2004, in forum: Computer Information
    Replies:
    5
    Views:
    8,760
  5. Tyler
    Replies:
    1
    Views:
    1,327
    Jeff Liebermann
    Oct 21, 2006
Loading...

Share This Page