Q: Dialers Trojans and dial up password

Discussion in 'NZ Computing' started by Warwick, Feb 7, 2004.

  1. Warwick

    Warwick Guest

    Hi
    Has anyone any experience with Dialers changing the dial up password?

    I have cleaned a friends mothers machine up, seems the dial up account has
    changed password in the last 24 hours. An updated AVG found and healed 3
    dialers and two trojans. Wondering if the two events are related.

    TIA
    Warwick
     
    Warwick, Feb 7, 2004
    #1
    1. Advertising

  2. Warwick

    Lebowski Guest

    Re: Dialers Trojans and dial up password

    "Warwick" <> wrote in message
    news:riw868gys2i1$.1e1jki038s4vw$...
    > Hi
    > Has anyone any experience with Dialers changing the dial up password?
    >
    > I have cleaned a friends mothers machine up, seems the dial up account has
    > changed password in the last 24 hours. An updated AVG found and healed 3
    > dialers and two trojans. Wondering if the two events are related.
    >
    > TIA
    > Warwick


    ....and K&S wonders why I bother with an AV program that is always running in
    the background. Herein lies the reason.

    Norton Antivirus with Auto-Protect feature enabled would stop the trojan in
    its tracks. Any other solution is an ambulance at the bottom of the cliff.
    What were the names of the trojans and dialers?
     
    Lebowski, Feb 7, 2004
    #2
    1. Advertising

  3. Warwick

    Warwick Guest

    Re: Dialers Trojans and dial up password

    On Sun, 8 Feb 2004 09:33:46 +1300, Lebowski wrote:

    > "Warwick" <> wrote in message
    > news:riw868gys2i1$.1e1jki038s4vw$...
    >> Hi
    >> Has anyone any experience with Dialers changing the dial up password?
    >>
    >> I have cleaned a friends mothers machine up, seems the dial up account has
    >> changed password in the last 24 hours. An updated AVG found and healed 3
    >> dialers and two trojans. Wondering if the two events are related.
    >>
    >> TIA
    >> Warwick

    >
    > ...and K&S wonders why I bother with an AV program that is always running in
    > the background. Herein lies the reason.
    >
    > Norton Antivirus with Auto-Protect feature enabled would stop the trojan in
    > its tracks. Any other solution is an ambulance at the bottom of the cliff.
    > What were the names of the trojans and dialers?


    The dialer was called 'dailer', same name 3 separate files.
    Trojans I forget the name.
    One of the dialers tried twice to get out yesterday - I saw the attempts in
    the ZA log file.

    The password thing is curioius.
     
    Warwick, Feb 7, 2004
    #3
  4. Warwick

    Lebowski Guest

    Re: Dialers Trojans and dial up password

    "Warwick" <> wrote in message
    news:...
    > On Sun, 8 Feb 2004 09:33:46 +1300, Lebowski wrote:
    >
    > > "Warwick" <> wrote in message
    > > news:riw868gys2i1$.1e1jki038s4vw$...
    > >> Hi
    > >> Has anyone any experience with Dialers changing the dial up password?
    > >>
    > >> I have cleaned a friends mothers machine up, seems the dial up account

    has
    > >> changed password in the last 24 hours. An updated AVG found and healed

    3
    > >> dialers and two trojans. Wondering if the two events are related.
    > >>
    > >> TIA
    > >> Warwick

    > >
    > > ...and K&S wonders why I bother with an AV program that is always

    running in
    > > the background. Herein lies the reason.
    > >
    > > Norton Antivirus with Auto-Protect feature enabled would stop the trojan

    in
    > > its tracks. Any other solution is an ambulance at the bottom of the

    cliff.
    > > What were the names of the trojans and dialers?

    >
    > The dialer was called 'dailer', same name 3 separate files.
    > Trojans I forget the name.


    Was it NIMDA? I once received that one a couple of years ago while trying
    out AVG and had to revert back to Nortons to weed it out. Made a mess of my
    system too, aargh :(

    > One of the dialers tried twice to get out yesterday - I saw the attempts

    in
    > the ZA log file.
    >
    > The password thing is curioius.
     
    Lebowski, Feb 7, 2004
    #4
  5. Warwick

    Warwick Guest

    Re: Dialers Trojans and dial up password

    On Sun, 8 Feb 2004 11:42:40 +1300, Lebowski wrote:

    > "Warwick" <> wrote in message
    > news:...
    >> On Sun, 8 Feb 2004 09:33:46 +1300, Lebowski wrote:
    >>
    >>> "Warwick" <> wrote in message
    >>> news:riw868gys2i1$.1e1jki038s4vw$...
    >>>> Hi
    >>>> Has anyone any experience with Dialers changing the dial up password?
    >>>>
    >>>> I have cleaned a friends mothers machine up, seems the dial up account

    > has
    >>>> changed password in the last 24 hours. An updated AVG found and healed

    > 3
    >>>> dialers and two trojans. Wondering if the two events are related.
    >>>>
    >>>> TIA
    >>>> Warwick
    >>>
    >>> ...and K&S wonders why I bother with an AV program that is always

    > running in
    >>> the background. Herein lies the reason.
    >>>
    >>> Norton Antivirus with Auto-Protect feature enabled would stop the trojan

    > in
    >>> its tracks. Any other solution is an ambulance at the bottom of the

    > cliff.
    >>> What were the names of the trojans and dialers?

    >>
    >> The dialer was called 'dailer', same name 3 separate files.
    >> Trojans I forget the name.

    >
    > Was it NIMDA? I once received that one a couple of years ago while trying
    > out AVG and had to revert back to Nortons to weed it out. Made a mess of my
    > system too, aargh :(
    >
    >> One of the dialers tried twice to get out yesterday - I saw the attempts

    > in
    >> the ZA log file.
    >>
    >> The password thing is curioius.


    No nothing as serious as that, AVG seemed to handle it without me going
    thru any special routines.
    The problem here is that the password changed, and my friend went off at
    the grandchildren in the house for messing with the dial up settings, extra
    pissed off that he cannot access the net, and the grandmother (account
    holder) is on holiday. I was embarassed and immediately said that it was
    possibly not malicious behaviour on a household member but a side effect of
    one of the viri/trojans/dialers. I was guessing but I had to put a stop to
    the bitching and yelling, it was making me very uncomfortable.
    It is all I want to know really, do any dialers change password? I had
    hoped someone here would know, and need to give my friend a definitive
    answer.

    best
    Warwick
     
    Warwick, Feb 8, 2004
    #5
  6. Warwick

    Gavin Tunney Guest

    Re: Dialers Trojans and dial up password

    On Sun, 8 Feb 2004 17:35:17 +1300, Warwick <> wrote:

    <snip>
    >No nothing as serious as that, AVG seemed to handle it without me going
    >thru any special routines.
    >The problem here is that the password changed, and my friend went off at
    >the grandchildren in the house for messing with the dial up settings, extra
    >pissed off that he cannot access the net, and the grandmother (account
    >holder) is on holiday. I was embarassed and immediately said that it was
    >possibly not malicious behaviour on a household member but a side effect of
    >one of the viri/trojans/dialers. I was guessing but I had to put a stop to
    >the bitching and yelling, it was making me very uncomfortable.
    >It is all I want to know really, do any dialers change password? I had
    >hoped someone here would know, and need to give my friend a definitive
    >answer.
    >


    No they don't change a password, well not any I've seen and I've seen
    plenty. No reason to, it wouldn't achieve anything.

    If you're getting diallers then look at updating Internet Explorer or
    check the security settings. Almost all diallers now are being
    installed via Activex, and they will install without user intervention
    if "download signed activex controls" is set to 'enable' in the
    internet zone. That was a default setting on older (unpatched)
    versions of IE. If it's set to 'prompt' then the user will be asked
    whether they want to download (and run) the control, and can say no.

    And btw antivirus software isn't very reliable at catching diallers &
    trojans, they're not generally perceived as a virus or worm. I've
    found Adaware to do a good job of cleaning out diallers & accompanying
    nasties.

    Cheers

    Gavin
     
    Gavin Tunney, Feb 8, 2004
    #6
  7. Warwick

    Gordon Guest

    Re: Dialers Trojans and dial up password

    On Sun, 08 Feb 2004 17:35:17 +1300, Warwick wrote:

    {snip]

    > The problem here is that the password changed, and my friend went off at
    > the grandchildren in the house for messing with the dial up settings, extra
    > pissed off that he cannot access the net, and the grandmother (account
    > holder) is on holiday. I was embarassed and immediately said that it was
    > possibly not malicious behaviour on a household member but a side effect of
    > one of the viri/trojans/dialers. I was guessing but I had to put a stop to
    > the bitching and yelling, it was making me very uncomfortable.
    > It is all I want to know really, do any dialers change password? I had
    > hoped someone here would know, and need to give my friend a definitive
    > answer.


    http://www.smoothwall.org

    Go on make the effort and operate in stealth mode. Firewalls are FWN these
    days. (FWN F***ing well needed)

    --
    Fairy stories exist so children get used to real life
     
    Gordon, Feb 8, 2004
    #7
  8. Warwick

    Lebowski Guest

    Re: Dialers Trojans and dial up password

    "Gavin Tunney" <> wrote in message
    news:...
    > On Sun, 8 Feb 2004 17:35:17 +1300, Warwick <> wrote:
    >
    > <snip>
    > >No nothing as serious as that, AVG seemed to handle it without me going
    > >thru any special routines.
    > >The problem here is that the password changed, and my friend went off at
    > >the grandchildren in the house for messing with the dial up settings,

    extra
    > >pissed off that he cannot access the net, and the grandmother (account
    > >holder) is on holiday. I was embarassed and immediately said that it was
    > >possibly not malicious behaviour on a household member but a side effect

    of
    > >one of the viri/trojans/dialers. I was guessing but I had to put a stop

    to
    > >the bitching and yelling, it was making me very uncomfortable.
    > >It is all I want to know really, do any dialers change password? I had
    > >hoped someone here would know, and need to give my friend a definitive
    > >answer.
    > >

    >
    > No they don't change a password, well not any I've seen and I've seen
    > plenty. No reason to, it wouldn't achieve anything.
    >
    > If you're getting diallers then look at updating Internet Explorer or
    > check the security settings. Almost all diallers now are being
    > installed via Activex, and they will install without user intervention
    > if "download signed activex controls" is set to 'enable' in the
    > internet zone. That was a default setting on older (unpatched)
    > versions of IE. If it's set to 'prompt' then the user will be asked
    > whether they want to download (and run) the control, and can say no.
    >
    > And btw antivirus software isn't very reliable at catching diallers &
    > trojans, they're not generally perceived as a virus or worm. I've
    > found Adaware to do a good job of cleaning out diallers & accompanying
    > nasties.
    >
    > Cheers
    >
    > Gavin


    AdAware and Spybot are great for cleaning out dialer nasties.

    NAV 2003 (about as hated here as Microsoft) includes a worm-blocking feature
    and has stopped a couple of trojans in their tracks during my time with it.
     
    Lebowski, Feb 8, 2004
    #8
  9. Warwick

    Warwick Guest

    Re: Dialers Trojans and dial up password

    On Sun, 08 Feb 2004 05:15:24 GMT, Gavin Tunney wrote:

    > On Sun, 8 Feb 2004 17:35:17 +1300, Warwick <> wrote:
    >
    > <snip>
    >>No nothing as serious as that, AVG seemed to handle it without me going
    >>thru any special routines.
    >>The problem here is that the password changed, and my friend went off at
    >>the grandchildren in the house for messing with the dial up settings, extra
    >>pissed off that he cannot access the net, and the grandmother (account
    >>holder) is on holiday. I was embarassed and immediately said that it was
    >>possibly not malicious behaviour on a household member but a side effect of
    >>one of the viri/trojans/dialers. I was guessing but I had to put a stop to
    >>the bitching and yelling, it was making me very uncomfortable.
    >>It is all I want to know really, do any dialers change password? I had
    >>hoped someone here would know, and need to give my friend a definitive
    >>answer.
    >>

    >
    > No they don't change a password, well not any I've seen and I've seen
    > plenty. No reason to, it wouldn't achieve anything.
    >
    > If you're getting diallers then look at updating Internet Explorer or
    > check the security settings. Almost all diallers now are being
    > installed via Activex, and they will install without user intervention
    > if "download signed activex controls" is set to 'enable' in the
    > internet zone. That was a default setting on older (unpatched)
    > versions of IE. If it's set to 'prompt' then the user will be asked
    > whether they want to download (and run) the control, and can say no.
    >
    > And btw antivirus software isn't very reliable at catching diallers &
    > trojans, they're not generally perceived as a virus or worm. I've
    > found Adaware to do a good job of cleaning out diallers & accompanying
    > nasties.
    >
    > Cheers
    >
    > Gavin


    Thank you very much Gavin, precisely what I needed to know. I can pass that
    on and my friend can discipline the grandkids when I am not there :)

    Advice re ActiveX noted, I'll make those changes for him as well.

    cheers
    Warwick
     
    Warwick, Feb 8, 2004
    #9
  10. Re: Dialers Trojans and dial up password

    In article <1k5ow5p340y0p$>,
    says...
    > The problem here is that the password changed, and my friend went off at
    > the grandchildren in the house for messing with the dial up settings, extra
    > pissed off that he cannot access the net, and the grandmother (account
    > holder) is on holiday. I was embarassed and immediately said that it was
    > possibly not malicious behaviour on a household member but a side effect of


    I've had XP Pro just drop a dialler password on me several times. One
    moment I can connect fine, the next I get login error 'wrong password'.
    No idea just what the hey is responsible. Neither NAV nor F-prot nor
    AdAware can find any active nasties on my computer. Go figure. Bugs the
    shit out of me when it happens though :(

    -Peter
     
    Peter Huebner, Feb 8, 2004
    #10
  11. Warwick

    Mainlander Guest

    In article <riw868gys2i1$.1e1jki038s4vw$>,
    says...
    > Hi
    > Has anyone any experience with Dialers changing the dial up password?
    >
    > I have cleaned a friends mothers machine up, seems the dial up account has
    > changed password in the last 24 hours. An updated AVG found and healed 3
    > dialers and two trojans. Wondering if the two events are related.


    It would be very easy for one of these programs to intercept your
    password and pass it back to a malicious attacker.

    --
    Full featured open source Win32 newsreader - Gravity 2.70
    http://sourceforge.net/projects/mpgravity/
     
    Mainlander, Feb 8, 2004
    #11
  12. Warwick

    Mainlander Guest

    In article <riw868gys2i1$.1e1jki038s4vw$>,
    says...
    > Hi
    > Has anyone any experience with Dialers changing the dial up password?
    >
    > I have cleaned a friends mothers machine up, seems the dial up account has
    > changed password in the last 24 hours. An updated AVG found and healed 3
    > dialers and two trojans. Wondering if the two events are related.


    What kind of web sites were they visiting that would install diallers?

    --
    Full featured open source Win32 newsreader - Gravity 2.70
    http://sourceforge.net/projects/mpgravity/
     
    Mainlander, Feb 8, 2004
    #12
  13. Warwick

    Col Guest

    On Sun, 8 Feb 2004 23:23:10 +1300, Mainlander <*@*.*> wrote:

    >In article <riw868gys2i1$.1e1jki038s4vw$>,
    > says...
    >> Hi
    >> Has anyone any experience with Dialers changing the dial up password?
    >>
    >> I have cleaned a friends mothers machine up, seems the dial up account has
    >> changed password in the last 24 hours. An updated AVG found and healed 3
    >> dialers and two trojans. Wondering if the two events are related.

    >
    >What kind of web sites were they visiting that would install diallers?


    --
    *Col*

    And Moses looked upon the Lord and said: "We are your
    chosen people and you want us to cut the tips off our
    WHAT?!!!"
     
    Col, Feb 8, 2004
    #13
  14. Warwick

    Col Guest

    On Sun, 8 Feb 2004 23:23:04 +1300, Mainlander <*@*.*> wrote:

    >In article <riw868gys2i1$.1e1jki038s4vw$>,
    > says...
    >> Hi
    >> Has anyone any experience with Dialers changing the dial up password?
    >>
    >> I have cleaned a friends mothers machine up, seems the dial up account has
    >> changed password in the last 24 hours. An updated AVG found and healed 3
    >> dialers and two trojans. Wondering if the two events are related.

    >
    >It would be very easy for one of these programs to intercept your
    >password and pass it back to a malicious attacker.


    Often those dialers ring leitchenstein . ou see a charge on your Phone bill
    "Leitchenstein Modem" They turn off the sound and dial out on your phone line is
    you modem is turned on and you are not on the net and take over your phone line
    for international calls. my son had one on his system and I had to pay 168
    bucks to Telecom . I now have a toll bar and pin number on the phone line (at
    Telecom's suggestion)
    --
    *Col*

    And Moses looked upon the Lord and said: "We are your
    chosen people and you want us to cut the tips off our
    WHAT?!!!"
     
    Col, Feb 8, 2004
    #14
  15. Warwick

    Warwick Guest

    On Sun, 8 Feb 2004 23:23:10 +1300, Mainlander wrote:

    > In article <riw868gys2i1$.1e1jki038s4vw$>,
    > says...
    >> Hi
    >> Has anyone any experience with Dialers changing the dial up password?
    >>
    >> I have cleaned a friends mothers machine up, seems the dial up account has
    >> changed password in the last 24 hours. An updated AVG found and healed 3
    >> dialers and two trojans. Wondering if the two events are related.

    >
    > What kind of web sites were they visiting that would install diallers?


    I did not ask or look, but warned him of the magnified risk of infection
    from browsing adult sites. If you are thinking along the same lines as I
    was.
     
    Warwick, Feb 8, 2004
    #15
  16. In article <1mi0rb04kqqmz$>,
    says...
    > I did not ask or look, but warned him of the magnified risk of infection
    > from browsing adult sites. If you are thinking along the same lines as I
    > was.


    Huh, if only that were all.

    Only yesterday I did a google for the game I am playing at the moment,
    got a result for some perfectly serious looking German Gamer site which
    immediately tried to install a dialler.

    In fact, about 90% of all dialler install attempts I have had were off
    google results, looking for game walkthroughs/hints/tips with results
    pointing to German sites. It seems to be a bit of a national pasttime
    over there to catch the unweary :-(

    -Peter
     
    Peter Huebner, Feb 9, 2004
    #16
  17. Warwick

    ~misfit~ Guest

    Mainlander wrote:
    > In article <riw868gys2i1$.1e1jki038s4vw$>,
    > says...
    >> Hi
    >> Has anyone any experience with Dialers changing the dial up password?
    >>
    >> I have cleaned a friends mothers machine up, seems the dial up
    >> account has changed password in the last 24 hours. An updated AVG
    >> found and healed 3 dialers and two trojans. Wondering if the two
    >> events are related.

    >
    > What kind of web sites were they visiting that would install diallers?


    Warez and cracks sites?
    --
    ~misfit~
     
    ~misfit~, Feb 9, 2004
    #17
  18. Mainlander wrote:
    > What kind of web sites were they visiting that would install diallers?


    I went to one called stickdeath.com while looking for stick figure
    animations... about a million popups later I notice that one of them is
    for a pron dialler.

    I only visited this one for research for someone, they wanted to know
    how easy it would be for their machine to be hijacked.

    --
    Http://www.Dave.net.nz
    Play Hangman
    Register, and play Space Invaders or Pacman.
     
    T.N.O. - Dave.net.nz, Feb 9, 2004
    #18
  19. Warwick

    Lebowski Guest

    "~misfit~" <~misfit~@his_desk.com> wrote in message
    news:dbBVb.38493$...
    > Mainlander wrote:
    > > In article <riw868gys2i1$.1e1jki038s4vw$>,
    > > says...
    > >> Hi
    > >> Has anyone any experience with Dialers changing the dial up password?
    > >>
    > >> I have cleaned a friends mothers machine up, seems the dial up
    > >> account has changed password in the last 24 hours. An updated AVG
    > >> found and healed 3 dialers and two trojans. Wondering if the two
    > >> events are related.

    > >
    > > What kind of web sites were they visiting that would install diallers?

    >
    > Warez and cracks sites?
    > --


    usually they're porn sites. I know of a 60-year old married family friend
    who was spending much of his spare time looking at porn sites and was
    infested with dialers and his machine was very f**ked up. Ad Aware found
    like "453 new objects", hahahaha! He also had a bill from Telecom for
    several hundreds thanks to a calling location known as Guinea Basau! LOL!!!
     
    Lebowski, Feb 9, 2004
    #19
  20. Warwick

    ~misfit~ Guest

    Hosts file. (Was: Re: Q: Dialers Trojans and dial up password)

    Lebowski wrote:
    > "~misfit~" <~misfit~@his_desk.com> wrote in message
    > news:dbBVb.38493$...
    >> Mainlander wrote:
    >>> In article <riw868gys2i1$.1e1jki038s4vw$>,
    >>> says...
    >>>> Hi
    >>>> Has anyone any experience with Dialers changing the dial up
    >>>> password?
    >>>>
    >>>> I have cleaned a friends mothers machine up, seems the dial up
    >>>> account has changed password in the last 24 hours. An updated AVG
    >>>> found and healed 3 dialers and two trojans. Wondering if the two
    >>>> events are related.
    >>>
    >>> What kind of web sites were they visiting that would install
    >>> diallers?

    >>
    >> Warez and cracks sites?
    >> --

    >
    > usually they're porn sites. I know of a 60-year old married family
    > friend who was spending much of his spare time looking at porn sites
    > and was infested with dialers and his machine was very f**ked up. Ad
    > Aware found like "453 new objects", hahahaha! He also had a bill from
    > Telecom for several hundreds thanks to a calling location known as
    > Guinea Basau! LOL!!!


    I've just checked my 'hosts' file today and it's full of porn-related stuff
    (and I hardly ever go to porn sites - honest). The problem is, I don't know
    what's supposed to be in there. I have 'Local host 127.0.0.0' or something
    similar, plus something AdSubtract put in ther but I don't know if anything
    else is needed for the comrrect running of my machine. Any ideas? I don't
    like all that other shite in there and I'm sure it can't be good for my
    machine.

    Cheers,
    --
    ~misfit~
     
    ~misfit~, Feb 9, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Replies:
    0
    Views:
    493
  2. AC Parker
    Replies:
    3
    Views:
    488
    David
    Aug 26, 2004
  3. Joseph Ladovic
    Replies:
    3
    Views:
    522
    Winged
    May 26, 2005
  4. Joseph Ladovic

    Re: Report - all dialers and trojans are deleted

    Joseph Ladovic, Jun 2, 2005, in forum: Computer Security
    Replies:
    0
    Views:
    364
    Joseph Ladovic
    Jun 2, 2005
  5. garphil.ip

    SIP, H323 desktop and web dialers in a wide range

    garphil.ip, Nov 22, 2006, in forum: Computer Support
    Replies:
    0
    Views:
    575
    garphil.ip
    Nov 22, 2006
Loading...

Share This Page