[George S]

The gateway PC dials out on its own when no other pcs on the network are turned on.

I can stop it from dialing by disabling the network. Once I enable the network (with the other pcs turned off) it dials.

I delete the contents of these folders C:\Documents and Settings\Spector1\Local Settings\Temporary Internet Files\Content.IE5 but left the folders empty because windows gave me a message saying they were system folders.

Thanks

[Advertisements]

hope you dont mind another jump into this, rockster asked me to take a look.

for the most efficient cleaning of internet temp files, plus lots of other crud, use CLEAN UP!

I'm sure the malware guys know this tool, I got it from the malware forums...its great for reclaiming disk space from some of the clutter that builds up in machines as well.

it sounds like you guys have arrived at my only other thought, which is to check the other machines, one or several of them are probably infected.

perhaps an easier way to test that- if you have zonealarm on each machine, just hit the lock internet on each machine, then unlock each one individually until you find which one is trying to dial out.
if you dont have zonealarm on each machine, power 'em down as noahdfear instructed.

[audioboy]

hope you dont mind another jump into this, rockster asked me to take a look.

for the most efficient cleaning of internet temp files, plus lots of other crud, use CLEAN UP!

I'm sure the malware guys know this tool, I got it from the malware forums...its great for reclaiming disk space from some of the clutter that builds up in machines as well.

it sounds like you guys have arrived at my only other thought, which is to check the other machines, one or several of them are probably infected.

perhaps an easier way to test that- if you have zonealarm on each machine, just hit the lock internet on each machine, then unlock each one individually until you find which one is trying to dial out.
if you dont have zonealarm on each machine, power 'em down as noahdfear instructed.

[noahdfear]

Hi George,

I got the hosts file. It's a redirector to a [bleep] site for all of the popular search engines. Do rid your PC of it.

I ask that you physically disconnect all PCs from the network, including the gateway PC from the switch/hub. Download the beta version of F-Secure Blacklight rootkit scanner/cleaner and run on each PC. Also run MWAV on all PCs. Let us know the results please. We'll need to clean each one separately if infected. **Reconnecting an infected machine to the network can re-infect a clean PC.

Once the gateway computer has been cleared as clean, Reconnect it to the switch/hub and enable the network. Does it initiate a dialup? Reconnect 1 network PC and test. Etc, etc.

[George S]

I thought I had found it, but no.

My contention is that since the computer only dials on its own when the network is enabled, then the problem relates to the network. Well, I found a link in My Network Places to ftp:Dell.com. I thought, of course, if this is in the network neighborhood then no wonder the computer dials. Well, I removed the link, and it still dials out. I ran MWAV and there is no spyware or virus. The only thing MWAV notes are invalid objects in the registry that I think are orphaned registry items.

I'll try F-Secure Blacklight

[George S]

I THINK I FIXED IT. I was sure that after ruling out malware it had to do something with the network. So, I uninstalled the TCP/IP protocol. This had an effect on ZoneAlarm as well. After reinstalling TCP/IP, ZoneAlarm recognized a new network. I then had to reset to a static IP address for my gateway, reset ZA for Internet Connection Sharing.

I then ran the virus checkers on my client pcs and reestablished the network. So far the gateway is no longer dialing. I don't know what was changed, but the result is great.

Thank you all for all your help!!!!! I very much appreciate it.
George

[noahdfear]

That's good news indeed. Glad you got it resolved.

Thanks for posting back!