Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

suspected Trojan dialer [RESOLVED]


  • This topic is locked This topic is locked

#1
kd1966

kd1966

    Member

  • Member
  • PipPipPip
  • 201 posts
I am having a beast of a time w/ clients XP Home system; among other trojans, virus files, and spyware/malware/adware/junkware.............I was able to get rid of the majority of virus stuff, but this dang dialer...........

The [bleep] dialer starts of system startup and tries to autodial (Clients just close the program) I notice that dialer.exe runs in processes until the dialer prog. is closed The "obvious" places where the program installs itself are on the desktop, start menu, and in the directory \ecommerce.

There is also a process called eetu.exe which cannot be stopped/halted; all spyware and virus removers used only delete the "obvious" places the file is installed, but every reboot, it comes back. I don't have a Hijackthis log for their computer; I just want to know if anyone has any experience with this particular dialer and how to PERMANENTLY get rid of it. I am considering going to safe mode and running some antivirus/spyware progs, but not sure if that will do anything different than what is done in normal mode.
I just got off the phone with the people and it seems the dialer has been on since December 2004, so my theory of system restore is pretty shot........ :tazz:
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

We need that HijackThis log. But before you give us that, you have to run through some preliminaries first. Read the first link in my signature.
  • 0

#3
kd1966

kd1966

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 201 posts
Yes, I read the steps, unfortunately, I saw those yesterday evening (I'm new here) and I actually have done most of the steps you outline. The particular computer is a generic XP Home without ANY service packs, and I did not want to make things worse by installing SP2 with the trojan still active.

I did go into the safe mode this morning and run the anti trojan, spybot, adaware SE, and a full virus scan with avast! home edition, along with searching for the phrases in the registry that matched the names of spyware and the trojan dialer. Alas, this did not get rid of the trojan dialer (eCommerce\dialer.exe) which I believe is being supported by the eetu.exe process that cannot be stopped/halted, even though MS antispy was able to stop eetu.exe from popping up the dialer the next time.

The people want a working system, so I backed up their personal documents on CD and tomorrow will wipe the HD and reinstall XP. I only wish I had seen this forum about 3 days ago, as it really looks like you all are the real experts on virus/malware/trojan removal. Until next time, thanks!!
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP