Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

ewido finds dialers [RESOLVED]


  • This topic is locked This topic is locked

#1
Help Panos

Help Panos

    Member

  • Member
  • PipPip
  • 70 posts
I'm afraid that my younger brother has entered in suspicius sites.First of all i appreciate if someone can help me to remove this dialers. And secondly i would like to know how to prevent him from entering this *#@#* sites. Is there any way to 'see' if dialers are changing my real connection number? Below i have posted the report of ewido:


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:55:44 PM, 8/1/2005
+ Report-Checksum: 1E5E2EB4

+ Scan result:

[440] VM_00B01000 -> Dialer.Generic : Error during cleaning
[1592] VM_00AD1000 -> Dialer.Generic : Error during cleaning
[696] VM_028C1000 -> Dialer.Generic : Error during cleaning
[2064] VM_00D41000 -> Dialer.Generic : Error during cleaning
:mozilla.73:C:\Documents and Settings\Xenofondas\Application Data\Mozilla\Firefox\Profiles\s6vge1sf.default\cookies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.75:C:\Documents and Settings\Xenofondas\Application Data\Mozilla\Firefox\Profiles\s6vge1sf.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.111:C:\Documents and Settings\Xenofondas\Application Data\Mozilla\Firefox\Profiles\s6vge1sf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup


::Report End
  • 0

Advertisements


#2
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Could you follow the instructions here:
http://www.geekstogo..._Log-t2852.html

and post the resulting HijackThis log?

Regards,
  • 0

#3
Help Panos

Help Panos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Hello there! Here is Hijack:
Logfile of HijackThis v1.99.1
Scan saved at 1:14:39 PM, on 8/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Panos\My Documents\My Downloads\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\Program Files\AutoCAD 2002\AcDcToday.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file://C:\Program Files\AutoCAD 2002\InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file://C:\Program Files\AutoCAD 2002\InstFred.ocx
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\Program Files\AutoCAD 2002\AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{08B4486D-5605-4A62-9505-8E1078C0E58A}: NameServer = 147.102.222.220 147.102.222.210
O17 - HKLM\System\CS3\Services\Tcpip\..\{08B4486D-5605-4A62-9505-8E1078C0E58A}: NameServer = 147.102.222.220 147.102.222.210
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

and a new scan with Ewido that i did after restarting the computer( i do not know if it helps but i noticed sth different from the previous post:ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:11:56 PM, 8/1/2005
+ Report-Checksum: 849224A3

+ Scan result:

[1372] VM_00BD1000 -> Dialer.Generic : Error during cleaning
[1972] VM_00971000 -> Dialer.Generic : Error during cleaning
[1992] VM_02E81000 -> Dialer.Generic : Error during cleaning
[172] VM_00C91000 -> Dialer.Generic : Error during cleaning
:mozilla.15:C:\Documents and Settings\Panos\Application Data\Mozilla\Firefox\Profiles\jq2pdrbh.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup


::Report End
  • 0

#4
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Nothing shows up in your log.

But ofcourse we would like to know which files to get rid off.

Looking at the names I think Panda will find these:
http://www.pandasoft...n_principal.htm

Let me know the scan results.

Regards,
  • 0

#5
Help Panos

Help Panos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
download active scan?Its very very slow and i'm a little afraid of the components that pandasoftware downloads in my PC. You insist on this online check from the specific site?
  • 0

#6
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Personally, I couldn't care less.
If you don't trust it, I will certainly not insist.

Regards,
  • 0

#7
Help Panos

Help Panos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Look i really need your help. The problem with Panda is that it needs explorer and i have mozilla for a browser. So i looked for explorer and i tried to run online scan but it didn't started at all!! It was downloading some components for almost 20 min. it seemed without end! Could you be more specific about what to do. Thanks you in advance.
  • 0

#8
Help Panos

Help Panos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Sorry i forgot to ask, dialers are spyware? I ask because you posted a relevant link. (my knowledge in computers is limited as it seems)
  • 0

#9
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
OK. There may be another way to find them.

Dialers are hijackers rather then spyware, technically speaking. (they take you somewhere without your consent)

Download WinPFind.zip and extract it to your C:\ folder. This will create a folder called WinPFind in the C:\ folder. Inside c:\WinPFind is a file called WinPFind.exe. Double-click on this file to launch the program. Once it is launched, click on the Start Scan button and wait for it to finish. This program will scan large amounts of files on your computer for known patterns so please be patient while it works as it can take a while, upwards to 30 minutes or more.

When it is done, it will show the results of the scan. Click on the Copy to Clipboard button and then paste the contents of the log in your next post.

Regards,
  • 0

#10
Help Panos

Help Panos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Bad luck for me. First when i enter the program a window pops up that says 'file not found'. Then i click scan this and another window says ' Access violation at address 0044DBDB in modul winPFind. Read of address 00000004'. And as you can guess the red light in the down right corner is closed. Which means that the program doesn't run. I'm lost right now.What should i do?
  • 0

Advertisements


#11
Help Panos

Help Panos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Idea: I have a restoration point before this crap enter my computer. Will it help if i click on system restore?
  • 0

#12
Help Panos

Help Panos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
And i continue i restored my computer to an earlier stage. Ewido doesn't finds any dialers. Am i real safe? I really want to know if the dialers have been uninstalled in some way. Thank you for your patience!
  • 0

#13
Help Panos

Help Panos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Ufffff. I forgot to update ewido when i restored and guess what, it found 11 dialers!!!! So i undo restoration and i have again 5 dialers. I also yelled to my brother for this situation( my english are poor as you can see, sorry about that). I wait for help.
  • 0

#14
Metallica

Metallica

    Spyware Veteran

  • GeekU Moderator
  • 31,671 posts
Can you post the latest Ewido log.

I need to find out which files are concerned, so we can eliminate them.

Regards,
  • 0

#15
Help Panos

Help Panos

    Member

  • Topic Starter
  • Member
  • PipPip
  • 70 posts
Thanks again for helping me. Here it is:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:02:31 PM, 8/2/2005
+ Report-Checksum: 6F9C11C9

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-861567501-796845957-839522115-1004\Software\EGDHTML -> Dialer.Generic : Cleaned with backup
[1816] VM_10001000 -> Dialer.Generic : Error during cleaning
[336] VM_00AD1000 -> Dialer.Generic : Error during cleaning
[360] VM_029E1000 -> Dialer.Generic : Error during cleaning
[328] VM_00C91000 -> Dialer.Generic : Error during cleaning
[512] VM_009E1000 -> Dialer.Generic : Error during cleaning
[2904] VM_10001000 -> Dialer.Generic : Error during cleaning
:mozilla.71:C:\Documents and Settings\Xenofondas\Application Data\Mozilla\Firefox\Profiles\s6vge1sf.default\cookies.txt -> Spyware.Cookie.Spinbox : Cleaned with backup
:mozilla.73:C:\Documents and Settings\Xenofondas\Application Data\Mozilla\Firefox\Profiles\s6vge1sf.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Xenofondas\Application Data\Mozilla\Firefox\Profiles\s6vge1sf.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup


::Report End

The problem is this dialers with the error during cleaning.
I find them in ewido's memory scan.(i did a complete scan and then a memory scan and i found the same results). I look forward for your reply!!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP