[desertkeys]

DIAL_SWITCH.A this was detected by our Trend AV software, infected the system32\ntopengl.exe file, but could not be cleaned or deleted. Anybody have any idea what this is.

Trend doe not have a clue.

Thanks in advance!

[Advertisements]

Hi desertkeys

It will be easier to help you if you follow the basic steps here http://www.geekstogo...?showtopic=2852

Then you can post a HijackThis log and someone will be able to help you.

[ilago]

Hi desertkeys

It will be easier to help you if you follow the basic steps here http://www.geekstogo...?showtopic=2852

Then you can post a HijackThis log and someone will be able to help you.

[desertkeys]

ilago,

I appreciate the response.

However, the system is in Europe, I’m in the S Western US and I have very limited access to it - unless I want to get out of bed at 03:00 AM.

I’m pretty sure I can get rid of the problem with a simple substitution of the infected file. Albeit by having one of the folks there boot the system and do a swap from a floppy. I was just wondering is any one has run up against this particular flavor of malware before since our AV provider is clueless as to what it is.

Getting access to the system is going to be a bit of a nutroll.

Regards all.

[ilago]

Hi desertkeys

This is not a system file that needs replacing. This is one of the files used by a Dutch Switch Dialer. It is not a system file that can simply be replaced. There are other entries in a HijackThis log that would be associated with this malware.

Without seeing a whole HijackThis log it would be very difficult to fully remove. Even just deleting that file would not remove this malware.

Would it be possible for the user to post a log direct to us here?

Edited by ilago, 05 February 2005 - 08:29 AM.