How can I get rid of a dialer?

try turning off your system restore before it spreads because i had the same prob then switch your comp to safe mode and try running avast if it doesn't run or it finds nothing get a legit Antivirus and spyware program do not download anything off the net i had the same prob and dowloading things off the net made it worse opened up doors to trojan horses and downloaders and joke.infects that give you false positives and it ruined da heck out of m comp so b careful. i have verizon so i used their security suite but if your service provider doesn't provide security opts then it would be best to buy one because it will save you big bucks in the end trust me his stuff messes with your registry and everything. it can screw up your comp to the point you'll have to waste big money to fix it or throw it out. *** also make sure you don't purchase your software online if you do decide to because most are hoaxes and because your comp is suceptible to that spyware it can't create doors to other things like a backdoor agent it also happened to me.
now i'm pretty sure your sayin if verizon is so great why didn't it protect me it's because i hadn't installed it until after i had the problems which could have been easily avoided if i had it instead of avast,avira,or spyware terminator.
gdluck

Currently I'm scanning with Lavasoft Ad-aware and thus far, it's found 8 infections - YIKES! I'm used to never finding anything with that utility. I also ran Spybot and it found nothing -- it congratulated me -- little does it know (LOL).

Question -- I'm not on dialup, but am on cable. Can this thing be operable even though not on a phone line?

I'll try your suggestion, but probably won't get it done until tomorrow. Hope that's not too late. It's scarry to find this stuff when I'm used to having a clean PC.

We got a new modem today as our other one shot craps -- wonder if that's what caused this. We used to have a router and modem would not work with it. Cox told us since we only had 1 PC that we really didn't need the router and to disconnect and not use, but to connect modem directly to PC. Hope that wasn't a mistake -- they're the pros afterall, but then again, are they?

Julea

Marianna,

I followed your suggestion and ran the scan again last night. I stopped the scan at 52% completed to go to bed. At that time it had found nothing. Before, it had found the file in the 3% completion range. I turned the system restore back on, shut down PC, and went to bed.

This morning I booted up and ran the scan again. This time, it did not find what I did last night; however, found this:

c:Windows\Installer\f78b92msi\ISSetupFiles\SetupFile33

It's a WIN32:Dialer-gen[Trj] VPS Version 081009-0,10/0/2008

Again, I went into the registry and searched for f78b92msi and it did found this:

Local Package Reg_SZ c:Windows/Installer/f78b92.msi

Can't either of these finds (what I found in registry last night, mentioned in previous post) be removed directly from the registry and the problem go away ???

I use Ad-aware which I ran this morning and it only found 1 MRU. My spyware blaster program is working and up to date. Spybot continues to find nothing. I use the pay version of Kerio Personal Firewall. From the post of other person in this thread, it sounds like I should not even have the Kerio Firewall, but for now, I'm keeping it.

Thanks

Julea

Please download Malwarebytes Anti-Malware or alternate download link

* Make sure you are connected to the Internet.
* Double-click on Download_mbam-setup.exe to install the application.
* When the installation begins, follow the prompts and do not make any changes to default settings.
* When installation has finished, make sure you leave both of these checked:
* - Update Malwarebytes' Anti-Malware
* - Launch Malwarebytes' Anti-Malware
* Then click Finish.
* MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
* If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.

* On the Scanner tab:
* - Make sure the "Perform Quick Acan" option is selected.
* - Then click on the Scan button.
* The next screen will ask you to select the drives to scan. Leave all the drives selected and click on the Start Scan button.
* The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
* When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
* Click OK to close the message box and continue with the removal process.
* Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
* Make sure that everything is checked, and click Remove Selected.
* When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.

* -- Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

**If you encounter this message:"c:\program files\malwarebytes' Anti-Malware\mbamext.dll Unable to register the dll/ocx: RegSvr32 failed with exit code 0x5" Click on ignore mbamext.dll

..

Download and scan with SUPERAntiSpyware Free for Home Users

* Double-click SUPERAntiSpyware.exe and use the default settings for installation.
* An icon will be created on your desktop. Double-click that icon to launch the program.
* If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
* Under "Configuration and Preferences", click the Preferences button.
* Click the Scanning Control tab.
* Under Scanner Options make sure the following are checked (leave all others unchecked):

Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.

* Click the "Close" button to leave the control center screen.
* Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
* On the left, make sure you check C:\Fixed Drive.
* On the right, under "Complete Scan", choose Perform Complete Scan.
* Click "Next" to start the scan. Please be patient while it scans your computer.
* After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
* Make sure everything has a checkmark next to it and click "Next".
* A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
* If asked if you want to reboot, click "Yes".

What did they find?

at this point, should I have my system restore on or off?

Thanks for your help Marianna.

Julea

find MORE "ugly stuff" you can purge your system restore again.

Take it easy

This doesn't make sense -- here are the results. Where is that dude (LOL)? I can't believe it only took almost 3 minutes to scan my drives. A screen never appeared in the program for me to check which drives I wanted scanned, but am guessing it scanned the C: drive.

Scan type: Quick Scan
Objects scanned: 51179
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Memory Items detected - 0
Files detected - 1
Registry items detected - 0
Total Threats - 1

Scan time 2:20 -- I also have a 250 gig external which it scanned -- I told it C: but that was evidently included, even though it shows me it's K: drive.

It said it was an adware tracking cookie.

The removing processing info said: compaqowner@revci(2).txt

Now --- surely that isn't the dialer thingie is it?

Do I need to do another scan with my Avast or where to now?

Thanks,

Julea

Yes, run Avast again and see if it now comes up clean.

c:Windows\Installer\f78b92msi\ISSetupFiles\SetupFile33 ??

Julea

I see you only did a quick scan with Malwarebytes.
My experience with the program has been that the quick scan does not pickup all the problems.

For example I ran a quick scan and it was clean then ran a full scan and it found a Trojan. Later on ran another quick scan and it was also clean then ran a full scan immediately after and it found a FP.

Maybe you could run a full scan just to verify the Quick Scan.

Just an example of what I found. Hope this helps

Ray

& you're about done now. The Revci 2 is Compaq computers own bit of spyware (Tracking cookie) similar to MS's. The 2 likely means it's been fixed once before by (Spybot?) and if you go the the Compaq site for update it'll get re-installed again (it may also be connected to a regular background update check to Compaq).
This was the SAS scan correct? Did report fixed? If so you're good.

The dialer thingie most likely was removed during first disable of Sys Restore which dumped all contents of Restore Points where it was located.

I would re-run Malwarebytes 1 more time, but this time, when you open the program and click scan, radio dot "full scan" rather than the
"quick scan" which is what you got the first time . It will offer list of drives to be scanned so check C: and K: also. Expect it to take about 45 minutes +/-. If finds nothing create new restore point manually labeled Post Complete Clean.

I'm a little concerned that your Spybot (version # ?) didn't find any of this. It should have. Possibly it has become corrupted? After doing
above, try to Update Spybot and run it. See IF it runs straight thru.
I doubt it'll find anything now since ****You're Clean***!! Congrats!
Sandy

check page 3!!! (Howl of pain & anguish!).apologies again, forget above post. Sandy

Julea,

can you upload THAT file to:

Jotti Malware Scan
http://virusscan.jotti.org/

or here:

Virus Total
http://www.virustotal.com/

Do you mean the malware file -- if so, no, I can't even find it, but my Avast scan can (LOL). That's why I went to the registry to see what it showed and I posted that above. As far as a file -- I've checked hi and lo and did the hidden file setting, etc.

Did you reboot your computer before running Avast?

"hide protected operating system files" when I search for that file?

The checkmark is removed from the hidden option, but not the hide protected one.

Thanks,

Julea

To enable the viewing of Hidden files follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the My Computer icon.
3. Select the Tools menu and click Folder Options.
4. After the new window appears select the View tab.
5. Put a checkmark in the checkbox labeled Display the contents of system folders.
6. Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
7. Remove the checkmark from the checkbox labeled Hide file extensions for known file types.
8. Remove the checkmark from the checkbox labeled Hide protected operating system files.
9. Press the Apply button and then the OK button and shutdown My Computer.
10. Now your computer is configured to show all hidden files.

I just finished doing the settings you shared for viewing ALL files. Mine were all ok except for the Hide system operating files, but I did remove that checkmark and proceeded with the search for the file.

I tried various parts of the name and letters of the file and each time it shows that nothing is found.

I also did another Avast scan after rebooting as you mentioned. The exact same information showed up with the addition of this:

C:\Documents and Settings\Compaq_Owner\Application Data\SUPERAntiSpyware.co.....\backup.db ------- unable to scan Archives

Any other suggestions?

What is the worst possible scenario if this stays on PC? Is it what the writer posted further up in this thread?

I've been to Avast forum re: this too, and their recommendations have been what yours were basically. Is this something for the repair shop? I'm not having any problems -- that I know of --- yet!!

Julea