I would like to know if this is ok,as i have installed aol 9 and once it was up and running everything was ok and i used port explorer to see if there was anything different and low and behold there was one hidden server detected and it is aoldial.exe, this is aol connectivity service dialer [udp on port 1089] is this ok or should action be taken. I have checked my firewall and all ports are stealth in all sights that i checkedmy firewall in. the mul
Hello the Mul, will that be the part of your AOL 9 which is calling home if necessary to connect to interent with the AOL software? See what happens if you disable send -- you might get disconnected or not able to do several things, you can enable spying on it's traffic so yuou know if it is spying on every key you touch, etc. You can expect it to be at least part of them. Do TDS, SpybotS&D and Ad-Aware alarm on it?
Hi The Mull, I am a little concerned about this file aoldial.exe as it comes up in Google with some freference about virus type behaviour, would you please ZIP up a copy and submit the file to submit@diamondcs.com.au. Also would you post your Autostart viewer log here: The link to to the viewer: http://www.diamondcs.com.au/index.php?page=products Please tick the three options in Main, save to a text file and copy / paste here. Thanks Pilli
This is the log u asked for.DiamondCS Autostart Viewer (www.diamondcs.com.au) - Report for Steven@MERCURY, 04-04-2004 c:\autoexec.bat PATH C:\BITWARE\ c:\windows\system32\autoexec.nt C:\WINDOWS\system32\mscdexnt.exe C:\WINDOWS\system32\redir.exe C:\WINDOWS\system32\dosx.exe c:\windows\system32\config.nt C:\WINDOWS\system32\himem.sys c:\windows\wininit.ini [rename] nul=C:\WINDOWS\UNINST~1\WASHAN~1\setup.exe c:\windows\system.ini [drivers] timer=timer.drv voice=C:\BITWARE\is101.drv c:\windows\system.ini [boot]\shell C:\WINDOWS\Explorer.exe c:\windows\system.ini [boot]\scrnsave.exe C:\WINDOWS\System32\ssmypics.scr HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell C:\WINDOWS\Explorer.exe HKCU\Control Panel\Desktop\scrnsave.exe C:\WINDOWS\System32\ssmypics.scr HKCR\vbsfile\shell\open\command\ C:\WINDOWS\System32\WScript.exe "%1" %* HKCR\vbefile\shell\open\command\ C:\WINDOWS\System32\WScript.exe "%1" %* HKCR\jsfile\shell\open\command\ C:\WINDOWS\System32\WScript.exe "%1" %* HKCR\jsefile\shell\open\command\ C:\WINDOWS\System32\WScript.exe "%1" %* HKCR\wshfile\shell\open\command\ C:\WINDOWS\System32\WScript.exe "%1" %* HKCR\wsffile\shell\open\command\ C:\WINDOWS\System32\WScript.exe "%1" %* HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ccApp C:\Program Files\Common Files\Symantec Shared\ccApp.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\ccRegVfy C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\NeroCheck C:\WINDOWS\system32\NeroCheck.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\bwprnmon.exe C:\BITWARE\NT\bwprnmon.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\TkBellExe C:\Program Files\Common Files\Real\Update_OB\realsched.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\EPSON Stylus C62 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /P23 "EPSON Stylus C62 Series" /O6 "USB001" /M "Stylus C62" HKLM\Software\Microsoft\Windows\CurrentVersion\Run\WINDVDPatch C:\WINDOWS\system32\CTHELPER.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\Run\UpdReg C:\WINDOWS\UpdReg.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Jet Detection C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\CTStartup C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run HKLM\Software\Microsoft\Windows\CurrentVersion\Run\Synchronization Manager C:\WINDOWS\system32\mobsync.exe /logon HKLM\Software\Microsoft\Windows\CurrentVersion\Run\nod32kui C:\Program Files\Eset\nod32kui.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AVPCC C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\avpcc.exe HKLM\Software\Microsoft\Windows\CurrentVersion\Run\AOLDialer C:\Program Files\Common Files\AOL\ACS\AOLDial.exe HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\MRUBlaster C:\Program Files\MRU-Blaster\indexcleaner.exe -CC HKCU\Software\Microsoft\Windows\CurrentVersion\Run\EPSON Stylus C62 Series C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\System32\E_S29.tmp" HKU\.Default\Software\Microsoft\Windows\CurrentVersion\Run\CTFMON.EXE C:\WINDOWS\System32\CTFMON.EXE HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\ C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\system32\SHELL32.dll C:\WINDOWS\System32\webcheck.dll C:\WINDOWS\System32\stobject.dll C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job C:\PROGRA~1\NORTON~1\NAVW32.exe C:\WINDOWS\Tasks\Symantec NetDetect.job C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE C:\Documents and Settings\Steven\Start Menu\Programs\Startup\Kaspersky Anti-Virus Monitor.lnk C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\AvpM.exe C:\Documents and Settings\Steven\Start Menu\Programs\Startup\MRU-Blaster Scheduler.lnk C:\Program Files\MRU-Blaster\scheduler.exe C:\Documents and Settings\Steven\Start Menu\Programs\Startup\MRU-Blaster Silent Clean.lnk C:\Program Files\MRU-Blaster\mrublaster.exe C:\Documents and Settings\Steven\Start Menu\Programs\Startup\Process Guard.lnk C:\Program Files\ProcessGuard\procguard.exe C:\Documents and Settings\Steven\Start Menu\Programs\Startup\SpywareGuard.lnk C:\Program Files\SpywareGuard\sgmain.exe C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AOL Companion.lnk C:\Program Files\AOL Companion\companion.exe HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute autocheck autochk * HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit C:\WINDOWS\system32\userinit.exe HKLM\System\CurrentControlSet\Control\WOW\cmdline C:\WINDOWS\system32\ntvdm.exe HKLM\System\CurrentControlSet\Control\WOW\wowcmdline C:\WINDOWS\system32\ntvdm.exe -a %SystemRoot%\system32\krnl386 HKLM\System\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ C:\WINDOWS\system32\imon.dll C:\WINDOWS\System32\dcsws2.dll C:\WINDOWS\system32\mswsock.dll C:\WINDOWS\system32\rsvpsp.dll HKLM\System\CurrentControlSet\Services\VxD\JAVASUP\ C:\WINDOWS\system32\JAVASUP.VXD The Mul
There does not seem to be any alert jooske from the programmes u stated and can u tell how to zip the file to send to dcs as i am still learning many things and am not sure how to do it. The Mul
That saves some grey hairs already! Do you have winzip? I added it to my rightclick menu in windows explorer, so for me it is rightclick on the file, choose "Add to zip" and it's done. If it's not in the rightclick menu maybe you have winzip somewhere on your system (didn't it come standard with windows installs?) to do it the same way via the program?
I suspect this file is okay. I am running AOL 9.0 Broadband and this file isn't on my system. But searching in google, I found it is on several peoples system, and it may be beta related. When I am online there are various parts that establish connections. WAOL.exe is always there as is ASCD.exe. Ascd on my system is where your aoldial.exe is located. Depending on your location you should be able to go online and ask AOL. Pete
In the meantime did you check online at www.kaspersky.com/remoteviruschk.html ?submit online an in a few seconds you get a reply on that same page. In fact i think it is ok as the scanners you used would be the first to beep alarms.
Hi The Mul, It looks pretty clean to me though I am no expert - I do notice the autodial run key so it won't harm to check that out. If you are using XP it has built in zipping functions, right click the file and Send to compressed .ZIP this this will just copy it to the same file name but with the .zip extention and in the folder where the file to be zipped is located. HTH Pilli
Thanks for all your help, I have scanned aoldial.exe with kav remote virus checker and also with kav 4.5 and all are clear, as well as a scan with tds3 and all is well and good. I have set up special rules in my firewall to block all tcp and udp of this file and now all is blocked. What I would like to know should this process not be stopped in port explorer as i have now blocked it in both directions, when i have blocked other applications in the past all communication on that port stops straight away, but with aoldial.exe it still shows up as running even though the firewall is blocking both inbound and out bound on this application. The Mul
There is probably a process starting it. You can change it's name for instance adding .tmp behind it and see if that gives problems in your AOL functioning and connection.
Thanks for all your help, as i have said i have blocked all in bound and out bound and all scans are clear on aol dial.exe so i am going to wait and see . What I would like to know is that i have added a zip file of aoldial.exe but do u normaly write some details of what u have found and what is going on. Can u also tell me if u terminate the process with port explorer can u start it again or is it terminated for ever. The Mul
Hi The Mul, Yes you can restart the process after termination. Remeber that you will have to give Port Explorer Terminate "Allow" in Process Guard if you have the programme on your protection list
Thanks pilli for your help and I will use the advise u gave me. I have tried to send the zip file by email to dcs ,but this is what is emailed back to me after i send the email to dcs, The following addresses had permanent fatal errors [submit@diamomdcs.com.au>]. Can u tell me if there is another address i can send the zip file to. The Mul
Diamondcs not diamomndcs I made a typo in the first url I posted - Smack my wrists Corrected now. submit@diamondcs.com.au
the mul, Is the installation of AOL 9.0 a Beta version? AOLDial.exe is part of beta version. It is required by AOL 9.0 beta unless you are using BYOA cable modem. In further checking, AOLDial.exe has been morphed into the GM version of AOL 9.0 as well.
I thought I would let u all know, I have recieved a reply from diamondcs on the aoldial.exe zip file that I sent them so they could check for anything suspicious and this is what they had to say. This file looks clean, and since its an AOL file you should trust it Please remember that the Port Explorer feature that shows items in RED is to identify unknown files using sockets which have no windows ON SCREEN - AOL probably has a number of tray icons which do not count when Port Explorer makes these calculations. If you make a window show on screen then the sockets will return to BLACK Best regards, DiamondCS Support The Mul
So now all is ok and clear and the file gets black when you click the systray icon? Thanks for letting us know! Good that you asked!