edvan dialer problem

Discussion in 'adware, spyware & hijack cleaning' started by ronaldo, Jun 1, 2004.

Thread Status:
Not open for further replies.
  1. ronaldo

    ronaldo Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1
    An xxxserver dialer has been installed on my system. It dials a premium rate number without me knowing. I need to get rid of it. Please help. I attach a log from hijackthis. Thanks.
     

    Attached Files:

  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,330
    Location:
    Netherlands
    Hi ronaldo,

    More then one dialer I think.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:mad:MSITStore:C:\WINDOWS\start.chm::/start.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php

    F1 - win.ini: run=C:\WINDOWS\svcinit.exe
    O1 - Hosts: 64.135.204.60 spywareinfoforum.com
    O1 - Hosts: 64.135.204.60 www.spywareinfoforum.com
    O1 - Hosts: 64.135.204.60 lavasoftsupport.com
    O1 - Hosts: 64.135.204.60 www.lavasoftsupport.com
    O1 - Hosts: 64.135.204.60 exit.xitcash.com
    O1 - Hosts: 64.135.204.60 www.exitforcash.com
    O1 - Hosts: 64.135.204.60 exit.sellyourexit.com
    O1 - Hosts: 64.135.204.60 sex-explorer.com
    O1 - Hosts: 64.135.204.60 www.sex-explorer.com
    O1 - Hosts: 64.135.204.60 www.online-dialer.com
    O1 - Hosts: 64.135.204.60 network.nocreditcard.com
    O1 - Hosts: 64.135.204.60 www.mtreexxx.net
    O1 - Hosts: 64.135.204.60 www.0190-dialer.com
    O1 - Hosts: 64.135.204.60 install.xxxtoolbar.com
    O1 - Hosts: 64.135.204.60 www.xxxtoolbar.com

    O4 - HKLM\..\Run: [HotPix2] c:\program files\dialers\hotpix2\hotpix2.exe /noconnect

    O4 - HKLM\..\Run: [keymgrldr] rundll32 setupapi,InstallHinfSection Oemkeymgr9x 128 keymgr3.inf

    O4 - HKLM\..\Run: [Runner] C:\WINDOWS\lsass.exe /i

    O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcinit.exe

    O15 - Trusted Zone: *.waitsex.com

    Then download and run CWShredder
    Use the Fix button and follow the instructions provided by the program.

    Then reboot into safe mode and delete:
    C:\WINDOWS\lsass.exe
    c:\program files\dialers <= entire folder

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.