edvan dialer problem

Discussion in 'adware, spyware & hijack cleaning' started by ronaldo, Jun 1, 2004.

Thread Status:
Not open for further replies.
  1. ronaldo

    ronaldo Registered Member

    Jun 1, 2004
    An xxxserver dialer has been installed on my system. It dials a premium rate number without me knowing. I need to get rid of it. Please help. I attach a log from hijackthis. Thanks.

    Attached Files:

  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Apr 27, 2002
    Hi ronaldo,

    More then one dialer I think.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:mad:MSITStore:C:\WINDOWS\start.chm::/start.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php

    F1 - win.ini: run=C:\WINDOWS\svcinit.exe
    O1 - Hosts: spywareinfoforum.com
    O1 - Hosts: www.spywareinfoforum.com
    O1 - Hosts: lavasoftsupport.com
    O1 - Hosts: www.lavasoftsupport.com
    O1 - Hosts: exit.xitcash.com
    O1 - Hosts: www.exitforcash.com
    O1 - Hosts: exit.sellyourexit.com
    O1 - Hosts: sex-explorer.com
    O1 - Hosts: www.sex-explorer.com
    O1 - Hosts: www.online-dialer.com
    O1 - Hosts: network.nocreditcard.com
    O1 - Hosts: www.mtreexxx.net
    O1 - Hosts: www.0190-dialer.com
    O1 - Hosts: install.xxxtoolbar.com
    O1 - Hosts: www.xxxtoolbar.com

    O4 - HKLM\..\Run: [HotPix2] c:\program files\dialers\hotpix2\hotpix2.exe /noconnect

    O4 - HKLM\..\Run: [keymgrldr] rundll32 setupapi,InstallHinfSection Oemkeymgr9x 128 keymgr3.inf

    O4 - HKLM\..\Run: [Runner] C:\WINDOWS\lsass.exe /i

    O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcinit.exe

    O15 - Trusted Zone: *.waitsex.com

    Then download and run CWShredder
    Use the Fix button and follow the instructions provided by the program.

    Then reboot into safe mode and delete:
    c:\program files\dialers <= entire folder


Thread Status:
Not open for further replies.