edvan dialer problem

Discussion in 'adware, spyware & hijack cleaning' started by ronaldo, Jun 1, 2004.

Thread Status:
Not open for further replies.
  1. ronaldo

    ronaldo Registered Member

    Joined:
    Jun 1, 2004
    Posts:
    1
    An xxxserver dialer has been installed on my system. It dials a premium rate number without me knowing. I need to get rid of it. Please help. I attach a log from hijackthis. Thanks.
     

    Attached Files:

  2. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,435
    Location:
    Netherlands
    Hi ronaldo,

    More then one dialer I think.

    Check the following items in HijackThis.
    Close all windows except HijackThis and click Fix checked:

    R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http:///

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.123found.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ultralinks.info/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.master-search.com/search.php
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.master-search.com/search.php
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = mk:mad:MSITStore:C:\WINDOWS\start.chm::/start.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.master-search.com/search.php

    F1 - win.ini: run=C:\WINDOWS\svcinit.exe
    O1 - Hosts: 64.135.204.60 spywareinfoforum.com
    O1 - Hosts: 64.135.204.60 www.spywareinfoforum.com
    O1 - Hosts: 64.135.204.60 lavasoftsupport.com
    O1 - Hosts: 64.135.204.60 www.lavasoftsupport.com
    O1 - Hosts: 64.135.204.60 exit.xitcash.com
    O1 - Hosts: 64.135.204.60 www.exitforcash.com
    O1 - Hosts: 64.135.204.60 exit.sellyourexit.com
    O1 - Hosts: 64.135.204.60 sex-explorer.com
    O1 - Hosts: 64.135.204.60 www.sex-explorer.com
    O1 - Hosts: 64.135.204.60 www.online-dialer.com
    O1 - Hosts: 64.135.204.60 network.nocreditcard.com
    O1 - Hosts: 64.135.204.60 www.mtreexxx.net
    O1 - Hosts: 64.135.204.60 www.0190-dialer.com
    O1 - Hosts: 64.135.204.60 install.xxxtoolbar.com
    O1 - Hosts: 64.135.204.60 www.xxxtoolbar.com

    O4 - HKLM\..\Run: [HotPix2] c:\program files\dialers\hotpix2\hotpix2.exe /noconnect

    O4 - HKLM\..\Run: [keymgrldr] rundll32 setupapi,InstallHinfSection Oemkeymgr9x 128 keymgr3.inf

    O4 - HKLM\..\Run: [Runner] C:\WINDOWS\lsass.exe /i

    O4 - HKLM\..\RunServices: [SVC Service] C:\WINDOWS\SYSTEM\svcinit.exe

    O15 - Trusted Zone: *.waitsex.com

    Then download and run CWShredder
    Use the Fix button and follow the instructions provided by the program.

    Then reboot into safe mode and delete:
    C:\WINDOWS\lsass.exe
    c:\program files\dialers <= entire folder

    Regards,

    Pieter
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.