Win32/Dialer.GD Trojan

Discussion in 'Trojan Defence Suite' started by Sal, Feb 28, 2005.

Thread Status:
Not open for further replies.
  1. Sal

    Sal Guest

    I get this notice like, every 30 minutes

    and when I select delete, it'll still happen again in like 30 minutes.. help?:eek:

    Someone recommended TDS to me but it doesnt detect that trojan, help please?
     

    Attached Files:

  2. `mishimasan`

    `mishimasan` Registered Member

    Joined:
    Feb 19, 2005
    Posts:
    209
    Location:
    London, England
    That means you've got a trojan virus. You need to clean it. If you can't clean it with NOD 32, then try to update the latest virus definitions - there should be a tool in NOD 32 that updates the program.

    You could also try to "delete the infected file" but you must make sure if you need the file that is infected first. You most probably do not.

    If you still can't get rid of it, copy the name of the virus (Win32/dialer.GD trojan) into google or another search engine alike, and find the easiest way to clean your computer of it. I guarantee you will get more than one page of hits for this particular virus.
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Sal, Please try TDS3 again running from safe mode. You can access safe mode by pressing F8 several times before windows starts to boot.
    If you are running Nod resident it is probably locking the files so that TDS3 cannot detect and allow you to remove them.
    You can get the latest TDS3 radious file from here: http://tds.diamondcs.com.au/index.php?page=update Please follow the instructions on the page.

    Befor running the scan in Safe mode go into TDS3's scan control and enable all the scans. Select all physical drives then scan. This will take some time but is a very thorough scan.

    Hope this helps. Pilli.
     
  4. Sal

    Sal Guest

    Anyway, thanks both of you, and hope we can find a way to clean it. I'm hoping TDS might find it with the latest update. :)
     
  5. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Sal taking a liik at your screenshot again it looks like Nod was flagging a bad webpage not on your PC :) Try cleareing your i.e. history files and cache anyway to be sure: If it is not on your PC that is why it was not being detected.

    Pilli
     
  6. `mishimasan`

    `mishimasan` Registered Member

    Joined:
    Feb 19, 2005
    Posts:
    209
    Location:
    London, England
    Oh yeah.... http://blablabla...

    Damn, I should have seen that. I get that all the time dude it's nothing to worry about. Just do what Pilli says above.
     
  7. Sal

    Sal Guest

    I manually deleted all my history, temp files and cookies etc etc and I still get the notice like every hour. Maybe there's a program that delete files more thoroughly or something, but I couldn't find any files remaining in the the temp etc folders. And yes I have show hidden folders enabled. And I did it in safe mode. :(
     
  8. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hmm, I wonder if it could be in your restore folder?
     
  9. Sal

    Sal Guest

    My restore folder? What's that?
     
  10. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    If you are running XP then you will have a restore folder. Start - Help & support - Sytem restore. There you will find a series of dates which you computer can be restored back to. If you know when your infection may have occurred you can select a date prior to that, providing there is one, and restore to that date. This does not effect any new documents, email etc. only the Sytem. This should be worth trying if the infection is recent.

    The infection could be in your most recent restore points i.e. those created after the infection first arrived in your PC.

    I am still concerned that this may be a website as it is the Internet monitor that is catching it.

    Please close your internet connection completely, even disconnect your modem and rescan with NOD and TDS3 in safe mode.

    You should also do a full system scan with AdAware Feee available from www.lavasoft.de and another Anti-Spyware such as MS antispy beta which is available from MicroSoft downloads.

    Please report back your findings. :)

    HTH Pilli
     
  11. Sal

    Sal Guest

    That seems to have worked, the restoring. Thanks so much! :)
     
  12. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Glad to hear that Sal, Now do some reading on Wilders and think about how to enhance your defences with a good layered security.

    Cheers. Pilli :)
     
  13. `mishimasan`

    `mishimasan` Registered Member

    Joined:
    Feb 19, 2005
    Posts:
    209
    Location:
    London, England
    Pilli saves the day. Congratulations :)
     
  14. Sal

    Sal Guest

    And now it's back, and again the scanning and stuff didn't work, damn it!
     
  15. `mishimasan`

    `mishimasan` Registered Member

    Joined:
    Feb 19, 2005
    Posts:
    209
    Location:
    London, England
    I'm very sorry to hear about that. I searched the internet regarding your virus, and found very little on how to remove it. In fact, I didn't find anything substantial. This is quite worrying, as it means that this is a new type of virus (relatively) and there are currently little if no known methods of deleting the infection.

    May I be so bold as to suggest backing up the data that has not been infected, and reformatting the hard-drive?

    Regards,

    `MishimaSan`

    p.s. I wouldn't format just yet, but make sure you get all of the important files that haven't been infected yet, backed up onto another media, as you wouldn't want the infection to spread to those files. Hang around to see if someone else can give you a solution. If not, then if it was me, I would backup and reinstall.
     
  16. Sal

    Sal Guest

    Thanks. I'd rather not though, cause it'd be such a hassle. Besides I really don't have any way of knowing which files are infected do I? So how would I know im not copying the virus to my back up files?
     
  17. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
  18. `mishimasan`

    `mishimasan` Registered Member

    Joined:
    Feb 19, 2005
    Posts:
    209
    Location:
    London, England
    Looks like a very good guide Pilli, nice.
     
Thread Status:
Not open for further replies.