The NEW Build Your Own Arcade Controls
Main => Everything Else => Topic started by: HaRuMaN on August 11, 2004, 12:12:49 pm
-
Maybe someone knows how to help me. I'm goin crazy here. My computer has some virus or trojan that keeps changing my dial-up phone number as well as my login name, etc. I can change it in order to get online, but it keeps changing back. I've run virus scans as well as Ad-Aware, but to no avail. If anyone knows how to help me, I would greatly appreciate it!
Thanks, everyone..
-Haruman
-
- boot the system from your Norton disc *assuming you use Norton* and run virus scans that way.
- Update your definitions, run virus scan again after booting computer normally.
- update and run adaware
- update and run Spybot Search and Destroy
- check running processes for anything fishy, cancel them (be careful)
- go to Add/Remove programs, get rid of anything you didn't put in (this is a longshot though, since most virus/spyware don't give you a remove option :) )
- if all else fails, it's time to reinstall windows.
-
Any additional specifics such as what it is changing the configuration to (values, etc)
Might help better identify the cause
-Goz
-
my fav combo for spyware, trjoans, etc is spybot s & d
run that first
then install
spywareblaster
do a google serach on those to and maybe you are set. it sounds like somthing is installed on pc... ctrl alt dlt and see what task are running when it happen. broswe though progrom folder and look for somthing strange...
how this helps..
i love the format HD option..that gets rid of everything..
-
Use this. Put it in it's own directory somewhere. It will remove (only the stuff you check) nasty stuff. Works really well.
Oh yeah, stop using IE and start using Mozilla/FireFox.
-
I've been hit by one just recently and am going to format and reinstall everything. It's the safest way to go cause this way you know that everything is wiped clean.
-
lol, 3 responses within 20 secs with 2 of them being almost the same thing :D
-
try downloading hijack this
http://www.spychecker.com/program/hijackthis.html
also, if you have xp, run msconfig and see whats starting at startup, goto blackvipers and see what each one is and disable the ones you dont need.
edit... go here and run this cwsshredder program as well
http://forums.spywareinfo.com/index.php?showtopic=11202
-
try downloading hijack this
http://www.spychecker.com/program/hijackthis.html
I'd swear I just posted that above.
-
lol, your post wasnt up there when i was typing :) i hit post, and refresh and saw like 8 more posts
-
Wow... thanks for the many fast replies. I'm gonna try things out, will post again with results.
-
Be careful with Hijackthis. Unlike Spybot and Adaware, where you're pretty safe just removing everything it finds (you might disable a couple programs, but if they are programs that require adware/spyware to run then you don't want them anyway), Hijack this pulls up A LOT of legitimate stuff that you can screw up your system by removing. It's not readily apparent, even to many computer professionals whether some of the things are safe to remove. That said, it is the most powerful of all the tools out there and can generally take care of any problems that Spybot and Adaware miss. I just recommend going to a Hijack this forum and posting the results of your Hijackthis analysis. Let one of the people on the forum tell you what to remove.
-
Stay off "bad" sites, and stop clicking porn spam in the newsgroups! ;-)
-
Goto http://housecall.trendmicro.com and run their free virus program it will get rid of the dialer prog you have. Also download Ad-Aware http://www.ad-aware.com and Spy Bot Search & Destroy http://www.safer-networking.org/en/download/index.html and Spywareblaster http://www.javacoolsoftware.com/spywareblaster.html
The last one will prevent spyware from ever being installed, while the other 2 will clean the existing spyware from your computer. One always finds stuff the other doesn't.
-
Ok... I've tried all of the above methods, and while I did find a few problems I didn't even know I had, none of them got rid of the problem I started off trying to fix. Maybe if I give a little more information, someone may know of a specific fix.
I change my connection back to what it is supposed to be. Then, within a few minutes, whether I go online or not, something changes my settings. It changes two things:
1) It changes the phone number to 0114382082018414
2) It changes my User name from "rspeer" to "rspee0.224.1295."
One more point... it only does this to the default internet connection. I made a different connection to get online, and it hasn't touched it.
Maybe this will ring a bell with someone and I can eliminate this pest. Thanks for all of your help everyone. :)
-
I'd hate to have to format... :(
-
Don't Format yet, only as a last response. It definetly sounds like a Trojan virus. What OS and Virus software are you using.
-
How many virus's is it gonna take before people figure out that they shouldn't be using Internet Explorer, Outlook or Outlook Express?? Geez.
-
Hey HarumaN, I guess your off line now. It's probably a Trogan from a porn site like RayB said, one of those dialers. If your using Win2000 or XP go to this site http://www.techspot.com/tweaks/win2k_services/index.shtml it will show you what Services to disable to prevent security problems, etc. Turn off Java whenever possible when surfing and disable Cookies and don't forget to clean your cache. Like Peale said, Avoid Internet Explorer, personally I use FireFox.
This is what I normally do to find what viruse/s are my on 2000 and XP machines...
1. Do a Google search. Try different keywords to search your problem. Usually works for me. Check out Nortons site for known virus threats. If it doesn't work try step 2...
2. Run Task Manager and disable any process that looks out of place. Windows won't let you close critical processes so you should be alright closing processes that look weird. Make a list of the Image Names and do a search on the net if you are wondering what they are. Take note of what processes are running and open your internet conection. If you still have the problem go back to the Task Manager and take note of the new processes now running. Then do a google search on the new processes to determine the exact virus threat and treat it accordingly. If your Internet conection is fine then you closed the problem process/es. Again do a search (first lot you took note off) to find out what your processes are doing. This helps narrow down the problem. This step usually works for me, becouse most viruses, not all, run in memory and are usually listed in the Task Manager.
NOTE: Some Viruses in memory stay there even after you Reboot your computer, so sometimes a cold boot (turn comp off) to clear memory is the best.
Sounds like alot of work, but it's better than formatting and reinstalling all your software and prefs. If this doesn't do it try step 3...
3. Run MSCONFIG and in the System Configuration Utility go to Startup and Disable the Startup Items listed (any that you know are ok leave them enabled) and click OK. You can enable them later if needed. In Win2000 you will need to get this file http://www.techadvice.cc/files/s29k2/win-xp/msconfig.exe
and saving it to c:\windows\system32 (obviously \windows being whatever your windows directory is) to run MSCONFIG.
NOTE: If your comp won't boot after, then go into the boot options F8 (on some machines) and start in safe mode and repeat step 3 but enable anything that needs to run, although you shouldn't have to. I had that happen to me once.
Hopefully by now you have identified and cleaned the Virus, if it is a virus, it may be a bad modem, conflicting modem settings or even problems with your provider. I'm leaning towards the virus.
If you haven't cleaned out the virus yet, you can update your virus software and run a virus scan, load the programs listed in this thread (they are all great utilities) and run scans. Go to Add and Remove Software and remove any suspicious software. Run a search of your Hard Drive using known keywords like dial, dialer, etc. and use the wildcard * if needed.
Here's a couple of things to try, asuming it's not a virus.
Uninstall the modem software and delete the modem drivers then cold boot your comp and reinstal the modem software and drivers and finally setup your account again and try it.
Check your modem manufacturer for updates.
Check for security and driver updates for your OS.
Call your provider and ask if anyone else has had a similar problem, perhaps they may know something.
I know this is a long response, forgive me if I've put you asleep, but I hope some of this helps...
-
Jakobud's right Internet Explorer and Outlook Express are security nightmares and should be avoided. And as for Outlook, I don't how many people I've seen using this on personal computers, it's meant to be used with an Exchange server.
I hope I don't offend anyone, but I also hate Java and Cookies. The biggest problem I have with customers is popups and viruses. They just refuse to turn of Java (popups galore) and use anything but IE. As for these popups, that's where most of these dialers com from and if your not closing them by the X in the windows corner, your running the risk of downloading something you don't want.
Ah! I feel beter now...
-
Man, you guys are so right. I just started using Mozilla about a month ago, and what a difference!! Installing it for the popup blocker alone is worth the trouble.
The other thing I can't live without is Norton's live update - it runs in the background periodically when I go online. I have been virus free for close to a year now!!
-
How do you see what processes are running if you are using Windows ME. Now before anyone says anyting about that, yes, I know... Windows ME just sucks outright. Lol. It was on here when I bought it 3 or so years ago...
-
Famous hacker quote.
-
Jakobud's right Internet Explorer and Outlook Express are security nightmares and should be avoided. And as for Outlook, I don't how many people I've seen using this on personal computers, it's meant to be used with an Exchange server.
I hope I don't offend anyone, but I also hate Java and Cookies. The biggest problem I have with customers is popups and viruses. They just refuse to turn of Java (popups galore) and use anything but IE. As for these popups, that's where most of these dialers com from and if your not closing them by the X in the windows corner, your running the risk of downloading something you don't want.
Ah! I feel beter now...
I think you mean javascript. You wouldent want to offend a Java professional such as myself by implying the two are the same, right? ;)
-
I have been getting re-directs all over. I can't seem to get rid of them. I have norton and panicware pop up blocker, but it's still getting past them.
I don't detect any spyware. Is there a better way? Have you guys noticed new types of popup ads getting trought?
-
Just so you know, adaware has a new version out adaware se, i ran the old adaware with all updates and it found nothing on my machine, running the new version, i found 36 new items. http://www.lavasoftusa.com/
-
I think you mean javascript. You wouldent want to offend a Java professional such as myself by implying the two are the same, right?
Most definently yes!!! It was so late when I posted, but I mean't Javascript and not Java programming. Please forgive me, please, please, please... ;D
How do you see what processes are running if you are using Windows ME. Now before anyone says anyting about that, yes, I know... Windows ME just sucks outright. Lol. It was on here when I bought it 3 or so years ago...
To see the Processes in Me (98 on steroids) hit Ctrl. + Alt. + Delete and the Task Manager will appear. As for using Windows Me, I've never really used it. I know people who use it and love it and those that hate it, but I will say this replace it if you can.
-
It is dialer scumware. It is changing the phone # to a number in Austria.
Try this. It may not remove it (it is a shareware app not fully functional) but it'll pinpoint the problem for you so you can eliminate it manually.
http://www.pcinternetpatrol.com/
APf