Dailer.OY won't go!

Computing.Net > Forums > Security and Virus > Dailer.OY won't go!

Computer Problems? Computing.Net has over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to start participating now! Also, be sure to check out the New User Guide.

Dailer.OY won't go!

Name: Pariah
Date: April 16, 2006 at 02:04:43 Pacific
OS: Windows xp pro sp2
CPU/Ram: P4 2.6gig, 1gb PC3200
Product: Me, Myself & I

Comment:

Hi all! My computer is infected with Trojan/Dialer.OY.7(Avguard definition). There seems to be 2 files, both are I think hidden. 1 is located in C:\Documents and Settings\(My Username)\..., this file is an .exe file. The other is located C:\Windows\TEMP\, this file is a .tmp file(I think) which changes number everytime it is found. As I said, I can't manually find them, AVG, spybot and Ad-aware scan doesn't find anything either, the only way I know they are there is because Avguard pops up and tells me, I keep deleting but they keep on coming back. Any ideas please? Is this virus dangerous? I really dont want to format as I have got tons of stuff on my PC. Thanks a lot in advance!
P4 2.6gig@880mhz FSB-2.86gig,
Asrock PV4M800 m/b,
1gb PC3200 RAM
80gig hdd,
Ati radeon 9600 256mb graphics

Sponsored Link

Ads by Google

Response Number 1

Name: Pariah
Date: April 16, 2006 at 02:13:43 Pacific

Reply:

Just happened again, the actual filepaths are:- C:\Documents and Settings\(username)\...\srvicn[1].exe and
C:\WINDOWS\TEMP\win4EE.tmp (This file changes everytime) Help Please!
P4 2.6gig@880mhz FSB-2.86gig,
Asrock PV4M800 m/b,
1gb PC3200 RAM
80gig hdd,
Ati radeon 9600 256mb graphics

Response Number 2

Name: Pariah
Date: April 16, 2006 at 02:40:07 Pacific

Reply:

It's just happened again and i've just realised that both files change, not just the .tmp file as I had previously thought.
P4 2.6gig,
Asrock PV4M800 m/b,
1gb PC3200 RAM
80gig hdd,
Ati radeon 9600 256mb graphics

Response Number 3

Name: jabuck
Date: April 16, 2006 at 04:40:09 Pacific

Reply:

Run this free online scan from Panda
When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to the desktop, then copy/paste into the text editor and post it.
Please post a Hijack This log so that the files associated with the virus/spyware/hijacker can be identified. You can download Hijack This at this link http://www.tomcoyote.org/hjt/ then place it into a folder of it's on, such as C:\HJT, so that back up copies can be made and not clutter your desktop or other folders and the backup copies of deleted items can be easily located if needed.
Once saved double click HijackThis.exe, and press "Scan". When the scan is finished, the "Scan" button will change into a "Save Log" button.
Press that, save the log, Ctrl-A to Select All, and copy its contents into the text editor at this forum.
Do not fix anything yet unless you know what you are doing. This is a powerful tool that can crash the computer if used improperly.

Response Number 4

Name: Pariah
Date: April 16, 2006 at 05:30:34 Pacific

Reply:

HI, thanks for the response, my panda log is:-
Incident Status Location
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt[]
My HJT log is:-Logfile of HijackThis v1.99.1
Scan saved at 13:28:23, on 16/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\WINDOWS\vsnpstd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\MSN Messenger\MsnMsgr.exe
C:\Program Files\WinZip\WZQKPICK.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.co.uk/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer Provided By Wanadoo
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\WINDOWS\system32\WSBar.dll
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SNPSTD2] C:\WINDOWS\vsnpstd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.exe
O8 - Extra context menu item: Search with Wanadoo - res://C:\WINDOWS\system32\WSBar.dll/VSearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.1.2.76.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1143488955593
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{620AFB22-948C-4B66-87E2-254F0170FF46}: NameServer = 195.92.195.95 195.92.195.94
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

Response Number 5

Name: jabuck
Date: April 16, 2006 at 06:06:49 Pacific

Reply:

Looks like the main culprit is dead (O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing).
Please download ATF-Cleaner to your desktop from this link
http://www.atribune.org/content/view/19/2/ We will need it later in safe mode
Reboot into safe mode. To do so shutdown the computer, wait 30 seconds. Restart the computer and immediately begin tapping F8, at the advanced option screen choose "safe mode" then follow the prompts to start in safe mode.
Once in safe mode run HT again, close all windows except HT, place a check to the left of this item and press "fix checked":
O20 - Winlogon Notify: wincqt32 - wincqt32.dll (file missing)
Next run Ewido from safe mode. When the scan has completed, Ewido will create a report.txt file. Click the "Save Report" button on the bottom of the screen and save the log to your desktop.
Run ATF-Cleaner. Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
Go start>control panel>internet options:
Delete history>yes
delete cookies>ok
delete files>check the "delete all offline content box">ok
Go to start>my compter>local disk(c:)>Documents and Settings>open each folder and delete the contents of the cookie folder if the folder exist.
Please reboot into normal mode and post the ewido log.

via raid controller 3149 local disk batch folder exists dos folder exists delay en assembler vi go to bottom hex 92 username format res://C:\WINNT\system32\shdoclc.dll/navcancl.htm powerdvd 8876086A	powerreg scheduler avguard.tmp delete all offline content offline content usb programming c c++ delay ATI.ACE.CLI.Aspect.DeviceDFP.Graphics.Runtime.RT_DeviceDFP::Parse ccie salary in india speedtouch 576 thomson tcm425
See More

Response Number 6

Name: Pariah
Date: April 16, 2006 at 08:10:13 Pacific

Reply:

Done everything you said mate, here is the-----
ewido anti-malware - Scan report

+ Created on: 15:57:31, 16/04/2006
+ Report-Checksum: 73EFE0AC
+ Scan result:
:mozilla.13:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.14:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.15:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.16:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.17:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.18:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.19:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.20:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.21:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.75:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.76:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.77:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.78:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.79:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.80:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned without backup
:mozilla.115:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Falkag : Cleaned without backup
:mozilla.120:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Weborama : Cleaned without backup
:mozilla.134:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Com : Cleaned without backup
:mozilla.142:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
:mozilla.143:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
:mozilla.144:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
:mozilla.145:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
:mozilla.146:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned without backup
:mozilla.152:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.153:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned without backup
:mozilla.154:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.155:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.156:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.157:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.158:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup
:mozilla.229:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.230:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.231:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.232:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned without backup
:mozilla.237:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.238:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.239:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned without backup
:mozilla.247:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Trafic : Cleaned without backup
:mozilla.283:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Yadro : Cleaned without backup
:mozilla.288:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.289:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup
:mozilla.309:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.I12 : Cleaned without backup
:mozilla.310:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned without backup
:mozilla.311:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Onestat : Cleaned without backup
:mozilla.312:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned without backup
:mozilla.313:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned without backup
:mozilla.314:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned without backup
:mozilla.315:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned without backup
:mozilla.316:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned without backup
:mozilla.336:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup
:mozilla.337:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup
:mozilla.338:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup
:mozilla.339:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup
:mozilla.340:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup
:mozilla.341:C:\Documents and Settings\pariah\Application Data\Mozilla\Firefox\Profiles\fpbu77vk.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup

::Report End

Response Number 7

Name: jabuck
Date: April 16, 2006 at 08:25:13 Pacific

Reply:

Are you still having problems or did that seem to fix the computer?

Response Number 8

Name: Pariah
Date: April 16, 2006 at 08:31:15 Pacific

Reply:

i'll let you know mate, it's never gone longer than about 90 mins before avguard pops up, so, i'll leave my pc on and post back in an hour or so and let you know what's what. I've been doing some reasearch and it seems this virus is rather new, seems to have started in India and it's becoming widespread very quickly but no one has a clue how to get rid of it! Thanks for your help mate, i'll post back shortly.

Response Number 9

Name: Pariah
Date: April 16, 2006 at 10:03:12 Pacific

Reply:

So far so good mate, it seems you have triumphed where hundreds have been failing! Do you think it was stashed in my web history or something? Thankyou very much for all your help. I really apreciate it!!!

Response Number 10

Name: jabuck
Date: April 16, 2006 at 10:47:24 Pacific

Reply:

I think it was a temp file.
If you think that got it you need to empty (purge) the system restore folder as it can house these things.
For instructions on how to purge system restore click Here
To create a new restore point go Start>Run>type "msconfig" without the quotes>ok>Launch System Restore>Tick the circle beside "create a restore point">next>name it anything you wish>Create>home>restart the computer.

Response Number 11

Name: Pariah
Date: April 16, 2006 at 10:52:13 Pacific

Reply:

Hi mate, I don't use system restore, I always have it turned off. Thanks again!!
"PARIAH" [British By Birth]

Response Number 12

Name: GMIslander
Date: April 16, 2006 at 21:05:21 Pacific

Reply:

I have much the same thing. It was trojan dialer.bpl then downloader.zlob.lb and trojan dialer.oy. I'm getting virus warnings poping up often and send them to vault.
I have scanned in safe mode with ewido and destroyed something that was hijacking my home page. Also scanned in safe mode with panda and avg pro.
Thanks for any help you may offer

RG

Response Number 13

Name: Pariah
Date: April 17, 2006 at 01:13:19 Pacific

Reply:

If you follow the steps in this thread, it will get rid of the Dialer.OY on your system.
"PARIAH" [British By Birth]

Sponsored Link

Ads by Google

Define deleted registry k...

printers.exe VIRUS??? 100...

Post Locked

This post is quite old and has been locked from receiving new replies. Please create a new posting instead.

Go to Security and Virus Forum Home

Sponsored links

Ads by Google

Results for: Dailer.OY won't go!

Viruses Won't Go Away

Summary

www.computing.net/answers/security/viruses-wont-go-away/17340.html

boxsexitbags won't go away

Summary

www.computing.net/answers/security/boxsexitbags-wont-go-away/12101.html

Pop Up That Won't Go

Summary

www.computing.net/answers/security/pop-up-that-wont-go/16116.html

From the Geek Dictionary
STFU - Shut the f*ck up. Basically be quiet in a more harsh tone.

Ask a Question!

Weekly Poll
Did you go shopping on Black Friday?

Poll Finishes In 2 Days.
Discuss in The Lounge
Poll History

Recent Posts
Upgrading HD's in Raid 1 configuration

INSERT A CORRECT CD error ?? Please answer

monitor off/on

Laptop Not Booting, Battery Light Flashes

IE redirects and some programs won't run

All Awaiting Reply

Tom's News
New Super Mario Bros. Wii Looks Great in 1080p

Xbox Live Marketplace Getting Pets

Snoop Dogg Lends His Voice to GPS Navigation

Roomba Saves Family From Poisonous Snake

AT&T's Case Against Verizon Dismissed

More Tom's Guide News

Data Recovery

Manufacturer List | About Us | Advertising Info | Contact Us
The information on Computing.Net is the opinions of its users. Such opinions may not be accurate and they are to be used at your own risk. Computing.Net cannot verify the validity of the statements made on this site. Computing.Net and Computing.Net LLC hereby disclaim all responsibility and liability for the content of Computing.Net and its accuracy.
PLEASE READ THE FULL DISCLAIMER AND LEGAL TERMS BY CLICKING HERE