Virus , Posting for Help and Direction

[nebgranny]

Well, my computer has been acting up for a while now. Thought the problem happened when I ordered more memory and Gateway sent the wrong chip..Imagine That!! At install it made my computer run and not stop.

However now I find after all this time I have the Trojan Horse Dialer 17 E on here. I had no idea it was found , but looked in the Vault and there it was.

I know this is a photo site, but I have come to trust the people here and believe I will be led in the right direction for help. If this is not an appropriate post for here, maybe someone can direct me for some help. I am a senior citizen and know a little about computers but this is just not something I know about to relieve the problem.

Also I have Microsoft 2003 and it will not work properly either!! The program does not respond , and when I try to end it the end task effort does nothing. Can someone kindly help me or send me inthe right direction. I would be so pleased to have any help possible. Thanks Neb

[Gary Richardson]

Hi Neb,

First of all, have you got AdAware and Spybot S&D, if not, then download them from here.
http://www.lavasoft.de/
http://spybot.safer-networking.de/en...oad/index.html

Once you have downloaded and installed them, you MUST update them for the newest definitions.

Now run a FULL scan with both of them. When you finish a scan with one, REBOOT before running the scan with the other, THEN REBOOT AGAIN.

Often, some Malware can only be removed on Bootup.

Also Update your AntiVirus and run a Scan, again REBOOT after the scan.

If you're still having problems, post again, and I'll go through what you need to try next.

Best of luck,

Gary.

[nebgranny]

Thanks Gary:
I have Ad Aware, ran a scan and nothing there. I also have Spy Doctor, and Spy Blaster. I run AGV antivirus and all clean there .

Now it was today when I was looking closer at AGV that I saw the Quarantine Vault and that is where the Trojan is and it says not healed or something like that.

I know I got SpyDoctor AFTER the date the Trojan was found. So maybe that is why I have this virus. I have been having problems with dialing into my provider, and now when I go to get my e-mail I get booted off totally??

So , will wait for you to post what you think I might need to do now. Thanks Neb

[Gary Richardson]

Hi Neb, if the Virus is in the "Virus Vault", it has been Quarantined, and is therefore safe.

Sometimes it isn't possible to remove a virus without damaging your Operating System, in such cases the Anti Virus Program will encrypt the virus in such a way that it cannot operate.

Did your E-mail problem start when you installed AVG, and do you use Outlook Express as your E-mail client ?

If so, you will have to either turn off the E-mail scanner for AVG (easiest but least secure option) or manually configure the E-mail filter (complex, but I can guide you through it).

What kind of Internet connection do you have, and in what way does it fail to operate ?

As a quick test, to see if it is AVG causing your E-mail problems, do the following.

Open AVG, Click on "Control Centre", Click on "E-mail Scanner" then Click on the "Properties" tab at the bottom of the window.

Now another window will open, click on "Disable Plugin" then click "OK".

This has disabled your E-mail scanner, try your E-mail now, and let me know what happens.

Best of luck,

Gary.

[greatguy]

Gary has good advice, you may also want to turn off your "system restore" Control panel - system - system restore - turn off. to prevent windows from reinstalling a file it can no longer find.

[nebgranny]

ok . already had e-mail scanner disabled Gary. Was having problems once before and so did it then and it began to work.
Did the system restore done as well. Thanks to you both.

Now I just downloaded RegistryFix, have either of you heard of it? It found 505 problems. I am not sure but said free scan so

I bet
I need to buy it and will not be able to. My friend said not to fool around with the registry , and that I may lose all my files and have not backed them up, as ..well...hate to admit it but my old computer came with CD Creator and loved it..but this one has Nero and do not know how to use it and tried and all that happened is that I got a bunch of Nero Icons on the CD. So have not tried it since. OH MY... Neb

[Sanda]

If you are still having problems with your computer there is an excellent site which gives good advice. www.suggestafix.com I've used it many times for computer help.
Sanda

[JustChecking]

no advice, but one recommendation here - try avast! antivirus ( http://www.avast.com/ ), it's among the best you can get [well, as well as the AVG, it's czech program ], and it's regular winner of the "100% Virus Bulletin award" (price awarded for detecting all ItW viruses (i.e. viruses known to be 'in the wild') in the test); home edition is for free, you just have to register...

[nebgranny]

Thanks Sanda.
I am pullin gthe site up now. Neb

PS: Looked at your site..nice work and nice site!!

[greatguy]

Just one more word of caution, since you had a dialer fon your system and you are using a dialup connection - you are set up for a big disaster - especially if you are periodicly losing your connection. You may still have the dialer (or another one) and it is dropping your connection to dial an overseas 900 number - some of these numbers charge several hundred dollars a minute. Believe me, I know first hand from an experience several years ago and got the shock of my life when I received my phone bill. I was only able to get the charges cut in half but not eliminated. Funny thing is you can get voice 900 calls blocked but not data 900 calls. You might want to check out your network folder and see if their are any connections that you did not create. Also, go to Start - Run and type "msconfig" then go to the startup tab. Look down the list to see if there are any programs starting that you do not want to start, (you can usually tell by the path what programs the entries control) if so uncheck them. Dont worry too much about unchecking these entries - if something doesn't work after you reboot just go back in and check the entry again. Anyway, hopefully your problem is not another dialer but I just wanted you to be aware of what could happen.

[nebgranny]

OMGosh. Well HELP please. Where is my network folder? How do I find it? Better look now. Thanks and please hang with me!!

[greatguy]

Go to your control panel and choose network connections - if you are using dialup you should have an entry in their for that provider - you can open them up to see what phone number they are dialing and to make sure it is the one it is supposed to be.

[nebgranny]

Found my network folder there are two dialers there both my ISP name and number..this ok?? Neb

[Gary Richardson]

Hi Neb,

If you have disabled your System Restore, RE-ENABLE IT AT ONCE if you have a problem now, it will not be possible for you to recover from it.

As you have disabled it, it will have cleared out all your restore points, so if there was any malware it will now be gone. Re-enabling it means it will create a new Restore Point automatically. Even if this is infected, better to have an infected point you can restore to, than no point at all.

You can find instructions on how to enable and re enable system restore here: Windows XP System Restore Guide
re-enable system restore with instructions from tutorial above.

It is not likely that running a Registry Fix will resolve your problems, also, your friend is right, it is not a good idea to change anything in your system registry without first doing a Registry Backup.

The easiest way to do this, is to create a System Restore Point. To do this, Click on Start/All Programs/Accessories/System Tools/System Restore then check Create a Restore Point click the Next button, Now type a Name into the box (it adds date automatically) and click the Create button.

[Gary Richardson]

You may have malware that your scanners are not picking up.

First you need to download Hijack This from here Download Link
To a location on your computer where you can find it. I recommend you create a New Folder C:\Hijack This

It is important you unzip it into this folder for the following reasons.

1. If you run it from its Zip File, the program cannot create backups, which may be needed if mistakes are made.
2. If you put it in a Temp File, HJT and the backups may get deleted if its needed to clear out your Temp Files as part of the cure.

Once it is located, Navigate to the folder using Windows Explorer or My Computer, and double click on HijackThis.exe..

When its opened for the first time you’ll get a startup screen.
Click on Don’t show this frame again when I start Hijack This then
Click on None of the above just start the program.

Before your first scan, we need to check the configuration.
Click on the Config button in the bottom right hand corner.
Now confirm the following are checked.

Make backups before fixing items
Confirm fixing & ignoring of items (safe mode)
Include list of running processes in logfiles

The other items should be unchecked.

Click the Back button to return to the Scan page.


Click on the Scan button, and wait for the scan to finish (this may take some time depending on the number of items in your log).

When finished the Scan button will turn to a Save Log button, click on this and save the log (by default to the same folder that HijackThis,exe is in).

To paste it into a Forum, do the following.

Navigate to your Hijack This folder, double click on the hijackthis.log file, a text document will now be open on your screen. Click on Edit/ Select All, then Edit/Copy, then open the Posting Screen on the Forum, right click in the screen, and click on Paste. The text should now be in the message. Press Submit.

If you post a HJT log here, I'll have a look at it, and I'll be able to tell you if you need to seek expert advice.

DO NOT ATTEMPT TO FIX ANYTHING WITH HJT, NO MATTER WHAT ADVICE YOU ARE GIVEN BY OTHERS, HJT CAN DO IRREPERABLE HARM TO YOUR COMPUTER IF NOT USED WITH EXPERT GUIDANCE.