Curse

Malice Black · Oct 09, 2006, 04:02 PM // 16:02

My computer has a serious dose of something..

"win32:dialer-gen13 [TRJ]" this comes up in various different forms, i've run multiple scans/windows defender/spy-bot/ad-ware se ect nothing finds it..avast catches it but it wont move to the quartine chest it says process is in use.

This started last night, it crippled my computer at the start, IE would load then crash.

Ive noticed that there is multiple copies of svchost.exe running in Windows task manager..normally there is only one running.

Help?

dronex · Oct 09, 2006, 04:16 PM // 16:16

format put 3 av and 4 firewalls on max secirity and dont do anything except playing guild wars ... works for me

its normal to have multiple svchosts
http://support.microsoft.com/kb/314056

Warrior Of The Toon · Oct 09, 2006, 04:31 PM // 16:31

If that is what it looks like (a dialer) watch your bills and check for anything weird. And you should consider a switch to firefox/opera aswell as what dronex said.

Malice Black · Oct 09, 2006, 04:31 PM // 16:31

Done this check after browsing a tech forum, came up with this

SmitFraudFix v2.106

Scan done at 17:24:51.53, 09/10/2006
Run from C:\Documents and Settings\Darren\My Documents\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\screen.html FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Darren

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Darren\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Darren\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\\WINDOWS\\system32\\wmfhotfix.d ll"

»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32

»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Varda · Oct 09, 2006, 05:25 PM // 17:25

Got Avast?

It's a very good antivirus program. Think you can find it on google or something.

Kills virus, trojans and all that junk in no time.

Edit: Avast is free. www.avast.com

Tachyon · Oct 09, 2006, 06:23 PM // 18:23

Admins Bane,

Also, you may want to download and run this little app.

http://www.softpedia.com/get/Antivirus/VundoFix.shtml

It doesn't need installing, just download the file and run it. Once it's finished scanning your system let it 'fix' them and it'll ask you to reboot. Click yes and, if it did find anything, you should have a clean system.

Malice Black · Oct 09, 2006, 06:33 PM // 18:33

Install bittorrent..hmm no thanks.

Think I've managed to get rid of it, time will tell.

Varda · Oct 09, 2006, 06:38 PM // 18:38

Still, Avast is a good antiviurs program

Should get it, if you don't have any super-duper fantastic program I never heard of.

Tachyon · Oct 09, 2006, 06:40 PM // 18:40

Ok, if you don't want to use torrent, I use uTorrent by the way, you can grab it here as a direct download instead. It's only 68K so it's not going to take long.

http://www.majorgeeks.com/download4954.html

It's worth running even if you think you've got rid of the problem.

Malice Black · Oct 09, 2006, 06:43 PM // 18:43

Quote:

Originally Posted by Varda

Still, Avast is a good antiviurs program

Should get it, if you don't have any super-duper fantastic program I never heard of.

I have Avast. its ok but its better at finding viruses then it is stopping them.

Azagoth, thanks.

Malice Black · Oct 09, 2006, 06:49 PM // 18:49

wow...Avast offically sucks comapred to this one...my computer is seriously infected

its not finished but its found

12 severe
1 dangerous

Tachyon · Oct 09, 2006, 06:55 PM // 18:55

If it's found that many, just wait till you see how fast your PC re-boots once you've let it remove them. The first time I ran it I found three, and after removal the PC booted back up in about 25 secs.

Malice Black · Oct 09, 2006, 07:14 PM // 19:14

Well I paid for the full version but I have one question is it a full antivirus or do I need to keep Avast?

Tachyon · Oct 09, 2006, 08:23 PM // 20:23

It's mainly a tool to get rid of most of the spy/malware that others like Spybot and AdAware miss. You know, like those bloody "Your PC is infected, buy our anti-spyware" pop-up messages that you get mainly with IE.

I'd keep some sort of anti-virus software on there though. Like you I use Avast, but between Vundofix, Spybot and AdAware there's nothing left for Avast to catch. I only use Avast on a weekly basis now, just for peace of mind and to be on the safe side.

Varda · Oct 09, 2006, 09:19 PM // 21:19

Give your computer a whole clean up, a big nice virus scanning and all that, and let it finish. Might take some hours.

I had sorta the same, and Avast cleaned it up. And get SpyBot Search and Destroy, another good program. Haven't used it so much.

CCleaner to clean up all junk that might lay around in your system. ^^

(I'm no good at getting rid of virus, trojans etc, mostly the programs o.O)

Edit: Azagoth said the same, I'm just slow.
(That rhymed.)

Alias_X · Oct 09, 2006, 10:20 PM // 22:20

If things aren't getting removed then boot into safe mode and run your antivirus scans.
IE? Switch to Firefox immediatly.

When you get one virus, it's hard to prevent yourself from getting more, so usually if you have one you will have others. Other than that, as long as you aren't going to suspicious websites, I don't know how you got the viruses.

awesome sauce · Oct 10, 2006, 02:41 AM // 02:41

Multiple svchosts are ok. Just make sure that they are only in the system32, i386, or prefetch folders when searching or it. Otherwise, look into seeing if they are a virus in other locations.

Malice Black · Oct 10, 2006, 02:50 AM // 02:50

Meh after all those hours it came back again...will do a scan in safe mode if that doesn't work then I'll trash the comp.

Alias_X · Oct 10, 2006, 09:35 PM // 21:35

Trash the comp? If you are willing to take such drastic measures, just get a new hard drive.

New Buddha · Oct 10, 2006, 10:05 PM // 22:05

Quote:

Originally Posted by Alias_X

Trash the comp? If you are willing to take such drastic measures, just get a new hard drive.

or do a low level format and dump windows back in.