1. Hi Guest
    We are running a survey about laptop service in India, and we'd love your inputs. Please help us improve the quality of laptop servicing, and if you've had any bad experiences, now is the time to be heard.
    Take the survey

Win32:Dialer-520 [Trj]

Discussion in 'Software Q&A' started by saiaspire, Apr 17, 2006.

Thread Status:
Not open for further replies.
  1. saiaspire

    saiaspire Guest

    Hey guys,

    I use Avast and i have this problem
    Whenever i connect to the internet, i get a message saying that Win32:Dialer-520 [Trj] has been found in the Windows Temp directory and Win32:Dialer-520 [Trj] has been found in the Internet Temporary Directory.

    PLease help me to remove this malware.

    -Sai
     
  2. QwertyManiac

    QwertyManiac Commander in Chief

    Joined:
    Jul 17, 2005
    Messages:
    6,656
    Likes Received:
    10
    Trophy Points:
    0
    They arent malwares, they are trojans+dialers... Scan your PC in the safe mode, remove the infection (Avast) and then get your hijackthis log verified and follow the recommendations here > www.hijackthis.de
     
  3. anubhav_har

    anubhav_har New Member

    Joined:
    Aug 25, 2004
    Messages:
    387
    Likes Received:
    0
    Trophy Points:
    0
    Empty your Temporary files and then try to connect and then whats the reply???
     
  4. OP
    OP
    saiaspire

    saiaspire Guest

    I am using Avast! it is not able to do anything.

    Even after emptying my Temp internet Files, i still get the same problem.

    Please Help Me!.
     
  5. OP
    OP
    saiaspire

    saiaspire Guest

    Log File

    This is my HijackThis Log File:

    Code:
    Logfile of HijackThis v1.99.1
    Scan saved at 9:46:19 AM, on 4/17/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    
    Running processes:
    D:\WINDOWS\System32\smss.exe
    D:\WINDOWS\system32\winlogon.exe
    D:\WINDOWS\system32\services.exe
    D:\WINDOWS\system32\lsass.exe
    D:\WINDOWS\system32\svchost.exe
    D:\Program Files\Windows Defender\MsMpEng.exe
    D:\WINDOWS\System32\svchost.exe
    D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    D:\Program Files\Alwil Software\Avast4\ashServ.exe
    D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    D:\WINDOWS\system32\nvsvc32.exe
    D:\WINDOWS\system32\oodag.exe
    D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    D:\WINDOWS\System32\svchost.exe
    D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    D:\WINDOWS\Explorer.EXE
    D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    D:\Program Files\Magitime\magitime.exe
    D:\WINDOWS\system32\GSICON.EXE
    D:\WINDOWS\system32\dslagent.exe
    D:\WINDOWS\system32\RUNDLL32.EXE
    D:\Program Files\Windows Defender\MSASCui.exe
    D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    D:\Downloads\hijackthis_199\HijackThis.exe
    
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/shockwave/download/triggerpages_mmcom/default.html
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Magitime] D:\Program Files\Magitime\magitime.exe
    O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Windows Defender] "D:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [Zone Labs Client] D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O8 - Extra context menu item: &Download with &DAP - D:\Program Files\DAP\dapextie.htm
    O8 - Extra context menu item: Download &all with DAP - D:\Program Files\DAP\dapextie2.htm
    O8 - Extra context menu item: Download All by FlashGet - D:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Download using FlashGet - D:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Companion\Modules\messmod4\v6\yhexbmes.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: d:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
    O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{725F0F8E-02B7-47C8-9F12-A0F06A3C0113}: NameServer = 218.248.255.145 61.1.96.69
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxdev.dll
    O20 - Winlogon Notify: winzzc32 - D:\WINDOWS\SYSTEM32\winzzc32.dll
    O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Apache2 - Unknown owner - G:\Program Files\Apache Group\Apache2\bin\Apache.exe" -k runservice (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - D:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - D:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - D:\WINDOWS\system32\oodag.exe
    O23 - Service: RoxMediaDB - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
    O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
    O23 - Service: RoxUpnpServer - Sonic Solutions - D:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
    O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - D:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
    
    
     
  6. QwertyManiac

    QwertyManiac Commander in Chief

    Joined:
    Jul 17, 2005
    Messages:
    6,656
    Likes Received:
    10
    Trophy Points:
    0
    Umm you can stop these...
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.macromedia.com/shockwave/download/triggerpages_mmcom/default.html
    O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)

    And what are these files? verify them manually and delete if not from M$ genuinely

    O20 - Winlogon Notify: winzzc32 - D:\WINDOWS\SYSTEM32\winzzc32.dll
    O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxdev.dll

    also, if you dont know this config better remove it...
    O17 - HKLM\System\CCS\Services\Tcpip\..\{725F0F8E-02B7-47C8-9F12-A0F06A3C0113}: NameServer = 218.248.255.145 61.1.96.69

    But else it looks clean. What did the virii scan display?
     
  7. OP
    OP
    saiaspire

    saiaspire Guest

    I fixed it! I used Avast Boot Time Schelduler and fixed the Trojan. Thanks for ur support guys!
     
Thread Status:
Not open for further replies.

Share This Page