dialer.kotu and dialer.generic removal help please

I am running Symantec Corp AV on an IBM R50e laptop and keep getting autoprotect popups saying it has detected either dialer.kotu or dialer.generic

I've run Spybot, Ad-Aware, Windows Defender and followed all the instructions in this thread http://forums.majorgeeks.com/showthread.php?t=35407 and still it keeps finding these things

I've attached my logs, please can someone help me get rid of this thing?

Thanks for your time folks

 

What about the online scans did you run bitdefender and activescan, please attach the logs.

The installed version of Java on this compter is out-dated.
Install Java Runtime Environment (JRE) 5.0 Update 8 available from http://java.sun.com/javase/downloads/index.jsp.
Uninstall all older versions of Java on your computer, before installing the latest version of Java.




Please follow and run all the steps in this thread: Virtumonde aka Trojan Vundo Removal

Please post the logs you missed the first time, a new HJT log, a new shownew log, new runkeys log and the vundofix log. You can only attach 3 logs per post so you will need to use 2 posts to achieve this.

 

Thanks for your reply

Done all the things suggested, logs are attached, others to follow

 

Other logs attached...

 

Bitdefender is detecting viruses in your Norton quarentine folder. Please empty this as descibed in the read and run procedure.

Please also ensure you have run CCleaner as described in the procedure from safe mode. You still seem to have files it should have removed.

Download:

- Pocket KillBox

Extract to its own folder somewhere that you will be able to locate later.

IMPORTANT: You should print or save the below locally, so you can refer to them while offline. You must exit all browsers before running the below steps and it would be best if you actually physically unplug your cable to the internet, reboot, and do not run anything but what I give you to do. Also it would be good to exit all processes and items in your System tray.

Do the above before continuing! Okay unplug your cable now.

Make sure you have rebooted in Normal Mode (do not open any other processes)


Run HijackThis. Click the 'Do a system scan only' button. Place a checkmark in the box next to the following lines:

Click on the 'Fix checked' button. Wait for HijackThis to finish; close HijackThis.

Now run Pocket Killbox:

Choose Tools -> Delete Temp Files and click the RED X.

Run Killbox.exe. Paste the below filenames into KILL BOX one at a time. Check mark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletion say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.

If Killbox does not reboot or you get a Pending Operations type error message just reboot your PC yourself.

Now boot into SAFE MODE

Open Windows Explorer navigate to and DELETE the following: (Some of these may have already been deleted by Pocket Killbox)

If you have Windows XP delete the contents of C:\WINDOWS\Prefetch.



REBOOT to Normal Mode.

Post a fresh HijackThis log.

When you return post a new shownew log, a new hjt log and a new activescan log. Please redownload Shonew for the new shownew log as it has been updated last night.

 

Ok, new log files attached

System seems to be ok now, had no more messages from Symantec

I couldn't get into safe mode before to run all the scans and also had to remove IE7 to do the online ones

 

Please delete the folder and all its contents: C:\vundofix backups\

Killbox didn't seem to delete anything but the files are all gone, did you delete them all for safe mode ? Which ones were there and which ones were missing if you can remember.

Could you please also post a new runkeys log, I just want to check something

 

deleted vundofix backups

none of the files were there when i booted into safe mode (after running killbox)
some of the dll's were in the vundofix directory tho

new runkeys log attached

cheers

 

Download and install Registrar Lite

Run Registrar Lite navigate to the following keys and take ownership of them (explained further down):

HKEY_LOCAL_MACHINE\software\microsoft\mssmgr

To take ownership of the key do the following:

• Copy & Paste the registry key from above into the address bar of Registrar Lite and hit the enter key. This will bring you to the regitry key.
• Click-on Security in the Menu
• Select Take Ownership
• Now right click on the key and select Delete (let me know if you receive any error messages )
• Exit RegistrarLite

Reboot

Post a fresh HijackThis log and fresh runkeys log

 

Fresh HijackThis and runkeys logs attached

No error messages deleting registry key

 

OK looks like your clean now, how is your computer running now?

 

It's running fine now - seems better than before even

thank you for all you help, have a good weekend

 

No problem

If you arn't having any more issues its time to go back to step one and flush your system restore and set a nice new clean one.

Then have a read of this thread on how to protect yourself from malware.