Trojan Horse Dialer 17.e - Internet Lost

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by deano2005, Apr 15, 2006.

  1. deano2005

    deano2005 Private E-2

    Hi - Im having problems with a trust wired router. I have two PCs one of which is connected to the router fine & is browsing the Internet no problems. The other PC is having problems connected to the router & a message says something like little or not connectivity etc. Both PCs are connected via ethernet & both PCs have a network card. The problem PC is on windows XP Pro.

    Both PCs used to wotk fine but alL of a sudden ONE of them stopped working. I have swapped the ethernet cables around & also swapped the network cards around but the PC that stopped connecting in the first please is still a problem.

    I have also used different ports on the router but that didnt help.

    What does people suggest, it doesnt seem as if the equipment is faulty because when the components are swapped around the other PC that works still connects to the web no probs etc.

    Im I right in saying if I went for a rebuild on the problem PC & reinstalled the network card on the PC thats having trouble I can just simply plug it into the router & have immediate connection??
     
    deano2005, Apr 15, 2006
    #1
  2. deano2005

    deano2005 Private E-2

    i tried system retored but it looks like someone has switched if off? It has been disabled since the problem started. I checked the settings to make sure they were all active which they were & everything seems fine in terms of device manager etc. I did however find a virus that was appearntly found & healed by AVG - its called trojan horse dialer 17.e. Ive done some research & it seems to be directly related to causing problems with connecting to the internet. I checked the file path of where it it was when healed - something like c:system restore....3r328765738268732.dll.

    All that happens at the moment is a trangle at the bottom of the page next to local connection which says limited or no connection??

    Please help im desperate.
     
    deano2005, Apr 15, 2006
    #2
  3. deano2005

    deano2005 Private E-2

    Hi All,

    Im hoping for your help on this one. Im not entirely sure if the problem is a trojan but after reading reviews on the web my computer a number of says ago was infected by a trojan horse dialer 17.e. AVG found it & appearntly healed it but I have read further reports that sometimes they just dont go away!

    After looking up on other forums it became clear that this virus must be causing the problem because the Internet went down the day I got the virus. I have windows 98 se as a secon operating system on a different drive partition & it connects to the web no problems. So it must be Windows XP professional thats infected which makes sense because thats were I was when the Internet went down - not to mention that trojan 17.e has been related to causing problems with the Internet.

    Anyway this is what I have done to try & combat it: I have re-enabled system restore, & downloaded & ran the following applications onto a different PC to transfer over to the problem PC via external harddrive. They are: CCleaner, Microsoft Malicious software tool, Ad-aware, Windows defender, Trojan Hunter - PLEASE NOTE I COULDNT UPDATE THESE SOFTWARE PACKAGES BECAUSE THE PROBLEM PC DOESNT HAVE A LIVE INTERNET CONNECTION ANYMORE ( I USED AN EXTERNAL HARD DRIVE TO GET THE SOFTWARE ONTO THE PC & SAVE THE HIJACKTHIS LOG BELOW). All scans were done in safe mode.

    ** Please note after all the scans were carried out I tried to link the PC via ethernet to my router & the same error message appears which states "limited or connectivity" - it doesnt allow me to get on the web. Also tried installing a seperate BT speedtouch modem & using the USB to connect to the web, it states it connects but the page cannot be displayed so still have the problemof getting on etc.



    Logfile of HijackThis v1.99.1
    Scan saved at 11:10:41, on 15/04/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Edit by chaslang: Inline log removed

    Im not sure if this needs to be moved to a different forum heading now but any help would be greatly appeciated. thanks
     
    Last edited by a moderator: Apr 15, 2006
    deano2005, Apr 15, 2006
    #3
  4. deano2005

    deano2005 Private E-2

    Also worth mentioning I have a program called WINSOCK.exe thats supposed to helpwith this type of problem - im reluctant to use it unless a professional in this field can tell me otherwise?

    Thanks
     
    deano2005, Apr 15, 2006
    #4
  5. deano2005

    deano2005 Private E-2

    Hijackthis report added as attachment
     

    Attached Files:

    deano2005, Apr 15, 2006
    #5
  6. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow the directions in step 7 and install HijackThis as requested. You have it installed exactly where we specify not to install it.

    Download LSP - Fix and get it onto the problem PC. Then continue.

    Run LSP-Fix.

    Check the Box labeled "I know what I'm doing" and then click on the newdotnet3_88.dll file (in the “Keep” section) to select it.



    Then, Select the >> button to move newdotnet3_88.dll into the Remove section.

    Now, click the Finish Button. When the Repair Summary box appears, click OK.
    If it is already in the Remove section, just click Finish.


    Now, Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5400
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: MyWay Search Assistant BHO - {04079851-5845-4dea-848C-3ECD647AA554} - C:\PROGRAM FILES\MYWAY\SRCHASTT\1.BIN\MYSRCHAS.DLL (file missing)
    O2 - BHO: URLLink Class - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - (no file)
    O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\PROGRAM FILES\MYWAY\MYBAR\1.BIN\MYBAR.DLL (file missing)
    O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet3_88.dll' missing
    O16 - DPF: Win32 Classes -

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    C:\PROGRAM FILES\MYWAY <-- the whole folder
    c:\program files\newdotnet <-- the whole folder

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.
    Now run Ccleaner (installed while running the READ ME FIRST)    .

    Now we need to Reset Web Settings:
    1. If you have an Internet Explorer icon on your Desktop, goto step 2. If not, skip to step 3.
    2. Now right click on your desktop Internet Explorer icon and select Properties. Then click the Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK. Then skip step 3.
    3. If you do not have an Internet Explorer icon on your Desktop, click Start, Control Panel (for some systems it may be Start, Settings, Control Panel), Internet Options, Programs tab and then click "Reset Web Settings". Now go back to the General tab and set your home page address to something useful like www.majorgeeks.com. Click Apply. Click Delete Cookies, Click Delete Files and select Delete all Offline content too, Click OK. When it finishes Click OK.
    Now reboot in normal mode and post a new HJT log.

    Make sure you tell me how things are working now.

    Reminder Note: Once we have determined you are malware free you will need to disable System Restore, reboot, and re-enable system restore per step 1 of the READ & RUN ME. This only applies to if using WinXP or WinMe.
     
    chaslang, Apr 15, 2006
    #6

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds