Axis Dialer (/dialler)

Discussion in 'Malware Help - MG (A Specialist Will Reply)' started by flippet, Jul 7, 2004.

  1. flippet

    flippet Private E-2

    I've read all the threads I can find on removing this thing, some say re-install wmp9, but it seems to have no effect for me. Others say MSZTCE.EXE and BE.EXE are the cause but they are nowhere to be found on my system. I've also run the suggested spyware removers, and a few av progs but none seem to have an effect - AXIS still appears in the connections menu on reboot. If anyone can possibly shed some light on the situation I'd be eternally grateful. Maybe its some new strain or something, I'm at a loss... :rolleyes:


    Logfile of HijackThis v1.98.0
    Scan saved at 01:41:37, on 08/07/2004
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\ati2evxx.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\WINDOWS\system32\fxssvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\Atiptaxx.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\WINDOWS\System32\svchost.exe
    C:\temp\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.otenet.gr/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = webcache.dsl.pipex.com:3128
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\googletoolbar1.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\googletoolbar1.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
    O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - Global Startup: Trillian.lnk = C:\Program Files\Trillian\trillian.exe
    O4 - Global Startup: ZoneAlarm Pro.lnk = C:\Program Files\ZoneAlarm\zapro.exe
    O8 - Extra context menu item: &Google Search - res://c:\windows\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward &Links - res://c:\windows\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\windows\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Si&milar Pages - res://c:\windows\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://c:\windows\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
    O14 - IERESET.INF: START_PAGE_URL=http://www.otenet.gr/
    O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/2...apple.com/qt503/us/win/QuickTimeInstaller.exe
    O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D6FEBE9-6E98-42CE-BDB9-06D964644C53}: NameServer = 158.43.240.4,158.43.240.3
    O17 - HKLM\System\CS1\Services\Tcpip\..\{0D6FEBE9-6E98-42CE-BDB9-06D964644C53}: NameServer = 158.43.240.4,158.43.240.3
    O17 - HKLM\System\CS2\Services\Tcpip\..\{0D6FEBE9-6E98-42CE-BDB9-06D964644C53}: NameServer = 158.43.240.4,158.43.240.3
     
    flippet, Jul 7, 2004
    #1
  2. Kodo

    Kodo SNATCHSQUATCH

    Kodo, Jul 7, 2004
    #2
  3. flippet

    flippet Private E-2

    Downloaded and run, 0 malware found :(

    It seems after its deleted from the connections folder it doesn't reappear immediately on reboot - but I can't figure out what is triggering it, its reappeared after different applications have been run... I'm at a complete loss.
     
    flippet, Jul 13, 2004
    #3

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds