Dialer-257 (Please Help Me)

Hello. I guess I should start out by saying that this is my first post here so if I'm doing anything wrong please tell me and I'll be happy to fix it. I would just really like to solve this problem and I'm sure you guys would be able to help me. So here it goes.

Sometime late last night McAfee popped up while I was browsing the web when it detected potential viruses and spyware. When something like this happens, which isn't very often, it usually takes care of this problem right away but this time it was unable to clean the virus so it moved it instead. McAfee identified it as a Dialer-257 (and I have no idea what that means). Also, when my computer first starts up I receive a pop-up message identical to the one in the previous instance of Dialer-257 on this forum posted by renasci. Other than these two things, my computer does not show any other signs of being infected.

I don't know much about computers but I know enough to realize that there is now something wrong with my system. I searched the internet for some help and found a good starting point here. The previous thread on this website started by renasci presented a problem extremely similar to mine. In fact, identical as far as I can tell. I read through that for some insight and performed all of the tasks that were suggested in the "READ AND RUN ME FIRST" thread. Just as it had not with the previous instance of this problem, it did not take care of mine.

This is what I have for you so far: Ccleaner apparently made a couple fixes but I'm pretty sure it was nothing significant. Ad-Aware SE and Spybot were kind of useless. Bitdefender and Panda ActiveScan were at least able to confirm that there was something wrong with my computer but they didn't do anything to fix it. The logs for these two scans, as well as a HijackThis log are attached to this post...hopefully.

So as I said, I feel as if I have already done all that I can on my own but with your help we should be able to take care of this thing. If there is any additional information you need to help me solve this problem please let me know and I will get back to you with it as soon as possible. I intend on checking the thread frequently to get this problem fixed as quickly as possible. Thanks in advance for all of your help.

 

Yes, my computer uses LinkSys to send and receive internet access when I'm at home. It is not used at school but I leave the software installed for convenience so I don't need to reinstall it every time I come home for break. I don't know about those specific paths you pointed out but if I were to guess I would say that they are probably okay.

 

Okay I'm back in Normal Mode now. First of all I just want to say that my computer is really scary now. The background is changed to a warning that I have spyware (did one of the scans I ran do this?), I'm getting more some more pop-ups, and some program called WinHound just sprung out to clean out Spyware but I've never heard of this program in my life. I just wanted to tell you that I was able to delete that file you asked me to.

"Can you see the below file?
C:\WINDOWS\SYSTEM32\BUM501.EXE

Can you delete it?"

I'm gonna get to the HJT scan right now. For your most recent post...I do not know what that particular entry is for. But like I said, I'm not great with computers so there is probably a lot of stuff I don't know about. I'll get back to you soon.

 

Okay and it's randomly adding new sites to my Favorites. I really need to get back into Safe Mode quick!!!

 

Here is the new HJT logfile and I hope to God that I did it right this time.

I do not recognize "O4 - HKLM\..\Run: [NAVNet] "C:\WINDOWS\system32\voi973.exe" /m" either.

 

Safe Mode sounds good to me. I'm scared to go back to normal until this problem is somewhat rectified. This seems to have taken a turn for the worse. Can you give me some confidence that this can be saved?! Haha. I ran that program you suggested and the log is attached. Please get back to me when you can.

Woops almost forgot to run it twice. I'm a little on edge right now. The logfile should be what you want now. I believe nothing was detected in the second scan which may be a good sign.

 

Yes I originally ran it only once. Then I tried to edit my post and change the attachment to the new log file with two runs. I might have messed that up by mistake. By now I have run it about 4 times just for self-reassurance so this should be right this time.

And don't worry I have no intention of playing around with this myself. Especially no reboots or changes back into Normal Mode. Normal Mode scares the hell out of me right now, lol.

So what's next?

 

Do I have to go back into Normal Mode to get the new HJT log? I was hoping I could avoid Normal Mode. I feel like my problems multiply for every second I'm there. But I'll do it if I must! I'm downloading that program now.

Okay we were posting at the same time, lol. Got it. Back to normal mode I go.

 

I am back to Normal Mode and things are looking slightly better. I'm back to a Blue desktop instead of the crazy screen that tells me my computer is infected. The SpyHound program or whatever it was opened up so I closed it out. Other than that nothing suspicious yet. No Pop-ups and no Virus warnings from McAfee and I've been in Normal Mode for a couple of minutes now. What's next?

Oh my God, I totally forgot that you told me to get the new log. My brain has turned to mush under all of this stress, lol. I'll get that for you right now and get back to you!

 

Here is the new HJT log taken from Normal Mode. Am I doing these logs right for you? I just noticed that there was a drop down menu for "Encoding" when I went to save so I just used the default option. NOW what's next? I was jumping the gun before and getting ahead of myself, lol.

 

I deleted WinHound and Viewpoint Manager as you said. Also Viewpoint Media Player just to be safe. I don't know, it seemed like the right thing to do. Even if it wasn't corrupt I never heard of the thing and sure won't miss it. Does this mean we're coming close to a conclusion or is this just the calm before the storm? Haha.

 

I didn't get the post to delete C:\WINDOWS\system32\private.exe until now when I was about to post my new HJT log. So I will go back into safe mode and delete this file as soon as you respond to this post. I just wanted to let you know that things look good so far. Nothing really out of the ordinary compared to what I had before this Dialer virus surfaced. But when I was following your last instructions I was unable to locate and delete C:\WINDOWS\system32\winyp32.exe and C:\WINDOWS\d3sm32.exe

I found a "winpy.ime" and a "winpy.MB" but did not touch them. They were the closest things. Also, when typing in the cmd window the APHelper.dll was "not found." I went through explorer to look for the file and was unable to locate it that way either. What do you make of this situation?

As long as I can find the private.exe file consider it gone. I will go into Safe Mode and take care of that along with whatever you suggest for the problem mentioned directly above.

...Here is the HJT file that I have as of right now.

 

I was unable to delete the two files that I mentioned only because I was unable to find them. They were nowhere in sight when I was going through the files in that particular folder. I will now go back into Safe Mode and take care of the private.exe file. It will be gone by the time you read this. I will post a new HJT log in a few minutes just so you can make sure everything seems okay.

I'm actually not very close to PA. I live in Northern NJ (Morris County), I just happen to like the Eagles. Got pulled in to them by Randall Cunningham at QB when I first started watching football and have just stuck with them since.

I'm pretty surprised that this episode happened with my computer. I've really not had many or any problems in the past as I protect fairly well using the advice you provided in the link. That's mostly stuff that I have been doing.

I think I will probably call it a night on this issue so you can get back to me whenever you have the chance, whether it be later tonight or tomorrow. I may check back later tonight but definitely in the morning when I wake up. I don't really have total closure yet because I want to make sure everything is back to the way it was for the most part. Also, I want your approval to say that my log is malware free so I can take care of Step 1 of the READ AND RUN ME.

 

mmmkay nevermind. I couldn't find C:\WINDOWS\system32\private.exe either. Does this and the others I cannot locate still show up in my log? Is it possible that one of the other programs may have eliminated them?

My system seems to be functional again. Thank you so much for your help. I have no idea what you do or how you figure out what to do to save a system like mine that's on the verge of self-destruction but it's pretty amazing. Not to mention the fact that you ask nothing in return. Is there anything else I need to do to get things back to normal?

 

Okay then it looks like all is well again. I can't thank you enough for your help. Finding this messageboard was just the miracle I needed. Thanks again.
(This past summer I worked in Bergen County and lived in Morris County, haha)

Now I guess I know where to come if any problem like this ever resurfaces, but I'm hoping it won't have to come to that. Thanks again. Thank you Thank you Thank you!