Dialer-257

Hello, once again my pc has gotten hit with something... and I'm not sure how to get rid of it. As a bit of a prelude, the only 2 browsers I have installed on my pc are IE and Netscape, and I would get rid of IE if I knew how... I say this because despite my *never* using IE (outside of BitDefender and Rav, and only because they require it) I've got a virus that runs through IE and I don't even know how that's possible.

So here's what I do know about it. this virus is identified as "dialer-257" or that's what McAfee labels it as, and as far as I know mcafee is catching all the instances of it as they come, but it's the fact that they keep spawning that has me worried. A pop up button(or 10) will be on my desktop saying something along the lines of 'for instant access click yes' So naturally I hit the cancel button(red x, not a button that says 'cancel') and a tone plays and it closes. Everytime one of these windows pops up Mcafee pops up saying it has detected it, could not delete it, and has moved it to my quarantine folder. I also recently noticed that these same buttons are shown as a History item in IE called 'threexs.com' I've added it to the restricted list on the IE security tab.

I have run all of my spyware programs in Safe mode, and then run them all again in Safe mode w/ networking (then used bitdefender and rav) but while those 2 virus programs seem to identify the problem, they are not able to clean/delete them.

Also, in looking at the mcafee log i'm also seeing a few instances of 'alemod.e' virus, and a websearch on that says that it rewrites itself as 'wininet.dll' replacing the current, legitimate file.

Any help is greatly appreciated.


(yes, i have followed all the steps/procedures listed in your 'read this before posting' thread)

 

Ok, the 2 scans I mentioned doing I did based off of the old post, and I have since followed the instructions in the new post as well.

Unfortunately, the problem has not been remedied.

For the online scans I used : Trend Micro, BitDefender, Rav Antivirus.

All 3 of them came up positive with viruses/ infected files, and all 3 were unable to fix the viruses and could only clean some of the files. Also, it is worth noting that while I have done nothing different between yesterday and today, I am having new instances of problems. the IE history tab shows pages at the aforementioned 'threexs.com' as well as 3 new ones: 'search2k.net' 'patchyoursystem.com' 'securityerror.com'. Please, please help me.

respectfully, -ren

(HJT log attached)

 

Alright! did everything just as you said, and both logs are attached.

Your help is very much appreciated.

-ren

 

Ok, i apologize for the delay (and also for posting the wrong .txt file) but smitrem seems to have taken care of the viruses and popups and all the rest of it, thankyou!0

however... there seems to have been a side effect to it... unless initialized immediately after start up, i'm not getting any sound output from my speakers.

For instance, if i restart my computer, i get the generic startup tones, and then I'll open iTunes and play a song. It'll start to play and then start to skip, and when i first open a browser i get an error message.

It's a window that says there is an error with generic Win32 processes. After closing iTunes, and reopening songs will not start, and i have no sound at all(not just from mp3s, also Windows tones, and game bgm don't work)

Your input would be greatly appreciated,

-ren

 

Ok , i found the smitfiles.txt, and i'm going to attach it with this post. On a side note, it may be that this sound issue and smitrem were just coincidental. A little searching on the internet came back with a host of people who have had the same error message, but with different reactions by their computers (one for instance had the same sound issures, while another would have their computer restart whenever the message appeared).

As always, thanks so much for your time.

-ren

 

Yes, the sound problems do occur regardless of whether i open itunes or not, and an error message pops up asking if i want to send and error report. I've clicked yes and it tells me that i need to have a working iternet connection to send(which i do, but it's not registering w/ this error for some reason)