Trojan Dialer Please Help

Discussion in 'Malware Help (A Specialist Will Reply)' started by bradefreese, Oct 22, 2005.

  1. bradefreese

    bradefreese Private E-2

    I have been battling with a Trojan Horse Dialer for about 3 weeks now. I was hoping I could get some advice from an expert on the subject.

    Here is the situation:

    About 3 weeks ago my AVG software began popping up saying it has found a Trojan ("random mumber".exe). I proceeded to run a complete AVG scan on my PC (currently running XP Pro Home Edition). Each time I would run AVG, there were a number of Trojans found and cleaned. Much to my dismay, they would return 1 or 2 days later in full force. To make a long story short, this is my latest attempt.

    Disabled system restore temporarily
    Enabled viewing of hidden files
    Went through Add/Remove programs looking for suspicious items
    Ran Disk Clean-up
    Ran CW Shredder
    Ran Ad-aware
    Ran Spybot
    Ran AVG (to scan all files, not just .exe)
    *I might add here that each scan resulted in some type of parasite.

    I then attempted to run again in safe mode but found it extremely difficult to get there. I had no boot.ini tab in my msconfig menu nor did I have a boot option when pressing F8 on startup. Still puzzled on that one (any suggestions). Finally got into safe mode by powering off my computer during a boot-up. Not my favorite option but I could not figure out how else to do it.

    Once in safe mode I ran all utilities again. This time I started with the following:
    Ran Ewido security suite
    Ran Ad-aware
    Ran Spybot
    Ran AVG

    Ewido found the most wrong (I saved the log file in case that would help- attached) including another Trojan Dialer as well as a file called adsldpbc.dll in the windows root directory. None of the other programs found a whole lot wrong during a safe mode scan.

    I then re-booted in normal mode, re-enabled system restore and then ran Hijack this.

    That is where I am right now. I have the file to Hijack this as well.

    I am very frustrated in dealing with this Trojan and hope that I have fixed it this time. I have attached the Hijack this file. I notice it says that it is missing the adsldpbc.dll file.

    Where do I go from here?

    **Update: While writing this thread my AVG just notified me that the Trojan Virus is still alive on my PC!!!! I'm at a loss at to what to do! Has everything done in the past been in vain?

    Thanks in advance.
     

    Attached Files:

    bradefreese, Oct 22, 2005
    #1
  2. chaslang

    chaslang MajorGeeks Admin - Master Malware Expert Staff Member

    Please follow proper forum procedure before posting HijackThis logs. Also HijackThis must be installed and run properly.

    Please follow the steps below (if you cannot get into safe mode then run the steps in normal boot mode):

    - Use Add/Remove programs to uninstall WeatherBug

    - Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

    Make sure you check version numbers and get all updates.

    - Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


    After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis:

    Downloading, Installing, and Running HijackThis

    .

    After doing all of the above, if you still have problems, work thru the below.

    If you are using WinXP or WinMe, make sure you have system restore disabled (per the tutorial).
    For all OS types, make sure viewing of hidden files is enabled (per the tutorial).
    Run HijackThis and select the following lines but DO NOT CLICK FIX until you exit all browser sessions including the one you are reading in right now:
    O2 - BHO: F:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - F:\WINDOWS\system32\st3.dll
    O2 - BHO: F:\WINDOWS\adsldpbc.dll - {25ECC57D-FC85-430E-865C-ECF1D4B806AF} - F:\WINDOWS\adsldpbc.dll (file missing)
    O4 - Startup: PowerReg Scheduler V3.exe
    O15 - Trusted Zone: *.coolwebsearch.com
    O20 - Winlogon Notify: st3 - F:\WINDOWS\system32\st3.dll

    After clicking Fix, exit HJT.
    Boot into safe mode and use Windows Explorer to delete    :
    F:\WINDOWS\system32\st3.dll
    F:\WINDOWS\adsldpbc.dll

    If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. If it is, uncheck it and try again. Other wise open Task Manager and kill the process if running then delete the file.

    Now run Ccleaner (installed while running the READ ME FIRST). Now if running Win XP goto c:\windows\Prefetch and delete all files in this folder.

    Now reboot in normal mode and post a new HJT log. And tell us how things are working.
     
    chaslang, Oct 22, 2005
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds