"WHITEHOUSE" Dialer?

Please follow our standard cleaning procedures which are necessary for us to provide you support. Also there are steps included for installing, running, and posting HijackThis logs as attachments. Also pay close attention to step 3 in the READ ME because it applies to you because you are running multiple antivirus applications.

Also note that you OS & IE versions are way out of date and represent a major security risk to you. After we fix any current problems, you must get updated.

Please follow the steps below:

- Run ALL the steps in this Sticky thread READ & RUN ME FIRST Before Asking for Support

Make sure you check version numbers and get all updates.

- Very Important: Make sure you tell us the results from running the tutorial...was anything found? Were you unable to complete any of the scans?...Were you unable to download any of the tools?...Did you do the on-line scans as suggested? etc.


After doing ALL of the above you still have a problem make sure you have booted to normal mode and run the steps in the below link to properly use HijackThis and attach a log:

Downloading, Installing, and Running HijackThis

.

 

That's your choice! You do need to get updated! And makes sure you only use 1 antivirus program. This C:\WINDOWS\AsnFtpd.exe is probably part of your problem! It is added by the W32/Tilebot-AX worm. When started, this infection connects to a remote IRC server where it waits for commands to execute.


If you do reinstall the OS, make sure you check out the below:

How to Protect yourself from malware!

 

Both Antivir and the worm are running as services. You will not be able to delete the worm file without stopping and disabling the service. Same goes for the Antivir services.

I'll post a fix for you to use.

 

Here are the services we are going to fix:

O23 - Service: AntiVir Service (AntiVirService) - Unknown owner - C:\Program Files\AVPersonal\AVGUARD.EXE (file missing)
O23 - Service: ASNFTP daemon (ASNFTPD) - Unknown owner - C:\WINDOWS\AsnFtpd.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE


Click on Start, then Run ... type services.msc into the box that opens up, and press 'OK'. On the page that opens, scroll down to AntiVirService ... then right click the entry, select 'Properties' and press 'Stop Service'. When it shows that it is stopped, next please set the 'Start-up Type' to 'Disabled'. Press 'OK' until you get back to Windows.

Now repeat the above for each of the below two services:
ASNFTPD
AVWUpSrv

Next, run HJT, but instead of scanning, click on the "None of the above, just start the program" button at the bottom of the choices. At the lower right, click on the 'Config" button, and then the Misc tools' button ... select 'Delete an NT Service" ... copy/paste the following into the box that opens, and press "OK":

AntiVirService

Now repeat the above step with HijackThis for each of the below two services:
ASNFTPD
AVWUpSrv

Now exit HJT and reboot. After reboot, verify that all three O23 service line no longer appear. Then look for the below and delete if found:
C:\Program Files\AVPersonal <--- the whole folder
C:\WINDOWS\AsnFtpd.exe

Let me know the results and if it helps!

 

You're welcome. For that remaining file, try the below to unregister the DLL file.

Click Start, and then click Run. (The Run dialog box appears.)
Type, or copy and paste, the following text:
regsvr32 /u AVSHLEXT.DLL
then click OK. If a dialog box confirming this action appears, click OK.

If you get an error message for the above, you may need to use the full path to the file as in:
regsvr32 /u C:\Program Files\AVPersonal\AVSHLEXT.DLL

After getting this DLL to unregister, try rebooting into safe mode and deleting the folder (and the file too) now.

 

Okay! And does the file and folder still exist? If so, are you sure you had booted in safe mode before trying to delete the file?

Try renaming the file by right clicking on it and selecting rename. Rename it from AVSHLEXT.DLL to AVSHLEXT.DDD.

If you cannot rename it, see if you can Move it to the Desktop by right clicking on it from Windows Explorer and dragging it to your Desktop. When you let go of the mouse button select Move.

After either of the above, reboot again into safe mode and try to delete either the renamed file or the one on your Desktop.

Let me know the results.

 

You're welcome! Make sure you check out the below now:

How to Protect yourself from malware!