TechSpot

Annoying Auto Dialer

By tleslie
Sep 25, 2009
  1. I need help! On Vista 64, a dialer pops up randomly usually after startup. There is no way to close the dialer except to use the task manager and end the application. I have scanned with Spybot and Malwarebytes, no luck. Hijackthis log.
     

    Attached Files:

  2. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    In your Hijack log, delete all the (file missing) entries. Is Symantec Norton updating and scanning properly? Post the mbam and superantispyware logs. Did you see the "8-step Viruses/Spyware/Malware Preliminary Removal Instructions" thread
     
  3. tleslie

    tleslie TS Rookie Topic Starter

    Thanks Tmagic650,
    I will follow your advice on Monday when I get the laptop back.

    Ted
     
  4. tleslie

    tleslie TS Rookie Topic Starter

    Scan Results

    I have run mbam and superantispyware and hijackthis. The first 2 did not find any infections and the logs were clean, Hijackthis found 19 files missing and I cannot delete them. I tried 3 times including safe mode but the missing files still show up as does the autodialer.
     
  5. almcneil

    almcneil TS Guru Posts: 1,277

    Go into MS System Configuration Utility and examine the Startup list of programs and look for anything suspicious.

    Start -> Run -> msconfig -> Startup

    If you see something that looks like spyware, deselect it. If you're not sure, post it here. In fact, post the whole list and we'll tell you.

    -- Andy
     
  6. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    You should be able to delete all the missing files in the Hijack log by running it again and selecting the "missing files" and choosing fix...
     
  7. tleslie

    tleslie TS Rookie Topic Starter

    msconfig

    I can't copy the MSconfig startup info. I have copied the Startup Programs from system information as well as the running tasks.
    3 times running Hijack this including Safe Mode. The missing files show up again on reboot.
     

    Attached Files:

  8. captaincranky

    captaincranky TechSpot Addict Posts: 11,703   +1,887

    I would google those "system root" entries in your HJT log, and/or download the "rootkit revealer from M$ and run that.

    The only thing I (barely) recognize, is the spool server. I think.

    http://technet.microsoft.com/en-us/sysinternals/bb897445.aspx There is tech forum support available for these logs also.
     
  9. tleslie

    tleslie TS Rookie Topic Starter

    I have googled all the missing files and they all appear to be from MS.
     
  10. almcneil

    almcneil TS Guru Posts: 1,277

    I don't see anything tha looks like spyware in your MS System Configuration startup list. It could be one of the background programs is tripping off the dialer instead of using the network card connection because it's configured wrong.

    At this point, I'd have to play with the computer to figure out what's tripping off the dialer.

    -- Andy
     
  11. tleslie

    tleslie TS Rookie Topic Starter

    Auto Dialer Programs

    Thanks Andy,
    The laptop normally uses a dial up connection, I use a wireless network. The dialer runs randomly, usually once/hour. But when the dialler runs the only way to close it is through the task manager.
    Any other ideas?
    Ted
     
  12. almcneil

    almcneil TS Guru Posts: 1,277

    Yes, I know what the problem is now. Do the following:

    Start -> Control Panel -> Internet Options -> Connections

    You have some choices here. You can delete the dialup connection or reset it to never dial a connection or never dial when a network connection is present.

    I got thrown off because almost no one uses dialup anymore! I didn't think to check the Connetions dialog.

    -- Andy
     
  13. tleslie

    tleslie TS Rookie Topic Starter

    The laptop is used most of the time with the dial up connection. I have been trying to troubleshoot the random dialer.I don't know and can't find the source of this dialer. Still annoying.

    Ted
     
  14. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    Did your dial up ISP provide you with software including the auto dialer, or is it the Windows dialer?
     
  15. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    'File missing' doesn't always mean the file is missing. This is not a reason to assume all those entries need to be removed.

    This is a Vista system and looks to be 64 bit. IF you read some background on HijackThis, you will find particulars for this system.

    The random dialer could be something as simple as a program connecting to the internet looking for an update. To resolve that, stop all your auto updates except for Windows Updates.

    See if that makes a difference.
     
  16. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    "File missing doesn't always mean the file is missing. This is not a reason to assume all those entries need to be removed"...

    This makes a lot of sense Bobbye. This is like saying "dead isn't really dead" or "gravity isn't really gravity". Those missing files are missing from a system folder other than where they may be now in the operating system. This could be caused by incomplete deletes, hardware or software issues and malware infections, don't you "experts" think that this could also be correct?
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    No Tmagic. HJT doesn't play well with the Vista 64 bit as far as scans go. You'll find other software that doesn't do well with 64 bit. Whether it's a bug in the program or a compatibility issue, many logs are seen with the 'missing' designation. Many help forums have left HJT in favor of other software.

    So I'll leave you to the interpretation of these entries. Remember, the log is only showing you what the program 'sees'. If it doesn't 'see' the file because an issue with the program prevents it from actually reading the file, it's going to tell you the files isn't there.

    Doesn't that make sense?
     
  18. Tmagic650

    Tmagic650 TS Ambassador Posts: 17,244   +234

    I'm running both Vista Home Premium, SP2 64 bit and Windows 7 64 bit and I have removed the "missing" files in the HJT log with no ill effects. While my system is not infected, I have downloaded and removed many trial programs over the last six months or so...
     
  19. momok

    momok TS Rookie Posts: 2,265

    HijackThis does have certain issues in displaying certain files. So in some occasional cases, the "file missing" attribute is an error display, whilst generally it is genuine. It is usually upto experience to determine if it is genuine or not. Let's not argue about this.

    For O23 entries, often times they remain unremovable by HJT even when the files are gone as O23 entries refer to services running on the system, and HJT does a poor job of removing services. The best way is to manually disable the service.
    Even then, some cases are clear cut HJT errors as the files are legit system files, for eg,
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    Most of the time, these files are not causing any problems to the system.

    tleslie: I would suggest posting a screenshot so everyone can have a clear idea of what is exactly happening. It doesnt seem to be a malware problem, but a screenshot would clarify things just in case.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...