TechSpot

Help with Trojan Dialer 28A

By Reca_tmc
Nov 5, 2006
  1. Hello all,

    My computer has been infected with a trojan horse Dialer 28A and I have been unable to remove it.

    I have followed all the instructions in the thread about trojan removal, but it's still there. I'm attaching the HJT and AVGspyware logs to this post.

    I would very much appreciate some help in getting rid of the trojan.

    Thanks in advance.

    Reca
     
  2. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Hello and welcome to Techspot.

    You might want to copy and paste these instructions into a notepad file. Then you can have the file open in safe mode, so you can follow the instructions easier.

    Turn off system restore.(XP/ME only) See how here.> http://www.bleepingcomputer.com/forums/tutorial56.html

    Boot into safe mode, under your normal user name(NOT THE ADMINISTRATOR ACCOUNT). See how here.> http://www.bleepingcomputer.com/forums/tutorial61.html

    In Windows Explorer, turn on "Show all files and folders, including hidden and system". See how here.> http://www.bleepingcomputer.com/forums/tutorial62.html

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    LSA Shel<Note only one l

    Close the services window.

    Run HJT with no other programmes open(except notepad). Click the scan button. Have HJT fix the following, by placing a tick in the little box next to(if there).

    O23 - Service: LSA Shel (Export Version) - Unknown owner - C:\WINDOWS\lsass.exe (file missing)

    Click on the fix checked button.

    Close HJT.

    Locate and delete the following bold files and/or directories(if there).

    C:\WINDOWS\lsass.exe DO NOT DELETE ANY OTHER lsass.exe FILE.

    Reboot into normal mode, turn system restore back on and rehide your protected OS files.

    Go HERE and follow the instructions for running the Ccleaner programme.

    Post a fresh HJT log and let me know how your system is running.

    Regards Howard :wave: :wave:

    This thread is for the use of Reca_tmc only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  3. Reca_tmc

    Reca_tmc TS Rookie Topic Starter

    Followed your instructions but I'm still getting pop-ups from the trojan.

    Here's my fresh HJT log.

    Any new instructions?
    I'm about to give up and reformat my drive. That will solve the problem, right?

    Thanks for helping, anyway.

    Reca
     
  4. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Yes, formatting will almost certainly get rid of any infections you have.

    Your HJT log is clean.

    Can you give me details of the popup you`re getting?

    Regards Howard :)

    This thread is for the use of Reca_tmc only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
  5. Reca_tmc

    Reca_tmc TS Rookie Topic Starter

    I get really irritating pop-ups. The longer I'm connected, the more they show up. Here's what they look like:

    "Messenger Service

    Message from FROM to TO on 11/12/2006 12:40:19 AM

    STOP! WINDOWS REQUIRES IMMEDIATE ATTENTION.

    Windows has found 55 Critical System Errors.

    To fix the errors please do the following:

    1.Download Registry Update from www.regfixit.com
    2. Install Registry Update
    3. Run Registry Update
    4. Reboot your computer

    FAILURE TO ACT NOW MAY LEAD TO SYSTEM FAILURE!"

    They're not all exactly the same but they're pretty similar.

    Sometimes it says that a critical error has ocurred and shuts the computer down.

    Is this not caused by the trojan? Is there something else going on?

    Regards,
    Reca
     
  6. howard_hopkinso

    howard_hopkinso TS Rookie Posts: 24,177   +19

    Try this.

    Click start/run and type services.msc into the run box and press the enter key.

    When the window appears, maximise it. Double click on the following services(if there) and select stop if they are running. Set the startup type to disabled. Click apply/ok for each service you disable.

    Messenger Note: This service has nothing to do with Msn messenger.

    Close the services window.

    Reboot your computer and see if you still get the popups.

    Regards Howard :)

    This thread is for the use of Reca_tmc only. Please don`t post your own virus/spyware problems in this thread. Instead, open a new thread in our security and the web forum.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...