Avast keeps popping up with warnings like
Sign of “Win32:Dialer-520 [Trj]” has been found in “C:\WINDOWS\TEMP\win30B.tmp.exe[UPX]” file.
Sign of “Win32:Dialer-520 [Trj]” has been found in “C:\DOCUME~1\Shantila\LOCALS~1\Temp\Temporary Internet Files\Content.IE5\X8FIZSLI\srvmwq[1].exe[UPX]” file.
and more similar ones. It causes IE to crash frequently and the warnings pop up every few minutes, 5 or 6 of them at a time, one after the other.
I’ve tried scanning, doing a boot time scan, scanning with hijackthis, but nothing works. also tried reading posts about it but can’t figure it out. someone please HELLLPPP!
Hi orlybabe,
The malware is packed by UPX, you have advertising software Adware Media Ticket. Information and removal tools are to be found here:
http://www.spywareguide.com/product_show.php?id=813
Patch and update your system, when your system is fully clean (you can check if it is clean using xclean_micro or spyaudit), you should install the three programs against ad- and spyware, ad-aware, spybot s&d, and spywareblaster. They are free and together can keep your machine clean of ad- and spyware. But install them after your computer is spyware free, use xclean_mcro from here: http://www.xblock.com/download-freeware.php
Use only one good software firewall, one resident anti-virus program like Avast only, and surf safe.
For your in-browser protection install siteadvisor and download the DrWeb pre-hyperlink scanner plug-in.
polonus
Hi polonus and frank, I tried what you recommended but it didn’t work. i scanned using xblock and removed mediatickets, coolwebsearch and a couple more spyware and restarted my computer but the warnings still keep popping up. help! ???
Hi orlybabe,
Have you tried running this tool-
http://siri.urz.free.fr/Fix/SmitfraudFix_En.php
-followed by Ewido in safe mode?
Ewido (XP’Win2000 only) http://www.ewido.net/en/
hi frank, thanks for your help. i scanned with smitfraudfix and ewido in safe mode, but borh didn’t work. i feel like i’m missing something… am i supposed to disable system restore, or delete all my temp internet files first… cuz ewido found 298 infected objects. need help!
Cleaning out your temp files would be a good idea.
CleanUp! is quite brutal: it will delete locked files on reboot.
http://www.stevengould.org/software/cleanup/
If this doesn’t cure it, you may have a Trojan or spyware we are missing.
Panda online scanner or Trend Micro Housecall are worth running- disable avast! beforehand or you will get a virus warning from avast! as it detects the virus signatures.
If you still have problems, can you post a HijackThis! log for us to look at?
If the location of malware files is in system restore, you will need to get rid of the system restore files. You can find instructions for doing this with a forum search.