Okay, I am screwed at this point... Please help me before I go insane...

First off, got the banker - bkl virus… This has been loads of fun.
Can’t get rid of it. But this is not the worst part…

any one heard of Delsim dialer?
How come, I wipe the hard drive, completely re-install everything, re-write the MBR (master boot record) and within fifteen minutes or less of the computer booting back up with all new software, the tenacious little b@st@rd is back on my system?

So then, I get a different hard-drive already tested and known not to have ANYTHING on it at all. Install it with 2K, and with in fifteen minutes or less, the Delsim dialer is back to doing what it does best by laughing at me because it is still on my system.

Questions:

1). Is it in my memory? Because a new hard drive should get rid of the worry of it being in the MBR. Or is it in Bios? Or can trojans, viruses, and malware even affect bios anymore? I’m lost guys, please help.

2). The banker - bkl virus is also still on the system. How do I get rid of this stuff? Please tell me my dual P4 Zeon system is not a 5 year old $6,000.00 paper weight… :cry:

Hi SaintSmitty,

When executed, this dialer drops the following files:

* C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections
  \Pbk\rasphone.pbk (New Dialup Connection)
* C:\Documents and Settings\All Users\Start Menu\del.lnk (Shortcut to Dialer Program)
* C:\Program Files\Common Files\delsim\del.exe (Copy of Dialer Program)

It then creates the following registry key:

* HKEY_CURRENT_USER\Software\Trafficjam

Under this key, it also creates a lot of other sub keys.

HOW TO REMOVE Delsim Dialer:

  1. Temporarily disable System Restore (Windows Me/XP).
    [ http://www.precisesecurity.com/how-to/ht-srxp.htm ]

  2. Download Avast! Home Edition save it to a desired location on your Hard Drive.

  3. After downloading, browse where the file was saved and double click to install it.

  4. If it prompts if you wish to “Scan after Bootup” please click Yes.

  5. After installation, connect to internet and download all necessary updates. This may take time.

  6. Reboot your computer in SafeMode
    [ http://www.precisesecurity.com/how-to/ht-smode.htm ]

  7. Run Avast! again and run a full scan.

  8. Delete all infected files.

  9. In order to make sure that the threat is completely eliminated from your computer, carry out a full scan of your computer using Online Virus Scanner. Scan at least on three different scanners.

polonus

Hi SaintSmitty,

Malware doesn’t survive a reinstall- it may well be a false positive detection of a legitimate file.

Please submit the file detected as the Delsim dialer to VirusTotal:

http://www.virustotal.com/en/indexf.html

If avast! cannot remove banker.bkl (have you tried a boot time scan, if applicable?) try DrWeb CureIT!, AVG Anti-Spyware, or an online scan with F-Secure, Panda or BitDefender.

Hi Polonus,

Thanks for the quick response. Unfortunately, I already tried what you have listed as well. I feel like I am screwed. I believe I can get rid of the Banker virus but the Delsim Dialer is becoming a real pain in the butt. I also run Windows 2K so I am not sure if it is as easy to disable the system restore.

But thanks so much for the help. Believe me, I need all I can get. If you think of anything else I am completely open to suggestion.

Hi FreewheelinFrank,

As soon as I get home from work, I will try the options you have listed as well as submitting the file to VirusTotal.

I will let both of you know how it went after tonight.

Thanks again,
Smitty

Did you restore old data that might have been infected?

What program made the Delsim identification - I think avast! would call this one Win32:Dialer-315(Trj).

Can you post the file names and paths for these detections?

Do you have a router, or are you directly connected to the internet?
What other computers are on your Local Area Network?
Are they infected?

If a virus is replicant (coming and coming again), you should:

  1. Clean your temporary files. You can use CleanUp or the Windows Advanced Care features for that.

  2. Schedule a boot time scanning with avast. Start avast! > Right click the skin > Schedule a boot-time scanning. Select for scanning archives. Boot. Other option is scanning in SafeMode (repeatedly press F8 while booting).

  3. It will be good if you download, install, update and run AVG Antispyware. Some users recommend SUPERantispyware, Spyware Terminator and/or a-squared (take care about false positives).

  4. Use the immunization of SpywareBlaster or, which is better, the Windows Advanced Care features of spyware/adware cleaning and removal.

Note: System Restore is not available in Windows 2k.

i got delsim dialer too… i searched the registry for ‘delsim’ and deleted the registry key related.
will that stop the dialer from reinstalling itself on my system ?
im using windows xp sp2.
thanks.

You’re in a better position to let us know if it comes back than we are to predict that, but it wouldn’t be surprising if it does. It seems to be a difficult one to remove completely.

Post again if you still have problems. ComboFix may have some success against this.

Did you follow my previous suggestions?

Try this http://linhadefensiva.uol.com.br/forum/index.php?showtopic=29145