I have an AMD sempron 2400+ with asus mother board on winxp home platform protected by avast antivirus.
Yesterday avast detected win32:dialer-520 [trj] infected my system. I tried to remove it by invoking a command delete from the message screen. It was not able to remove it since it was in the system background. I then forced a boot time scan. During the boot time scan it was able to catch and delete it. After the system got booted,again the trojan started appearing again and again. Since I am not able to delete it, I choose ‘no action’ to temporarily suspend that appearing. After a few minutes, it appears again.
Can some expert help me in getting rid of the trojan. Since Avast is able to detect, I am sure it will heal it. Expecting an advice.
Ewido is very good at removing dialers … Spybot-Search & Destroy also cures some dialers.
Also, if you do not remove it with David’s suggestions above, please post the complete location of this dialer as this will give us some more ideas of how to rid your computer of this dialer … or why it is returning.
I dont know where it stays. But when it appears it is from the following folder
d:\documents and settings\pscraja\local settings\temp internet files\
Avast located it from d: \windows\temp\win396.temp.exe for the first time
I had deleted all temp files using ccleaner.
Today when I checked there are many files The latest one which is jus on my screen is from :
d:\windows\temp\win1d.exe[upx]
the earlier one was win1c.exe.
Since you are running XP then I would suggest that you disable the System Restore function in windows as that is a place alot of nasties can hide and respawn from after you have removed them. Once you disable system restore and then delete all temporary internet files, run whatever anti-spyware program you are using and then reboot and re-run the antispyware program again to ensure the unwanted programs are truly gone. If the system comes back clean then re-enable your System Restore function.
A good program to try would be Webroot Spysweeper. I have found that it detects and removes more nasties than most others and is alot safer to your registry than alot of the other solutions out there.
I think what you say is true. Yesterday I used ewido anti malware and it found a dialer entry in winpoet which is a dialer for one of the service providers for our broad band cable. It removed a few others from other files. Avast also cleaned some of the entries in the temp. internet files folder and windows temp folder.
I have two main doubts.
I tried to turn off the system restore function, it says that all the existing restore points would be deleted. Is it possible to turnoff the restore function without running the risk of losing all the previous restore points?
If I turn my system to a previous restore point on which my system was free from this trojan, would it solve the problem.
Ewido does find dialers in ISP dial up programs: it also detects my British Telecom dialer as malware. This is a false positive.
Turning off system restore will result in all the all the restore points being deleted on reboot.
Restoting the system will possibly disable Trojans if their start up entries are not in the restored registry, but you may reactivate malware which you removed but which is present in the restored files.
If you can post a HijackThis! log, we can disable and remove the Trojan:
1. I tried to turn off the system restore function, it says that all the existing restore points would be deleted. Is it possible to turnoff the restore function without running the risk of losing all the previous restore points?
1.turning off system restore will delete all the restore points
2. If I turn my system to a previous restore point on which my system was free from this trojan, would it solve the problem.
2.yes. turning off system restore deletes all the files in the system restore folder.
so the trojan also deleted.you can always create a restore point after turning on the system restore.