Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 23.1.2025 / 04:47
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > win32:dialer-gen13
Show topics
 
Forums
Forums
Win32:Dialer-gen13
  Jump to:
 
Posted Message
lgparedes
Newbie
_ 		21. October 2006 @ 19:21 _ Link to this message    Send private message to this user   
I have been getting these popping up through Avast! a full system scan finds nothing, yet they keep popping up. They are trying to download through http://d.mettere.com

Here is my HjT log

Logfile of HijackThis v1.99.1
Scan saved at 21:00:59, on 21/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe
C:\Archivos de programa\Logitech\iTouch\iTouch.exe
C:\Archivos de programa\iTunes\iTunesHelper.exe
C:\Archivos de programa\QuickTime\qttask.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\PRINTV~1\pvmodule.exe
C:\WINDOWS\system32\rundll32.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Archivos de programa\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\asrupdate.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Archivos de programa\Internet Explorer\iexplore.exe
C:\Archivos de programa\iPod\bin\iPodService.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Archivos de programa\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Usuario\Mis documentos\Programas\HijackThis_v1.99.1.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.ve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - c:\archivos de programa\yahoo!\companion\installs\cpn\yt.dll
O2 - BHO: (no name) - {41CF9ACA-74DB-E7AB-D9C6-0A18A5FB6161} - C:\WINDOWS\system32\wbjbenc.dll
O2 - BHO: PrintViewBHO Class - {D4E0C464-30CE-4075-9A10-71FD106C2847} - C:\PROGRA~1\PRINTV~1\PRINTH~1.DLL
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Archivos de programa\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Archivos de programa\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Archivos de programa\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Archivos de programa\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [krsdlab.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\krsdlab.dll,nrjyroe
O4 - HKLM\..\Run: [PVModule] C:\PROGRA~1\PRINTV~1\pvmodule.exe
O4 - HKLM\..\Run: [omkvokk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\omkvokk.dll,lisbtnc
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [asrupdate.exe] C:\WINDOWS\system32\asrupdate.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O15 - Trusted Zone: www.e-rol.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3E410F8E-7EDC-4E91-B7A8-BFA00E3803D2} (EROL v 4.0.15) - http://www.e-rol.com/cabs/EROLProj1.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {56393399-041A-4650-94C7-13DFCB1F4665} (PSFormX Control) - http://www.pestpatrol.com/pestscan/pestscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\ARCHIV~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\k408ledu1h08.dll (file missing)
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\Vfar332.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: wineil32 - C:\WINDOWS\SYSTEM32\wineil32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Archivos de programa\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Archivos de programa\Archivos comunes\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Archivos de programa\iPod\bin\iPodService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe
[ + quote]
Niobis
Senior Member
_ 		23. October 2006 @ 14:24 _ Link to this message    Send private message to this user   
Hello lgparedes,

Go here and download Spybot Search and Destroy.

* After installing, open Spybot.
* Click "Check for Updates".
* Click "Search for Updates".
* Select all and click "Download Updates".
* After updating, close Spybot. We will run the scan on safe mode.
*Note*: Print or copy these instructions to Notepad and save them. You will be in safe mode and can't access the internet.
* Restart your computer in safe mode(press F8 upon boot, select "Safe Mode" from menu and press Enter).
* Open Spybot.
* Click "Check for Problems".
* When it finishes, click "Fix selected problems".
* Right click and select "Copy results" (not full report)
* Paste them into Notepad and save them.

Show hidden files and folders.
Control Panel > Folder Options > View tab > check "Show hidden files and folders".

Locate and delete these files(if found):
C:\WINDOWS\system32\krsdlab.dll
C:\WINDOWS\system32\omkvokk.dll
C:\WINDOWS\SYSTEM32\wineil32.dll
C:\WINDOWS\system32\wbjbenc.dll
C:\WINDOWS\system32\asrupdate.exe
Please tell me if you were not able to find or delete any of those.

Run a scan only with HijackThis, check these(if there):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {41CF9ACA-74DB-E7AB-D9C6-0A18A5FB6161} - C:\WINDOWS\system32\wbjbenc.dll
O4 - HKLM\..\Run: [krsdlab.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\krsdlab.dll,nrjyroe
O4 - HKLM\..\Run: [omkvokk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\omkvokk.dll,lisbtnc
O4 - HKCU\..\Run: [asrupdate.exe] C:\WINDOWS\system32\asrupdate.exe
O4 - Startup: .protected
O4 - Global Startup: .protected
O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\k408ledu1h08.dll (file missing)
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\Vfar332.dll (file missing)
O20 - Winlogon Notify: wineil32 - C:\WINDOWS\SYSTEM32\wineil32.dll

Close all windows except HijackThis then click "Fix checked".

Restart in normal mode.
Post back with the Spybot log and a new HijackThis log.

[ + quote]
Don't be fooled any longer.
http://www.youtube.com/watch?v=BUtbGYgsIu4&feature=related
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > win32:dialer-gen13
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork