minidialer

Status
Not open for further replies.
A

albela

Baseband Member
Messages
21
when i run sbybot D&D i get an entry as follow:
EGroup
RAS Profile
HKEY_USERS\S-1-5-18\RemoteAccess\Profile\minidialer
HKEY_USERS\S-1-5-20\RemoteAccess\Profile\minidialer
HKEY_USERS\S-1-5-19\RemoteAccess\Profile\minidialer
HKEY_USERS\.Default\RemoteAccess\Profile\minidialer

Spybot can't remove them because they are running in memory so it asks if it should run during startup. I say yes, it does but they still don't get removed becasue its still running in memory.

Not only that when Spybot is running during startup a lttle window comes up bottom left that say "Hi". After start up if you click on this it disappears.

Anyone knows how i can take this thing off?
Thanks.
 
Reboot into safe mode (press F8 before the Windows splash screen) and then run Spybot.

Also, if you don't have Microsoft Anti-Spyware already, I suggest you do. More Anti-Spyware scanners are always better.
 
even tried the following i got off some forum and its still not working
Go to Start->Run and type in notepad. Hit OK. Then
copy and paste the following into Notepad:

REGEDIT4

[-HKEY_USERS\S-1-5-18\RemoteAccess\Profile\minidialer]
[-HKEY_USERS\.DEFAULT\RemoteAccess\Profile\minidiale
r]

Then go to File->Save As and type in "delete.reg" with
the quotes and hit Save.

Double click on delete.reg and choose 'Yes' to merge
it. Click OK. Delete the delete.reg file now.
 
i redid it for you those are four seperate keys

Go to Start->Run and type in notepad. Hit OK. Then
copy and paste the following into Notepad:

Code: 
REGEDIT4

[-HKEY_USERS\S-1-5-18\RemoteAccess\Profile\minidialer]
[-HKEY_USERS\S-1-5-20\RemoteAccess\Profile\minidialer]
[-HKEY_USERS\S-1-5-19\RemoteAccess\Profile\minidialer]
[-HKEY_USERS\.Default\RemoteAccess\Profile\minidialer]
Then go to File->Save As and type in "delete.reg" with
the quotes and hit Save.

Double click on delete.reg and choose 'Yes' to merge
it. Click OK. Delete the delete.reg file now.
 
if you would like i will look at your HjT log for you

First, create a folder for HijackThis in the root folder of your hard drive so it can make proper backups

example

C:/HJT/
C:/hijackthis/

next


Click here to download Hijack This. 1.99.1 Save it to the folder you have just created

Close all open windows and open HIJACK THIS. Click “Scan” . When the scan is finished (it only takes a second), the scan button will change to“Save Log”. Click on“Save Log” and save it to NotePad. Copy the entire log and paste it here.

DO NOT FIX ANYTHING YET , most items that appear in the log are harmless or even needed. Wait for someone to analyze the scan and advise.

we can see a little better whats going on with your computer
 
Thanks. Here it is. BTW the reg change did not work.

Logfile of HijackThis v1.99.1
Scan saved at 5:19:23 PM, on 5/7/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\wp.exe
C:\Program Files\Microsoft Office\Office\Msoffice.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - Global Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O8 - Extra context menu item: Download &All by FD - C:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - C:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {047CE197-F3B0-40EE-B4BD-D8B388AB5EFD} - file://C:\Recycled\697940.exe
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115510709947
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) - http://www.bitdefender.com/scan/Msie/bitdefender.cab
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
 
Be sure to look this solution over before you begin. There are a some item(s) i'm not familar with. If you recognze any, then just omit them from this fix.

===============
Please print out or copy this page to Notepad. Make sure to work through the fixes in the exact order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes. You should 'not' have any open browsers when you are following the procedures below.

Go to My Computer->Tools/View->Folder Options->View tab and make sure that 'Show hidden files and folders' (or 'Show all files') is enabled. Also make sure that 'Display the contents of system folders' is checked. If you have Windows XP, the search feature is a little different. When you click on 'All files and folders' on the left pane, click on the 'More advanced options' at the bottom. Make sure that 'Search system folders', 'Search hidden files and folders', and 'Search subfolders' are checked.

For the options that you checked/enabled earlier, you may uncheck them after your log is clean. If we ask you to fix a program that you use or want to keep, please post back saying that (we don't know every program that exists, so we may tell you to delete a program that we think is bad to keep).


Download, unzip to your desktop CWShredder and run it, then:

1. Click "Check For Update" make sure your version is 2.14

(If an update isn't available, skip to step #4.)

2. Click "Click here to Download the upate".
3. When the new version has been downloaded, click "Save".
4. Click "Fix ->"


===============
reboot into "Safe Mode".


Go to Add/Remove programs and remove(uninstall) the following, if present:

Security iGuard

The above could appear anywhere within the entry. Be careful not to remove any personal or system software.

===============

Run HiJackThis then:

1. Click "Config..."
2. Click "Misc Tools"
3. Click "Open Process manager"

-

Next, while holding down the CTRL key, locate (if present) and click on (highlight) each of the following:

C:\wp.exe

Now double-check and make sure that only those item(s) above are highlighted, then click "Kill process". Now, click "Refresh", check again, and repeat this step if any remain.

===============

Run HiJackThis and click "Scan", then check(tick) the following, if present:


R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://216.65.101.250/sbms/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = c:\windows\SYSTEM\blank.htm

O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe

O16 - DPF: {047CE197-F3B0-40EE-B4BD-D8B388AB5EFD} - file://C:\Recycled\697940.exe


Now, with all windows closed except HiJackThis, click "Fix checked".

===============

Locate and delete the following item(s), if present. Make sure your able to view system and hidden files/ folders:

folders...

C:\Program Files\Security iGuard
C:\Recycled

files...

C:\wp.exe


===============

Post back a new log, and let me know how everything goes.

-

Lobos.
 
ok, i think i did what you said. i still have my desktop showing as a black webpage saying "Warning you are in danger" blah blah. Also when i go to display it does not have a tab for desktop background. computer is slow too and i am wondering if i have killed something i am not supposed too.

i don't trust this prog. even whhen i close it comes back on its own: INETINFO.exe


Logfile of HijackThis v1.99.1
Scan saved at 12:03:51 AM, on 5/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\Msoffice.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\utility.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\HJT\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office Shortcut Bar.Lnk = C:\Program Files\Microsoft Office\Office\MSOFFICE.EXE
O4 - Global Startup: Belkin 802.11g Wireless Card Utility.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: Download &All by FD - C:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx2.htm
O8 - Extra context menu item: Download with &FD - C:\PROGRAM FILES\FRESHDEVICES\FRESHDOWNLOAD\fdiectx.htm
O12 - Plugin for .bcf: C:\PROGRA~1\INTERN~1\Plugins\NPBelv32.dll
O16 - DPF: {22D6F312-B0F6-11D0-94AB-0080C74C7E95} (Windows Media Player) - http://activex.microsoft.com/activex/controls/mplayer/en/nsmp2inf.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1115510709947
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
 
The reg file should set your desktop back to normal

download the following reg file to your desktop by right clicking on the link, and selecting save as.

http://www.bleepingcomputer.com/files/reg/smitfraud.reg

Once it has downloaded, double-click on the smitfraud.reg file on your desktop and when it asks if you would like to merge the data, click on the Yes button.

Reboot your computer and you should now be able to change your desktop settings back to how you would like it. If your desktop still looks strange, go into your display properties and click on the Themes tab. Change the theme to Windows XP and you will now be using the default Windows XP settings. Then change them as you see fit.

The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! http://cleanup.stevengould.org/ (Alternate Link if main link don't work - http://www.greyknight17.com/spy/Cleanup.exe ) and install it. Run CleanUp! and click on CleanUp! button. When it asks you if you want to logoff, click on Yes.

Lobos
 
Status
Not open for further replies.

Similar threads

R
Suddenly there is no display on the computer
Replies
8
Views
909
Flowace
Flowace
R
windows upgrade nightmare (dell laptop from home to pro win11)
Replies
8
Views
1K
camilasaunder89
C
cliffhucker
Win 10 very slow startup
2
Replies
13
Views
2K
tehnokraat
T
P
I. T. Industry Boom
Replies
0
Views
739
phantom555
P
M
Management Systems for Administrative and Analysis Tasks?
Replies
2
Views
1K
marwa
M
Back
Top Bottom