Sorry if there's already been a post on this, but I couldn't see one when I searched...

Last night after running AVG, it told me there was a trojan dialer on my computer, which it has now deleted. I've run McAfee stinger since and have now installed Zonealarm, so hopefully won't get the problem again.

My question is... what is a trojan dialer - does it dial up premium rate numbers, and how am I likely to have got it? Also, will it have worked as I am on broadband and don't use a dial-up connection?

Any help greatly appreciated (in english preferably - don't understand techie talk!!)

you are correct, it dials a premium rate number to connect you to the net.

if you have broadband and no connected modem then it can't have dialled anything, so you are safe in that respect.

it could have been installed in a variety of ways. Visiting a compromised or malicously coded website, downloading an infected file (shareware or warez most likely), an unpatched windows vulnerability that can be exploited simply via your connection to the net, clicking yes to a pop up box from a website.... those are the common methods of transmission.

You might consider downloading the microsoft antispyware beta in addition to adware. AVG is anti-virus so typically doesn't detect all software of this type (although spotted this one obviously).
And ensure that you have all the latest patches that micro$oft have released.

broadband so dialer not a problem.

it does change the number you would dial (on dial up)

you could have got it by running an .exe website download zip rar file.

any number of ways

you can also get it just by visiting a website and it can install past your firewall and antivirus, thats the only reason i got one.........they use java or active x to install without user intervention as well as the usual dodgy files you download.
I say use mozilla firefox not Internet explorer cos its waaay more secure ive barely had any pop ups and no dialers while using firefox this past year

yes they cut your normal dial up connection and reconnect to a premium number, the one i had, i heard the modem cut out and start dialing again so i stopped it and checked the number.........it messed my dial up settings up for a while too FUNKING BARSTEWARDS

Turns out it's not been completely deleted after all, and is still showing up when I use the avg scan (think it's a copy file). I clean out the virus vault, but when I do another virus scan, it's back again. aargh!

I can't find the file to try delete it manually, and am trying to fine someway of wiping it. Anyone got any ideas?

It can't be doing any damage in terms of being able to dial anything, as the only connection to the phone line is the broadband modem, but I'd prefer to get rid of the damn thing!

Thanks again
R

Can you give us the exact name of the Trojan rooeliza?

There might be a removal tool for it on the Symentec website.

It is also worth running the Windows security Trojan scanner from:
http://www.windowsecurity.com/trojanscan/

I "think"!! I might have got rid of it....

Think it was called Trojan Dialer 32. I'd had a look at some websites and people seemed to be suggesting disabling your system restore, rebooting, then re-enabling it.. which I did and have run AVG twice now and it seems to be gone. (And this is probably now where you tell me that was completely the wrong thing to do and I've just bu**ered up my machine...!)

Originally posted by rooeliza
I "think"!! I might have got rid of it....

Think it was called Trojan Dialer 32. I'd had a look at some websites and people seemed to be suggesting disabling your system restore, rebooting, then re-enabling it.. which I did and have run AVG twice now and it seems to be gone. (And this is probably now where you tell me that was completely the wrong thing to do and I've just bu**ered up my machine...!)

Far from it rooeliza :)
One of the first things anyone should do is turn off System Restore if they have a virus,worm or trojan. System Restore is notorious for being a safe haven for all the nasties that are out there ;)

woohoo! Thank God for that! It does seem to have worked anyway, and when I ran the scan on the link you posted, it found nothing other than a few cookies, which have now been wiped. Thanks very much!!

Get yourself to http://www.winpatrol.com/ for the free version of Scotty.

This guards your PC and alerts you when another program tries to run or change your computer settings without you knowing. You can then decide if you want to grant permission to it.

rooeliza,

If you still have DOS, get a DOS copy of F-Prot AV (free),from the Frisk site. Has not let me down in 7 years. You can run it from a DOS box.
http://www.f-prot.com/currentversions.html

Also a little detector called Antidote(free)
http://www.vintage-solutions.com/English/Antivirus/Super/

The F-Prot site gives instructions re removal of most viruses(virii?) inc trojans.
Both have free updates.
Also Spybot-Search and Destroy is as good as Adaware.
Free again.
I have all of the above and Sygate Firewall. (free)
Microslops I dumped and have been using Opera (browser) for 7 years as this allows NO pop - ups, and stops any incorrect or bodgy cookies.(free)

ALL of the above have free updates

ooroo

you want to try
HiJack This (http://www.merijn.org/files/hijackthis.zip) or Pest Patrol.

HiJack this is possibly the best tool available for computers, and its free :)

Originally posted by The557
rooeliza,

If you still have DOS, get a DOS copy of F-Prot AV (free),from the Frisk site. Has not let me down in 7 years. You can run it from a DOS box.
http://www.f-prot.com/currentversions.html



F-Prot users might find the freeware updater for AV DEF files for Windows useful, available here...

http://www.overselfresearch.com/software/downloads/avdefsupdaterfprotdos/

or there is Art Kopf's DOS updater which I still use, at the bottom of the page here...

http://home.epix.net/~artnpeg/

works fine in Win98SE. - and runs in a DOS box.