is this spyware?
Home > Home Recording Forum > Computers & Software > is this spyware?
Posted on May 31, 2004 01:20 pm
fortymile
Member Since: Jan 18, 2003
i have a weird computer problem. every few hours, dialer.exe pops up and tries to make an outgoing call. this is driving me MAD. i would like to make it stop. anyone ever seen this before? i ran some spyware sweeps...i have ad-aware here...but i'm not sure what i'm lookin' for.
[ Back to Top ]
flame...bringing sexy backMember
Since: Jul 01, 2002
May 31, 2004 01:30 pm ive had that, itll try and dial a premium number instead of your normal internet connection, and charge ya shedloads.
is adaware finding anything? if not search for dialer.exe from the start menu and try temporarily removing that (just in case its important)
* legal note *
if your pc bursts into flames as a result of flame, he lives nextdoor...
May 31, 2004 01:44 pm Yes, find dailer.exe and see where it is at on your hard drive, if it's in a program folder or whatever may give you some answers...sounds VERY suspicious to me...
Standard advice, run Adaware and/or Spybot Search and Destroy. I prefer Adaware myself for this kind of thing.
WillumIdiot.Member
Since: Apr 22, 2004
May 31, 2004 02:28 pm that is MEGA nasty, and what's worth there is absolutely no way to get the money back for all those premium-rate calls... particualiry nasty!
May 31, 2004 03:38 pm it never connects to anywhere, because my computers are connected through a cable modem and not a phone line. it's not really a big deal, but it is an annoyance.
anyway, i tried what you guys suggested, and i think i see the problem. turns out dialer.exe is inside a folder called 'windows NT'. i use windows xp. at first i had no idea where this folder came from, but now i recall installing a bit of NT freeware by accident a few weeks ago. i think it was a screensaver or something. i'm trying to figure out what happened still. but the dialer.exe program is in the NT folder and in the windows prefetch folder. is the prefetch the thing that forces the program to start up? maybe i could just eliminate the link from that folder and it will stop acting up?
i think the reason i can't determine what i installed is because i already UNinstalled it. and somehow the NT folder remained.
i'm really confused.
flame...bringing sexy backMember
Since: Jul 01, 2002
Jun 01, 2004 04:00 am just delete the dialler.exe thng, and that should be enough id imagine...
Jun 01, 2004 05:46 am Perhaps, but if it's fireing off every few minutes I suspect there is also a service runnings and prolly a registry entry or something too...it would be nice to get rid of everything...
flame...bringing sexy backMember
Since: Jul 01, 2002
Jun 01, 2004 05:49 am oh yeah, i knew that...
MauzgrrrrrrrMember
Since: Mar 29, 2004
Jun 01, 2004 09:00 am format hard drive
Jun 01, 2004 09:03 am That's sort of overkill for spyware innoculation, but it would get rid of it I suppose...
flame...bringing sexy backMember
Since: Jul 01, 2002
Jun 01, 2004 12:15 pm buy a new machine! burn old one to avoid futher infection!
Jun 01, 2004 01:21 pm what happens if you just delete it? if a services box is checked and theres a registry entry and you kill the target .exe, thats a bad thing to do cause then mr computer gets all confused right?
what the hell is prefetch!
Jun 01, 2004 01:42 pm Quote:
what the hell is prefetch!
Taken From Microsoft Website:
Windows XP monitors the files that are used when the computer starts and when you start applications. By monitoring these files, Windows XP can prefetch them. Prefetching data is the process whereby data that is expected to be requested is read ahead into the cache. Prefetching boot files and applications decreases the time needed to start Windows XP and start applications.
This information is logged and stored on your hard drive taking up space and requiring a process to be kept running monitoring which applications are being run. This has a performance impact on your PC. Disabling the Prefetch function or at least only enabling it for the Boot Files will allow you to free up some system resources and preserve some disk space.
If you just delete it it will still stop the exe from running, but personally, I like to run a lean and clean registry. Messy registries can really be a pain in the *** some times. As you install and uninstall stuff things get added, removed and some get left behind and start making probs somewhere else...it's a drag...
Jun 01, 2004 02:13 pm i agree. i've had BIG problems with a messed up registry before.
thanks for the tip though. i can't think about this now. i'm going to just tolerate dialer.exe for a while until it makes sense.
TadpuiI am not a crook's headMember
Since: Mar 14, 2003
Jun 01, 2004 03:08 pm Did you ever end up updating and running Adaware? It could either be spyware, or I read about a virus with similar symptoms: securityresponse.symantec...r.dialpass.html
Jun 01, 2004 04:34 pm that's not it. i don't get an option to connect. dialer.exe just tells me it's dialing a test number, and proceeds to do so.
i ran adaware, but nothing looked like the culprit. a lot of it i couldn't interpret anyway.
Jun 01, 2004 04:45 pm I'd get rid of it, it could rack up long distance charges like you wouldn't believe...it's happened before...I would just delete it and be rid of it, then hunt down all the other crap when you have time...priority 1 is to get rid of the dialer. maybe zipit up and keep it incase it does something weird to your PC you can unzip it and put it back so you can at least use your PC.
Then go to spywareinfo.com somebody there prolly knows what it is.
Jun 01, 2004 05:12 pm i'm not connected to a phone line. no danger of being charged.
ill sequester the .exe file and see what happens.
pjkPrince CZAR-mingMember
Since: Apr 08, 2004
Jun 02, 2004 10:57 am You could watch the services and see if one uses more CPU cycles when the dialer starts. CTRL-ALT-DEL, then task manager, processes.
I'd also go into msconfig and temporarily disable anything fishy in the startup tab. Then if there's no dialup, start putting them back in one by one, till the prob re-appears.
Jun 02, 2004 02:18 pm excellent ideas pjk! today i have the task manager up and ready to look at whenever dialer shows its ugly face.
riffgodwww.charlienaebeck.comMember
Since: Apr 10, 2004
Jun 03, 2004 06:32 am Heh heh,
well, to be honest I actually deal with that sort of stuff on a daily basis as I work for an ISP for the day job til I can get the studio off the ground full time. ;)
Do you know when you first encountered this program trying to dial out? Do you get any type of pop up ads, redirected home pages, or different icons on your desktop that you aren't used to?
If you have XP, I would go with a system restore because it will restore your registry settings where the little "bugger" buried its self in your system. Just make sure that you don't have any other programs, or hardware that you have recently installed since it started happening caus a system restore will take those out also and you'll have to re-install them. It does not however hurt program data like regular documents, pictures..etc.etc.. just programs and bugs. :)
1. Go to Start
2. Click on Run
3. Type in msconfig
4. click on "launch system restore" at the bottom of the window.
5. click on the option for "I want to restore my computer to an earlier time".
6. Click Next
7. You'll get a calendar with a whole bunch of bold dates on it. You want to select one that is slightly before when you got the bug on the system just to be on the safe side. Note: it has to be a bold date (system checkpoint).
8. Click Next
9. It tells you that you're going to restore your computer to the date you selected and that whatever you do can be reversed if needed.
10. Click Next
11. You will see the system restore go and do its thing and then the computer will automatically restart its self.
12. When the computer re-boots its self you'll be able to log back into windows if you have it prompted for a windows login, and then it will say "system restore complete".
13. Click Ok on this option and you should be free of the bug.
If it still comes up, do a scan of your Hard drive with a good anti-virus program like Norton, Mcafee, or what not and make sure you don't have a worse prob. If this finds nothing, try restoring just a little further back with the system restore.
If it still doesn't work, no matter how many restores that you do and what not, or if you have a virus on the computer. Make sure that you back up all important files (as long as they are not infected) and go with the re-format of your hard drive. If you do happen to have to go with the re-format I would reccomend to re-do your partitions on your drive when you do due to the fact that the old partitions will most likely still have the bug hiding in them.
P.S. Might want to print this message before attempting any of the above. ;) lol I hope this helps. peace
riffgodwww.charlienaebeck.comMember
Since: Apr 10, 2004
Jun 03, 2004 06:42 am Double P.S: Most of the spyware/adware/viruses now days are caught from not having networks secured. Unfortunately the higher the speed your ISP provides to you, the faster that you can download things like this onto your system.
I would highly advise to anyone to install a good security package like Norton Internet Security, or Mcafee on your computers with a good anti-virus software and a good firewall. Now days technology is getting out of hand and there are more and more spammers/mischief makers out there that are tech savvy.
Jun 03, 2004 06:53 am Depending how long the app has been on your PC, it could be in your restore points as well.
riffgodwww.charlienaebeck.comMember
Since: Apr 10, 2004
Jun 03, 2004 07:13 am yep, I have talked to some folks before where we went back to their farthest system check point and it still wouldn't take out the sypware caus it was before the last system restore checkpoint. Sometimes a good old re-format is best unfortunately.
Jun 03, 2004 02:45 pm i have a full mcaffee antivirus package. when i do a sweep it finds nothing, and the 'questionable programs' it points out dont really make me suspicious. i'll try restore points today.
and no. no popups or redirected home pages or icons.
Jun 03, 2004 02:49 pm anti-viruses won't often find spyware, cuz they are not "viruses"...
Search your registery for "cws" and for "sah" just for yuks...
Jun 03, 2004 04:30 pm mcaffee pointed out questionable programs, though. i hear it uses heuristics to check .exe files and look for suspicious commands. that is, while it screens for viruses against known definitions, it also has some fuzzy rules built in that lets it look for behavior reminiscent of hijackers and such.
but what do i know.
db what do those abbreviations mean?
riffgodwww.charlienaebeck.comMember
Since: Apr 10, 2004
Jun 06, 2004 05:22 am yeah, unfortunately Mcafee and Norton will not catch any spyware bugs as they aren't on the virus "list" so to speak that both programs search from on your computer. Both companies don't consider spyware to be a virus like DB mentioned. Did any of the restore points work out to take it out?
You could also try a registry clean-up as I have heard those work well for spyware. I am not sure how you go through one though as the company I work for for the day job thing doesn't let us do those. A lot of people tell me it works well though.
You could also try repairing IE or trying an alternate browser if you've gotten an IE hijack so to speak there.
Jun 29, 2004 05:55 pm There are several freeware programs you should probably run before giving up hope.
Ad-Aware: I know everyone has been mentioning it, and I know you have already run it, but make sure to run the full hard-disk check ("select drives\folders to scan" and select all hard drives) vs. just the "perform smart system scan". Also, make sure to check for updates every time you run it, as it is updated almost daily!
Window Washer: Another freeware program that just deletes all temporary files that you don't use anyway (and, as a side item, also removes logs of what you have been doing/where you have been surfing, you bad boy you...).
Registry Mechanic: I just started using this program, (once again, free) but I liked it so much that I actually paid for the full version! I haven't run in to any problems with it whatsoever and, even on my relatively new and well-kept system, it found over 200 different errors in my registry/icons/shortcuts/etc. It really is a great program.
Other than that, I'd say the last step would be to edit your "Services". To do this, right-click on "My Computer" (usually found on the desktop) and select "Manage". A window should pop-up called "Computer Management" with a list of different tools and whatnot on the left side. Select "Services" and the right side of the window should display every service your computer is running, or is capable of running. Now, don't just start turning things off, because you can run into some particularly nasty problems if do, but you can pretty easily find things that shouldn't be there just by the names. You can right-click on any service and go to properties, where you can either temporarily stop the service or permanently disable it from running all together.
Hope this helps! If not, a good old-fasioned reformat/install is always good to do a couple of times a year anyway!
Jun 29, 2004 07:48 pm ah, forget it. the knowledge needed is beyond me.
i might check out registry mechanic. that sounds very cool. but i know nothing about how to read the registry, so i fear i'll tell it to do bad things.
olddogMember
Since: Jul 02, 2003
Jun 29, 2004 08:12 pm do a search for ia.dll if you find it delete it (should be in the system32 dir if it's there). the dialer exe you've found is a part of XP.)
Jun 29, 2004 09:32 pm not there.
i'm just going to live with it.
thanks, though. where's that bottle of JD.
Dec 31, 2004 04:10 pm tired of living with it.
anyone know of a friendlier spyware help forum than spywareinfo.com? those folks seem a bit totalitarian over there. i just need to chat with someone about this. computer has absorbed several new data harvesters and malware items and a fully-updated ad-aware doesn't seem to remove them. so i just want to find a friendly board where i am not going to be yelled at for asking simple questions.
Dec 31, 2004 04:33 pm Why totalitarian? I have gotten nothing but fast and accurate help over there myself...whats up?
Dec 31, 2004 04:40 pm well i just find all the rules daunting. have you read that FAQ? i wanted to start by asking some simple questions. last time, i recall, they didn't like that.
Dec 31, 2004 04:46 pm Have you seen how short people get on many forums (HRC included) when people keep asking the same question over and over and over again? That why FAQ's are created :-)
Dec 31, 2004 07:47 pm i know but these guys use lots of scary exclamation points and bold, underlined red words.
