If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Mystery Program Dialing Internet
Is there a way to tell what program brings up the internet dialer as soon as
my computer boots up? |
#2
|
|||
|
|||
Mystery Program Dialing Internet
There are many people who have helped this FAQ improve over time - MVPs and
newsgroup users. I thank all of you who have made the newsgroups, anti-malware websites and dedicated mailing lists into such a wonderful resource. IMPORTANT: Before trying to remove spyware, download a copy of LSPFIX from the URL below - some malware can kill your internet connection when it is removed, and this software should get things going for you again: http://www.cexx.org/lspfix.htm IMPORTANT: After obtaining the software below, make sure you check for updates and then run the programmes in safe mode. You can go to the link below to check your system for parasites (supplied by Doxdesk.com): http://inetexplorer.mvps.org/parasite.htm Malware removal (beginners guide): First, go to Control Panel, add/remove programs. Check for malware entries and use the uninstall programs. Second, get AdAware. [..Warning: AdAware is now version 6.181. All previous versions are NO LONGER SUPPORTED and will not be updated...] AdAware is available at www.lavasoft.de. Make sure you check for updates every time you use it. To be most effective, you must run AdAware while Windows is in safe mode. Modern malware uses more than one process, and these processes are 'co-dependent'. In other words, when one processes detects that the other has been shut down, it automatically restarts its sibling, often using a different name. Disable the ability of suspect processes to start automatically by using MSCONFIG (startup tab) before booting into safe mode. Use the information at the URL below as a guide: http://www2.whidbey.com/djdenham/Uncheck.htm Reboot your computer and hold down the F8 key until the boot menu options appear. Select 'safe mode'. After you are in safe mode, check to make sure the suspect processes did not start up. If they did start up, we are going to have to track down *where* they are coming from before going any further. An experienced computer technician can use programme such as AutoStart Viewer for in-depth diagnosis: http://www.diamondcs.com.au/index.php?page=asviewer While still in safe mode, and after you have shut down as many malware processes as possible, start AdAware. AdAware, when run using default settings, simply does not cope with new 'intelligent' malware. Make sure 'activate in depth scan' is enabled. Select 'use custom scanning options' and then click on the 'customize' button. Turn on the following scan options - scan within archives, active processes, registry (including deep scan), IE favorites and hosts file. You must also turn on the following option via the 'tweak' button: Cleaning engine: 'automatically try to unregister objects prior to deletion' IMPORTANT: Before letting AdAware delete malware, write down on a piece of paper exactly where the malware is stored. You will need to delete those directories after AdAware has done its work, but ONLY IF IT IS NOT A STANDARD WINDOWS DIRECTORY. After running AdAware, run it again, this time using the option 'select drives/folders to scan'. Click on 'select'. Scan your entire hard drive. Also do the following: Empty your IE cache and your other temporary file folders, eg: c:\windows\temp (if using Windows 98) or C:\Documents and Settings\name\Local Settings\Temp (the path to your temp folder will change depending on your name) - sometimes programmes can be hidden in there - watch out for mysterious *.exe files or *.dll files in those folders. Go to IE Tools, Internet Options, Temporary Internet Files {Settings Button}, View Objects, Downloaded Programme Files. Check for unusual objects there. Go to IE Tools, Internet Options, Accessibility. Make sure there is no style sheet chosen (under User Style Sheet - format documents using my style sheet). If the option is turned on, turn it OFF. It is possible to turn off third party extensions (Enable third-party browser extensions (requires restart) at IE tools, internet options, advanced) to disable *all* plug-ins but troubleshooting will be difficult and it is only a BANDAID. Nothing gets fixed. There is software that depends on 'third party browser extensions" to work, including Acrobat, Microsoft Money, and many other programmes. Once your computer is clean, and if it applies to your operating system, create a new restore point. Your old ones may, of course, be infected with the malware and therefore cannot be used. Run disk cleanup to remove old restore points (if you operating system has this option you will find it on the 'more options' tab of the disk cleanup utility). If you are still having problems: You can go to the link below to check your system for parasites and hopefully identify your problem (supplied by Doxdesk.com): http://inetexplorer.mvps.org/parasite.htm Download and run the latest version of "Cool Web Shredder" http://www.merijn.org/files/CWShredder.exe The more experienced user can try Spybot. Again, it is a free programme which can be downloaded from: http://spybot.eon.net.au/. Warning: it is NOT a good programme for the inexperienced. If you want to use this programme, please get the advice of those more experienced before 'fixing' anything that it finds. Another excellent programme that allows you to examine your system and *create a results log for experts to examine* is HijackThis, available from: http://209.133.47.12/~merijn/files/HijackThis.exe (direct download) MS have released a limited KB article regarding what they call 'deceptive software'. http://support.microsoft.com/default...b;EN-US;827315 Here is advice specific to: home page hijackings http://inetexplorer.mvps.org/answers.htm#home_page pop-up ads http://inetexplorer.mvps.org/data/popup.htm search engine hijackings http://inetexplorer.mvps.org/answers4.htm#search_engine -- _______________________________________ Sandi - Microsoft MVP since 1999 (IE/OE) http://inetexplorer.mvps.org "Randal" wrote in message ... Is there a way to tell what program brings up the internet dialer as soon as my computer boots up? |
#3
|
|||
|
|||
Mystery Program Dialing Internet
I have gone through this email and run adaware and unchecked numerous
programs in msconfig startup. I continue to have a program attempt to dial the internet immediately after start up. Is there any way to know what is calling the dialer? "Sandi - Microsoft MVP" wrote in message ... There are many people who have helped this FAQ improve over time - MVPs and newsgroup users. I thank all of you who have made the newsgroups, anti-malware websites and dedicated mailing lists into such a wonderful resource. IMPORTANT: Before trying to remove spyware, download a copy of LSPFIX from the URL below - some malware can kill your internet connection when it is removed, and this software should get things going for you again: http://www.cexx.org/lspfix.htm IMPORTANT: After obtaining the software below, make sure you check for updates and then run the programmes in safe mode. You can go to the link below to check your system for parasites (supplied by Doxdesk.com): http://inetexplorer.mvps.org/parasite.htm Malware removal (beginners guide): First, go to Control Panel, add/remove programs. Check for malware entries and use the uninstall programs. Second, get AdAware. [..Warning: AdAware is now version 6.181. All previous versions are NO LONGER SUPPORTED and will not be updated...] AdAware is available at www.lavasoft.de. Make sure you check for updates every time you use it. To be most effective, you must run AdAware while Windows is in safe mode. Modern malware uses more than one process, and these processes are 'co-dependent'. In other words, when one processes detects that the other has been shut down, it automatically restarts its sibling, often using a different name. Disable the ability of suspect processes to start automatically by using MSCONFIG (startup tab) before booting into safe mode. Use the information at the URL below as a guide: http://www2.whidbey.com/djdenham/Uncheck.htm Reboot your computer and hold down the F8 key until the boot menu options appear. Select 'safe mode'. After you are in safe mode, check to make sure the suspect processes did not start up. If they did start up, we are going to have to track down *where* they are coming from before going any further. An experienced computer technician can use programme such as AutoStart Viewer for in-depth diagnosis: http://www.diamondcs.com.au/index.php?page=asviewer While still in safe mode, and after you have shut down as many malware processes as possible, start AdAware. AdAware, when run using default settings, simply does not cope with new 'intelligent' malware. Make sure 'activate in depth scan' is enabled. Select 'use custom scanning options' and then click on the 'customize' button. Turn on the following scan options - scan within archives, active processes, registry (including deep scan), IE favorites and hosts file. You must also turn on the following option via the 'tweak' button: Cleaning engine: 'automatically try to unregister objects prior to deletion' IMPORTANT: Before letting AdAware delete malware, write down on a piece of paper exactly where the malware is stored. You will need to delete those directories after AdAware has done its work, but ONLY IF IT IS NOT A STANDARD WINDOWS DIRECTORY. After running AdAware, run it again, this time using the option 'select drives/folders to scan'. Click on 'select'. Scan your entire hard drive. Also do the following: Empty your IE cache and your other temporary file folders, eg: c:\windows\temp (if using Windows 98) or C:\Documents and Settings\name\Local Settings\Temp (the path to your temp folder will change depending on your name) - sometimes programmes can be hidden in there - watch out for mysterious *.exe files or *.dll files in those folders. Go to IE Tools, Internet Options, Temporary Internet Files {Settings Button}, View Objects, Downloaded Programme Files. Check for unusual objects there. Go to IE Tools, Internet Options, Accessibility. Make sure there is no style sheet chosen (under User Style Sheet - format documents using my style sheet). If the option is turned on, turn it OFF. It is possible to turn off third party extensions (Enable third-party browser extensions (requires restart) at IE tools, internet options, advanced) to disable *all* plug-ins but troubleshooting will be difficult and it is only a BANDAID. Nothing gets fixed. There is software that depends on 'third party browser extensions" to work, including Acrobat, Microsoft Money, and many other programmes. Once your computer is clean, and if it applies to your operating system, create a new restore point. Your old ones may, of course, be infected with the malware and therefore cannot be used. Run disk cleanup to remove old restore points (if you operating system has this option you will find it on the 'more options' tab of the disk cleanup utility). If you are still having problems: You can go to the link below to check your system for parasites and hopefully identify your problem (supplied by Doxdesk.com): http://inetexplorer.mvps.org/parasite.htm Download and run the latest version of "Cool Web Shredder" http://www.merijn.org/files/CWShredder.exe The more experienced user can try Spybot. Again, it is a free programme which can be downloaded from: http://spybot.eon.net.au/. Warning: it is NOT a good programme for the inexperienced. If you want to use this programme, please get the advice of those more experienced before 'fixing' anything that it finds. Another excellent programme that allows you to examine your system and *create a results log for experts to examine* is HijackThis, available from: http://209.133.47.12/~merijn/files/HijackThis.exe (direct download) MS have released a limited KB article regarding what they call 'deceptive software'. http://support.microsoft.com/default...b;EN-US;827315 Here is advice specific to: home page hijackings http://inetexplorer.mvps.org/answers.htm#home_page pop-up ads http://inetexplorer.mvps.org/data/popup.htm search engine hijackings http://inetexplorer.mvps.org/answers4.htm#search_engine -- _______________________________________ Sandi - Microsoft MVP since 1999 (IE/OE) http://inetexplorer.mvps.org "Randal" wrote in message ... Is there a way to tell what program brings up the internet dialer as soon as my computer boots up? |
#4
|
|||
|
|||
Mystery Program Dialing Internet
"Randal" wrote in
... I have gone through this email and run adaware and unchecked numerous programs in msconfig startup. I continue to have a program attempt to dial the internet immediately after start up. Is there any way to know what is calling the dialer? Install a firewall like zonealarm and set it up to block all traffic. Clear the logs of the firewall. Reboot your pc, and let the dialer dial! Disconnect after a few minutes and examine the logs of the firewall. It will show the program that attempts to dial, and the ip-address to which it is trying to connect. Remember that msconfig shows only programs that start when there is an entry in the registry. Auto-updaters (like windows update) are not visible with msconfig. Other programs, like rundll.exe or rundll32.exe, may be infected with a dialer. So, run an up-to-date anti-virusprogram. Grtz, TR |
#5
|
|||
|
|||
Mystery Program Dialing Internet
Great! Thanks.
"T R" .@. wrote in message l... "Randal" wrote in ... I have gone through this email and run adaware and unchecked numerous programs in msconfig startup. I continue to have a program attempt to dial the internet immediately after start up. Is there any way to know what is calling the dialer? Install a firewall like zonealarm and set it up to block all traffic. Clear the logs of the firewall. Reboot your pc, and let the dialer dial! Disconnect after a few minutes and examine the logs of the firewall. It will show the program that attempts to dial, and the ip-address to which it is trying to connect. Remember that msconfig shows only programs that start when there is an entry in the registry. Auto-updaters (like windows update) are not visible with msconfig. Other programs, like rundll.exe or rundll32.exe, may be infected with a dialer. So, run an up-to-date anti-virusprogram. Grtz, TR |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Explorer caused an invalid page fault | adam | General | 3 | July 26th 04 07:00 PM |
lost internet connection through NIC, now dials modem | Stephan | General | 4 | July 22nd 04 04:30 AM |
Windows has quit | Neil | General | 4 | July 11th 04 07:44 PM |
Internet Explorer problem | Francis Marsden | General | 8 | June 15th 04 07:59 PM |
What is dialing the internet | Randal | Internet | 2 | June 13th 04 02:28 PM |