My dial-up connection keeps on getting hijacked!



ACP in JHB SA
07-10-2005, 02:51 AM
For the past couple of days, every time I open the dial-up connection box,
there is an unrecogocnizable user name and a telephone number. I put it back
to the correct settings, make my connection and exit, but next time the user
name and telephone fields have again been overwritten. I have tried deleting
that connection and creating a new one with a different name (but obviously
the same data in the user/password/telephone number fields), but the same
thing happens. Obviously I have picked up some unwelcome bug/virus/whatever,
but how do I get rid of it. Norton AntiVirus finds nothing, and Aluria
Spyware Eliminator finds nothing. Can anyone help? If you can and do -
thanks!

Malke
07-10-2005, 02:51 AM
ACP in JHB SA wrote:

> For the past couple of days, every time I open the dial-up connection
> box,
> there is an unrecogocnizable user name and a telephone number. I put
> it back to the correct settings, make my connection and exit, but next
> time the user
> name and telephone fields have again been overwritten. I have tried
> deleting that connection and creating a new one with a different name
> (but obviously the same data in the user/password/telephone number
> fields), but the same
> thing happens. Obviously I have picked up some unwelcome
> bug/virus/whatever,
> but how do I get rid of it. Norton AntiVirus finds nothing, and
> Aluria
> Spyware Eliminator finds nothing. Can anyone help? If you can and do
> - thanks!

Is your NAV a current version, not earlier than 2003? Are the virus
definitions updated? Did you do the scan in Safe Mode? After the WhenU
fiasco, Aluria is not recommended as a spyware removal tool.

Go through the following malware steps. First delete all Temporary and
Temporary Internet Files. For IE's Temporary Files, go to Control
Panel>Internet Options>General tab. You'll see where you can delete
cookies and files. For Firefox, clear its cache by going to
Tools>Options>Privacy>Cache> Clear. For Windows Temporary files,
Start>Run cleanmgr [enter]. Then follow these detailed malware removal
steps, doing everything with updated tools in Safe Mode. You can find
all the links to referenced programs and sites on my website here:

http://www.elephantboycomputers.com/page2.html#Removing_Malware

1) Scan in Safe Mode with current version (not earlier than 2004)
antivirus using updated definitions.

Before you remove malware, get LSPFix or WinSockFix for XP - see links
below.

2) Remove spyware with Spybot Search & Destroy and Ad-aware. These
programs are free, so use them both since they complement each other.
There is a new version of CWShredder from Intermute. I would not
install the other Intermute programs, however. Alternately, there are
CoolWebSearch malware removal steps at SilentRunners.

Be sure to update these programs before running, and it is a good idea
to do virus/spyware scans in Safe Mode. Make sure you are able to see
all hidden files and extensions (View tab in Folder Options).

If the malware remains even after you used Ad-aware and Spybot, you can
scan with HijackThis. HijackThis is an excellent tool to discover and
disable hijackers, but it requires expert skill. See the links on my
website for a HijackThis tutorial and places where you can post your
HJT log. Again, this is an expert tool and novices should get help
with it.

3) If you are running Windows ME or XP, you should disable/enable System
Restore after the system is clean because malware will be in the
Restore Points. With ME, you must disable System Restore completely.
With XP, you can delete all but the most recent (presumably clean)
System Restore point from the More Options section of Disk Cleanup
(Run>cleanmgr).

4) Make sure you've visited Windows Update and applied all security
patches. Do not install driver updates from Windows Update.

5) Run a firewall.

Malke
--
MS-MVP Windows User/Shell
Elephant Boy Computers
www.elephantboycomputers.com
"Don't Panic"


My dial-up connection keeps on getting hijacked!