Trojan Win32 Dialer.Ce

LittleJo

Hi,
Kaspersky tells me that I have
Trojan Win32 Dialer . Ce
which has infected
C:\Winhelp.Cm
I have AVG as an anti-virus and Symantec as a firewall, neither of which shows any problems.
I ran Housecall, AVG, Ewido, Adaware and Spybot which showed no problems.
I am on broadband, and thus should not have a problem with a dialer.
The PC seems to run OK.
What should I do?
Ignore it and consider it a 'false positive', or have a go at getting rid?
If the latter, suggestions please.
Jo

bingo_bango

Not a lot of info available on this variation, although eTrust have identified the exe files associated with it. See here.
If it's not causing any problems, I'd be inclined to perhaps leave alone, but make sure you read all you can find on it, and see if it causes any other known issues.

LittleJo

Hi,
Thanks Bingo, am I right that a dialler cannot cause problems if I am on broadband?
Jo

Chippy_Minton

No, a dialler can dial up when you are on broadband. Remember, it's an analogue sound signal - just like you can use the phone while on broadband.

Of course, the dial-up modem needs to be plugged into the phone socket for the dialler to dial up.

bingo_bango

You can disable it through Control Panel.
Right click on My Computer->Hardware tab->View Devices by Connection->Modems
When you see your modem listed, double click on it to open it's properties page. At the bottom of the dialogue box, there is an option to 'Disable this device'. This will effectively switch the modem off, and should be no instances of dialling out then.

pchelpman

From what little information you give us I can't see that this file ....

C:\Winhelp.Cm

...is of any use. It's a craftman data file only.

You need to check it. Go here....

http://www.virustotal.com/en/indexf.html

..click on the "Browse" button ..

Go to that file (above) and submit it for a scan.

Post back the results to this thread.

[In all probability it will reveal that you are OK to just delete the file. If so, that should fix the problem but we should see the results of the filescan first.]

PCH

LittleJo

Hi,
Well it looks a bit different to say the least.
Advice please!!


STATUS: FINISHEDComplete scanning result of "winhelp.chm", received in VirusTotal at 10.13.2006, 15:03:12 (CET).

Antivirus Version Update Result
AntiVir 7.2.0.30 10.13.2006 ADSPY/SuspectModule.1
Authentium 4.93.8 10.13.2006 no virus found
Avast 4.7.892.0 10.13.2006 no virus found
AVG 386 10.13.2006 no virus found
BitDefender 7.2 10.13.2006 Trojan.Dialer.CE
CAT-QuickHeal 8.00 10.12.2006 Trojan.Dialer.ce
ClamAV devel-20060426 10.13.2006 Dialer.gen-70
DrWeb 4.33 10.13.2006 Dialer.Silent
eTrust-InoculateIT 23.73.21 10.12.2006 Win32/SilentCaller.11776!Trojan
eTrust-Vet 30.3.3131 10.13.2006 no virus found
Ewido 4.0 10.13.2006 no virus found
Fortinet 2.82.0.0 10.13.2006 no virus found
F-Prot 3.16f 10.12.2006 no virus found
F-Prot4 4.2.1.29 10.13.2006 W32/Dialer.CS
Ikarus 0.2.65.0 10.13.2006 no virus found
Kaspersky 4.0.2.24 10.13.2006 Trojan.Win32.Dialer.ce
McAfee 4872 10.12.2006 Generic Dropper.o
Microsoft 1.1603 10.13.2006 Trojan:Win32/Adialer.CE
NOD32v2 1.1802 10.13.2006 Win32/Dialer.CE
Norman 5.80.02 10.13.2006 no virus found
Panda 9.0.0.4 10.12.2006 Dialer.NQ
Sophos 4.10.0 10.13.2006 Dial/TlfLic-B
TheHacker 6.0.1.097 10.13.2006 no virus found
UNA 1.83 10.12.2006 Trojan.Win32.Dialer.830D
VBA32 3.11.1 10.12.2006 no virus found
VirusBuster 4.3.7:9 10.12.2006 Trojan.Dialer.AO


Aditional Information
File size: 19787 bytes
MD5: 3004d4a86fa97930af12676df6f685c2
SHA1: 02e8b165693d7690896cc9f66527b744bb4ec6ce
packers: Unicode, UPX
packers: UPX
packers: UPX

pchelpman

Thanks LittleJo

Kapersky was right (no surprise there). This scan shows that the infection is indeed present in that file.

Go to the file ...

C:\Winhelp.Cm

...and delete it.

If everything operates now correctly as it should on your computer you must then empty your recycle bin.


If you are certain you have no more trouble you should clear out all old System Restore points then immediately create a new one so you have something to fall back on should anything go awry again. Also remember to make SR points on a regular basis.

More on System Restore ...

http://www.microsoft.com/windowsxp/using/helpandsupport/getstarted/ballew_03may19.mspx


What may have lead up to your infection …..

http://www.castlecops.com/t7736-So_how_did_I_get_infected_in_the_first_place.html


Help keep your computer free of malware …

http://www.help2go.com/Tutorials/Protect_Your_PC/Avoid_Web_Browser_Hijackers.html


If you do suffer an infection again you should first run Ccleaner to clean out your system. Get Ccleaner here but ensure you install it WITHOUT the optional Yahoo Toolbar download (you must untick/uncheck the relevant box on download) …

http://www.ccleaner.com/


Also run through this before posting a HijackThis log …

http://www.help2go.com/Tutorials/Protect_Your_PC/Get_Rid_of_Spyware%2C_Adware%2C_and_Web_Browser_Hijackers.html

PCH

LittleJo

Hi,
I followed your advice, all seems OK.
Ran Kasperky, no errors.
I checked the file with AVG and it showed as a virus. It seems odd that it finds it when checking the file but not in its' normal operation.
Am I deluding myself that AVG and Ewido offer protection or should i be paying for Kasperky et al that seem more reliable?
Many thanks for your excellent help and advice.
Jo