Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Highjacked Modem

  • Please log in to reply
3 replies to this topic



  • Members
  • 96 posts
  • Gender:Male
  • Location:milwaukee pc. Milwaukee Wisconsin.
  • Local time:05:11 AM

Posted 23 January 2006 - 05:49 PM

After recently discovering 'UnSpy PC' on my computer I spent hours in safe mode tracking it down
and deleteing it by following great instructions from a BleepingCom;uter page. Unfortunately, the
modem was also taken over and now everytime I try to go online I'm asked if I want to install a
program that connects me to a 900 number to get on the internet for an initial charge of 40 dollars
plus the per minute fee of the number. Can someone please tell me how to find the controlling program and get rid of it. Do I need to post a 'Highjack This' log? Any help will be appreciated.

Edited by jgweed, 23 January 2006 - 06:21 PM.

BC AdBot (Login to Remove)


#2 -David-


  • Members
  • 10,603 posts
  • Gender:Male
  • Location:London
  • Local time:12:11 PM

Posted 23 January 2006 - 06:19 PM


It would appear that you have not totally removed your infection. Unspypc may or may not have been fully deleted from your system, and this may be causing connections to strange IP addresses. On the other hand, you may just be left with other malware (malicious software) that is infecting your PC/modem. You might have a dialer that is trying to connect you to a porn site for an incredibly high fee.

I have read your post and I think it would be wise for you to post a HijackThis log for an expert to review. I bet you are wondering what HijackThis is. Well it's a program that is simply able to show others what's going on inside your computer, in terms of infection etc..

I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem.

As the guide says, after you have completed the scans that are recommended, please post your "HijackThis" log in a new topic in the forum found here. Please add your system infomation and also what problems you are having. Please wait for a few days and one of our experts will get onto fixing your computer for you.


#3 Leurgy


    Voted most likely

  • Members
  • 3,831 posts
  • Gender:Male
  • Location:Collingwood, Ontario, Canada
  • Local time:06:11 AM

Posted 23 January 2006 - 06:54 PM

I would suggest using a-squared free. They also have a trial of the full version. That program is specific to Trojans and Dialers like you seem to have.

When the only tool you own is a hammer, every problem begins to resemble a nail. Abraham Maslo

**** We use our powers for good, not evil ****

 Trying to remove your data from the web is like trying to remove pee from a swimming pool

#4 Papakid


    Guru at being a Newbie

  • Malware Response Team
  • 6,649 posts
  • Gender:Male
  • Local time:05:11 AM

Posted 24 January 2006 - 12:12 AM

UnSpy PC is usually connected to Wareout that mutates constantly, uses random filenames and has to be pried out of the registry with a crowbar along with hijacking DNS. So unfortunately automated scanners don't help much.

So your best bet is to follow David's suggestion. There is a special removal tool for the new variant that just came out that needs to be used in combination with HijackThis. Be sure to mention UnSpy PC when you post your log.

However, running a-squared free will help if you do have a dialer and is a good addition to preparing for a HijackThis post. But what sounds like a dialer is probably the DNS hijack that can be fixed with HijackThis and some tweaking.

The thing about people

is they change

when they walk away.--Mipso

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users