Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dialer.btc Infection?


  • Please log in to reply
1 reply to this topic

#1 ganda

ganda

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:33 PM

Posted 19 June 2006 - 10:38 AM

I have exactly the same symptoms as Malenko (Dialer.btc Arrrrrgh!, 9th June), but unfortunately unlike him, the removal advice didn't work.

I am normally very careful about security; I've never had a virus before. I use Win XP, SP2 + updates, Firewall enabled; AVG 7.1 Anti-Virus (Free Edition); SpywareBlaster etc. Unfortunately, last Friday I accepted an ActiveX control from what I thought was a reputable site. Since then I have been trying to eliminate some form of infection.

Symptoms
Unwanted pop-ups advertising security software, in particular "WinAntiVirus Pro 2006" from amaena.com.
Pop-ups telling me my computer is vunerable to attack etc. etc.
AVG Antivirus pop-ups every few minutes warning of a virus infection (file names & folders the same as Malenko above).

Actions so far
Ran AVG full scan. Found 4 infected files in the Temporary Internet Files\Content.IE5 folder:-

srvtte[1].exe Trojan Horse Dialer.BTB
mulbin32[1].exe Trojan Horse Downloader.Generic.ZZP
wlzip[1].exe Trojan Horse Downloader.Generic2.CXP
Y1123OA.exe Trojan Horse Downloader.Generic2.CNB

AVG quarantined these files. I continued to get pop-ups, including the AVG Virus warning about files with names like 'win68.tmp.exe' in the C:\Windows\Temp folder.

Tried to do a System Restore but all attempts to do this fail - System Restore won't work.
Used Symantec on-line scanner. This detected the following 4 files in the Temporary Internet Files\Content.IE5 folder:-

srvvoz[1].exe Trojan Horse Dialer.BTC
srvsle[1].exe Trojan Horse Dialer.BTC
srvyvg[1].exe Trojan Horse Dialer.BTC
srvjdg[1].exe Trojan Horse Dialer.BTC

The Symantec scanner claimed it had fixed the problems; it hadn't - nothing changed. Symantec said the problem was Adware.Purityscan, and gave instructions to remove it, but none of the files or Registry entries quoted were on my computer.

Downloaded AVG's 'vcleaner.exe' and ran it in Safe mode. Made no difference.

So I Googled 'Dialer.BTC' and found this site, and your reply to Malenko.

I have run ATF Cleaner, Ewido Anti-Malware v3.5, Trend Micro Housecall Scan and Panda ActiveScan. None of these programs can find anything wrong!

Help!!

I am very close to giving up and just re-formating my HDD, but the pain of doing that is holding me back. I really don't want to lose several days of my life re-installing everything yet again (did it a few months ago after installing a bigger drive). Not much fun when my Win XP Home disc is pre-SP1.

ganda

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:09:33 PM

Posted 19 June 2006 - 10:56 AM

Hi There and welcome to BleepingComputer :thumbsup:

I have read your post and I think it would be wise for you to post a HijackThis log for an expert to review.

I recommend you follow the HijackThis preparation guide which can be found here. It is important that you follow the guide closely. A number of scans will be run which may well fix your problem. As the guide says, after you have completed the scans that are recommended, please post your "HijackThis" log in a new topic in the forum found here. Please add your system infomation and also what problems you are having. Please be patient, and a HJT team member will help you to clean up your system.

David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users