Grrrr. I've been Trojan Horsed!

Shop deals on ebay
Advertise with us
sauter shop
UKworkshop.co.uk

Help Support UKworkshop.co.uk:

This site may earn a commission from merchant affiliate links, including eBay, Amazon, and others.
Evergreen

Evergreen

Established Member
Joined
12 Jan 2006
Messages
531
Reaction score
1
Location
Hampshire
Hi all.

Just before Christmas, a Trojan Horse (I believe it was called Musah? or something similar) slipped past my Norton AV and planted the Sfonditalia dialer in my PC. This dialer tried to connect me to an Italian "adult entertainment" site as soon as I booted up. My daughter is an IT techie-in-training and tried to chip this thing out but it was a persistant little devil. It had disguised itself as a file called "Daily weather report" and was hiding in the hard drive. In the end, we uninstalled everything and then reinstalled it afresh - what a pain.

I've just had my BT phone bill for that period and found that although I never actually received any Italian "adult entertainment", the dialer did manage to dial a series of 070 numbers which I've never heard of. At a cost of about £25, more's the pity, but it could have been a lot worse. I was on dial up when this happened but I'm getting broadband next week - hooray!

I always try to learn from bad things. If this happens again, should I go for a total clean out and reinstall right from the start, rather than trying to delete the specific dialer or whatever? I'd be grateful for any advice.

Many thanks.
 
I will be intersted to hear the advice as my AV has blocked two of these so far this year.

Bean
 
Ring BT and get any premium rate numbers blocked for a start?

Adam
 
You need a firewall especially on broad band it asks you if this new program can access the net and your network if you have one, you can say no, yes this once, or yes don't ask again. They also block incomeing if you set it up, like ms messenger.I have zonealarm its free
 
And if you go broadband - unplug the phone line from the modem,as
1)You don't need it anymore
2)If you get any diallers,they can't dial anything

Andrew
 
I got a trojan on mine the other day - not a dialler though, just a nuisance thing mainly. It got past Zone Alarm Internet suite. Zonealarm scan picked uip just the one spyware but couldn't neutralize it. Zonelabs Virus centre didn't even recognize the variant.

I used other software with the following results:

pctools : Found 24 spyware but won't treat them unless you buy.

LAvasoft Adaware : Found 64 spyware. Cleaned all and free to boot.

I thought Zonealarm was highly rated, but Adaware leaves it in the dust (at least for sniffing out spyware/malware).

Ike
 
PowerTool":28wl9lma said:
And if you go broadband - unplug the phone line from the modem,as
1)You don't need it anymore
2)If you get any diallers,they can't dial anything

Andrew
Click to expand...

exactly :lol:

I can't see how so many people have so many problems. I'm online 24/7 and only have AVG and MS antispyware. I get nothing at all, and i'm on every sort of site :wink:

Andy
 
Powertool wrote:

And if you go broadband - unplug the phone line from the modem, as

(1) You don't need it anymore

(2) If you get diallers, they can't dial anything
Click to expand...

I am obviously being a bit thick here :oops: , but how do you get on the internet using broadband if you unplug the phone line from the modem?

When we updated to broadband they gave us a new modem which i run the phone line to. Then on the outlet side of the modem there are 2 sockets. In one of them i have a USB2 cable running to my laptop and in the other i plug my phone in.

Is this the correct way to run the system or am i missing something?

Cheers

Woody
 
Hi all

Sorry, I'm being more than a bit thick here but like Woodythepecker, I don't understand how you can disconnect the phone line. My broadband provider is sending me a special modem and filters to use, surely that's how broadband works, isn't it?

What hacked me off about this dialer is that I'm using the Norton Internet Security System AV/firewall bundle and it's supposed to be pretty good. Also, the Sfonditalia dialer tries to access a whole range of numbers (it tried 6 different numbers in a few days from my PC) so you can't block them specifically.

So beware. Unless you have a taste for Italian "adult entertainment", that is!

Regards.
 
A quick ring to BT should block access to all premium rate numbers.

Although you still maintain a telephone line with broadband, the connection between the actual PC and new "modem" is no longer a regular dial up telephone line. It now a high speed computer data link. So you don't have to go through the "rrrrr click, sceeech click dunk click dunk" noise that most dial up users get used to.

Adam
 
The modem being referred to here, the one that can be disconnected, is the the old, generally internal one, in the computer.
The broadband modem stays plugged into the phone socket/filter, and the modem is connected to the computer by, I think, an ethernet lead or a USB lead.
The lead that used to plug into the wall socket is now redundant and can be removed from the computer altogether... unless you want to send faxes via the computer.

I know what I'm talking about... is it making sense to anyone else?
 
When you get broad band it is superimposed on the telephone line at frequencys above speech so its like two separate systems:- telephone and the net the old dial up connection can be disconnected there is a filter to go between the new modem and the line with a integral socket to connect telephone equipment .
Fire walls have to be set up to do what you need so get reading there will be alot more traffic on bb.
 
Aaaaaah, the penny has now dropped. I forgot about the modem in the PC. Many thanks for all the advice, guys.

Regards.
 
I had the very same infection until only a few months ago. If you do a search on Google and spend a bit of time reading you can find one or two good solutions to the problem, but most people seem to reccomend starting all over again, just incase it's left any long-term damage behind.

If you've got broadband, though, you've little to worry about really. You can delete and block the addresses it adds to your 'Trusted Sites' listing and also delete the secondary connection it creates. But it doesn't make it the default connection on broadband.

I've also got all the free antivirus software programs mentioned above and a couple more:

Avast!, AdAware, SpyBot, Spyware Doctor, Spyware Blaster and MS antivirus. I also payed around £15 for "Registry Toolkit" which keeps your startup clean.

I was incredibley fortunate to stop the sfonditalia virus though as not one of my scanners would pick it up at all. After one hour from Windows loading I would always find it tries to change your connection. About five minutes before, my daily Spyware Doctor quickscan kicked in and happened to catch the criminal in its attempted act!

My biggest problem, though, was that I have no idea as to where or how the thing got onto our PC in the first place. But of course, I'm glad to see the back of it!! :D
 
Following the recommendations here, I downloaded AVG and find it excellent. I then cleared Norton from my computer, and everything works faster now!!

The only downside to AVG is that it scans my computer every morning at 8am, and I can't change this unless I buy the higher level of the programme. This, by the way, is a comment, not a complaint.

John
 
Hi John

I wonder if I can post this before someone else's fingers beat me to it!

You can either turn off the automatic scan (assuming it is this you are referring to and not the auto update, but I'm sure you know the difference) or schedule it for a different, more convenient time during the day.

To do this, open the AVG Control Centre by double clicking the AVG icon in your system tray.
Highlight 'Scheduler' by clicking only once
In the panel at the bottom click 'Scheduled Tasks'.
In the window that pops up highlight 'Test Plan in basic mode'.
Click 'Edit Schedule'
Then either untick the box to 'Periodically start test' or leave it ticked and change the time.

Hope this helps!
 

Similar threads

Noel
There is an overdue payment under your name. Please, settle your debts ASAP, aye right.......
2
Replies
30
Views
4K
GuitardoctorW7
G
S
Grinder Vibration - Chasing down a problem
Replies
2
Views
671
Sideways
S

Latest posts

Back
Top