Trojan_Dialer Message but can't remove the virus!

  [DELETED] 19:36 15 Dec 2003

My Laptop, networked to 3 other machines all running AVG with Zone Alarm Pro on the gateway keeps popping up with AVG RESIDENT SHIELD - Virus found TROJAN_DIALER in C:\system_volumeinformation...... (lots of numbers - looks like a registry string {}) followed by A00038.exe. to remove virus run AVG.
I have run AVG - a trojan cleaner, a system cleaner from trend micro and performed an online scan - nothing! It is not picked up and still I keep getting the message about every twenty mins. It's driving me crazy!!! Oh and have searched registry for string and exe and it's not there....HELP!

  [DELETED] 19:44 15 Dec 2003

See my post here :) click here

  [DELETED] 19:54 15 Dec 2003

Logfile of HijackThis v1.97.7
Scan saved at 19:55:45, on 15/12/2003
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\Program Files\The Cleaner\tca.exe
C:\Program Files\The Cleaner\tcm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office\1033\wfxmsrvr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\ghgkuhkjhkjhkjhkjhjk\Desktop\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = click here
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = click here
O1 - Hosts:
O1 - Hosts:
O1 - Hosts:
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG_CC] C:\PROGRA~1\Grisoft\AVG6\avgcc32.exe /STARTUP
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\PROGRA~1\ZONELA~1\ZONEAL~1\zapro.exe
O4 - HKLM\..\Run: [tcactive] C:\Program Files\The Cleaner\tca.exe
O4 - HKLM\..\Run: [tcmonitor] C:\Program Files\The Cleaner\tcm.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Related (HKLM)
O9 - Extra 'Tools' menuitem: Show &Related Links (HKLM)
O9 - Extra button: Yahoo! Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - click here
O16 - DPF: {15B782AF-55D8-11D1-B477-006097098764} (Macromedia Authorware Web Player Control) - click here
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - click here
O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6) - click here
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - click here
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - click here
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - click here
O17 - HKLM\System\CCS\Services\Tcpip\..\{A63AB05F-7AE3-4409-863D-0CD667A0DFA3}: NameServer =

Hope it helps!

  [DELETED] 20:00 15 Dec 2003

I will have a look at your log for you but as you can see it doesn't post very well here that is why I gave the links to the other forums.

  [DELETED] 20:02 15 Dec 2003

Thanks Nellie - I'll post it on the other one too if I can

  [DELETED] 20:21 15 Dec 2003

From what I can see it is a pretty clean log apart from one line.

Make sure all browsers and windows are closed, run hijack this and put a check against this line and have it fix it.

O16 - DPF: {38545C2A-03CD-42C3-BC62-C537A6D5A8F6} (38545C2A-03CD-42C3-BC62-C537A6D5A8F6)
There should be an URL in the line after the numbers in the curly brackets but like I said it doesn't post well here.

If you are still having problems when you have done this then post your log in one of the forums I gave a link to and someone will help.

  [DELETED] 20:29 15 Dec 2003

this is the URL attached to that string: click here

Looks pretty sus to me!
I'll let you know.. thanks a lot!

  [DELETED] 20:31 15 Dec 2003

sorry, forgot about the url thing changing it's a link called dialer - livecontent and sounds like the one

  [DELETED] 20:36 15 Dec 2003

Switch off System restore, reboot and Switch it on again.

The virus is just stuck in System restore and can be detected but not removed. The virus cannot harm you from here.

  [DELETED] 20:37 15 Dec 2003
  [DELETED] 20:53 15 Dec 2003

Thanks Jester but I already tried this, I have deleted the string found sus by nellie and am hoping that this will do the job:) It hasn't popped up since so I will do the old 'resolve' in an hour or so if it remains that way.

This thread is now locked and can not be replied to.

Elsewhere on IDG sites

Amazon Prime Day 2018: Best Deals & Launches

42 Tips for How to Make Digital Artworks That Look Hand-made

The best Amazon Prime Day Apple deals 2018

Les meilleures séries Amazon Prime Video (2018)