Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 37

Thread: trojan.win32.dialer.hc

  1. #21
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Default AOL Spyware

    Still cannot remove all the remnants of AOL Spyware. Have use the ad/remove programs feature of Winxp and it says AOl spyware is gone but I still get the spysweeper notification occassionally and AOL says its spyware is partially active.

    Any help removing AOL spyware would be appreciated as I cannot find the active file anywhere on my system.

  2. #22
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hi
    Is it possible to contact AOL support and get more info ?

  3. #23
    Junior Member
    Join Date
    Nov 2005
    Posts
    19

    Default

    Quote Originally Posted by LonnyRJones
    Hi
    Is it possible to contact AOL support and get more info ?


    I have tried and they maintain that no duplicate installation is possible and simply using the programs unistall feature will do the trick. I suspect I may have to do a complete unistall of AOL and then a reinstall.

    Its really weird, I cannot find any folders or executatables for AOL spyware yet AOL maintains in its dialup box that I have partial coverage. Today I got a message saying that AOL had quarantined Atomic2 1.1 and com.com whatever they are.

  4. #24
    Esteemed Member
    Join Date
    Oct 2005
    Posts
    554

    Default

    I did a bit of research on this when Artic Wolf originally posted and mentioned the Beta version of the AOL Spyware Protection. Unfortunately, it appears that AOL dumped the original program that was being written for them when it had too many issues and switched to including a re-branded existing program (Pest Patrol?, I believe Lonny mentioned) in its place.

    The problem is that those who had installed the original Beta probably simply installed the new program over the old, leaving remnants of the Beta on the PC. Since the two programs were probably totally different, it's likely the old program remained at least to some extent as you discovered. Probably the Beta should have been uninstalled before installing the final released version.

    Since the original program never went past Beta stage, most of AOL support is probably unaware that it even existed. Even if they are, they may not acknowledge it's existence since it was never officially released or supported.

    This means those who tried it may be left in exactly your situation. Other then removing the old program remnants by hand, which would be extremely difficult without original installation info, a complete PC reformat and re-install is probably the only way to truly clean it out. I could find nothing on the Web describing the original Beta other then that it existed, though it's possible there may be information on the AOL web sites that only members can access.

    In either case, only AOL users are likely to have this info since virtually no one else would have ever had access to the orignal Beta. Since most AOL users are non-technical, it's not likely anyone ever analyzed the Beta, so only AOL itself could probably provide it. This is why Beta software has warnings, since exactly such situations can occur, though they're pretty rare these days.

    I didn't pipe up before because I thought you'd gone to talk to AOL and would get an answer there, but since that hasn't worked I thought I'd mention it now. I don't remember where I found this info, but I believe it was some sort of article about the Beta.

    This is interesting, I just found it while trying to find the original article.
    http://www.spywaredata.com/spyware/s...ware-about.php

    What's most interesting about it is this paragraph from a different article on another site.
    AOL on Tuesday introduced its own version of anti-spyware protection from Aluria Software. The new feature for AOL's nearly 25 million subscribers will be available when the Dulles, Va.-based online giant debuts AOL 9.0 in the "next few weeks."
    http://www.internetnews.com/xSP/article.php/3296851

    Since it appears the same person developed both products, they were probably close, but not quite the same. Unless the Aluria product was the original Beta and AOL later replaced it with Pest Patrol, which I thought was the basis of the current version myself.

    Either way, your issue is the same. Without information or an unistaller for the earlier version a complete re-install of the OS after format is probably the only way to completely remove it.

  5. #25
    Junior Member
    Join Date
    Mar 2006
    Posts
    8

    Default

    I'm also seeing Win32.Trojan.Dialer.hc come up with Zone alarm anti-spyware.
    I'ts deleting a registry entry.
    Upon installing Spybot, I have no error.....When I update Spybot, is when it comes in.

    Are you sure it's a false positive?
    I have always used the two together with no problem before.

  6. #26
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    miadlor:

    What is the actual detection you are getting and what is the registry entry that is being deleted?

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  7. #27
    Junior Member
    Join Date
    Mar 2006
    Posts
    8

    Default

    Quote Originally Posted by md usa spybot fan
    miadlor:

    What is the actual detection you are getting and what is the registry entry that is being deleted?
    I'm checking now...........small experiment.............

  8. #28
    Junior Member
    Join Date
    Mar 2006
    Posts
    8

    Default

    Ok........

    It's coming from the update: Detection Rules dated 2006(3-19)

    Registry value:

    HKEY_CURRNET_USERS\Software\Miicrosoft\Windows\CurrentVersion\InternetSetting\ZoneMap\Domains\archiviosex.net

    is being deleted.

  9. #29
    Spybot Advisor Team [Retired] md usa spybot fan's Avatar
    Join Date
    Oct 2005
    Posts
    5,859

    Default

    During immunization Spybot adds the following registry entry to place archiviosex.net into Internet Explorer's restricted sites zone.

    Code:
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\archiviosex.net]
    *=dword:00000004
    If you go into Spybot > Immunize you will probably get a warning that you are missing an item.

    Getting an answer is one thing, learning is another.


    Microsoft Windows XP Home Edition running on a 2.40GHz IntelŪ PentiumŪ 4 Processor with 512 MB of RAM and a 533 MHz System Bus.

  10. #30
    Junior Member
    Join Date
    Mar 2006
    Posts
    8

    Default

    No warning message of missing item.

    Question?.......the deleted registry entry ended at .......... archivio.net
    what's the extra

    Are you sure of this or speculating? (no offense)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •