I expect that I am trying to use Comodo to close a barn door after the horses, cows, chicken, and goats have all run away. However, I picked up a trojan/worm/dialer on December 18th. At that time, I was a computer idiot. I was surfacing without a firewall on an outdated Service Pack 1 and getting by on luck to avoid any nasties.
I picked up the dreaded axfreeporn dialer. However, since I don’t have a phone hooked up to the computer all it really did was disconnect me from the internet. It would put in a network connection called The Internet (1) and eventually this would be replaced with the term axfreeporn. I know this is related to the Trojan.zonebac and I found where it replaced 10 of my files and I believe I successfully replaced them with the original files. I have scanned for this problem with Spyware Doctor, Spybot Search & Destroy, Adaware, Super Anti-Spyware, Hijack This, and Trend House Call. Nothing finds it. It will go away for awhile maybe even several weeks and then it’ll come back.
I now have Super Anti-Spyware active, a router, Comodo Personal Firewall, and Service Pack 2 and I have cleared my temp files and have a very extensive hostfile, but this thing is still coming back. I notice when I’m in AOL I suddenly disapear from my friends’ buddy lists, but otherwise there aren’t a whole lot of symptoms at first. Then The Internet (1) connection appears. I am getting very close to a total reinstall, but I really don’t want to do that.
Has anybody else found a way to defeat this thing?
Is there some sort of setting on CPF that would stop this thing from setting up an internet connection? When it happenned today (Soon after I installed Comodo) there was no alert. I only found it by manually looking at my network connections.
Thanks for any help. This really does seem to be an excellent free product.
Hi CpSpalding and welcome to the forums
Not all your animals have run away, looks like one chicken has come home and layed an egg.
This thing looks deadly from my research. it seems to be a morph type malware. There doesn’t seem to be a generic fix that I can find anywhere, seems even online scanners can’t pick it up.
Windows BBS seems to be trying to help individual users who have got this on their system. Apparently a different fix for each user. I haven’t actually seen any resolved as yet.
Some other threads I found all advise, (you won’t like this) reinstall the lot. There are some sites offering to remove it for a fee, stay away they don’t work.
Augment SAS with at least one other on demand antispyware scanner.
Keep windows updated. Second tuesday of the month MS release Sec Bulletins and patches.
You didn’t mention anti virus.
If you use IE as your browser I would recommend you install javacools Spyware Blaster to immunize IE against some of the nasties out there.
I have used the free version of Winpatrol for years as a registry monitor, anything that wants to write to it I will be alerted.
I have found the MVP host file to be good value.
Have a look in the Comodo Anti-Viruspyware (CAVS) Virus/Malware Removal Assistance forum.
See the REQUIRED INFORMATION post. Might be some help in that forum.
If your on XP. One of the biggest things people do not do and this is one reason why it keeps coming back. Is when doing scans like this make sure system restore is disabled. If it isnt. Its just making a back up of itself everytime. So in turn. It cleans it out but since restore is on. Its making another backup of it.
I did do some smart things since I got this thing installed, but like I said I’m worried that I’m closing the barn door after everything is gone. Nothing seems to pick it up. I tried using the Comodo Anti-virus and 4 hours later it came up totally clean, but I haven’t tried the BHO yet. I did try a very high rated free anti-trojan last night and it also came up clean. The annoying thing is I know exactly down to the minute the time it happenned because I found when it created the .bak folders. I do know that I have been stupid about turning off system restore. I probably do need to do that.
Give BOclean ago it can’t hurt. I installed it last night and seems to be running fine.
I had another look around last night still can’t see any fix so far sorry. This post on sas forum is about the dialer. Reading the post, the admin on the site seems pretty confident.
