i've got an auto dialler somewhere on my system. it's put itself in my settings in place of ozemail.com.au

the number it uses is: 00114382082018582

i delete it, and put my details back in and do in fact connect to ozemail but then later after i've logged off, it's got the other crap back in there.

i've run AdAware and Spybot Search & Destroy, and they've both found a bunch of stuff, and i've successfully deleted it. but is it the offender? i don't think so. because again after restarting the computer and bringing up the ISP connection the damn crap is STILL there.

any suggestions?

format and reload fixes everything

Which phone company are you with?

Many of them are actively searching out auto dialer numbers and blocking the numbers. Usually the number is to a tiny island nation which has less telephones than the number of highjacking numbers available.

Call your provider and report it. At least they'll block it, saving you the cash.

It might be that it's cloned itself somewhere and runs again at startup (have you checked msconfig?). Also, if you have System Restore on a lot of virii tend to get "restored" from there after deletion. So turn of SR for a while, delete again and see what happens.

Try Adaware SE and also Bazooka spyware & adware scanner

More importantly, UPDATE the programs you are using to scan. New detection rules come out all the teim

We've actually got international calls blocked on our phones.

The place that I lived in last we had ADSL so it wasn't an issue. Having moved to this new residence since April meant no ADSL... it's the only residence on a commercial block and Telstra have said there's no ADSL (insert long technical explanation here). A shame. especially because it's barely one kilometre from where we lived before.

So to prevent the chances of huge phone bills we had international calls blocked. So they say. Whether they have or not is another matter. I'm not entirely sure when the thing installed itself (or from what). It'd only be recent though, and I would have only used it once if in fact at all (and once would be one too many times in my opinion).

I've run AdAware SE, which now has a ADS scan (Auto Dialler Software?). It came up with 6 items. I deleted it all. But still when I rebooted the international number is in the connection.

how do I check MSCONFIG? (I'm a creative type that uses the computer all the time, but I'm not a technical geek).

Goto Start, Run and type MSCONFIG

It might be that it's cloned itself somewhere and runs again at startup (have you checked msconfig?). Also, if you have System Restore on a lot of virii tend to get "restored" from there after deletion. So turn of SR for a while, delete again and see what happens.

thanks druid and tk-421... i'd give you Rep Points but i spent all mine less than 24 hours ago.

now i've got mscongif up and had a look at the startup. anything sus there?

:slaps forehead: ignore that posted screenshot.

that's my work PC. it's my notebook at home that has the problem.

i'll have a look at it at home tonight.

:stooge:

While you're at it, kill Formine Messenger (unless you use it), Search and PowerREg Scheduler.

While you're at it, kill Formine Messenger (unless you use it), Search and PowerREg Scheduler.

I was using Fomine Messenger because work has a block on MSN Messenger. But I've resorted to writing notes on paper now and launching them over cubicle walls.

you can always crosscheck the entries in MSCONFIG with the wonderful Windows Startup Online Repository (http://www.windowsstartup.com/wso/search.php)

you can always crosscheck the entries in MSCONFIG with the wonderful Windows Startup Online Repository (http://www.windowsstartup.com/wso/search.php)

Suppository?

Well you can stick that up your ars-... :p

:swear: Oopsie, looks like I didn't read The Posting Guidelines (http://forums.zgeek.com/showthread.php?s=&threadid=16703) :swear:

While it won't help fix your current problem, most of these autodialers can be avoided easily enough by following some simple rules...

1. Antivirus software installed, up to date, and enabled at ALL times.
2. Windows Update checked regularly (don't just rely on the auto-update), and again stay up to date
3. Run AdAware monthly, that thing is a brilliant tool
4. Run a good popup blocker - WinXP SP2 has a reasonable one built in, but my personal preference is Maxthon's inbuilt one (Maxthon (http://www.maxthon.com/) is an Internet Explorer add-on that gives you a few other nice features such as tabbed browsing)
5. Never click on an image, link or object within a page that looks sus. Examples would be links found on porn sites, warez/cracks/cheats sites, etc.
6. Any site that requires a plugin is probably trying to install spyware. Start with this assumption and stay nice and paranoid
7. ZoneAlarm (or similar personal firewall software) is handy because it tells you what is trying to talk to the Internet
8. Don't open emails from strangers. Kinda like candy, only you don't get 50 strangers a day offering you the stuff. Just reading these spam messages can infect your machine, you don't have to click on anything or open any attachments in some circumstances.

Eight rules ain't too bad... I set these same rules up for my family machine after many rebuilds and they've stayed clean ever since. Just based on their browser history half their problems came from game cracks and cheat sites that the kids used, the other half from pr0n sites that some unknown family member had visited and spam.

I take a similar stance on contaminated machines to the one I take on dodgy hard-drives... scrap the thing and start again. By this I mean reformat and reinstall. The machine is suspect, and no matter how good you are at hunting down the malware the chances are pretty good you still have something hiding on it. It takes serious experts to find some of the newest pieces of malware, and even then it isn't so much a science as an art.

Good luck with it though.

Another great program to check your system is 'HijackThis" http://download.softpedia.com:8080/ANTIVIRUS/hijackthis.zip. (http://download.softpedia.com:8080/ANTIVIRUS/hijackthis.zip)

Regards

Col
(aka VK2TRC)

Im with Lurgen on this. Format is the best way to get back to a clean system, then follow some rules. Another good thing to do is use Smart Fox browser or another Mozilla browser, as they are less vulnerable than IE, for any sites that you want to visit that you think may be suspect. Plus it comes with some good features standard such as an awesome pop up blocker.

Anyway, my other half rings up Telstra to find out a few facts. And here's
the low down...

1) We are supposed to have an international block on our phone. However,
while it was supposed to have been initiated when we first got the line,
they didn't. They've accepted liability if there has been any calls from our
phone to this number in... Austria.

2) The guy said in the last 24 hours 130 people have rung in and complained,
about the very same number.

3) He said that a woman on ADSL was actually connected through that number for four days. ADSL! I didn't think that was possible!

If they've also got a dialup modem plugged in it's very possible.