Computer dials into ISP on boot up

[MorseLady]

Hi,

Since installing MS Loopback adaptor I now find that my XP computer dials up on boot and I don't want it to do this for security reasons. Sometimes when I go to close down the computer it dials up instead of going to the Standby/Turnoff/Restart buttons. I never configured the computer to dial up on boot so what has happened? I cannot find how to disable it DOH! but exams next week and I am stressed and possibly doing stipuid things

Is it the loopback adaptor which is messing up my XP Home? I only installed it for practice, intending to instal mand use it on my coursework computer running W2000 Server. I cannot get this loopback adaptor off my XP computer now, the delete option is greyed out. I can disable it but I want to delete it and it is beginning to annoy me

[NooNoo]

Check your ie settings, see if it's set to dial a connection when no connection present...

[Atodini]

Hi ML,

Just a couple of thoughts...

In Internet Explorer/Tools/Internet Options/Connections is the "Dial whenever a network connection is not present" box checked? If so uncheck it.

It should be possible to uninstall MS Loopback from safe mode.

Have fun!

John

[MorseLady]

I checked but I have it set at never dial a connection. I have also found you have to click cancel about four times bfore the dial box stops coming up.

I have also discovered that for the third time my computer is dialling into premioum rate sites on its own, it was on my phone bill and NTL confirm it was an Internet premium number.

Is something funny going on? I am firewalled and have NAV and all my ports are al stealth but could I have a trojan somewhere?

I can't think straight at the moment with the exams next week feel like giving up computing altogether, I am really stressed and maybe missing simple things I should know.

I will try uni9nstalling loopback from Safe Mode and I have since thought what about using system restore to go back before I installed it? I note it did not create a restore point, something I would normally have done myself and just shows you how I am losing my grip over exam worry or maybe I was never any good anyway.

[NooNoo]

No, you have picked up a dialler - nasty things these, stealth at its worst. You need to run an updated Spybot - install it and before running it click on line, find updates, download updates and restart it, then run the search and destroy. Also pay a visit to www.anti-trojan.net.

And quit being hard on yourself.

[MorseLady]

Noo, I feel quite good about being right about having something on my computer and strangely enough I downloaded a few security applications from CNET last night and Spybot was one of them so I will install it pronto and see what I have on here. Adaware is not doing much of a job.

The premium rate call we did not make was made at a time when I am not online and I have been told that my ISP is well known for getting the charges wrong and adding calls.

I have edited this post to say that I have installed and run Spybot and there are a number of registry changes DSO Exploit which looks very much like the culprit. I also have a number of ordinary ad trackers.

[Radical Dreamer]

Set it to never dial a connection, and maybe set your security to not allow download on demand installs.

[MorseLady]

That is how it has been set all the time. The DSO Exploit appears to be a security hole in IE and I wonder if I have left myself open to exploitation because I did not put SP1 on after I reinstalled XP and I am using IE6 with no SP1 - I will put them on from my copies on disc immediately if it means my security is compromised.

I have just run the immunizer 150 products and the bad page blocker. This spybot is cool.

[Atodini]

SP1 would not have stopped you getting DSO Exploit!

There's been a epedemic of it among our customers recently and its an absolute pig to remove!!! It gets in just about everywhere. Somewhere there's a "mainstream" site distributing it as few of those infected are into porn / music / file swapping etc. It really screws up XP / Win 2K machines

Learn more about it here....

http://www.computing.net/security/ww...orum/4774.html

and here for full technical info.

http://www.ciac.org/ciac/bulletins/l-125.shtml

There is no removal tool that I can find.

Hate to say it but the only sure way we've found is format / reinstall (after saving all your documents).

tip: Check all items you need to keep carefully! DSO Exploit really does infect all sorts of files.....

Good Luck

John

[MorseLady]

I have just downloaded spywareblaster as recommended by spybot, this apparently has extra security for active X controls.

I had already made the decision to format and reinstall as I realise from my studies that this is a very serious threat and as I use Internet banking I cannot be too careful about security.

Mea Culpa for not reinstalling SP1 I will do this when I have reinstalled XP. Should I run spybot on all my backup CDs and my floppies and my NTFS storage partition and my other computer running W2000 Server and ME and a FAT32 storage partition and my husband's computer running ME?

I have learned a hard lesson today and thank you everyone.

[Atodini]

That is a very good idea. You really can't be too careful.

Whatever we tried, format / reinstall was the only permanent fix. Unfortunately none of the six machines we've had this last fortnight was networked so I cannot advise as to whether it can cross-infect. Hopefully someone else will know.

Incidentally every machine was running XP (home or pro) with SP1 installed!

John.

[MorseLady]

John, non of our computers are networked but I do swap CD ROMS between them and I also update my husband's ME from the updates I save to CD ROM and I sometimes give him pictures on floppy, although I tend to email them upstairs these days! I better check everything but where did it come from? I will explore the links given to me on here and try and avoid it happending again.

My computer is still dialing up on its own despite all the measures I have taken.

Just had a thought, I was getting these small grey dialogue boxes poping up offering me very offensive services - could this have anything to do with it? I have not had any for a few days.

John and Noo, thanks again.

[NooNoo]

My father ran up a £200 phone bill in two days - and he wasn't online. He was out at work. The dialler dialled the premium rate and it stayed online - when the connection broke it redialled. He knew nothing of it until he was trying to get on to compuserve and couldn't because the phone line was already in use. The only thing that uses that phone line is a fax machine!! Be very careful.

[MorseLady]

Noo, are you saying the trojan is in my phone line? Am I safe if the computers are disconnected and all the phone lines pulled out of the wall socket? I am really scared, we are pensioners and this could ruin us.

Would it be safer to go Broadband? Should I report it to my ISP. This is putting me right off the Internet.

[NooNoo]

No, I am saying that a dialler - not a trojan, a dialler can dial the internet without your permission and run up large phone bills.

Whether it is a trojan or not is another matter.

Broadband does have that huge advantage, the a dialler cannot use the phone line because the modem is connected to a network set up rather than a standard phone line.

Have you called NTL and ask if there has been any large charges and how much they are?

Did you go to anti-trojan.net and try their online check?

Yes, the easy way to stop the diallers is not have the phone line connected to the computer unless you intend to use it.