cancel
Showing results for 
Search instead for 
Did you mean: 

Conflict / Go Anywhere

N/A

Conflict / Go Anywhere

Hi

This morning my computer was infected by something that installed itself as a new connection on my modem called Go Anywhere. It also installed downloaded programme files called CONFLICT 1 - 7 and a windows movie file appeared on my desktop. It changed my homepage to a foreign language page, I think it was in Spanish.

I think I have removed all the offending files and my PC seems to be OK, but I can't find any details on this virus on line. Does anyone know what this is and if there is a clean up programme I can use to make sure am rid of it properly?

Thank you

Dawn
5 REPLIES
N/A

Conflict / Go Anywhere

Hello Dawn,

My guess is that your barking up the wrong tree here, in the sense that its NOT a virus you have but probably a very very agressive rogue dailer that will quite literally jump on your machine & connection. Programs like this will literally force themselves on your machine and before you can say jacky flasher!! have installed themselves and started to setup various files on your machine.

**Rogue dailers DONT tend to work with ADSL or Broadband as far as I am aware as BB is a different technology. Such dailers are out of date now but this doesnt stop them try to hit machines like yours. So if your on a broadband connection my guess is that you have a low risk problem.

**Rogue or agressive dailers require a dail-up phone connection to work, once installed on your machine they will try or attempt to switch your live internet connection to a premuim rate phone number (VERY expensive such as £1 or even £2 per min). There has been alot of publicity about this kind of scamming recently on TV.

**Three things you can and should do after a dailer attack, download a free copy of Lavasofts excellent freeware program called "Ad_Aware" this is an anti-spyware and removal package and will quickly detect any dailers and help you safely remove them. Secondly you should check your machine for a Trojen infection (NOTE: Trojens are NOT repeat NOT viruses and so Anti virus software WONT catch them!) So too check for trojens I use the trial copy of the excellent and highly rated Trojen Hunter program. The trial copy is a full working version but without the removal feature, but it will tell you if you have a trojen on your system (you can always remove then trial if nothing found, just use it as a detection tool as it were!). Finally Yes! definately always worth running anti virus software just in case because you can never be too careful IMO.

http://www.misec.net/trojanhunter/

http://www.lavasoftusa.com/software/adaware/

Ivan
N/A

Conflict / Go Anywhere

Thanks.

I found out that it's a dialer called Sfonditalia, just in case anyone gets the same problem:

http://securityresponse.symantec.com/avcenter/venc/data/dialer.sfonditalia.html

Cheers
Dawn
John_McKenna
Newbie
Posts: 5
Registered: 30-07-2007

Conflict / Go Anywhere

Dialers such as the one posted above can be prevented by installing Active X protection. Not all Active X is bad, quite the contrary but is the installation method of choice for dialers.

You can protect yourself from bad Active X with the excellent free program Spywareblaster from Javacool. It doesn't scan as such, just sits there in the background blocking bad Active X. What's more it takes up no system resources either. Smiley

Microsoft Anti-Spyware has the same protection as part of it's program as well.

A must have peice of kit especially for those still using dialup!!
N/A

Conflict / Go Anywhere

Hi,

A general word of warning about spywareblaster!, I installed spywareblaster and it failed miserably and not only that I dont think its all that its cracked up to be either as my home page was also hijacked when this program was installed. which it was supposed to protect against.

If you want to make your browser secure against activeX elements then you can easily do that in IE6 (assuming your using IE but other browsers also have the same or similar settings) by going to the options, internet settings, security tab, see custom button, click on this and you will see a long list of items that can be either turned on or off inc activeX controls etc.

**I got rid of spywareblaster very quickly I was seriously unimpressed and I also think there is the danger of feeling lulled into a false sense of security if your depending upon spywareblaster to keep your system secure IMO it wont do that and it shouldnt be depended upon for security or protection. It definately didnt deliver in my experience.

Ivan
John_McKenna
Newbie
Posts: 5
Registered: 30-07-2007

Conflict / Go Anywhere

Like any security program, SpywareBlaster is only as good as the definitions within it's database. Currently, Spywareblaster blocks just short of 5000 malicious Active X objects which in anyone's book is a good layer of protection.

The fact it failed Cyteck certainly doesn't detract from the very good job it does for most. I dare say Cyteck's own hijack was through an object not covered by the program at the time. In comparison, It took Lavasoft (makers of Ad-Aware) months before updating their VX2 cleaner so that it removed the nasty VX2 Nail.exe infection despite the anti-malware community forums being inundated with requests for help removing it. Ad-Aware is still touted as one of the best anti-spyware programs by most though despite it's shortcomings.

With regards, IE settings, I think setting Active X set to disable is a little restrictive. Maybe setting it to Prompt is a better option.

The following settings are a good guideline for keeping IE relatively secure:

1. From within Internet Explorer click the Tools menu and then click on Internet Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.

    a) Change the Download signed ActiveX controls to Prompt
    b) Change the Download unsigned ActiveX controls to Disable
    c) Change the Initialize and script ActiveX controls not marked as safe to Disable
    d) Change the File Download to Prompt
    e) Change the Installation of desktop items to Prompt
    f) Change the Launching programs and files in an IFRAME to Prompt
    g) Change the Navigate sub-frames across different domains to Prompt


5. Click 'OK' and save the settings if prompted.
6. Click Apply and then 'OK' to exit the Internet Properties page.

Internet Explorer users should also consider installing IE-SpyAd.. This will add thousands of known malicious websites to your 'Restricted Zone' to prevent your machine visiting them in the first place.

An excellent tutorial for general safety online can be found at Bleeping Computer.

Smiley