Dial up --hijacked to China?

[Ac50]

Dear All

Good day .

Yesterday we had a problem with the old steam driven (Win 95) machine. Logged on and got email ..son then went and surfed. No problem... 

Logged off.

Came back and tried to dial up. Kept getting a Telecom error message (French voice saying number was unattainable).

In the dialup dialogue box I noticed that the login name had been changed, plus the number dialled?? After this we  reinstalled the correct number for the provider (Free --its an 08---number) ...and then we were able to make the call through the modem  --- BUT  --- when we got through a Chinese voice answered!!!

We have cleared out all previous information in the dialup network boxes and these bally numbers keep being reinstalled.

 and it still keeps going through to a Chinese voice..

Son swears blind he did not go to anything other than previously accessed safe sites and  -- no, we did not open any dodgey emails with attachments either.

I have run Spybot since (there were a couple of cookie tracers that were suggested we should erase but that's all)

I have heard of these redialler viruses to premium numbers?? maybe this is one , but how would it have got through?

I have tried  to do an internet search for dialler hijackers but have not found anything that seems to match.

However,  I now cannot connect back to the internet provider through this machine ..

Any suggestions as to where we have to look to make the changes (permanent) and why if I correct the dial number to Free does it  (presumably) dial to another number? We know that Free is working since we accessed the internet via another machine using the same dial up and login.

Any advice much appreciated.

 

Cheers ALAN

[Maddie]

Cripes!   Sounds very worrying!  Were you running a firewall or antivirus software?  Sorry I can't offer any advice but would be interested to find out what the problem is.  I run a firewall and when I check the log I am always amazed to find out how many times in each session someone has tried to "get into" my computer and when I run a trace that they come from all over the place. 

[Ac50]

Thanks , we do run Norton Antivirus. But no firewall.

[Mazan]

This is a tricky one.

Access the dial-up parameters from Internet Explorer: tools: options: connections. Delete all connections. Create a new connection for which you will only need to know the Free dial-up number, login and password. Check the box that says "never dial a connection". Exit from IE. Use Windows Explorer and navigate to the dial-up networking folder. Right-click on "Free" and select "create a shortcut". Answer "yes" to the error message you will receive.

You now have a new icon on the desktop. Use this to connect as needed before starting programmes like IE or OE. Windows will never try to connect on its own again.

[Cat]

Hi Alan

I had a very similar problem back in November, my dial-up connection was hi-jacked and rerouted via a premium rate mobile number in Austria!  Sadly I was only alerted to this when France Telecom actually contacted me to warn me of my dramatically increased phone bill, nearly 100 euros per day .

I had never heard of Spybot before this, but needless to say found out about it and had it installed and running PDQ afterwards.  It found and dealt with a large number of suspect issues, and since then I have had no problems.

This may be a daft question, but do you regularly check for and download the Spybot updates (the last detection update was 28th January) as these include the latest known web-dialler problems, and do you have TeaTimer (the dialog that alerts you when a registry change is attempted) running?

[Graham & Brenda]

Unless you are very familiar with Dial up Networking it may be worth noting the existing settings before you delete. Also I think it may be worth re-booting after deletion and before creating the new connection.

Graham

[Ac50]

Dear Mazan, Cat and Grs . THANK YOU . Back online!

Followed instructions and we're back on. Downloaded the upgrade to Spybot and deleted a couple of suggested files from that too!

Much appreciated. Cheers ALAN

[WebProQuo<P>NDC<P><P><a target=_blank href="http:www.WebProQuo.com" target=_blank>http:www.WebProQuo.com<A><P><P><a target=_blank href="http:www.finddotcoms.com" target=_blank>http:www.FindDotComs.com<A><P><P> <P>]

"....But no firewall."

Why no firewall when you can get at least basic protection free - get ZoneAlarm from www.zonelabs.com