Dial/196096a

nivrip

Yorkshire Cruncher
Joined
Mar 21, 2007
Messages
11,167
Reaction score
2,175
Antivir brought up
" C:\ProgramFiles\Tiscali\tkonnect\tkonnectexe. Contains the signature of the dialup program DIAL/196096A "as a threat on my computer. I can find nothing in the PCR searches and nothing in Google. It is on the list of threats in Antivir but, strangely, on clicking Information, Antivir cannot actually provide any information.

Can I safely quaratine this? Or remove it without any worry?
 
tkonnect.exe is a process associated with the Tiscali Internet dialing software. It gives you easy access to your dialup settings.


If you are using ADSL or cable, then yes, I would "delete" it ... probably be better to uninstall it. ;)

AntiVir, the way I see it, is reporting a false positive. :thumb:


:user:
 
muckshifter said:
If you are using ADSL or cable, then yes, I would "delete" it ... probably be better to uninstall it. ;)
user.gif

Thanks Mucks, I'm not on ADSL or cable but on dial up. Antivir constantly brings up the warning and it is becoming annoying. Is it important to leave it where it is and, if so, is there some way I can stop the warning coming up over and over again?

Thanks in anticipation.
 
Ah, right, that puts a different perspective on the matter ... do not remove it. :thumb:

I should have added that as I think it is a false positive is to either get Antivir to "ignore" the file or send them the info so they can 'fix' their signature.

There should be a way of 'adding' that one instance to the safe zone in AV ... it is playing safe and reporting dial-up activity we would not normally want on our PCs.


:user:
 
Help!!! Things SEEM to have got much worse.

The Dial Up Connection box now appears without any prompting from me. Could this be the DIAL/196096A virus (or whatever it is)?

I can connect through Tiscali to the net but then whether I'm in Mailwasher, IE or Outlook Express the program soon "hangs" and I can do nothing more except switch off at the mains. I am now having to communicate from a different computer.

As Mucks suggested I have told Antivir to "ignore" when it flashes up the warning about DIAL/196096A but it still brings it up often two or three times every time I log on.

Any ideas on what to do next would be much appreciated.
 
muckshifter said:
Lets see a new HJT log ...

:thumb:

This is what HJT brought up....

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34:17, on 21/07/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Omniquad MyPrivacy 5\MyPrivacy\mpsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Comodo\Firewall\CPF.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Tiscali\tkonnect\tkonnect.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.iesearch.freeserve.com/iesearch/default.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Freeserve
F3 - REG:win.ini: run=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [Kill Popup] C:\Program Files\Kill Popup\KillPopup.exe
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [Ulead Photo Express Calendar Checker] C:\Program Files\Ulead Systems\Ulead Photo Express 5 SE\calcheck.exe
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKCU\..\Run: [tkonnect] C:\Program Files\Tiscali\tkonnect\tkonnect.exe updatemode
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: gSearch.lnk = C:\Program Files\gSearch.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free SurferAdstopper\FS20.exe (file missing)
O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free SurferAdstopper\FS20.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Medion-UK - {B05256F4-3C33-407F-A4C1-29DBD6F878FD} - http://www.medion.co.uk (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.com
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - C:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Omniquad MyPrivacy - Unknown owner - C:\Program Files\Omniquad MyPrivacy 5\MyPrivacy\mpsvc.exe
O23 - Service: Outpost Firewall Service (OutpostFirewall) - Unknown owner - C:\PROGRA~1\Agnitum\OUTPOS~1.0\outpost.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 5771 bytes


It takes a while, I have to get from one house to another !!!
icon11.gif
 
oops ... dunno where you keep getting this stuff, but yes, you is infected again.


C:\Program Files\Omniquad MyPrivacy 5\MyPrivacy\mpsvc.exe
I don't know this 'program' ... Sophos says its a Worm and CastleCops says mpsvc.exe is a service process for Omniquad Total Security application. This is a essential process for Omniquad Total Security to work properly and should not be disabled as does a few other sites ... however, it ain't working by what else you have here.

C:\Program Files\Tiscali\tkonnect\tkonnect.exe
This is still a concern to me ... but I ain't on dialup

F3 - REG:win.ini: run=
oops, NASTIE must be fixed

O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
Must be fixed! Spyware remover of somewhat dubious repute ... installs other malware ... try uninstalling first

O4 - Startup: gSearch.lnk = C:\Program Files\gSearch.exe
Unknown to me ... it may refer to Google Desktop Search? Do you use Google Desktop Search? If so, do not remove it.

O9 - Extra button: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free SurferAdstopper\FS20.exe (file missing)
Unnecessary (deactivated) entry that can be fixed

O9 - Extra 'Tools' menuitem: Free Surfer - {AFC3FA82-AD07-45cd-8B57-983435B9899E} - C:\Program Files\Free SurferAdstopper\FS20.exe (file missing)
Unnecessary (deactivated) entry that can be fixed

O9 - Extra button: Medion-UK - {B05256F4-3C33-407F-A4C1-29DBD6F878FD} - http://www.medion.co.uk (file missing) (HKCU)
Unnecessary (deactivated) entry that can be fixed

O23 - Service: Omniquad MyPrivacy - Unknown owner - C:\Program Files\Omniquad MyPrivacy 5\MyPrivacy\mpsvc.exe
Unknown to me


nivrip, you seem to be trying very hard to install and run every anti-nastie program you can find ... but, the ones you are choosing are just crap at what they supposedly do ... I have no idea what Omniquad does, nor am I bothered with MY privacy, Privacy on the Internet does NOT exist.

Have you submitted DIAL/196096A virus to Antivir so they can ascertain if indeed it is a virus or a false positive?

Have you tried HouseCall (online av scanner) or any other "good" AV programs to double check ... ??
 
muckshifter said:
nivrip, you seem to be trying very hard to install and run every anti-nastie program you can find ... but, the ones you are choosing are just crap at what they supposedly do ... I have no idea what Omniquad does, nor am I bothered with MY privacy, Privacy on the Internet does NOT exist.

Have you submitted DIAL/196096A virus to Antivir so they can ascertain if indeed it is a virus or a false positive?

Have you tried HouseCall (online av scanner) or any other "good" AV programs to double check ... ??
Thanks once again Mucks. Most of the anti-nasties that have come up are from years back and I thought had been removed (OmniquadMyPrivacy was recommended a few years back by the Daily Telegraph computer boffin and I think FreeSurfer was too).

SpywareBot got on by mistake when I was trying to get Spybot downloaded but I uninstalled it within an hour or two.

I don't use Google Desktop Search.

REG:win:ini:run= is a complete mystery to me.

Haven't contacted Antivir as I can't currently get on the net but will try to contact them from this computer.
icon11.gif


Will try to fix the ones you've mentioned and try again.:thumb:
 
Nasties and the other crap
icon12.gif
have now been "fixed".

Can get into OE but as soon as I click on IE everything "hangs".

How about getting rid of Tiscali dial up altogether and using one of the other dial ups? Will this get rid of the tainted Tiscali connection?
 
Go ahead ... push comes to shove, you can reinstall.


:thumb:
 
You're right - I've got to go for it. Nothing to lose. I thought I'd simply put the threat into quarantine and try dialling up again. So far everything seems to be working normally again !!!! We'll see what the morrow brings.
icon7.gif
 
Back
Top