The most award-winning anti-spyware software

Get serious about removing spyware with Spy Sweeper - the award-winning anti-spyware software trusted by millions of home computer users.

$29.95

Spyware & Virus Directory

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Dialer.Kotu

Updated: September 25, 2005 04:14:18 PM GDT

Type: Dialer

Name: run32dll.exe or windial32.exe

Risk Impact: High

File Names: Run32dll.exe; Windial32.exe

Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows XP

SUMMARY

Behavior

Dialer.Kotu is a dialer program that modifies the Remote Access Server (RAS) phone-book and Internet Connection settings. It attempts to establish a RAS connection and to use the modem to dial a predefined, high-cost phone number.

Symptoms

Your Symantec antivirus product detects Dialer.Kotu.

Transmission

Dialer.Kotu is distributed as a stand-alone executable file when you open certain HTML or CHM files. These files are detected as MHTMLRedir.Exploit. Dialer.Kotu must then be manually executed for it to run.

Protection

Virus Definitions (LiveUpdate™ Weekly) May 26, 2004
Virus Definitions (Intelligent Updater) May 25, 2004

TECHNICAL DETAILS

When Dialer.Kotu is executed, it performs the following actions:

Adds a new RAS phone-book entry named "New Dialup Connection."
Modifies the Internet Connection Settings to set it as the default connection.
Attempts to dial a predefined high-cost phone number and establish a RAS connection.

REMOVAL

The following instructions pertain to all Symantec antivirus products that support Security Risk detection.

Update the definitions.
Close modem connections
Run a full system scan and delete all the files detected as Dialer.Kotu.
Delete the entry that was added to the RAS phone-book file.

For specific details on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To close modem connections
This risk uses available modems to create an Internet connection, sometimes without any visible signs. In order to successfully remove this threat, ensure that all modem-based Internet connections are disconnected before proceeding. For instructions on how to do this, consult the appropriate Internet service provider, computer manufacturer, or operating system documentation.

3. To scan for and delete the files

Start your Symantec antivirus program, and then run a full system scan.
If any files are detected as Dialer.Kotu, click Delete.

Note: If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.

4. To delete the added entry from the RAS phone-book file

Note: The location of the RAS phone-book file rasphone.pbk may vary and some computers may not have this file. For example, if the file exists in Windows XP, it is usually located in the C:Documents and SettingsAll UsersApplication DataMicrosoftNetworkConnectionsPbk folder.

Follow the instructions for your operating system:

Windows 95/98/Me/NT/2000
1. Click Start, point to Find or Search, and then click Files or Folders.
2. Make sure that "Look in" is set to (C:) and that "Include subfolders" is checked.
3. In the "Named" or "Search for..." box, type: rasphone.pbk
4. Click Find Now or Search Now.
5. If you find rasphone.pbk, right-click the file, and then click "Open With."
6. Deselect the "Always use this program to open this program" check box.
7. Scroll through the list of programs and double-click Notepad.
8. When the file opens, delete all the lines that are included in the section:
  
  [New Dialup Connection]
9. Close Notepad and save your changes when prompted.
Windows XP
1. Click Start, and then click Search.
2. Click All files and folders.
3. In the "All or part of the file name" box, type:
  
  rasphone.pbk
4. Verify that "Look in" is set to "Local Hard Drives" or to (C:).
5. Click "More advanced options."
6. Check "Search system folders."
7. Check "Search subfolders."
8. Click Search.
9. Click Find Now or Search Now.
10. If you find rasphone.pbk file, right-click the file, and then click "Open With."
11. Deselect the "Always use this program to open this program" check box.
12. Scroll through the list of programs and double-click Notepad.
13. When the file opens, delete all the lines that are included in the section:
  
  [New Dialup Connection]
14. Close Notepad and save your changes when prompted.

Spy Sweeper 5.2 stops spyware in its tracks while offering home computer users the ability to configure the program to suit their specific needs, such as:

Choose a Quick, Full or Custom Sweep: With Spy Sweeper 5.2, you can easily choose to perform a quick, full or customized sweep. If you're looking for an immediate diagnosis, choose a quick sweep. For a pinpointed search, customize your sweep to have Spy Sweeper skip files by folder or file extension. For a deep cleaning, opt for a full sweep.

Exclude Files from a Sweep: Spy Sweeper allows you to save time during a sweep by skipping specific files or different sections of your PC. You can select specific file extension, such as .xls or .mpg to exclude.

Additional Highlights

As soon as it's installed, Spy Sweeper gives 360 degrees of protection against spyware, including:

Simple Sweeps: Detecting spyware and removing unwanted programs found on your computer in three effortless steps

Easy Management: Quickly and simply configure program, sweep and upgrade options

Fast Home: Use the home screen to access the most commonly used functions of Spy Sweeper

Shields Summary: A redesigned shields summary page makes it simple to see at a glance which shields are on or off

Action Alerts: Receive clear, easy-to-understand notifications when new spyware threats are detected

"Spy Sweeper remains a favorite for protection from spyware."

"This program's dominance is apparent as soon as you install it."