General discussion

Locked

Dialer wont go away

By mhand ·
I picked up a spyware/adware program on my machine at some point. The program installs itself in the folder WebSiteViewer in programs and places a icon on the desktop and in the start menu of a womans face with the label "sex". The files are labeled 127021 with various extensions including .dlr. Spybot and Ad-Aware have both detected it and listed it as a TIBS by Smooth Content Ltd. They both also say they have removed or fixed the problem and as soon as I reboot everything is back. I think this little program has made a $50 call to the UK. This and the annoyence of it makes me want it gone for good.
I am running win2k pro with sp4 installed, ie6 full updates.
Any help making this thing go away would be appreciated.
Thanks

This conversation is currently closed to new comments.

19 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by mhand In reply to Dialer wont go away

Point value changed by question poster.

Collapse -

by Curacao_Dejavu In reply to Dialer wont go away

run both programs and your antivirus program in
safe mode.

check in the following registry if you see something that you don'r recognize and delete those keys

start , run , regedit
and the location of the key is

hkey\local machine\sofware

and for programs that startup whith windows.

hkey_local machine\software\microsoft\windows\current version\run (run once, and runonce_ex)

if you see the .exe at the right hand panel, look them up in windows explorer and delete the program or whole folder altogether.

then use spyblaster (http://www.javacoolsoftware.com/products.html) to protect you from getting infected again.


you can check an alternative browser like mozilla firefox

Success

Leopold

Collapse -

by mhand In reply to

Poster rated this answer.
The Program seems to be gone but it takes a week or more to pop up again on occasion. Thanks and I am keeping my fingers crossed

Collapse -

by razz2 In reply to Dialer wont go away

This is a variant of Cool Web Search.
It is possible that it was removed by Adware or Spybot but is coming back. I would run AdAware, and Spybot (update defs of course) and with Spybot make sure to Imunize and turn on the Tea-Timer feature. It will let you know when the reinfection is attempted.

Then delete this registry key:

HKEY_CURRENT_USER\software\websiteviewer

That should do it but as long as you are in "scan" mode you should check for everything else. Run CWShredder and HiJackThis.

(http://www.spywareinfo.com/~merijn/downloads.html)

I would not delete anything in HiJackThis unless you are really comfortable with it. It will list real windows setting that may OR MAY NOT have been hijacked. Just post the log.

Norton (Symantec) will also clean it, but you still have to remove the registry entry:

http://securityresponse.symantec.com/avcenter/venc/data/dialer.wsv.html

Good Luck,

razz

Collapse -

by mhand In reply to

Poster rated this answer.
Thanks That key was one I missed. Thanks for the reminder.

Collapse -

by willcomp In reply to Dialer wont go away

I'm fighting the same piece of s*** on a customer's PC. Contibuting to the problem are that something (perhaps CWS) is running IE continuouly in normal mode and I haven't been able to stop it using all the usual methods (msconfig, registry edits). So normal mode is useless. Safe mode is stable, but it's Win Me, so limited to floppy disk access for installation.

Have managed to install Ad-Aware SE and Spybot. Ad-Aware finds the files but locks up while deleting. Spybot is returning errors and hasn't been of much use.

CWShredder has been no help. Am using latest version.

If I find something that works, I'll add a comment. Would also like to know how you fare.

Dalton

Collapse -

by willcomp In reply to

I forgot. It is a CWS variant.

Collapse -

by willcomp In reply to

Better explanation. Somrthing is trying to run IE in normal mode. IE returns error message, but process continues ad infinitum. Eventually all resources are exhausted and PC locks. It is not connected to Internet.

Still trying to work in safe mode, but not having much luck. Ad-Aware shows CWS with about 50 files in system folder and about same number of registry entries. However still won't remove.

Bless XP and ability to read CDs in safe mode.

Collapse -

by willcomp In reply to

Crapware trying to start IE was Dyfuca (aka Dyfica) porn dialer. Removed it manually and now can work in normal mode. Also had to clean out _Restore folder by booting with Win98 boot disk and using DOS commands.

Collapse -

by mhand In reply to

Poster rated this answer.
Well I glad you got it out. Mine seems to be gone but time will tell. Usually within two weeks or less. The UBSI people say the only way to get mine was to click on a pop up to allow the install. Good luck/

Back to Windows Forum
19 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums