General discussion

Locked

Can't remove spyware dialer

By stergios_nik ·
Dear all.

A user of our network (Windows 9 opened a spam message and his PC was infected by a dialer.

I scanned the PC with ad aware and spy bot but the problem remains. This malware wrote something to the registry and I can not get rid of it because every time the PCs boots it runs in start up.

Although in start up folder of Windows 98 I can not see something I suspect that this is a registry issue.

Any ideas where to look in the registry in order to remove this malware?

Thank you in advance.

This conversation is currently closed to new comments.

13 total posts (Page 1 of 2)   01 | 02   Next
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by Walkerxp92 In reply to Can't remove spyware dial ...

I have used almost every spyware removal tool out there because of a recent problem with a clients pc. I had some real pesky spyware and couldn't get it off but I found this Giant AntiSpyware it is only a 15 day trial but it works great finds tons of stuff that spybot ect doesn't find.

http://www.giantcompany.com/files/GiantAntiSpyware.exe

Collapse -

by Walkerxp92 In reply to

also if you have system restore enabled turn it off reboot run your antivirus & spyware removal... clean it up and then reboot again and turn system restore back on...

Collapse -

by stergios_nik In reply to

Poster rated this answer.

Collapse -

by rindi1 In reply to Can't remove spyware dial ...

Reboot in safe mode and run spybot or adware from there.

Collapse -

by stergios_nik In reply to

Poster rated this answer.

Collapse -

by Blackcurrant In reply to Can't remove spyware dial ...

Hi

You can examine the follwing registry keys and see if they contain commands you do not recognise/associated with the dialler:

HKLM\software\microsoft\windows\currentversion\run
HKCU\software\microsoft\windows\currentversion\run

Also check the startup files autoexec.bat and config.sys.

Check the Load= and Run= lines in Win.ini

The last three can be edited with notepad.

As with all these things - you must have a secure backup of these files before you edit them in case you make an error or the machine crashes.

Good luck

Collapse -

by stergios_nik In reply to

Poster rated this answer.

Collapse -

by gralfus In reply to Can't remove spyware dial ...

Very often it is not enough to just run AdAware and Spybot, though they do remove a lot of problems. You need to run something like "HiJack This" in order to see all the programs that are being called by your operating system. By studying the output of Hijack This, you can see the legitimate programs and the ones that are giving you problems. There are forums that can help you interpret the output.

Also, the first poster implied that because this other program "found" lots of things that AdAware didn't find, that this other program was better. There are programs that find false positives just to show that they "find more" than other programs. So to sum up, just because it finds something doesn't mean that it really was a problem. Be careful what you delete. Hijack This doesn't automatically label something as spyware, so you do need to think about what the program does before you choose to delete it or not.

Collapse -

by stergios_nik In reply to

Poster rated this answer.

Collapse -

by Lord Ago 1 In reply to Can't remove spyware dial ...

Here's a nifty trick. The thing is you have to know where to look for various spyware if your current programs can't get rid of it. This is doing it manually!! I got stuck with this several times. Worked pretty good for me!!This only works if you remember the day wherein the problem started.
First, start msconfig and uncheck whatever is listed that you should already know shouldn't be there. That will stop it from starting with windows. Do the same for anything found in Start/Programs/Start Up. Run your scanners. Note that said scannerS!! Never rely on any one virus/spyware scanner.Yeah, run both types, virus/spyware. Let them do what they can.
Next,use Start/Find files folders. Look for *.* CREATED(next tab)on that day. Set it to look in c:\windows. Just sift through those files and see which ones don't seem to be what you want. Delete the ones you dont want if you can.You also need a file viewer to see what they really are.I use WinBrowse. Do the same thing for c:\Program Files. From there search the registry for anything that you just unchecked in msconfig. Delete those. Reboot in DOS mode (or safe mode) and delete any other files that you couldn't already delete. Reboot and you should be all set.
Have Fun!!

Back to Windows Forum
13 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums