|
| If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|||||||
|
|
|
Thread Tools | Display Modes |
|
#1
July 8th 05, 03:25 PM
|
|||
|
|||
Dialer that Ad-Aware cannot remove
Hello,
I ran ad-aware yesterday and it found registry entries for dialer. I allowed it to remove these entries and ran the Ad-aware again and again it found the same entries. I ran Spybot Search and Destroy, it did not find any dialers. Everytime I run Ad-Aware, it finds the same entries. The details of the entries a HKEY User\default\software\microsoft\windows\current version\run\ " " HKEY Local_Machine\default\software\microsoft\windows\c urrent version\run\" " I am using Windows 98 and IE 6 sp1 and using cable network. (Not on dial-up) How do I remove these registry entries. I look for them using regedit but cannot find them. I will appreciate any help to remove these dialers. Any other spyware remover that can remove these. I also have spyware blaster installed. Thanks Mian 
|
|
#2
July 8th 05, 04:46 PM
|
|||
|
|||
|
If you are using AdAware version 6, see if you have a=20
"C:\Program Files\Lavasoft\Ad-aware 6\Logs" folder. If so, please repost with the contents of the most recent log. Ben "Mian Ali" wrote in message = ... Hello, =20 I ran ad-aware yesterday and it found registry entries for dialer. I = allowed=20 it to remove these entries and ran the Ad-aware again and again it = found the=20 same entries. =20 I ran Spybot Search and Destroy, it did not find any dialers. = Everytime I=20 run Ad-Aware, it finds the same entries. The details of the entries = a =20 HKEY User\default\software\microsoft\windows\current version\run\ " " =20 HKEY Local_Machine\default\software\microsoft\windows\c urrent = version\run\"=20 " =20 I am using Windows 98 and IE 6 sp1 and using cable network. (Not on = dial-up) =20 How do I remove these registry entries. I look for them using regedit = but=20 cannot find them. =20 I will appreciate any help to remove these dialers. Any other spyware=20 remover that can remove these. I also have spyware blaster installed. =20 Thanks Mian=20 =20
|
|
#3
July 8th 05, 07:16 PM
|
|||
|
|||
|
Are you running Ad-aware SE v1.06 with fully updated definitions? Have you
tried scanning in Safe Mode? Check for Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/Darnit.htm http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine.blogspot.com/ When all else fails, HijackThis (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. **Post your files to http://forums.spywareinfo.com/, http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30 for expert analysis, not here.** -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) & Security Mian Ali wrote: Hello, I ran ad-aware yesterday and it found registry entries for dialer. I allowed it to remove these entries and ran the Ad-aware again and again it found the same entries. I ran Spybot Search and Destroy, it did not find any dialers. Everytime I run Ad-Aware, it finds the same entries. The details of the entries a HKEY User\default\software\microsoft\windows\current version\run\ " " HKEY Local_Machine\default\software\microsoft\windows\c urrent version\run\" " I am using Windows 98 and IE 6 sp1 and using cable network. (Not on dial-up) How do I remove these registry entries. I look for them using regedit but cannot find them. I will appreciate any help to remove these dialers. Any other spyware remover that can remove these. I also have spyware blaster installed. Thanks Mian
|
|
#4
July 8th 05, 11:37 PM
|
|||
|
|||
|
| HKEY Local_Machine\default\software\microsoft\windows\c urrent
version\run\" You mean this key...?... HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run Go to it in RegEdit, &... This could be a problem with the "(Default)" line at one of the Startup registry keys. They should all look like this... (Default) (value not set) If it shows a blank line or just quotes in (Default), R-Clk it, & select "Delete". After the Delete, it will immediately come back just like this... (Default) (value not set) | HKEY User\default\software\microsoft\windows\current version\run\ " " You mean...?... HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run Try the same there, then, unless it self-corrects after doing the first. -- Thanks or Good Luck, There may be humor in this post, and, Naturally, you will not sue, should things get worse after this, PCR "Mian Ali" wrote in message ... | Hello, | | I ran ad-aware yesterday and it found registry entries for dialer. I allowed | it to remove these entries and ran the Ad-aware again and again it found the | same entries. | | I ran Spybot Search and Destroy, it did not find any dialers. Everytime I | run Ad-Aware, it finds the same entries. The details of the entries a | | HKEY User\default\software\microsoft\windows\current version\run\ " " | | HKEY Local_Machine\default\software\microsoft\windows\c urrent version\run\" | " | | I am using Windows 98 and IE 6 sp1 and using cable network. (Not on dial-up) | | How do I remove these registry entries. I look for them using regedit but | cannot find them. | | I will appreciate any help to remove these dialers. Any other spyware | remover that can remove these. I also have spyware blaster installed. | | Thanks | Mian | |
|
|
#5
July 9th 05, 01:07 AM
|
|||
|
|||
|
Thanks Ben. Here is part of the log file between lines:
--------------------------------------------------------------------- Ad-Aware SE Build 1.06r1 Logfile Created on:Friday, July 08, 2005 10:00:25 AM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R53 07.07.2005 .. .. Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 0 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Dialer Object Recognized! Type : RegValue Data : Wildflics TAC Rating : 5 Category : Dialer Comment : "" Rootkey : HKEY_USERS Object : ..DEFAULT\software\microsoft\windows\currentversio n\run Value : Dialer Object Recognized! Type : RegValue Data : Wildflics TAC Rating : 5 Category : Dialer Comment : "" Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\run Value : Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 2 Objects found so far: 2 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Deep scanning and examining files... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Disk Scan Result for C:\WINDOWS\SYSTEM »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Disk Scan Result for C:\WINDOWS\TEMP\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 2 Scanning Hosts file...... Hosts file location:"C:\WINDOWS\hosts". »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» »»»»»»»»»»»»»»»»»»»»»»»»»» Hosts file scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 7275 entries scanned. New critical objects:0 Objects found so far: 2 ------------------------------------------ Log file is a long one. Thanks. Mian "Ben Myers" wrote in message ... If you are using AdAware version 6, see if you have a "C:\Program Files\Lavasoft\Ad-aware 6\Logs" folder. If so, please repost with the contents of the most recent log. Ben "Mian Ali" wrote in message ... Hello, I ran ad-aware yesterday and it found registry entries for dialer. I allowed it to remove these entries and ran the Ad-aware again and again it found the same entries. I ran Spybot Search and Destroy, it did not find any dialers. Everytime I run Ad-Aware, it finds the same entries. The details of the entries a HKEY User\default\software\microsoft\windows\current version\run\ " " HKEY Local_Machine\default\software\microsoft\windows\c urrent version\run\" " I am using Windows 98 and IE 6 sp1 and using cable network. (Not on dial-up) How do I remove these registry entries. I look for them using regedit but cannot find them. I will appreciate any help to remove these dialers. Any other spyware remover that can remove these. I also have spyware blaster installed. Thanks Mian
|
|
#6
July 9th 05, 01:10 AM
|
|||
|
|||
|
Thanks PA Bear. Yes, I am running Ad-aware 1.06r with the latest definition
flie. I will try it in safe mode and psot beack the result. MIan "PA Bear" wrote in message ... Are you running Ad-aware SE v1.06 with fully updated definitions? Have you tried scanning in Safe Mode? Check for Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/Darnit.htm http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine.blogspot.com/ When all else fails, HijackThis (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. **Post your files to http://forums.spywareinfo.com/, http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30 for expert analysis, not here.** -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) & Security Mian Ali wrote: Hello, I ran ad-aware yesterday and it found registry entries for dialer. I allowed it to remove these entries and ran the Ad-aware again and again it found the same entries. I ran Spybot Search and Destroy, it did not find any dialers. Everytime I run Ad-Aware, it finds the same entries. The details of the entries a HKEY User\default\software\microsoft\windows\current version\run\ " " HKEY Local_Machine\default\software\microsoft\windows\c urrent version\run\" " I am using Windows 98 and IE 6 sp1 and using cable network. (Not on dial-up) How do I remove these registry entries. I look for them using regedit but cannot find them. I will appreciate any help to remove these dialers. Any other spyware remover that can remove these. I also have spyware blaster installed. Thanks Mian
|
|
#7
July 9th 05, 01:13 AM
|
|||
|
|||
|
Thanks PCR. When I check the registry using regedit the first line in Run is
(Default) (value not set) I do not see " " marks or blank anywhere. Mian "PCR" wrote in message ... | HKEY Local_Machine\default\software\microsoft\windows\c urrent version\run\" You mean this key...?... HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run Go to it in RegEdit, &... This could be a problem with the "(Default)" line at one of the Startup registry keys. They should all look like this... (Default) (value not set) If it shows a blank line or just quotes in (Default), R-Clk it, & select "Delete". After the Delete, it will immediately come back just like this... (Default) (value not set) | HKEY User\default\software\microsoft\windows\current version\run\ " " You mean...?... HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run Try the same there, then, unless it self-corrects after doing the first. -- Thanks or Good Luck, There may be humor in this post, and, Naturally, you will not sue, should things get worse after this, PCR "Mian Ali" wrote in message ... | Hello, | | I ran ad-aware yesterday and it found registry entries for dialer. I allowed | it to remove these entries and ran the Ad-aware again and again it found the | same entries. | | I ran Spybot Search and Destroy, it did not find any dialers. Everytime I | run Ad-Aware, it finds the same entries. The details of the entries a | | HKEY User\default\software\microsoft\windows\current version\run\ " " | | HKEY Local_Machine\default\software\microsoft\windows\c urrent version\run\" | " | | I am using Windows 98 and IE 6 sp1 and using cable network. (Not on dial-up) | | How do I remove these registry entries. I look for them using regedit but | cannot find them. | | I will appreciate any help to remove these dialers. Any other spyware | remover that can remove these. I also have spyware blaster installed. | | Thanks | Mian | |
|
|
#9
July 9th 05, 03:23 AM
|
|||
|
|||
|
Here is the User default registry entry:
REGEDIT4 [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] Her is the Local_Machine registry entry: REGEDIT4 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run] Other entries in RUN: "ScanRegistry"="C:\\WINDOWS\\scanregw.exe /autorun" "TaskMonitor"="C:\\WINDOWS\\taskmon.exe" "SystemTray"="SysTray.Exe" "LoadPowerProfile"="Rundll32.exe powrprof.dll,LoadCurrentPwrScheme" "SRS Applet"="SrsTray.Exe" "DXM6Patch_981116"="C:\\WINDOWS\\p_981116.exe /Q:A" "Adaptec DirectCD"="C:\\PROGRA~1\\ADAPTEC\\DIRECTCD\\DIRECT CD.EXE" "Tweak UI"="RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp" "NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM\\NvCpl.dll,NvStartup" "nwiz"="nwiz.exe /install" "IntelliType"="\"C:\\Program Files\\Microsoft Hardware\\Keyboard\\type32.exe\"" "SideWinderTrayV4"="C:\\PROGRA~1\\MICROS~1\\GAMECO ~1\\COMMON\\SWTRAYV4.EXE" "StillImageMonitor"="C:\\WINDOWS\\SYSTEM\\STIMON.E XE" "LVComs"="C:\\WINDOWS\\SYSTEM\\LVComS.exe" "VetAlert"="C:\\PROGRA~1\\CA\\ETRUST~1\\ETRUST~1\\ VETMSG.EXE" "CaAvTray"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\"" "CAVRID"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\"" "FineReader7NewsReaderPro"="\"C:\\PROGRAM FILES\\ABBYY FINEREADER 7.0 PROFESSIONAL EDITION\\ABBYYNEWSREADER.EXE\"" "NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\SYSTEM\\NvMcTray.dll,NvTaskbarInit" "Zone Labs Client"="\"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Firewall\\ca.exe\"" Thanks Mian "PCR" wrote in message ... Hmm. Can you Export that key using "Registry, Export Registry file" & post it? The other one too. Do any of the items have a blank name? -- Thanks or Good Luck, There may be humor in this post, and, Naturally, you will not sue, should things get worse after this, PCR "Mian Ali" wrote in message ... | Thanks PCR. When I check the registry using regedit the first line in Run is | | (Default) (value not set) | | I do not see " " marks or blank anywhere. | Mian | | "PCR" wrote in message | ... | | HKEY Local_Machine\default\software\microsoft\windows\c urrent | version\run\" | | You mean this key...?... | | HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run | | Go to it in RegEdit, &... | | This could be a problem with the "(Default)" line at one of the | Startup registry keys. They should all look like this... | | (Default) (value not set) | | If it shows a blank line or just quotes in (Default), R-Clk it, & select | "Delete". After the Delete, it will immediately come back just like | this... | | (Default) (value not set) | | | HKEY User\default\software\microsoft\windows\current version\run\ " " | | You mean...?... | | HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run | | Try the same there, then, unless it self-corrects after doing the first. | | | -- | Thanks or Good Luck, | There may be humor in this post, and, | Naturally, you will not sue, | should things get worse after this, | PCR | | "Mian Ali" wrote in message | ... | | Hello, | | | | I ran ad-aware yesterday and it found registry entries for dialer. I | allowed | | it to remove these entries and ran the Ad-aware again and again it | found the | | same entries. | | | | I ran Spybot Search and Destroy, it did not find any dialers. | Everytime I | | run Ad-Aware, it finds the same entries. The details of the entries | a | | | | HKEY User\default\software\microsoft\windows\current version\run\ " " | | | | HKEY Local_Machine\default\software\microsoft\windows\c urrent | version\run\" | | " | | | | I am using Windows 98 and IE 6 sp1 and using cable network. (Not on | dial-up) | | | | How do I remove these registry entries. I look for them using regedit | but | | cannot find them. | | | | I will appreciate any help to remove these dialers. Any other spyware | | remover that can remove these. I also have spyware blaster installed. | | | | Thanks | | Mian | | | | | | | |
|
|
#10
July 9th 05, 05:17 AM
|
|||
|
|||
|
Just tell us whether doing so fixed the problem. No need to post any
reports. I think you'll find you need to post a HijackThis log to an appropriate forum to remove all traces of all hijackware. See my previous reply. -- ~PA Bear Mian Ali wrote: Thanks PA Bear. Yes, I am running Ad-aware 1.06r with the latest definition flie. I will try it in safe mode and psot beack the result. MIan "PA Bear" wrote in message ... Are you running Ad-aware SE v1.06 with fully updated definitions? Have you tried scanning in Safe Mode? Check for Hijackware http://aumha.org/a/parasite.htm http://aumha.org/a/quickfix.htm http://mvps.org/winhelp2002/unwanted.htm http://inetexplorer.mvps.org/Darnit.htm http://www.mvps.org/sramesh2k/Malware_Defence.htm http://defendingyourmachine.blogspot.com/ When all else fails, HijackThis (http://aumha.net/downloads/hijackthis.zip) is the preferred tool to use. It will help you to both identify and remove any hijackware/spyware. **Post your files to http://forums.spywareinfo.com/, http://castlecops.com/forum67.html or http://aumha.net/viewforum.php?f=30 for expert analysis, not here.** -- ~Robear Dyer (PA Bear) MS MVP-Windows (IE/OE) & Security Mian Ali wrote: Hello, I ran ad-aware yesterday and it found registry entries for dialer. I allowed it to remove these entries and ran the Ad-aware again and again it found the same entries. I ran Spybot Search and Destroy, it did not find any dialers. Everytime I run Ad-Aware, it finds the same entries. The details of the entries a HKEY User\default\software\microsoft\windows\current version\run\ " " HKEY Local_Machine\default\software\microsoft\windows\c urrent version\run\" " I am using Windows 98 and IE 6 sp1 and using cable network. (Not on dial-up) How do I remove these registry entries. I look for them using regedit but cannot find them. I will appreciate any help to remove these dialers. Any other spyware remover that can remove these. I also have spyware blaster installed. Thanks Mian
|
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| Using CD-RW drive gets blue screen | Gabriele Hauschild | General | 3 | December 12th 04 05:19 PM |
| Add Remove programs | Beau | Monitors & Displays | 0 | August 9th 04 05:43 PM |
| How to remove file "GMT.exe" (GAIN adware file) | General | 1 | July 18th 04 05:56 PM | |
| Control Panel - Remove Programs | Bill Steelman | General | 1 | May 28th 04 09:53 PM |
| add remove program problems | Coleman | Software & Applications | 1 | May 12th 04 08:22 AM |
Linear Mode
