|
Argh, it won't die! Someone please help a desperate Lira delete a weird computer file
|
View this Thread in Original format
| Lira |
I've already used all spyware I've got (Ad-Aware and Spybot), deleted it several times the manual way, I edited the file so I could corrupt it, renamed it and did everything someone with intermediate knowledge on computers could do. However, it keeps coming back in my windows/system/ folder, and often with different names (usually erotic names in Italian). Its name is hidden inside the following files:
Musicmatch's userinfo.dat
Windows' system.dat
Windows' user.dat
A couple of files in windows/applog/
...
The file's renamed itself as vietato.exe, girl.exe, eros.exe, eros-1.exe and it seems to be an annoying porn dialer to Italy... and I don't even watch Italian porn :p
Please help, as I've been fighting this for over a year now :( |
|
|
| KilldaDJ |
u, my friend have encountered some sort of wormy porn dialer
um...try using msconfig and check the startup, disable it from starting with windows and get urself an anti virus |
|
|
| Lira |
| quote: | Originally posted by KilldaDJ
um...try using msconfig and check the startup, disable it from starting with windows and get urself an anti virus |
Used msconfig already... and I use AVG anti-virus :( |
|
|
| DigiNut |
If this happened recently, you could run a global search on your PC for all files that have been created/modified in the last 24 hours (or however long ago it was that you got the worm)... see if you can spot anything weird.
Also look for startup items in the Run, RunOnce and RunServices sections in both the HKLM and HKCU branches, and also check win.ini and system.ini, maybe even check your autoexec.bat file if you have one (unlikely). It should turn up something.
You can also locate one of the wormy files and run a global search on your system for every single file with the same file size... might turn up something also. |
|
|
| Wildfir3 |
avg doesnt find everything though... had a huge problem with a virus called 'gaobot' infecting all my files in some way. Anyway, i updated AVG on a daily basis and it still got through.
Eventually found it with an online scan from mcafee.
just so u know |
|
|
| Streakfury |
Owned!!
Sorry I cant help.
:D |
|
|
| Lira |
^^^ hmm... I'm gonna take a look at this, cheers :)
lol, streakfury :p
| quote: | Originally posted by Wildfir3
avg doesnt find everything though... had a huge problem with a virus called 'gaobot' infecting all my files in some way. Anyway, i updated AVG on a daily basis and it still got through.
Eventually found it with an online scan from mcafee.
just so u know |
hmm... I guess it's time to look for more software then :( :mad: Thanks for the tip :)
| quote: | Originally posted by DigiNut
If this happened recently, you could run a global search on your PC for all files that have been created/modified in the last 24 hours (or however long ago it was that you got the worm)... see if you can spot anything weird.
Also look for startup items in the Run, RunOnce and RunServices sections in both the HKLM and HKCU branches, and also check win.ini and system.ini, maybe even check your autoexec.bat file if you have one (unlikely). It should turn up something.
You can also locate one of the wormy files and run a global search on your system for every single file with the same file size... might turn up something also. |
- I'm doing the 24-hour search and it has indeed shown the file, and I find some fishy things...
- As for the win.ini and system.ini, the file is there indeed, but windows didn't let me edit the files so I'm gonna have to use MS-DOS (but this would be a last critical measure)
- I don't know what "Run, RunOnce and RunServices sections in both the HKLM and HKCU branches" are :( Do these files exist in Win98?
- I'm doing the global-size search as soon as I finish this post
Thanks for the tips :) |
|
|
| DJ-Fuq |
| quote: | Originally posted by Lira
- I don't know what "Run, RunOnce and RunServices sections in both the HKLM and HKCU branches" are :( Do these files exist in Win98?
|
Click start/run, type regedit and hit enter. Go to hkey_local_machine/software/microsoft/windows/currentversion and hkey_current_user/software/microsoft/windows/currentversion, so u can click on run etc and delete any references to the file. |
|
|
| Lira |
| quote: | Originally posted by DJ-Fuq
Click start/run, type regedit and hit enter. Go to hkey_local_machine/software/microsoft/windows/currentversion and hkey_current_user/software/microsoft/windows/currentversion, so u can click on run etc and delete any references to the file. |
Just got there and found nothing :( I guess I'm close to finding the solution though, as now I know what files trigger the creation of the file. Thanks for explaining :)
Now all I need is to prevent them to do it everytime I reboot.
If I'm not successful, then I shall bug the helpers from the link posted by Matt Jay :) |
|
|
| Matt Jay |
| quote: | Originally posted by Lira
Just got there and found nothing :( I guess I'm close to finding the solution though, as now I know what files trigger the creation of the file. Thanks for explaining :)
Now all I need is to prevent them to do it everytime I reboot.
If I'm not successful, then I shall bug the helpers from the link posted by Matt Jay :) |
If we are all dumbasses and can't help you then check out this forum
http://www.spywareinfo.com/forums/i...hp?showforum=30
It's designed for helping getting rid of spyware. |
|
|
| Lira |
No, I'm not saying you're all dumbasses (not at all!), I just said the file seems to find its way to existence no matter how much I try to delete it. I've registered to those forums because the link you gave me told me to, so, before annoying them, I wanted to make sure I did everything you guys told me to ;) |
|
|
|
|
