sexdialer program starting up at every boot...

5 views
Skip to first unread message

Christian Borchgrevink-Lund

unread,
Mar 17, 2002, 8:17:30 AM3/17/02
to
Very annoying problem, do not know how it "infected" my PC in the first
place, bit now it is there!

It is a program called 5-2-46-112.exe. I have searched my whole PC for this
prog and deleted every instance. Also checked MSCONFIG to see what program
boots, but cannot seem to find the string that boots this program. Any
suggestions on how to check where the prog is placed on my diskdrive and
delete it?

Thanks

Christian


Carey

unread,
Mar 17, 2002, 8:40:37 AM3/17/02
to
Go to http://www.lsfileserv.com/index.html and download this free program (Ad-Aware 5) and
use it. You may have some "spyware" installed on your computer.


--
Carey Frisch (USA)

John Lots

unread,
Mar 17, 2002, 9:30:52 AM3/17/02
to
You might try looking at

Registry: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, the Shell entry..

some programs add themselves next to the default explorer.exe, and apparently all listed programs get executed...

Otherwise, fire up regedit, and do a find for your program....

---

saybibi();

// john

#include <stddiscl.h>

"Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message news:3c94975f$0$264$ba62...@nntp02.dk.telia.net...

Harry Ohrn

unread,
Mar 17, 2002, 11:22:22 AM3/17/02
to
try running System Restore. Start->Help and Support->Pick a task. Roll back
to a date prior to the problem presenting itself.

--

Harry Ohrn - MS MVP (Windows XP)
New Life For Windows XP - www.webtree.ca/windowsxp/
XP Newsgroups - www.microsoft.com/windowsxp/expertzone/newsgroups/
(please reply to the group)


"Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message
news:3c94975f$0$264$ba62...@nntp02.dk.telia.net...

John Ewton

unread,
Mar 17, 2002, 12:31:18 PM3/17/02
to
Also, it was mentioned elsewhere that www.scumware.com is a good
resource for this sort of thing. I am finding more sites that plant
things on our systems. This site names those sites and gives resources
on how to eliminate them.

Also, Adaware at www.lavasoft.com is a good resource for removing this
junk. It, like a virus scanner, scans the drives, memory and registry
for known entries that cause these problems.

Pastor John

In article <#n43FBczBHA.2592@tkmsftngp07>, jl...@hotmail.com says...


> You might try looking at
>

> Registry: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, =
> the Shell entry..
>
> some programs add themselves next to the default explorer.exe, and =

Bob Baker

unread,
Mar 17, 2002, 1:44:28 PM3/17/02
to
Did you look in the registry for that file? About six weeks ago I
deleted that same file from a friends computer. I remember finding
something in the registry and also having to go to download.com and
download a killfile to permanently remove it. Did you see something
popup like "webdialer". I had to delete some such file. But I do
remember finding the file with those numbers on it and having to use the
killfile to get rid of it.

Gman

unread,
Mar 17, 2002, 1:52:40 PM3/17/02
to
You may want to look at your Internet connections.
I had a simalar problem and it had installed itself as the default
connection.


Christian Borchgrevink-Lund

unread,
Mar 17, 2002, 6:04:48 PM3/17/02
to
I found a prog called openme.exe in this registry entry. Is this safe to
delete?

Christian


"John Lots" <jl...@hotmail.com> wrote in message
news:#n43FBczBHA.2592@tkmsftngp07...

David Marsh

unread,
Mar 17, 2002, 6:44:51 PM3/17/02
to
I was hit by such a program and had exactly the same entry. Deleting
openme.exe got rid of the last trace of the problem. (Don't touch
explorer.exe of course.)

"Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message

news:3c95214a$0$464$ba62...@nntp01.dk.telia.net...

cqu...@iafrica.com

unread,
Mar 18, 2002, 6:58:53 AM3/18/02
to
On Sun, 17 Mar 2002 23:44:51 GMT, "David Marsh"

>I was hit by such a program and had exactly the same entry. Deleting
>openme.exe got rid of the last trace of the problem. (Don't touch
>explorer.exe of course.)

Where "explorer.exe" is EXPLORER.EXE in lower case, and not
EXPIORER.EXE in mixed case, and also where explorer.exe does not
reside on its own in a directory called Explorer as well.

>"Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message

>> I found a prog called openme.exe in this registry entry. Is this safe to
>> delete?

Axiom: Never delete what you you can rename or comment out.

Do a Find and rename it away to OPENME.EX! and/or export the key in
registry as a .reg file before deleting the entry. Both methods will
incapacitate the thing (re-check on restarting Windows) but in a
reversable way, in case of complications or desire for forensics.

>> "Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message

>> > Very annoying problem, do not know how it "infected" my PC in the first


>> > place, bit now it is there!

Typically attachments (sometimes mis-MIME'd as JPEG etc.) in usenet

>> > It is a program called 5-2-46-112.exe. I have searched my whole PC for
>> > this prog and deleted every instance. Also checked MSCONFIG to see
>> > what program boots, but cannot seem to find the string that boots this

You typically get a mixture of porno diallers and RATs. The former
drop icons in Start menu, desktop etc. and are odd, given there's
typically no phone number present so they can't dial out anyway.

>----------- ---- --- -- - - - - -
Hoy, M-Web, you useless ISP!
When are you going to carry this newsgroup?
>----------- ---- --- -- - - - - -

Xanex

unread,
Mar 20, 2002, 8:43:38 PM3/20/02
to
Getting Rid of the 5-2-46-112 WebDialer Trojan
==============================================================
*Disclaimer: This process involves modifying your registry files. Do
so with caution. For more on registry editing see:

http://docs.rinet.ru:8083/Registratura/htm/ch10.htm
==============================================================

Are you having a problem with a nasty trojan that installs porn links
on your desktop and then keeps trying to dial up porn sites? Have you
tried erasing the obvious files but, just when you think you have your
hard drive clean, the porn pops up again?

You are not alone. This is an international problem. Here is how to
remove this pesky nuisance:

(1) Open your Browser. Delete all temporary internet files.
If you are using Internet Explorer this is located at
(Tools\Internet Options\Temporary Internet Files\Delete Files…)

(2) Open MSConfig (Start\run\Msconfig) Click on the Startup tab and
uncheck any file that contains a reference to:

5-2-46-112
webdialer
openme

When you close Msconfig not to bother restarting just yet.

(3) Run regedit. (Start\Run\regedit.com [Return])

Search for, and delete, any registry entry that references:

5-2-46-112

webdialer

openme (Please note that you should only delete the openme
reference in the data string. DO NOT delete explorer.exe unless you
want to reinstall Windows.)

(4) Shut your computer down completely. Do not use "restart." Turn
the power off for 10 seconds.

Start your computer up again and your problem should be gone.

Note: Contrary to popular belief most people who are having this
problem did not get this trojan by downloading and running porn.

Most got it downloading files on Kazza…Morpheus…Bearshare…etc…that
claimed to be a small loader program for popular gaming files. Your
virus-checking software will not detect this Trojan. Avoid these
files.

To increase your security you might want to download a program called
RegCleaner. It allows you to monitor what is being installed on your
computer after the fact:

http://www.vtoy.fi/jv16/shtml/regcleaner.shtml

Another nifty program for Trojan detection and removal is The Cleaner:

http://www.moosoft.com/

And finally, a program to defeat the spyware programs that seem to be
attached to all those FREEWARE applications you installed:

http://tomcoyote.com/lsindex.html

For more info on the concept of Spyware and Adware see:

http://www.scumware.com/

If you have an questions or problems post them here.


Xanex


cqu...@iafrica.com wrote in message news:<3c95cfc9...@msnews.microsoft.com>...

cqu...@iafrica.com

unread,
Mar 21, 2002, 8:05:05 AM3/21/02
to
On 20 Mar 2002 17:43:38 -0800, jek...@swbell.net (Xanex) wrote:

Thanks for this! Summary-snipped...

>Getting Rid of the 5-2-46-112 WebDialer Trojan

>(1) Open your Browser. Delete all temporary internet files.


>If you are using Internet Explorer this is located at
>(Tools\Internet Options\Temporary Internet Files\Delete Files…)

>(2) Open MSConfig (Start\run\Msconfig) Click on the Startup tab and
>uncheck any file that contains a reference to:

>5-2-46-112
>webdialer
>openme

>When you close Msconfig not to bother restarting just yet.

>(3) Run regedit. (Start\Run\regedit.com [Return])

>Search for, and delete, any registry entry that references:

>5-2-46-112
>webdialer
>openme (Please note that you should only delete the openme
>reference in the data string. DO NOT delete explorer.exe unless you
>want to reinstall Windows.)

>Note: Contrary to popular belief most people who are having this


>problem did not get this trojan by downloading and running porn.

>Most got it downloading files on Kazza…Morpheus…Bearshare…etc…that
>claimed to be a small loader program for popular gaming files. Your
>virus-checking software will not detect this Trojan.

Antivirus software vendors are part of the same software industry that
spawns commecial malware such as this, and are thus less industrious
at countering such problems.

>Another nifty program for Trojan detection and removal is The Cleaner:
>http://www.moosoft.com/

>And finally, a program to defeat the spyware programs that seem to be
>attached to all those FREEWARE applications you installed:
>http://tomcoyote.com/lsindex.html

>For more info on the concept of Spyware and Adware see:
>http://www.scumware.com/

>----------- ---- --- -- - - - - -
Hoy, UUnet, you useless M-Web back-ender!

Xanex

unread,
Mar 21, 2002, 2:11:12 PM3/21/02
to
Getting Rid of the 5-2-46-112 WebDialer Trojan
==============================================================
*Disclaimer: This process involves modifying your registry files. Do
so with caution. For more on registry editing see:

http://docs.rinet.ru:8083/Registratura/htm/ch10.htm
==============================================================

Are you having a problem with a nasty trojan that installs porn links
on your desktop and then keeps trying to dial up porn sites? Have you
tried erasing the obvious files but, just when you think you have your
hard drive clean, the porn pops up again?

You are not alone. This is an international problem. Here is how to
remove this pesky nuisance:

(1) Open your Browser. Delete all temporary internet files.


If you are using Internet Explorer this is located at
(Tools\Internet Options\Temporary Internet Files\Delete Files…)

(2) Open MSConfig (Start\run\Msconfig) Click on the Startup tab and
uncheck any file that contains a reference to:

5-2-46-112
webdialer
openme

When you close Msconfig not to bother restarting just yet.

(3) Run regedit. (Start\Run\regedit.com [Return])

Search for, and delete, any registry entry that references:

5-2-46-112

webdialer

openme (Please note that you should only delete the openme
reference in the data string. DO NOT delete explorer.exe unless you
want to reinstall Windows.)

(4) Shut your computer down completely. Do not use "restart." Turn


the power off for 10 seconds.

Start your computer up again and your problem should be gone.

Note: Contrary to popular belief most people who are having this


problem did not get this trojan by downloading and running porn.

Most got it downloading files on Kazza…Morpheus…Bearshare…etc…that
claimed to be a small loader program for popular gaming files. Your

virus-checking software will not detect this Trojan. Avoid these
files.

To increase your security you might want to download a program called
RegCleaner. It allows you to monitor what is being installed on your
computer after the fact:

http://www.vtoy.fi/jv16/shtml/regcleaner.shtml

Another nifty program for Trojan detection and removal is The Cleaner:

http://www.moosoft.com/

And finally, a program to defeat the spyware programs that seem to be
attached to all those FREEWARE applications you installed:

http://tomcoyote.com/lsindex.html

For more info on the concept of Spyware and Adware see:

http://www.scumware.com/

If you have an questions or problems post them here.


Xanex

"Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message news:<3c94975f$0$264$ba62...@nntp02.dk.telia.net>...

Anoop

unread,
Mar 22, 2002, 4:59:07 PM3/22/02
to
or you can use this simple program free:

Finally looks like I have a solution.

www.lavasoftusa.com

Ad-Aware released a new update, 3/14/02 that is supposed to remove the
Morpheus virus. Also download the RefUpdate... that makes updating
signature file easy.

Make sure your signature file in use is: 086-14.03.2002

This seems to clean some addition files that weren't picked up by the
last version.

Hope this finally works... BTW, the firewall does prevent the
popups... so that is a good temp solution.

Good luck... hopefully this will be my last post!

Anoop

Anoop

unread,
Mar 22, 2002, 5:04:13 PM3/22/02
to
much easier
Reply all
Reply to author
Forward
0 new messages