It is a program called 5-2-46-112.exe. I have searched my whole PC for this
prog and deleted every instance. Also checked MSCONFIG to see what program
boots, but cannot seem to find the string that boots this program. Any
suggestions on how to check where the prog is placed on my diskdrive and
delete it?
Thanks
Christian
--
Carey Frisch (USA)
Registry: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, the Shell entry..
some programs add themselves next to the default explorer.exe, and apparently all listed programs get executed...
Otherwise, fire up regedit, and do a find for your program....
---
saybibi();
// john
#include <stddiscl.h>
"Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message news:3c94975f$0$264$ba62...@nntp02.dk.telia.net...
--
Harry Ohrn - MS MVP (Windows XP)
New Life For Windows XP - www.webtree.ca/windowsxp/
XP Newsgroups - www.microsoft.com/windowsxp/expertzone/newsgroups/
(please reply to the group)
"Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message
news:3c94975f$0$264$ba62...@nntp02.dk.telia.net...
Also, Adaware at www.lavasoft.com is a good resource for removing this
junk. It, like a virus scanner, scans the drives, memory and registry
for known entries that cause these problems.
Pastor John
In article <#n43FBczBHA.2592@tkmsftngp07>, jl...@hotmail.com says...
> You might try looking at
>
> Registry: HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon, =
> the Shell entry..
>
> some programs add themselves next to the default explorer.exe, and =
Christian
"John Lots" <jl...@hotmail.com> wrote in message
news:#n43FBczBHA.2592@tkmsftngp07...
"Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message
news:3c95214a$0$464$ba62...@nntp01.dk.telia.net...
>I was hit by such a program and had exactly the same entry. Deleting
>openme.exe got rid of the last trace of the problem. (Don't touch
>explorer.exe of course.)
Where "explorer.exe" is EXPLORER.EXE in lower case, and not
EXPIORER.EXE in mixed case, and also where explorer.exe does not
reside on its own in a directory called Explorer as well.
>"Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message
>> I found a prog called openme.exe in this registry entry. Is this safe to
>> delete?
Axiom: Never delete what you you can rename or comment out.
Do a Find and rename it away to OPENME.EX! and/or export the key in
registry as a .reg file before deleting the entry. Both methods will
incapacitate the thing (re-check on restarting Windows) but in a
reversable way, in case of complications or desire for forensics.
>> "Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message
>> > Very annoying problem, do not know how it "infected" my PC in the first
>> > place, bit now it is there!
Typically attachments (sometimes mis-MIME'd as JPEG etc.) in usenet
>> > It is a program called 5-2-46-112.exe. I have searched my whole PC for
>> > this prog and deleted every instance. Also checked MSCONFIG to see
>> > what program boots, but cannot seem to find the string that boots this
You typically get a mixture of porno diallers and RATs. The former
drop icons in Start menu, desktop etc. and are odd, given there's
typically no phone number present so they can't dial out anyway.
>----------- ---- --- -- - - - - -
Hoy, M-Web, you useless ISP!
When are you going to carry this newsgroup?
>----------- ---- --- -- - - - - -
http://docs.rinet.ru:8083/Registratura/htm/ch10.htm
==============================================================
Are you having a problem with a nasty trojan that installs porn links
on your desktop and then keeps trying to dial up porn sites? Have you
tried erasing the obvious files but, just when you think you have your
hard drive clean, the porn pops up again?
You are not alone. This is an international problem. Here is how to
remove this pesky nuisance:
(1) Open your Browser. Delete all temporary internet files.
If you are using Internet Explorer this is located at
(Tools\Internet Options\Temporary Internet Files\Delete Files…)
(2) Open MSConfig (Start\run\Msconfig) Click on the Startup tab and
uncheck any file that contains a reference to:
5-2-46-112
webdialer
openme
When you close Msconfig not to bother restarting just yet.
(3) Run regedit. (Start\Run\regedit.com [Return])
Search for, and delete, any registry entry that references:
5-2-46-112
webdialer
openme (Please note that you should only delete the openme
reference in the data string. DO NOT delete explorer.exe unless you
want to reinstall Windows.)
(4) Shut your computer down completely. Do not use "restart." Turn
the power off for 10 seconds.
Start your computer up again and your problem should be gone.
Note: Contrary to popular belief most people who are having this
problem did not get this trojan by downloading and running porn.
Most got it downloading files on Kazza…Morpheus…Bearshare…etc…that
claimed to be a small loader program for popular gaming files. Your
virus-checking software will not detect this Trojan. Avoid these
files.
To increase your security you might want to download a program called
RegCleaner. It allows you to monitor what is being installed on your
computer after the fact:
http://www.vtoy.fi/jv16/shtml/regcleaner.shtml
Another nifty program for Trojan detection and removal is The Cleaner:
And finally, a program to defeat the spyware programs that seem to be
attached to all those FREEWARE applications you installed:
http://tomcoyote.com/lsindex.html
For more info on the concept of Spyware and Adware see:
If you have an questions or problems post them here.
Xanex
cqu...@iafrica.com wrote in message news:<3c95cfc9...@msnews.microsoft.com>...
Thanks for this! Summary-snipped...
>Getting Rid of the 5-2-46-112 WebDialer Trojan
>(1) Open your Browser. Delete all temporary internet files.
>If you are using Internet Explorer this is located at
>(Tools\Internet Options\Temporary Internet Files\Delete Files…)
>(2) Open MSConfig (Start\run\Msconfig) Click on the Startup tab and
>uncheck any file that contains a reference to:
>5-2-46-112
>webdialer
>openme
>When you close Msconfig not to bother restarting just yet.
>(3) Run regedit. (Start\Run\regedit.com [Return])
>Search for, and delete, any registry entry that references:
>5-2-46-112
>webdialer
>openme (Please note that you should only delete the openme
>reference in the data string. DO NOT delete explorer.exe unless you
>want to reinstall Windows.)
>Note: Contrary to popular belief most people who are having this
>problem did not get this trojan by downloading and running porn.
>Most got it downloading files on Kazza…Morpheus…Bearshare…etc…that
>claimed to be a small loader program for popular gaming files. Your
>virus-checking software will not detect this Trojan.
Antivirus software vendors are part of the same software industry that
spawns commecial malware such as this, and are thus less industrious
at countering such problems.
>Another nifty program for Trojan detection and removal is The Cleaner:
>http://www.moosoft.com/
>And finally, a program to defeat the spyware programs that seem to be
>attached to all those FREEWARE applications you installed:
>http://tomcoyote.com/lsindex.html
>For more info on the concept of Spyware and Adware see:
>http://www.scumware.com/
>----------- ---- --- -- - - - - -
Hoy, UUnet, you useless M-Web back-ender!
http://docs.rinet.ru:8083/Registratura/htm/ch10.htm
==============================================================
Are you having a problem with a nasty trojan that installs porn links
on your desktop and then keeps trying to dial up porn sites? Have you
tried erasing the obvious files but, just when you think you have your
hard drive clean, the porn pops up again?
You are not alone. This is an international problem. Here is how to
remove this pesky nuisance:
(1) Open your Browser. Delete all temporary internet files.
If you are using Internet Explorer this is located at
(Tools\Internet Options\Temporary Internet Files\Delete Files…)
(2) Open MSConfig (Start\run\Msconfig) Click on the Startup tab and
uncheck any file that contains a reference to:
5-2-46-112
webdialer
openme
When you close Msconfig not to bother restarting just yet.
(3) Run regedit. (Start\Run\regedit.com [Return])
Search for, and delete, any registry entry that references:
5-2-46-112
webdialer
openme (Please note that you should only delete the openme
reference in the data string. DO NOT delete explorer.exe unless you
want to reinstall Windows.)
(4) Shut your computer down completely. Do not use "restart." Turn
the power off for 10 seconds.
Start your computer up again and your problem should be gone.
Note: Contrary to popular belief most people who are having this
problem did not get this trojan by downloading and running porn.
Most got it downloading files on Kazza…Morpheus…Bearshare…etc…that
claimed to be a small loader program for popular gaming files. Your
virus-checking software will not detect this Trojan. Avoid these
files.
To increase your security you might want to download a program called
RegCleaner. It allows you to monitor what is being installed on your
computer after the fact:
http://www.vtoy.fi/jv16/shtml/regcleaner.shtml
Another nifty program for Trojan detection and removal is The Cleaner:
And finally, a program to defeat the spyware programs that seem to be
attached to all those FREEWARE applications you installed:
http://tomcoyote.com/lsindex.html
For more info on the concept of Spyware and Adware see:
If you have an questions or problems post them here.
Xanex
"Christian Borchgrevink-Lund" <borchg...@yahoo.com> wrote in message news:<3c94975f$0$264$ba62...@nntp02.dk.telia.net>...
Finally looks like I have a solution.
Ad-Aware released a new update, 3/14/02 that is supposed to remove the
Morpheus virus. Also download the RefUpdate... that makes updating
signature file easy.
Make sure your signature file in use is: 086-14.03.2002
This seems to clean some addition files that weren't picked up by the
last version.
Hope this finally works... BTW, the firewall does prevent the
popups... so that is a good temp solution.
Good luck... hopefully this will be my last post!
Anoop