Hi ppl,

I used Spybot and Ad-Aware which detected "Dialler" and "BrowersAid" respectively but cannot removed them coz everytime I rebooted it and scanned the PC again using them, those two entries are still there.

In Spybot it says:
RAS profile
HKEY_USERS\S-1-5-18\RemoteAccess\Profile\PRPI
RAS profile
HKEY_USERS\DEFAULT\RemoteAccess\Profile\PRPI

Should I just go to the registry and delete the entries?
And do you guyz have any idea about the BrowersAid?
Thanz in advance. :)

Franky

Take a look here (http://www.doxdesk.com/parasite/BrowserAid.html)

bigc

Background:

If you are on dial up and your user name is dropped from the dial-up connection box and you wanted to make your user name permanent you would do this..Check your settings here:



HKEY_USERS\.DEFAULT\RemoteAccess\Profile. Click the sub-key listed under
Profile. Once opened in the right pane there should be a String Value named
User. If so, double click it and add your user name under Value Data. If
it isn't there, add it.

Other checkpoints depending on your setup using the above directions:



HKEY_USERS\S-1-5-18\RemoteAccess\Profile
HKEY_USERS\S-1-5-19\RemoteAccess\Profile
HKEY_USERS\S-1-5-20\RemoteAccess\Profile
HKEY_USERS\S-1-5-21\RemoteAccess\Profile
(etc...)



HKEY_USERS\S-1-5-21-1757981266-1078145449-1202660629-1003\Software\Microsoft
\Internet Account Manager\Accounts.


HKEY_USERS\S-1-5-21-1757981266-1078145449-1202660629-1006\Software\Microsoft
\Internet Account Manager\Accounts.

Open each account and look under POP3 User Name, etc...

So

For you problem that Spybot found..


registry backup.
go to START\RUN type in REGEDIT.click OK. when the window opens
click on FILE then EXPORT. call the file REG BACKUP and save to your
DESKTOP.click on SAVE.

once the registry is backed up :-

in regedit navigate to HKEY_USERS\S-1-5-18\RemoteAccess\Profile and delete PRPI in the right pane.

then navigate to HKEY_USERS\.DEFAULT\RemoteAccess\Profile and delete PRPI in the right pane.


That particular dialler for it's .exe is usually found in the downloaded programs files..or with hijackthis in the 016 as dialler1.exe...but your spybot or some other scan AV might have already cleaned that part off .

see here also ;)

HJT Log: "BrowserAid" &"Dialler" can't be removed


http://www.dslreports.com/forum/remark,12193404~mode=flat

@bigc73542: Thanz for the link, I've been there already actually :) I tried to follow the manual removeal instructions, the only thing is I couldn't find any of those files or folders mentioned, none of them at all. So does it mean I don't have BrowserAid in my PC? But Ad-Aware scanned it everytime I rebooted, weird.

@Primrose: Thanz for your reply as well. I am not using dialup, haha yes I know if I'm using dialup and I've got Dialler I'll be paying much more than I'm supposed to pay. So your suggestion is to delete those entries in the registry yeah? I thought so as well, I'm currently not at home, I'll backup the registry and then delete those entries and see what happens, will let you guys know aftrwards ;)

PS one more thing Primrose, do you guyz surf around the net and go to forums to fix problems? How come you know I've been posting everywhere? But well, it makes sense to ask everyone for help if your in trouble I guess ;D

Because we are everywhere ;D not as surfer's but rather long time members. Check Name Game's avatar..have a nice day :lurking:

Oh cool haha, well the problems are being solved slowly now. But still I have that "Dialler" (not sure about BrowserAid yet coz it takes aaaaaages to scan with Ad-Aware ;D ). You have any idea to remove them? Should I go to registry and delete the entries?

yes if it bugs you being there ;) ..that is the code for the dialer to work and let you into the "girlie site.". ;D but if you whacked the dialler already then that's cool. Hang in there..it's almost all over..but you had better tell her if you do have Adware SE...and not the old version 6 since that is important..not just the current scan ref file..

Hi Frankly - Yes, we're everywhere as Name Game/Primrose said (well, the all the best security forums anyway) ;D

It's really easier it you could keep it all in the one thread we have going now at DSLR. I'm reviewing your Adaware log over there now so it sure is a distraction to have to jump back and forth between forums ::)

Yes..seem like every time I reboot..someone else is trying to use that dialler to call into the North Pole to find out what happen to the 9 Ladies
Dancing and the 8 Maid a'Milking ;D


Lords a'Leaping Larry Lizard :o Settle down and have a nice Holiday...they will be sending you the phone bill next month. :P