"BrowersAid" & "Dialler" cannot be removed

Hi ppl,

I used Spybot and Ad-Aware which detected "Dialler" and "BrowersAid" respectively but cannot removed them coz everytime I rebooted it and scanned the PC again using them, those two entries are still there.

In Spybot it says:
RAS profile
HKEY_USERS\S-1-5-18\RemoteAccess\Profile\PRPI
RAS profile
HKEY_USERS\DEFAULT\RemoteAccess\Profile\PRPI

Should I just go to the registry and delete the entries?
And do you guyz have any idea about the BrowersAid?
Thanz in advance.

Franky

 

Take a look here

bigc

 

Background:

If you are on dial up and your user name is dropped from the dial-up connection box and you wanted to make your user name permanent you would do this..Check your settings here:



HKEY_USERS\.DEFAULT\RemoteAccess\Profile. Click the sub-key listed under
Profile. Once opened in the right pane there should be a String Value named
User. If so, double click it and add your user name under Value Data. If
it isn't there, add it.

Other checkpoints depending on your setup using the above directions:



HKEY_USERS\S-1-5-18\RemoteAccess\Profile
HKEY_USERS\S-1-5-19\RemoteAccess\Profile
HKEY_USERS\S-1-5-20\RemoteAccess\Profile
HKEY_USERS\S-1-5-21\RemoteAccess\Profile
(etc...)



HKEY_USERS\S-1-5-21-1757981266-1078145449-1202660629-1003\Software\Microsoft
\Internet Account Manager\Accounts.


HKEY_USERS\S-1-5-21-1757981266-1078145449-1202660629-1006\Software\Microsoft
\Internet Account Manager\Accounts.

Open each account and look under POP3 User Name, etc...

So

For you problem that Spybot found..


registry backup.
go to START\RUN type in REGEDIT.click OK. when the window opens
click on FILE then EXPORT. call the file REG BACKUP and save to your
DESKTOP.click on SAVE.

once the registry is backed up :-

in regedit navigate to HKEY_USERS\S-1-5-18\RemoteAccess\Profile and delete PRPI in the right pane.

then navigate to HKEY_USERS\.DEFAULT\RemoteAccess\Profile and delete PRPI in the right pane.


That particular dialler for it's .exe is usually found in the downloaded programs files..or with hijackthis in the 016 as dialler1.exe...but your spybot or some other scan AV might have already cleaned that part off .

 

see here also

HJT Log: "BrowserAid" &"Dialler" can't be removed


http://www.dslreports.com/forum/remark,12193404~mode=flat

 

@bigc73542: Thanz for the link, I've been there already actually I tried to follow the manual removeal instructions, the only thing is I couldn't find any of those files or folders mentioned, none of them at all. So does it mean I don't have BrowserAid in my PC? But Ad-Aware scanned it everytime I rebooted, weird.

@Primrose: Thanz for your reply as well. I am not using dialup, haha yes I know if I'm using dialup and I've got Dialler I'll be paying much more than I'm supposed to pay. So your suggestion is to delete those entries in the registry yeah? I thought so as well, I'm currently not at home, I'll backup the registry and then delete those entries and see what happens, will let you guys know aftrwards

PS one more thing Primrose, do you guyz surf around the net and go to forums to fix problems? How come you know I've been posting everywhere? But well, it makes sense to ask everyone for help if your in trouble I guess

 

Because we are everywhere not as surfer's but rather long time members. Check Name Game's avatar..have a nice day

 

Oh cool haha, well the problems are being solved slowly now. But still I have that "Dialler" (not sure about BrowserAid yet coz it takes aaaaaages to scan with Ad-Aware ). You have any idea to remove them? Should I go to registry and delete the entries?

 

yes if it bugs you being there ..that is the code for the dialer to work and let you into the "girlie site.". but if you whacked the dialler already then that's cool. Hang in there..it's almost all over..but you had better tell her if you do have Adware SE...and not the old version 6 since that is important..not just the current scan ref file..

 

Hi Frankly - Yes, we're everywhere as Name Game/Primrose said (well, the all the best security forums anyway)

It's really easier it you could keep it all in the one thread we have going now at DSLR. I'm reviewing your Adaware log over there now so it sure is a distraction to have to jump back and forth between forums

 

Yes..seem like every time I reboot..someone else is trying to use that dialler to call into the North Pole to find out what happen to the 9 Ladies
Dancing and the 8 Maid a'Milking


Lords a'Leaping Larry Lizard Settle down and have a nice Holiday...they will be sending you the phone bill next month.