"BrowersAid" & "Dialler" cannot be removed

Discussion in 'other security issues & news' started by frankly, Dec 22, 2004.

Thread Status:
Not open for further replies.
  1. frankly

    frankly Registered Member

    Joined:
    Dec 22, 2004
    Posts:
    3
    Hi ppl,

    I used Spybot and Ad-Aware which detected "Dialler" and "BrowersAid" respectively but cannot removed them coz everytime I rebooted it and scanned the PC again using them, those two entries are still there.

    In Spybot it says:
    RAS profile
    HKEY_USERS\S-1-5-18\RemoteAccess\Profile\PRPI
    RAS profile
    HKEY_USERS\DEFAULT\RemoteAccess\Profile\PRPI

    Should I just go to the registry and delete the entries?
    And do you guyz have any idea about the BrowersAid?
    Thanz in advance. :)

    Franky
     
  2. bigc73542

    bigc73542 Retired Moderator

    Joined:
    Sep 21, 2003
    Posts:
    23,873
    Location:
    SW. Oklahoma
    Take a look here

    bigc
     
  3. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Background:

    If you are on dial up and your user name is dropped from the dial-up connection box and you wanted to make your user name permanent you would do this..Check your settings here:



    HKEY_USERS\.DEFAULT\RemoteAccess\Profile. Click the sub-key listed under
    Profile. Once opened in the right pane there should be a String Value named
    User. If so, double click it and add your user name under Value Data. If
    it isn't there, add it.

    Other checkpoints depending on your setup using the above directions:



    HKEY_USERS\S-1-5-18\RemoteAccess\Profile
    HKEY_USERS\S-1-5-19\RemoteAccess\Profile
    HKEY_USERS\S-1-5-20\RemoteAccess\Profile
    HKEY_USERS\S-1-5-21\RemoteAccess\Profile
    (etc...)



    HKEY_USERS\S-1-5-21-1757981266-1078145449-1202660629-1003\Software\Microsoft
    \Internet Account Manager\Accounts.


    HKEY_USERS\S-1-5-21-1757981266-1078145449-1202660629-1006\Software\Microsoft
    \Internet Account Manager\Accounts.

    Open each account and look under POP3 User Name, etc...

    So

    For you problem that Spybot found..


    registry backup.
    go to START\RUN type in REGEDIT.click OK. when the window opens
    click on FILE then EXPORT. call the file REG BACKUP and save to your
    DESKTOP.click on SAVE.

    once the registry is backed up :-

    in regedit navigate to HKEY_USERS\S-1-5-18\RemoteAccess\Profile and delete PRPI in the right pane.

    then navigate to HKEY_USERS\.DEFAULT\RemoteAccess\Profile and delete PRPI in the right pane.



    That particular dialler for it's .exe is usually found in the downloaded programs files..or with hijackthis in the 016 as dialler1.exe...but your spybot or some other scan AV might have already cleaned that part off .
     
  4. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
  5. frankly

    frankly Registered Member

    Joined:
    Dec 22, 2004
    Posts:
    3
    @bigc73542: Thanz for the link, I've been there already actually :) I tried to follow the manual removeal instructions, the only thing is I couldn't find any of those files or folders mentioned, none of them at all. So does it mean I don't have BrowserAid in my PC? But Ad-Aware scanned it everytime I rebooted, weird.

    @Primrose: Thanz for your reply as well. I am not using dialup, haha yes I know if I'm using dialup and I've got Dialler I'll be paying much more than I'm supposed to pay. So your suggestion is to delete those entries in the registry yeah? I thought so as well, I'm currently not at home, I'll backup the registry and then delete those entries and see what happens, will let you guys know aftrwards ;)

    PS one more thing Primrose, do you guyz surf around the net and go to forums to fix problems? How come you know I've been posting everywhere? But well, it makes sense to ask everyone for help if your in trouble I guess :D
     
  6. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Because we are everywhere :D not as surfer's but rather long time members. Check Name Game's avatar..have a nice day :ninja:
     
  7. frankly

    frankly Registered Member

    Joined:
    Dec 22, 2004
    Posts:
    3
    Oh cool haha, well the problems are being solved slowly now. But still I have that "Dialler" (not sure about BrowserAid yet coz it takes aaaaaages to scan with Ad-Aware :D ). You have any idea to remove them? Should I go to registry and delete the entries?
     
  8. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    yes if it bugs you being there ;) ..that is the code for the dialer to work and let you into the "girlie site.". :D but if you whacked the dialler already then that's cool. Hang in there..it's almost all over..but you had better tell her if you do have Adware SE...and not the old version 6 since that is important..not just the current scan ref file..
     
  9. CalamityJane

    CalamityJane Registered Member

    Joined:
    Sep 29, 2002
    Posts:
    126
    Location:
    Central Florida
    Hi Frankly - Yes, we're everywhere as Name Game/Primrose said (well, the all the best security forums anyway) :D

    It's really easier it you could keep it all in the one thread we have going now at DSLR. I'm reviewing your Adaware log over there now so it sure is a distraction to have to jump back and forth between forums :rolleyes:
     
  10. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Yes..seem like every time I reboot..someone else is trying to use that dialler to call into the North Pole to find out what happen to the 9 Ladies
    Dancing and the 8 Maid a'Milking :D


    Lords a'Leaping Larry Lizard :eek: Settle down and have a nice Holiday...they will be sending you the phone bill next month. :p
     
Thread Status:
Not open for further replies.