-
Member
Need help removing hidden porn from hard drive
I have a friend who picked up a porn file off the internet and can't
seem to get rid of it.
He's running win95 and everytime he boots, it places a shortcut on the desktop called "celebrity" and launches a dialog box promoting this adult site, ready to connect if you accept the terms.
I've tried everything I know to get rid of it but it keeps coming back.
1 It's not in the startup folder
2 I found a folder under a different name on the c drive containing the shortcut and associated files and deleted them, but on bootup they are back again.
3 I checked the win.ini
config.sys
autoexec.bat
Still can't find anything.
I looked at the "Load=" and "run=" lines in the win.ini file and saw nothing.
I would appreciate any help I can get.
-
Senior Member
Why take chances - Nuke the whole install.Reformat and reinstall.
Otherwise; who knows?
Check and delete the contents of C:\windows\temporary internet files
also: C:\windows\temp
-
Tried looking in Control Panel > Add/Remove Programs?
It may also be hiding in the registry. [Reg editing can seriously frag your OS. Do so at your own risk.[/b] You might right click on the shortcut after boot-up and select properties. Note the filename and anything else that looks relevent. Then try Start > Run > regedit. That will bring up the registry editor. Click on Edit, then Find (or Search, I forget which). Type in the filename and see what reg entries it brings up. You might delete the reg key if it finds one. Then search and delete again.
Don't know if this will work, but I'd give it a shot.
Over 6GHz for Overclockers SETI
Athlon 1400@1470; 1.75V 38-42C 10.5x140; Abit KT7A; SK6; 256M Spectek PC133 CAS2
Athlon 1333@1500; 1.8V 38-42C 10x150; IWill KK266 1.2; Dr Thermal TI-V77; 256M Spectek PC133 CAS3
P3 1100@1300; 1.75V 28-32C 118x11; AOpen AX37Pro; imitation Gladiator w/ Galaxy38; 256M Crucial 2100
P3 866@1105; 1.85V 26-28C 170x6.5; Abit VH6-2; Gladiator w/ Delta38; 768M generic PC133 @ minus PCI clock CAS3
P2 400@456; 2.05V ??-??C 114x4; Abit VT6X4; POS HSF; 256M Spectek PC100 CAS2
C1 400@600; 2.2V 38-40?C 100x6; PCChips M748LMRT w/ Gigabyte GA6R7 slotket; P3 stock HSF; 256M Kingston PC133 CAS2
P2 300@300; laptop
-
Senior Member
-
Senior Member
Other solutions: go to:
http://www.sysinternals.com
Get a free program called "Process Explorer".
Run it (Select to "view dlls" from View menu) it will show running processes.Find the the item in question and highlight it, and right click to view properties.Then you will see the path to the folder it came from.Then eliminate it.
Or get the program called "Regmon" there and you can see the Registry key it came from.
Otherwise you might try "Ad-aware" from:
http://tomcoyote.com/lsindex.html
It is a "spyware killer" and may detect the problem for you.
-
Originally posted by dave-harper
start - accessories - system tools - "system information"
then the "tools" menu and ( aarrgghh - i'm on w2000 now )
Nice one, dave. I didn't even think of that one.
It's msconfig on the post-95 Windows. Start > Run > msconfig, or Start > Programs > Accessories > System Tools > System Information. Don't know if that's right for 95, though.
Over 6GHz for Overclockers SETI
Athlon 1400@1470; 1.75V 38-42C 10.5x140; Abit KT7A; SK6; 256M Spectek PC133 CAS2
Athlon 1333@1500; 1.8V 38-42C 10x150; IWill KK266 1.2; Dr Thermal TI-V77; 256M Spectek PC133 CAS3
P3 1100@1300; 1.75V 28-32C 118x11; AOpen AX37Pro; imitation Gladiator w/ Galaxy38; 256M Crucial 2100
P3 866@1105; 1.85V 26-28C 170x6.5; Abit VH6-2; Gladiator w/ Delta38; 768M generic PC133 @ minus PCI clock CAS3
P2 400@456; 2.05V ??-??C 114x4; Abit VT6X4; POS HSF; 256M Spectek PC100 CAS2
C1 400@600; 2.2V 38-40?C 100x6; PCChips M748LMRT w/ Gigabyte GA6R7 slotket; P3 stock HSF; 256M Kingston PC133 CAS2
P2 300@300; laptop
-
Go to this site and download Regcleaner:
http://www.jv16.org/
When you run it make sure you check "show all software" under "options"
Terrific program.Before you run it you may want to use the find utility to locate the executable and delete(??)Hmm, I think...
-
Honorary Admin
Unfortunately, there is no msconfig in win95, though there are third party utilities that do the same. I'm going to suggest a couple of other approaches, though.
Assuming your friend is using IE5 or IE6, go to internet tools and view the settings in the temporary internet folder portion of the general tab. Then select View Objects and look at the ones last accessed on the date he he restarted the system. If one of the objects is recognizable as being involved, uninstall it. If not sure about some of the objects, rightclick and examine their properties.
Another place to check is display properties, assuming your friend is using Active Desktop. Look on the web tab and see if anything is checked. Uncheck.
It is possible that a installer (or trojan) installed a fille that looks around for the folder and files that you keep deleting and rebuilds them during windows startup process, assuming you are deleting them and removing them from the recycle bin before restarting. (Should be trying to delete while in Safe Mode, for that matter).
You'll have to be a little more specific about the folder name and the files you've been deleting if you need to pursue this further.
And on the eighth day God said, "OK Murphy, you take over."
-
Senior Member
a number of these things are called "dialer.exe" -- search / find for that and if you rename it dialer.EX ( drop the "e" ) it will disable it for now------then you can reboot and make sure there is no problem
check "my computer" "dial up networking" to make sure it hasn't already done something there
IF you feel comfortable in the registry-----from what you did before you should be careful enough
"start" "run" "regedit" ---------- then "edit" "find" the string "runonce" --- you can then press F3 to keep finding
in the left side you will see the sections like ( Run , RunOnce , RunOnceEx , and i'm sure RunServices and RunServicesOnce )
the one you probably want is the second occurrence ---- it is in the HKEY_LOCAL_MACHINE section and then go up a bit to the "RUN" part
You should see about half a dozen references to little utilities that usually show up as system tray icons near the clock
write down the directory paths and the filenames that are on the RIGHT hand side
Never modify or delete anything on the left side window unless you like to re-install windows [or you graduate from regedit school ]
search / find on the hard drive for the most suspicious ones and you should be able to seperate the one you're looking for from the proper utilities that were there before.
Remember to think twice act once because this is the guts of windows
Do you have everything you might need if the hard drive had to be reformated ---- one of the latest viruses ---- it's the only way to eliminate it ---- as the scouts say ---- be prepared
-
Ultimate Member
You can always cut twice and patch together...
-
Senior Member
now now we have to be nice to this ( i think ) yankee because they took a whoopin today
-
-
Another idea
Look in your favorites folder. Also try the control panel>internet settings>homepage. Just a thought. Good luck JIFFYPROGASM
No man ever became great except through many and great mistakes. William Gladstone
-
Ultimate Member
you didn't give the exact key for regedit.
it is in Win98 and win95
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]
Registy editting is easy enough, just make sure you export the whole thing, or use the scanreg facility in win98 (now thats a lot of help you your freind using Win95)
The question must be asked, where did your "freind" get the file but then again, who are we to judge
stefan
-
I got pie!!!
dave harper
What was it, 5-2?LOL
Life is a bowl of cherries
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|