Page 1 of 2 1 2 LastLast
Results 1 to 15 of 24

Thread: Need help removing hidden porn from hard drive

  1. #1
    Member mykeowl's Avatar
    Join Date
    Feb 2002
    Location
    New Jersey
    Posts
    120

    Need help removing hidden porn from hard drive

    I have a friend who picked up a porn file off the internet and can't
    seem to get rid of it.

    He's running win95 and everytime he boots, it places a shortcut on the desktop called "celebrity" and launches a dialog box promoting this adult site, ready to connect if you accept the terms.

    I've tried everything I know to get rid of it but it keeps coming back.

    1 It's not in the startup folder
    2 I found a folder under a different name on the c drive containing the shortcut and associated files and deleted them, but on bootup they are back again.
    3 I checked the win.ini
    config.sys
    autoexec.bat
    Still can't find anything.
    I looked at the "Load=" and "run=" lines in the win.ini file and saw nothing.
    I would appreciate any help I can get.

  2. #2
    Senior Member rextex's Avatar
    Join Date
    Jan 2002
    Location
    Texas
    Posts
    704
    Why take chances - Nuke the whole install.Reformat and reinstall.
    Otherwise; who knows?
    Check and delete the contents of C:\windows\temporary internet files
    also: C:\windows\temp

  3. #3
    Member
    Join Date
    Feb 2002
    Location
    Southern US
    Posts
    73
    Tried looking in Control Panel > Add/Remove Programs?

    It may also be hiding in the registry. [Reg editing can seriously frag your OS. Do so at your own risk.[/b] You might right click on the shortcut after boot-up and select properties. Note the filename and anything else that looks relevent. Then try Start > Run > regedit. That will bring up the registry editor. Click on Edit, then Find (or Search, I forget which). Type in the filename and see what reg entries it brings up. You might delete the reg key if it finds one. Then search and delete again.

    Don't know if this will work, but I'd give it a shot.
    Over 6GHz for Overclockers SETI
    Athlon 1400@1470; 1.75V 38-42C 10.5x140; Abit KT7A; SK6; 256M Spectek PC133 CAS2
    Athlon 1333@1500; 1.8V 38-42C 10x150; IWill KK266 1.2; Dr Thermal TI-V77; 256M Spectek PC133 CAS3
    P3 1100@1300; 1.75V 28-32C 118x11; AOpen AX37Pro; imitation Gladiator w/ Galaxy38; 256M Crucial 2100
    P3 866@1105; 1.85V 26-28C 170x6.5; Abit VH6-2; Gladiator w/ Delta38; 768M generic PC133 @ minus PCI clock CAS3
    P2 400@456; 2.05V ??-??C 114x4; Abit VT6X4; POS HSF; 256M Spectek PC100 CAS2
    C1 400@600; 2.2V 38-40?C 100x6; PCChips M748LMRT w/ Gigabyte GA6R7 slotket; P3 stock HSF; 256M Kingston PC133 CAS2
    P2 300@300; laptop

  4. #4
    Senior Member dave-harper's Avatar
    Join Date
    Jan 2002
    Location
    Victoria BC Canada
    Posts
    996
    start - accessories - system tools - "system information"
    then the "tools" menu and ( aarrgghh - i'm on w2000 now )
    it's there under tools i know it - it should be called "system config" or something like that -- it allows you to control all places that startup up stuff can hide
    from config.sys thru to the registry { where it will be }

    don't try to "run" "sysedit" though -- you'll get some ugly old dos / windows 3.1 type config that'll almost surely cause a mistake

    look through that "tools" list or wait till someone with your exact same version of windows can give you the exact link

    it easy with the proper utility -- you can check and uncheck each item

    "god" -- may be right if it's well behaved it may be in the add/remove software control panel
    Last edited by dave-harper; 02-25-2002 at 01:49 AM.

  5. #5
    Senior Member rextex's Avatar
    Join Date
    Jan 2002
    Location
    Texas
    Posts
    704
    Other solutions: go to:
    http://www.sysinternals.com

    Get a free program called "Process Explorer".
    Run it (Select to "view dlls" from View menu) it will show running processes.Find the the item in question and highlight it, and right click to view properties.Then you will see the path to the folder it came from.Then eliminate it.
    Or get the program called "Regmon" there and you can see the Registry key it came from.

    Otherwise you might try "Ad-aware" from:
    http://tomcoyote.com/lsindex.html
    It is a "spyware killer" and may detect the problem for you.

  6. #6
    Member
    Join Date
    Feb 2002
    Location
    Southern US
    Posts
    73
    Originally posted by dave-harper
    start - accessories - system tools - "system information"
    then the "tools" menu and ( aarrgghh - i'm on w2000 now )
    Nice one, dave. I didn't even think of that one.

    It's msconfig on the post-95 Windows. Start > Run > msconfig, or Start > Programs > Accessories > System Tools > System Information. Don't know if that's right for 95, though.
    Over 6GHz for Overclockers SETI
    Athlon 1400@1470; 1.75V 38-42C 10.5x140; Abit KT7A; SK6; 256M Spectek PC133 CAS2
    Athlon 1333@1500; 1.8V 38-42C 10x150; IWill KK266 1.2; Dr Thermal TI-V77; 256M Spectek PC133 CAS3
    P3 1100@1300; 1.75V 28-32C 118x11; AOpen AX37Pro; imitation Gladiator w/ Galaxy38; 256M Crucial 2100
    P3 866@1105; 1.85V 26-28C 170x6.5; Abit VH6-2; Gladiator w/ Delta38; 768M generic PC133 @ minus PCI clock CAS3
    P2 400@456; 2.05V ??-??C 114x4; Abit VT6X4; POS HSF; 256M Spectek PC100 CAS2
    C1 400@600; 2.2V 38-40?C 100x6; PCChips M748LMRT w/ Gigabyte GA6R7 slotket; P3 stock HSF; 256M Kingston PC133 CAS2
    P2 300@300; laptop

  7. #7
    Junior Member
    Join Date
    Aug 2001
    Posts
    10
    Go to this site and download Regcleaner:

    http://www.jv16.org/

    When you run it make sure you check "show all software" under "options"

    Terrific program.Before you run it you may want to use the find utility to locate the executable and delete(??)Hmm, I think...

  8. #8
    Honorary Admin Fatal_Exception's Avatar
    Join Date
    Feb 2002
    Posts
    371
    Unfortunately, there is no msconfig in win95, though there are third party utilities that do the same. I'm going to suggest a couple of other approaches, though.

    Assuming your friend is using IE5 or IE6, go to internet tools and view the settings in the temporary internet folder portion of the general tab. Then select View Objects and look at the ones last accessed on the date he he restarted the system. If one of the objects is recognizable as being involved, uninstall it. If not sure about some of the objects, rightclick and examine their properties.

    Another place to check is display properties, assuming your friend is using Active Desktop. Look on the web tab and see if anything is checked. Uncheck.

    It is possible that a installer (or trojan) installed a fille that looks around for the folder and files that you keep deleting and rebuilds them during windows startup process, assuming you are deleting them and removing them from the recycle bin before restarting. (Should be trying to delete while in Safe Mode, for that matter).

    You'll have to be a little more specific about the folder name and the files you've been deleting if you need to pursue this further.

    And on the eighth day God said, "OK Murphy, you take over."

  9. #9
    Senior Member dave-harper's Avatar
    Join Date
    Jan 2002
    Location
    Victoria BC Canada
    Posts
    996
    a number of these things are called "dialer.exe" -- search / find for that and if you rename it dialer.EX ( drop the "e" ) it will disable it for now------then you can reboot and make sure there is no problem
    check "my computer" "dial up networking" to make sure it hasn't already done something there

    IF you feel comfortable in the registry-----from what you did before you should be careful enough

    "start" "run" "regedit" ---------- then "edit" "find" the string "runonce" --- you can then press F3 to keep finding
    in the left side you will see the sections like ( Run , RunOnce , RunOnceEx , and i'm sure RunServices and RunServicesOnce )

    the one you probably want is the second occurrence ---- it is in the HKEY_LOCAL_MACHINE section and then go up a bit to the "RUN" part

    You should see about half a dozen references to little utilities that usually show up as system tray icons near the clock

    write down the directory paths and the filenames that are on the RIGHT hand side
    Never modify or delete anything on the left side window unless you like to re-install windows [or you graduate from regedit school ]

    search / find on the hard drive for the most suspicious ones and you should be able to seperate the one you're looking for from the proper utilities that were there before.

    Remember to think twice act once because this is the guts of windows

    Do you have everything you might need if the hard drive had to be reformated ---- one of the latest viruses ---- it's the only way to eliminate it ---- as the scouts say ---- be prepared

  10. #10
    Ultimate Member araaraara's Avatar
    Join Date
    Oct 2000
    Location
    Canada
    Posts
    1,007
    You can always cut twice and patch together...

  11. #11
    Senior Member dave-harper's Avatar
    Join Date
    Jan 2002
    Location
    Victoria BC Canada
    Posts
    996
    now now we have to be nice to this ( i think ) yankee because they took a whoopin today


  12. #12
    Member
    Join Date
    Jan 2002
    Location
    Colorado
    Posts
    159
    You can download msconfig.exe and run it on Win 95.
    http://www.techadvice.com/specs/files_dl.asp?fnid=174

  13. #13
    Member
    Join Date
    Dec 2001
    Location
    Georgia, USA
    Posts
    44

    Another idea

    Look in your favorites folder. Also try the control panel>internet settings>homepage. Just a thought. Good luck JIFFYPROGASM
    No man ever became great except through many and great mistakes. William Gladstone

  14. #14
    Ultimate Member DocEvi1's Avatar
    Join Date
    Dec 2001
    Posts
    2,330
    you didn't give the exact key for regedit.

    it is in Win98 and win95

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Curr entVersion\Run]

    Registy editting is easy enough, just make sure you export the whole thing, or use the scanreg facility in win98 (now thats a lot of help you your freind using Win95)

    The question must be asked, where did your "freind" get the file but then again, who are we to judge

    stefan
    Stefan

  15. #15
    I got pie!!! Ammok's Avatar
    Join Date
    Dec 2001
    Location
    Stoke.UK
    Posts
    4,589
    dave harper

    What was it, 5-2?LOL

    Life is a bowl of cherries

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •