124782.exe at c: root - virus?

S

steve

I have a 124782.exe file on c:\. It reappears minutes after it is
deleted by me. It launches Mozilla, a web browser, and goes to
http://www.dialeradmin.com/.

Is it a virus or spyware or what? How to stop it running by itself?
Deleting isn't working obviously.
 
G

GTX_SlotCar

It's a beast, but you can get rid of it. Took me about a week to figure it
out.
Are you using Mozilla as your default browser?
You'll need a HijackThis log so we can look at it.
If you want to see what I went through, do a search for GTX and you'll see
the thread.

Gary
 
D

David H. Lipman

1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend signature files.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (personal free version)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download sysclean.com and place it in that directory.
Dowload the signature files (pattern files) by obtaining the ZIP file.
For example; lpt200.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adware with the latest definitions.
3) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
4) Reboot your PC into Safe Mode
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) If you are using WinME or WinXP, create a new Restore point
10) Please report back your results

Dave





| I have a 124782.exe file on c:\. It reappears minutes after it is
| deleted by me. It launches Mozilla, a web browser, and goes to
| http://www.dialeradmin.com/.
|
| Is it a virus or spyware or what? How to stop it running by itself?
| Deleting isn't working obviously.
 
G

GTX_SlotCar

Dave, when I had the 124787 dialer, I ran adaware se, a2, spybot1.3(new
beta), trojanhunter, about buster, AVG and probably some I've forgotten.
They deleted the file(s), but 124787 kept coming back. I also cleared all my
temp files, disabled sys restore, recycle bin and all that stuff and tried
the programs in safe mode. Basically, everything you'd ordinarily tell
someone to do.
Sometimes the only file I could find on the drive was 124787.exe, and other
times there was also an ms-dos shortcut file named 124787.(bat?). When
124787.exe runs, you can see (if you're fast enough) a command box open and
close.
The only thing that worked was fixing some entries with hijackthis.
I'm not an expert, just persistent, and that's what worked for me. I hope
you, or someone, can find a shortcut to getting rid of this for others, but
I couldn't. A google search for 124787.exe turned up nothing.

Gary
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Removal of RisinG / sds2d21.exe / sdsxd.exe 0
How to remove 8DF1484C.dll, 8DF1484C.dat, SysInfo1.dll virus 7
What is the name of this virus ? 8
smsogx32.exe - what is this?? 15
Is it a virus???? 11
Trojan 10
NOD32 Version 4.0 ISSUES? Some Privacy Related. 1
Virus Infected..plz help 1

Top