C
Cayce
Does anyone know what this is and why does it keep
reappearing on my computer?
Thanks...
reappearing on my computer?
Thanks...
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
R
Ron Chamberlin
Hi Cayce,
prvdi.exe isn't anything you want on your PC. You may wish to open MSAS
and go to Tools--->Suspected Spyware Report and file this one in.
I would reboot into SafeMode (F8 at startup) and do a full scan or two using
MS AntiSpyware, and see if that knocks it out for you.
If it doesn't, please post again.
Ron Chamberlin
MS-MVP
prvdi.exe isn't anything you want on your PC. You may wish to open MSAS
and go to Tools--->Suspected Spyware Report and file this one in.
I would reboot into SafeMode (F8 at startup) and do a full scan or two using
MS AntiSpyware, and see if that knocks it out for you.
If it doesn't, please post again.
Ron Chamberlin
MS-MVP
B
Bill Sanderson
Kaspersky lists it as a trojan. How up to date is your Java?
I concur with Ron Chamberlin, and also recommend scanning with your updated
antivirus.
I concur with Ron Chamberlin, and also recommend scanning with your updated
antivirus.
W
Winston Smith
Prvdi.exe and 127021.exe are evil siblings in the TIBS
Dialer spyware. The MSAS beta finds this spyware but does
not remove it, though it claims to.
Here's how to remove the TIBS dialer manually:
1. Go to Task Manager and end all processes with the file
names above.
2. Go to Search, and find, delete, and empty Recycle Bin
of the file names above. There may be more than one
instance of each file on your computer.
3. Go into the registry and find and delete all
references to the file names above. Edit the registry
with caution.
4. Do a "hard boot" by either unplugging your PC or
holding the on/off button for a few seconds. Do not shut
down normally. It's ugly, but this is the key to success.
5. After starting again, delete any shortcuts placed by
the spyware on your desktop (some versions place a "Sex"
shortcut icon on the desktop; just delete it).
This is the only solution I've found to actually work.
MSAS isn't quite enough.
Good luck.
Dialer spyware. The MSAS beta finds this spyware but does
not remove it, though it claims to.
Here's how to remove the TIBS dialer manually:
1. Go to Task Manager and end all processes with the file
names above.
2. Go to Search, and find, delete, and empty Recycle Bin
of the file names above. There may be more than one
instance of each file on your computer.
3. Go into the registry and find and delete all
references to the file names above. Edit the registry
with caution.
4. Do a "hard boot" by either unplugging your PC or
holding the on/off button for a few seconds. Do not shut
down normally. It's ugly, but this is the key to success.
5. After starting again, delete any shortcuts placed by
the spyware on your desktop (some versions place a "Sex"
shortcut icon on the desktop; just delete it).
This is the only solution I've found to actually work.
MSAS isn't quite enough.
Good luck.
B
Bill Sanderson
Have you tested Microsoft Antispyware in safe mode against this one?
W
Winston Smith
No, I haven't. (I got TIBS dialer removed before
installing MSAS last week). But I'm sure I'll have to
before long, knowing my friends' surfing habits (sigh).
installing MSAS last week). But I'm sure I'll have to
before long, knowing my friends' surfing habits (sigh).
C
Cayce
I have run MSAS with the exe running and it never found
it. I have also run it in safe mode while looking at the
exe in explorer, and it never found it... I'm going to
try what Winston has suggested and see if that does it.
it. I have also run it in safe mode while looking at the
exe in explorer, and it never found it... I'm going to
try what Winston has suggested and see if that does it.
B
Bill Sanderson
Something is starting that executable or creating it at startup. Have you
checked out all the stuff in the startup locations, using the System
Explorers?
I find using the multi-vendor antivirus submission tools is a good way to
triage suspicious stuff found in these locations.
checked out all the stuff in the startup locations, using the System
Explorers?
I find using the multi-vendor antivirus submission tools is a good way to
triage suspicious stuff found in these locations.
C
Cayce
Ugggg.... What a pain in the #^$@... But, I think I have
finally cleaned it out. It's been a week with out it
returning. Yay.
I ended up using MS AS, Ad-aware and Hijack This to track
down and remove all the offending files. Along with this
I have written custom batches and Reg files to clean out
the offending junk that kept coming back. As I found more
and more files, I just kept adding them to my batch
program to delete. The reason I did this was because some
of the files kept reappearing after restarting or after a
period of time and doing a full scan and re-removing them
each time was time consuming.
One suggestion as a feature of MS AS would be to have it
track what it finds and removes in some list somewhere
that could then be easily run again without doing the
full scan. This way the user could quickly get back to
continuing their investigation of what is causing the
files to return.
finally cleaned it out. It's been a week with out it
returning. Yay.
I ended up using MS AS, Ad-aware and Hijack This to track
down and remove all the offending files. Along with this
I have written custom batches and Reg files to clean out
the offending junk that kept coming back. As I found more
and more files, I just kept adding them to my batch
program to delete. The reason I did this was because some
of the files kept reappearing after restarting or after a
period of time and doing a full scan and re-removing them
each time was time consuming.
One suggestion as a feature of MS AS would be to have it
track what it finds and removes in some list somewhere
that could then be easily run again without doing the
full scan. This way the user could quickly get back to
continuing their investigation of what is causing the
files to return.
B
Bill Sanderson
Thanks--glad you got it clean--sounds like it was a pain.
The cleaner.log file does track what gets cleaned--it is located in the
folder where Microsoft Antispyware is installed. I don't know of a way to
feed it back to the program and say "do this again"--it's a pretty
reasonable idea though.
Of course, the idea is that cleaning ought to be a one-time process.
Doing your work in safe mode can make this work a lot easier, although some
of what you are looking for won't be running, and thus may be harder to
recognize as bad.
The cleaner.log file does track what gets cleaned--it is located in the
folder where Microsoft Antispyware is installed. I don't know of a way to
feed it back to the program and say "do this again"--it's a pretty
reasonable idea though.
Of course, the idea is that cleaning ought to be a one-time process.
Doing your work in safe mode can make this work a lot easier, although some
of what you are looking for won't be running, and thus may be harder to
recognize as bad.
Ask a Question
Want to reply to this thread or ask your own question?
You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.