Bot, First off , I have NO experience with this particular dialer, so I would do this.
I would post to the HJT forum where they have use of all the tools.
I will say this , if it were my machine, I would post to that forum.
I know this is an on-going problem.
If anything shows up in running processes ---I would fix it.
I would also down-load Kill Box and copy directly the 'path'---Desciption-- {C-drive program} if shown { in the upper part of a HJT log}, to Kill Box and delete at boot---followed by a search---all in safe mode. This part should be exact.
All of this is better done in the HJT forum, so I would advise posting a HJT log there.
ky331, I'm gonna have to bite the bullet and use the KillBox. How reliable is it? It doesn't show up as a download on MajorGeeks. The Major is usually my reference point. botzaris
UNzip the file. Run the killbox.exe program (icon is a red circle containing an X). either you can explicitly type in the name of the file you want to delete
C:\WINDOWS\Downloaded Program Files\dialsympa_221.exe
or you can click on the folder icon, and work your way down the list of files/folders, expanding folders as necessary, until you find the file --- then click on OK
you might want to click on "show file properties"... that's the one between the folder icon, and the red-X icon... make sure the file is NEITHER Read-Only, NOR Hidden... if either box is marked, remove the X's here, and hit OK
the most effective way to proceed is to select Delete ON REBOOT. then hit the Red-X (Delete File icon). then Reboot.
let us know what happens.
if the file still "comes back", then it probably because some other program is restoring it each time after you delete it.
first, i've edited my previous reply to include more explicit directions on using killbox. please re-read.
to be blunt, i've heard about killbox, but never had personal occasion to use it. having said that, i downloaded it myself, to see how it "looks"/"feels", and to write out the explicit directions for you.
if you opt for delete on reboot; what it will do is make an entry in the file c:\windows\wininit.ini if you're interested in seeing the details, you can click on TOOLS, then OPEN WININIT.INI, and you'll see
[RENAME]
NUL=C:\WINDOWS\Downloaded Program Files\dialsympa_221.exe
this file will be deleted (made "NUL") on the next reboot, before it has a chance to load itself... you'll get the standard message to wait (a second) while windows updates your system files....
it seems simple/safe enough... but if you'd prefer to wait and ask for others to comment, feel free to do so.
if killbox doesn't work, the next step is to find out what OTHER file is bringing it back.
********************
alternatively, if you 'trust' HiJackThis more (than Killbox), you should be able to accomplish the same thing by starting HJT,
click on OPEN THE MISC TOOLS SECTION,
click on DELETE A FILE ON REBOOT
specify (or locate) the filename C:\WINDOWS\Downloaded Program Files\dialsympa_221.exe in the LOOK IN line,,, then click on OPEN...
and when it asks you, do you want to restart your computer now, click on YES ---- of course, be sure EVERYTHING has been saved, all your programs have been closed, you're offline, and really ready for the reboot.
ky331, thanx for your help. A small clarification: What do you mean when you say "be sure EVERYTHING has been saved," ? I'm asking because on top of my 'affliction' my system restore function does not work. I plan to deal with system restore when I first eliminate dialsympa. botzaris
i meant that, if you had any open data files (word processor documents, spreadsheets, etc.), i just wanted to make sure you saved the work before rebooting. (it sounds to me like you know what you're doing, but i was being extra careful, just in case... don't want tell someone to reboot, only to find out they've lost their unsaved doctoral thesis)
while i have you, a few more points:
i "played" with killbox some.... the
standard file kill will backup the file before deleting... which just moves it to another location... so best to use the
delete on reboot (and i've edited the above directions to indicate this only).
that your system restore is not currently working is actually "good" for us, because if it were working, it might be the "culprit" that's replacing the file after you delete it. likewise (i looked around to find your posted hjt log), any passive anti-spyware protection that you have running (such as spysubtract, spywareguard, or teatimer) may be "fighting" the removal process.
so here's what i'd suggest:
first attempt: run (either) the killbox (OR the hjt) version, to delete file on reboot. reboot, and see if the file is gone. if it is, you're done. stop here.
second attempt (if necessary): try booting in safe mode (tap then F8 key when you start the boot-up process)... when the safe booting is complete, again run either the killbox OR the hjt version, to delete file on reboot. reboot, and see if the file is gone. if it is, you're done. and should stop here.
third attempt (if necessary): see if you cantemporarily disable/deactivateyour passive spyware protection (do NOT uninstall), and repeat the safemode bootup, killbox/hjt to delete on reboot, then reboot. again, we hope the file should be gone. if you've disabled your spyware protection, be sure to re-enable it before you go back online!!
Jimmy Hoffa & ky331 I want to thank you for your help. However, I chose a different solution and it seems to have worked:
Boot into safe mode and try the below: - Click Start, Run, and enter cmd in the box and click OK. This opens a command prompt windows. - Enter the following command lines each followed by the enter key cd C:\WINDOWS\Downloaded Program Files\ attrib -r -h -s dialsympa_221.exe del dialsympa_221.exe exit
I did not choose to follow the Pocket Killbox route because of its Backup & Delete function. I was afraid of the backup ending up somewhere where I could not find it. I'm too burned out from 'dialsympa' search and destroy missions.
Regarding the HJT route I was saving that as a reserve. Evidently I won't have to use it.
as long as SOMETHING finally worked.... i'm just glad to see you're apparently over this problem! it also goes to show that sometimes, plain-old DOS can still get the job done :smileysurprised:
based on your solution involving the DOS command,
attrib -r -h -s dialsympa_221.exe apparently, the "problem" you were having was that the file had a
protection attribute set on it (either read-only, hidden, or system), which had to be UNset first, before windows allowed you to delete the file.
(which is why, in my directions for killbox above, i had indicated:
you might want to click on "show file properties"... that's the one between the folder icon, and the red-X icon... make sure the file is NEITHER Read-Only, NOR Hidden... if either box is marked, remove the X's here, and hit OK)
botzaris... if you're still following this thread....
just found a reference that the Malware Removal forum (ChrisRLG) supports usage of KillBox, so there's no question about the "legitimacy" of this tool, should you (or anyone else) ever need to download/use it in the future. see here:
botzaris
2 Intern
•
277 Posts
0
May 2nd, 2005 23:00
Jimmy Hoffa
78 Posts
0
May 2nd, 2005 23:00
Bot, First off , I have NO experience with this particular dialer, so I would do this.
I would post to the HJT forum where they have use of all the tools.
I will say this , if it were my machine, I would post to that forum.
I know this is an on-going problem.
If anything shows up in running processes ---I would fix it.
I would also down-load Kill Box and copy directly the 'path'---Desciption-- {C-drive program} if shown { in the upper part of a HJT log}, to Kill Box and delete at boot---followed by a search---all in safe mode. This part should be exact.
All of this is better done in the HJT forum, so I would advise posting a HJT log there.
Maybe someone knows better.
Hope this helps >jimmy
botzaris
2 Intern
•
277 Posts
0
May 3rd, 2005 01:00
ky331
3 Apprentice
•
15.6K Posts
0
May 3rd, 2005 01:00
botzaris,
i know you've been trying to solve this 'affliction' seemingly 'forever'... have you tried the KillBox program suggested by J. Hoffa ?
it can be downloaded from http://www.bleepingcomputer.com/files/killbox.php
or http://scancomplete.com/download/killbox.php
UNzip the file. Run the killbox.exe program (icon is a red circle containing an X). either you can explicitly type in the name of the file you want to delete
C:\WINDOWS\Downloaded Program Files\dialsympa_221.exe
or you can click on the folder icon, and work your way down the list of files/folders, expanding folders as necessary, until you find the file --- then click on OK
you might want to click on "show file properties"... that's the one between the folder icon, and the red-X icon... make sure the file is NEITHER Read-Only, NOR Hidden... if either box is marked, remove the X's here, and hit OK
the most effective way to proceed is to select Delete ON REBOOT. then hit the Red-X (Delete File icon). then Reboot.
let us know what happens.
if the file still "comes back", then it probably because some other program is restoring it each time after you delete it.
Message Edited by ky331 on 05-03-2005 10:21 AM
ky331
3 Apprentice
•
15.6K Posts
0
May 3rd, 2005 02:00
botzaris,
first, i've edited my previous reply to include more explicit directions on using killbox. please re-read.
to be blunt, i've heard about killbox, but never had personal occasion to use it. having said that, i downloaded it myself, to see how it "looks"/"feels", and to write out the explicit directions for you.
if you opt for delete on reboot; what it will do is make an entry in the file c:\windows\wininit.ini if you're interested in seeing the details, you can click on TOOLS, then OPEN WININIT.INI, and you'll see
[RENAME]
NUL=C:\WINDOWS\Downloaded Program Files\dialsympa_221.exe
this file will be deleted (made "NUL") on the next reboot, before it has a chance to load itself... you'll get the standard message to wait (a second) while windows updates your system files....
it seems simple/safe enough... but if you'd prefer to wait and ask for others to comment, feel free to do so.
if killbox doesn't work, the next step is to find out what OTHER file is bringing it back.
********************
alternatively, if you 'trust' HiJackThis more (than Killbox), you should be able to accomplish the same thing by starting HJT,
click on OPEN THE MISC TOOLS SECTION,
click on DELETE A FILE ON REBOOT
specify (or locate) the filename C:\WINDOWS\Downloaded Program Files\dialsympa_221.exe in the LOOK IN line,,, then click on OPEN...
and when it asks you, do you want to restart your computer now, click on YES ---- of course, be sure EVERYTHING has been saved, all your programs have been closed, you're offline, and really ready for the reboot.
hope this works.
botzaris
2 Intern
•
277 Posts
0
May 3rd, 2005 13:00
ky331
3 Apprentice
•
15.6K Posts
0
May 3rd, 2005 13:00
botzaris
2 Intern
•
277 Posts
0
May 3rd, 2005 18:00
Jimmy Hoffa & ky331 I want to thank you for your help. However, I chose a different solution and it seems to have worked:
Boot into safe mode and try the below:
- Click Start, Run, and enter cmd in the box and click OK. This opens a command prompt windows.
- Enter the following command lines each followed by the enter key
cd C:\WINDOWS\Downloaded Program Files\
attrib -r -h -s dialsympa_221.exe
del dialsympa_221.exe
exit
I did not choose to follow the Pocket Killbox route because of its Backup & Delete function. I was afraid of the backup ending up somewhere where I could not find it. I'm too burned out from 'dialsympa' search and destroy missions.
ky331
3 Apprentice
•
15.6K Posts
0
May 3rd, 2005 18:00
apparently, the "problem" you were having was that the file had a protection attribute set on it (either read-only, hidden, or system), which had to be UNset first, before windows allowed you to delete the file.
Message Edited by ky331 on 05-03-2005 04:56 PM
botzaris
2 Intern
•
277 Posts
0
May 3rd, 2005 19:00
Jimmy Hoffa
78 Posts
0
May 3rd, 2005 20:00
Bot ,Glad to hear you got it fixed, one way or another---both methods would have worked I believe.
And KY----great work. I like your style---wished I could present a solution, explain tool use, as well as you!. Not going to happen LOL!. >jimmy
ky331
3 Apprentice
•
15.6K Posts
0
May 10th, 2005 12:00
botzaris
2 Intern
•
277 Posts
0
May 10th, 2005 17:00