3 Mar 2003 jfleck   » (Master)

So Nora came in last night at bedtime and told me she'd need some help today fixing her computer. She sheepishly admitted she'd clicked on something that had installed some sort of porn program, and she couldn't get rid of it.

These people are bastards.

I sat down this morning after she left for school and fixed it. Took me quite a while, because she's a Windows user and I'm not very familiar with her operating system. I explain the details here not because I think Advogato readers will care, but so Google will pick this up and others with the same problem can see how to fix it. (When I Googled it, I found several people with the problem, but no solution.)

The bastards install a substitute dialer, c:\ecommerce\dialer.exe, which launches on startup. I'm not sure what it actually does, but the pictures suggest that if you use it, porn follows. I assume it's one of those Bulgarian long distance billing scams, but the computer has no modem, so thankfully we'll never know. Nora was smart enough to delete it and the offensive desktop icon launcher it also installs, but that wasn't good enough. On reboot, it was back.

A bit of hunting revealed that it had also dropped an executable: c:\sexicamz.exe. That was apparently doing the reinstall on launch. To remove it, I had to delete that file and also go into the registry (click "Run" on the start menu and type "regedit"): HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run and remove the entry for sexicamz.exe (right-click on the entry to get the "delete" option). I don't know what I would have done if they hadn't given it such an obvious name. Being unfamiliar with Windows, I would never have known what is supposed to be there or not.

They're bastards. Did I mention that?

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!