malware dialer.instantaccess - help removing

SwampThing · 09-11-2006 9:48pm #1

I've tried all I can think of - ewido in safe mode, BFU in safe mode, manually trying to find/delete .dlls.

Ewido always finds dialer.instantaccess in c:\windows\system32\msclock32.dll.

I think is some form of rootkit as that file doesn't seem to exist!

Any ideas?

Ruu_Old · 09-11-2006 9:59pm

Do you have System Restore running? Disable it before you scan in safe mode, let Ewido perform its removal action and then enable it again. There are removal instructions here. Let us know how you get on.

8T8 · 09-11-2006 10:00pm

A full list of file related to this can be found here if it's the same one a search for the files in question should tell you.

But have you used Spybot & Windows Defender (no longer beta) to combat it with Hijack This to remove it's entries for loading at startup.

Redisle · 09-11-2006 10:07pm

Sounds like good advice above but If you need to manually remove dll's try killbox.
Ive used that to get rid of crap before, it unregisters the dll then deletes..... By the way u probably have already but just in case make sure u dont have a 56k modem hooked up to a phone line......;) ... And make sure to turn system restore off and restart pc then get rid of dialer then turn back on system restore

SwampThing · 10-11-2006 3:58pm

I think I've actually gotten rid of the nasty bugger - what I'm seeing in the scan is Dialer.InstantAccess in 16 locations - all VM_xxxxxx where xxxxxx are numbers.

I think these might be quarantined files from Norton or ewido. I'll try delete them this evening and see how I get on.

malware dialer.instantaccess - help removing

Comments