Win32:Dialer-1346

[Ragamuffin]

Made it non-clickable, sorry about that. Is there anyway to block the exploit?

[essexboy]

Not too bad just a few remnants of SpyFalcon there - you missed the real nasty

Start OTS. Copy/Paste the information in the quotebox below into the pane where it says "Paste fix here" and then click the Run Fix button.

Code: [Select]

[Unregister Dlls]
[Files/Folders - Modified Within 30 Days]
NY -> Bu_.exe -> H:\Documents and Settings\Ian.LENORE\Local Settings\Temp\~nsu.tmp\Bu_.exe
NY -> Au_.exe -> H:\Documents and Settings\Ian.LENORE\Local Settings\Temp\~nsu.tmp\Au_.exe
[Empty Temp Folders]


The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix.

[Ragamuffin]

Done, do you need to see the log?

[essexboy]

Nope that should have cleared it all.  Is all ok now ?

[Ragamuffin]

Well, the log says

Code: [Select]

All Processes Killed
[Files/Folders - Modified Within 30 Days]
H:\Documents and Settings\Ian.LENORE\Local Settings\Temp\~nsu.tmp\Bu_.exe moved successfully.
H:\Documents and Settings\Ian.LENORE\Local Settings\Temp\~nsu.tmp\Au_.exe moved successfully.
[Empty Temp Folders]So... I hope so?

And Pol, thanks for explaining that, it's a bit over my head, but thanks all the same.

[Ragamuffin]

Probably a silly question, but do I need to go an delete the Bu_.exe and Au_.exe files manually? Because I can find them in H:\_OTS\MovedFiles\07262009_174245\H_Documents and Settings\[username.comp]\Local Settings\Temp\~nsu.tmp\

[essexboy]

OOps sorry if you run OTS and hit the cleanup button it will remove them and itself

[Ragamuffin]

Got it, thanks a lot for the help!