Derbiz.com dialler, help needed!
04 April 2005, 05:07 PM
#1
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: elsewhere
Posts: 1,212
Likes: 0
Received 0 Likes
on
0 Posts
Derbiz.com dialler, help needed!
Hello,
Just spent 3 hours trying to remove a Derbiz.com dialler and toolbar from a machine and I'm still having problems
It appears to have disabled Norton and is resistant to detection by Spybot and AdAware SE (both latest versions with latest defs.)
Machine was running XP Home SP1, now upgraded to SP2. I have managed to remove the associated toolbar using IE's "manage add-ons" and have uninstalled it with Add/Remove Programs. Firewall is on. Only net connection is via USB ADSL modem (I know), no connection to analogue modem so at least the thing can't dial Guiana.
It was randomly throwing pop-ups to the screen but that appears to have stopped. I have activated Spybot's "TeaTimer" (resident config. change detection) and it informs me that something is persistantly trying to write a start-up value to the registry. I denied it access but the value just got written to a different area.
Weird thing is I can still ping and the responses seem to be coming from the correct IP. Also LimeWire still works, so it seems only browsing is affected. IE has been hijacked and wants to go to community.derbiz.com Installed Firefox 1.0.2 and that wouldn't load anything, "Connection Refused", even if I entered and IP instead of a domain name.
I guess the next step is HijackThis, but I didn't have a copy with me this afternoon
and of course I had no way to download one. A quick Googling reveals one USENET post about this to a MS security group, but just the standard response.
This one has me puzzled for the time being. Any suggestions?
Ta,
Alex
Just spent 3 hours trying to remove a Derbiz.com dialler and toolbar from a machine and I'm still having problems
It appears to have disabled Norton and is resistant to detection by Spybot and AdAware SE (both latest versions with latest defs.)Machine was running XP Home SP1, now upgraded to SP2. I have managed to remove the associated toolbar using IE's "manage add-ons" and have uninstalled it with Add/Remove Programs. Firewall is on. Only net connection is via USB ADSL modem (I know), no connection to analogue modem so at least the thing can't dial Guiana.
It was randomly throwing pop-ups to the screen but that appears to have stopped. I have activated Spybot's "TeaTimer" (resident config. change detection) and it informs me that something is persistantly trying to write a start-up value to the registry. I denied it access but the value just got written to a different area.
Weird thing is I can still ping and the responses seem to be coming from the correct IP. Also LimeWire still works, so it seems only browsing is affected. IE has been hijacked and wants to go to community.derbiz.com Installed Firefox 1.0.2 and that wouldn't load anything, "Connection Refused", even if I entered and IP instead of a domain name.
I guess the next step is HijackThis, but I didn't have a copy with me this afternoon
and of course I had no way to download one. A quick Googling reveals one USENET post about this to a MS security group, but just the standard response.This one has me puzzled for the time being. Any suggestions?
Ta,
Alex
04 April 2005, 05:26 PM
#2
Scooby Regular
Join Date: Sep 1999
Location: Bedfordshire
Posts: 4,037
Likes: 0
Received 0 Likes
on
0 Posts
Have you tried M$ antispyware, still in beta but by far the best tool for getting rid of rogue processes. It can detect in-memory processes and can unload DLLs which can then be deleted which is the normal problem with these rogue apps.
Gary
Gary
04 April 2005, 05:46 PM
#3
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: elsewhere
Posts: 1,212
Likes: 0
Received 0 Likes
on
0 Posts
Cheers Gary, will give it a whirl. Didn't realise it could detect memory resident nasties. Was running it on my own machine but it kept throwing BSOD's.
05 April 2005, 10:07 AM
#4
Scooby Regular
Thread Starter
Join Date: Apr 2002
Location: elsewhere
Posts: 1,212
Likes: 0
Received 0 Likes
on
0 Posts
In case anyone searches for this, I've hopefully found a fix:
http://forums.techguy.org/t346735.html
The little bugger buries itself very deep!
http://forums.techguy.org/t346735.html
The little bugger buries itself very deep!
Thread
Thread Starter
Forum
Replies
Last Post
MH-Racing
Subaru Parts
18
18 October 2015 04:49 PM
robbie1988
Wanted
2
13 September 2015 09:25 AM
Scooby-Doo 2
Wheels And Tyres For Sale
1
09 September 2015 06:51 PM