PDA

View Full Version : Re: Porn Icon Removal



J ZEP
08-01-2003, 07:56 PM
Hi all - Further to my last post

Here (http://pressf1.pcworld.co.nz/thread.jsp?forum=1&thread=29711)

O.k I just got an e-mail from my friend with the properties of the Unwanted Desktop Icon - the target is: C:\WINDOWS\Chat.exe.
What i would now like to know is: if i relay to him to look into C:\WINDOWS\Chat - (I am presuming it will have a folder there), would it have an uninstall in the folder? I thought it was a bit odd that it has installed in C:\WINDOWS, I was expecting it to perhaps be in C:\ or C:\Program Files?? Basically i want to advise him the most likely place to look first so as not to confuse him or me ;-), and should i still get him to look in the "add or remove programs" in control panel for it too?
I got him to try to right click the icon in the system tray (if he has one as i thought he did?) and look for - menu - uninstall or just - uninstall, but have not heard how this went for him yet.
So any advice on my first port of call with advising him on this, now we know where it resides, would be most helpful and appreciated.
**I would prefer to actually "Uninstall" it for him if its possible, rather than just disable it from loading at Startup.

duckyduck
09-01-2003, 12:44 AM
Adult Chat, I got a call about this one a few nights ago also on a WinXP machine with multiple log ins.

It placed a icon on the desktop called Adult Chat, changed the home page to something like hackers.com, Outlook Expess would not load and while you could get a connection to the internet, any page other than its new home page was not available.

The infection appeared to have come in on a email as part of a attachment he had run.

It did not appear to have added any new connections for dialup.

I cannot be too helpful here as I don't have XP but I would suggest following through with the msconfig option from the earlier postings and get the latest adaware from lavasoft.com and run that.

The user was using WinXP, any attempt to remove etc kept bringing up messages to the effect that they had the wrong password or something, I cannot recall now exactly and he is away on business so I cannot call him.

XP is like ME though in that it has a restore option back to a earlier good date, in this case that option appeared to have been disabled or otherwise not available but you could also look at that.

If you can locate the folder from where the program is running you could try renaming the folder, but if this is a infection of some sort it culd have dug its claws into other parts of windows as well.

He ended up reformatting as the quickest option out of the mess.

sam m
09-01-2003, 01:03 AM
What OS are yo using JZEP?
If you are on XP as well then use remote assistance (http://www.microsoft.com/windowsxp/pro/using/howto/gethelp/remoteassist/default.asp) and help him out from your machine (once you find answer of course). Let's you have a look at his computer from yours which might give you a better idea what sort of help he/you need. This whole saga sounds frustrating for you trying to help without seeing it yourself. Used it once before for friend in Tauranga and was very impressed with how it worked.

Clueless
09-01-2003, 09:12 AM
J Zep....

You still got that pornchat thing on yer machine?????

:D
.Clueless

godfather
09-01-2003, 10:20 AM
I suspect that this nasty will have dug its way into windows a bit deeper than just a file in C:/Windows and a shortcut.

BTW J ZEP, its not in a folder in C:/Windows, its path suggests its just in with all the other files in the WINDOWS folder. It certainly wont have an uninstall in that folder.

Its hard to imagine its popped in there without being controlled from the registry. Its likely that if you remove it (by deleting) it will re-create itself. That suspicion is increased if its in the tray as an Icon as well.

There was a limited amount of info on Google, and it pointed to a virus/trojan, but "chat.exe" is a common name for valid applications that can be loaded.

Some info suggested it disables antivirus as well, so an on-line scan would be a good idea? Most info was not mainstream though and was buried in user group info.

pmchapman
09-01-2003, 10:54 AM
There's only one thing left to do. Boot to your start up disk that your antivirus program made when you installed it. You did make one didn't you... If you didn't I wouldn't recommend making it one the machine with the chat program. The disk will get infected as well and the AV will probably fail to function.

Chilling_Silence
09-01-2003, 01:08 PM
I agree with godfather,
Some will come back after being removed, however, some simply need the file to be removed from its multiple locations, these are ususally:
c:\
c:\Windows\ (or \WinNT\)
c:\Windows\Temp\
c:\Windows\system\
c:\Windows\system32\
c:\Documents and Settings\All Users\Start Menu\
c:\Documents and Settings\All Users\Start Menu\Programs\
c:\Documents and Settings\All Users\Desktop\
c:\Documents and Settings\username\Start Menu
c:\Documents and Settings\username\Start Menu\Programs
c:\Documents and Settings\username\Desktop\
c:\Program Files\

Another thing, it wont neccesarily create a Dial-Up Connection, It will simply dial a specified number from within the software itself.

You may need to do a bit of registry editing (Dont forget to back the whole lot up first) and search out the file name in there..

Update your AV software, and also try Ad-Aware to see if they pick it up.


Ulitmately, a Format or (If possible) Roll-Back is the quickest/easiest way to get rid of it in most cases :-)

Cheers


Chilling_Silence

J ZEP
10-01-2003, 02:32 PM
Thankyou all for that great feedback, I hadn't even thought of it in terms of virus/trojan :-( , as i was just thinking along the lines of a pesky program. I came to the same conclusion as Sam, i think that remote assistance will probably be the best bet, he hasn't been using "windows messenger" so i e-mailed him the directions to set that up as he was lost with setting that up too - and I thought it would be at least easier to work through using "windows messenger", but once he has it set up the added advantage is the "remote assistance" option which will probably be even better. I haven't used this before but think it will be the way to go - as it is becoming rather tedious and frustrating doing things by way of e-mail. Its just the simple things that you take for granted, i.e terms such as homepage, i.explorer, outlook express - however it can't have stopped that working as he is still able to e-mail me, and the impression/description i have been given is it is just an annoying icon :^O , but i don't know if he would know if his homepage was taken over etc...
I don't know if/what A.Virus software he is using and so on....

>>>3There was a limited amount of info on Google, and it pointed to a virus/trojan, but "chat.exe" is a common name for valid applications that can be loaded.

And as GF did, i have done numerous searches on google, with some results but the term is so broad it made it a little difficult.

Now regarding remote assistance:
This will be possible as we are both using XP pro. Will i be able to do things like online virus scans and virus updates on his computer for him, once connected to his computer using remote assistance, also what online virus scanners do people recommend - Symantec?? As i haven't needed to use one yet. Also if this is a trojan/virus what are the chances of my computer becoming infected using remote assistance?? Apart from the fact i will make sure i am up to date in the A.V department?
Well once again thanks to you all for all the feedback, i have got some good starting points and will look where chilling suggested too, when/if i can remote connect ;-) - wish me luck :-)

Chilling_Silence
10-01-2003, 02:41 PM
> Well once again thanks to you all for all the
> feedback, i have got some good starting points and
> will look where chilling suggested too, when/if i can
> remote connect ;-) -

Why not just do a search for Chat.exe when you do get it going?

> wish me luck :-)

Good luck ;)