XXX Porn Dialer problem!!!

And before you say it, no I wasn't looking at porn! LOL

I decided yesterday to update AIM, while the update was downloading, I also ended up downloading a XXX porn dialer. And now, I can't get rid of the bloody thing!

I have run Spybot Search and Destroy four times, Ad-Aware four times, and every single time I reboot the puter, I am presented with this porn dialer icon on my desktop. I look for the program in the puter I can't find it to uninstall it.

Does anyone have any ideas how to get rid of these pesky piles of rubbish?

Thanks in advance for the help. This is driving me nuts!!!

Dialer proggies usually install into your Internet Acoounts folder in the Registry and can be found there. Sounds like a "drive-by" dialer, ie no prompt type.

WARNING!!! don't do this if you are even remotely unsure about the instructions below. They are for illustrative purposes only.

click START-RUN/type "regedit" in the field and then click/hit "enter"/open the directory structure of the "hive" titled HKEY_CURRENT_USER/then drill down by clicking the successive +signs as follows>>>

HKEY_CURRENT_USER\Software
HKEY_CURRENT_USER\Software\Microsoft
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager
HKEY_CURRENT_USER\Software\Microsoft\Internet Account Manager\Accounts

The last directory is as far as you will get and shows which accounts are on your 'puter. Typically there will be two at the top that handle your internet, mail and news accounts. Your ISP name will be in there as will your e-mail addy. There will be another 3-4 for Verisign, Bigfoot and so on; they are installed when Windows is installed. Click once on each account entry and scrutinise it. (click ONCE on the yellow folder icon that does not have a + to the left of it). If the account name looks/sounds odd, or you need more advice, then post the name here.

Above all don't make any changes to the Registry, delete anything etc unless you know exactly what you are doing. If any tekkie friends get involved make sure they back up any suspect Registry keys before they are deleted, eg to the desktop

edit: It would be helpful to know the name of the dialer.

It was called XXX-files!

Sorry I haven't gotten back until now, but alas I have had some major problems!

Sapphocrat signed onto AIM and was able to help me remove it manually through the registry (she has 20 yrs experience in IT and Help Desk) etc, but once again when I rebooted the bastard came back!

No matter what I tried the thing kept coming back. In the end I would log onto the internet and a few minutes later it would boot me off and begin dialing. My internet connections were extremely poor etc. So I got jack of it and did a complete system recovery!

I lost a lot of work, and now have a lot to get the puter back in shape, but at least that bloody dialer is gone!!!

This is usually caused by a drive-by as McKenzie said. But if it came as a piggy back on AIM D/L I would contact them to notify that it is on their website. If this is happening many people are being infected.

The Federal Trade Commission has issued a statement saying that you do not have to pay your local telephone company for these charges, regardless of what they say. You should "refuse to pay for anything you did not authorize, as long as it's not a transmission charge," FTC officials said. The reason being, charges for hijacked calls to XXX Web sites count as charges for content not transmission. Follow the steps below under "What to do" for more help.

Here's how it works...

1) The consumer - usually a teenager - logs on to a computer and accesses a pornography site through his or her Internet Service Provider (ISP).

2) A teaser Web site then downloads "dialer" software onto the consumer's computer.

3) After "dialer" software is activated, the consumer's computer modem disconnects from the ISP and dials an international telephone number assigned to Madagascar, Vanatu or another distant foreign country.
(More)
http://clarkhoward.com/topics/porn_charges.html#todo

More Help Here:
FREE Malicious Software Removal Tool from Microsoft
http://www.xpmaximized.com/archives/2005/01/malicious_softw.html

Security Tools
http://www.democraticunderground.com/discuss/duboard.php?az=view_all&address=242x1314