Solved

dial placed on NT 4.0 computer

Posted on 2004-04-26
5
171 Views
Last Modified: 2010-04-11
I have a computer that has a nasty autodialer that I can't get rid of. Adaware and spybot do not locate the source.

It will stop if I remove the registry entry from hklm\software\microsoft\windows\currrentversion\run\WinDynManager

The Data value is amsnmsg.exe.

I can find virtually no referrence to this key or executable on Google, Altavista or Microsoft's support site. There are only 2 referrences I found (both in French).

Any idea on how I can get rid of this thing?

Thanks,

- Bill -
0
Comment
Question by:w_marquardt
  • 3
5 Comments
 
LVL 67

Expert Comment

by:sirbounty
ID: 10922407
Did you simply delete it from the registry and it returns?

Try one of these

  Web Shredder--> http://www.spywareinfo.com/~merijn/cwschronicles.html#cwshredder
  Pest Patrol --> http://www.pestpatrol.com/downloads/eval/download.asp
  PCHell removal->http://www.pchell.com/support/spyware.shtml
  HijackThis -->  http://www.spychecker.com/program/hijackthis.html

  Make sure that after downloading these, that you update them.  It helps to try at least two of these.
  If all else fails, download HijackThis and post the log that is generated after running it on your system.
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10922444
0
 
LVL 49

Accepted Solution

by:
sunray_2003 earned 500 total points
ID: 10922749
w_marquardt,
> It will stop if I remove the registry entry from
> hklm\software\microsoft\windows\currrentversion\run\WinDynManager

Does the auto dialer come back again even after you remove it from that registry ..

Try these locations aswell

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices
0
 

Author Comment

by:w_marquardt
ID: 10923091
sunray_2003,

THanks for the help. I had missed the hkcu key. Once that was gone, it stopped reappearing. .

Regards,

- Bill -
0
 
LVL 49

Expert Comment

by:sunray_2003
ID: 10923427
Great
0

Featured Post

What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now