OT: Anyone know how to delete The Trickler?!?

Discussion in 'Mountain Bikes' started by Sorni, Feb 6, 2003.

Thread Status:
Not open for further replies.
  1. Sorni

    Sorni Guest

    Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly Gator Corp.

    "Ad-Aware" pointed this out to me, but can't clean it.

    Norton doesn't recognize it as a virus.

    *I* can't delete it -- just get an "Access Denied" message (even in DOS mode).

    I did tell my firewall thing to deny it access to the 'net, and don't see any symptoms or anything,
    but I'd like to get rid of it.

    Anyone know what I should do?!?

    TIA,

    Bill "found some foreign sites about it but they didn't have a 'remove' button" S.
     
    Tags:


  2. Mattb

    Mattb Guest

    "Sorni" <[email protected]> wrote in message
    news:D[email protected]...
    > Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
    > Gator Corp.
    >
    > "Ad-Aware" pointed this out to me, but can't clean it.
    >
    > Norton doesn't recognize it as a virus.
    >
    > *I* can't delete it -- just get an "Access Denied" message (even in DOS mode).
    >
    > I did tell my firewall thing to deny it access to the 'net, and don't see any symptoms or
    > anything, but I'd like to get rid of it.
    >
    > Anyone know what I should do?!?
    >
    > TIA,
    >
    > Bill "found some foreign sites about it but they didn't have a 'remove' button" S.
    >
    >

    Have you tried deleting the file in true DOS mode, where you reboot into "Command Prompt Only"? That
    should work. If you are just opening a DOS window, then the file will still be in use and you will
    be denied.

    There's also a new version of AdAware (6) out which may deal with it a little better.

    You could also see if you can find the reference that loads the file when you boot. Most likely it's
    in your registry. You can search the registry for a value, try searching for that file name and then
    deleting any reference you find to it (after backing up, of course).

    Matt
     
  3. John Harlow

    John Harlow Guest

    > Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
    > Gator Corp.
    >
    > "Ad-Aware" pointed this out to me, but can't clean it.
    >
    > Norton doesn't recognize it as a virus.
    >
    > *I* can't delete it -- just get an "Access Denied" message (even in DOS mode).
    >
    > I did tell my firewall thing to deny it access to the 'net, and don't see any symptoms or
    > anything, but I'd like to get rid of it.
    >
    > Anyone know what I should do?!?
    >
    > TIA,
    >
    > Bill "found some foreign sites about it but they didn't have a 'remove' button" S.

    If you get "access denied" it's usually because the file is in use by another process (certainly
    would be if the program is running). Is this an OS where you can startup in a DOS prompt (win 98)?
    If so, you can delete it that way. Otherwise for NT and 2K (and I presume XP) you can use the
    "recovery console" to get in and dig around.
    http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=14731
     
  4. Sorni

    Sorni Guest

    "MattB" <[email protected]> wrote in message news:[email protected]...
    > "Sorni" <[email protected]> wrote in message
    > news:D[email protected]...
    > > Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
    > > Gator Corp.
    > >
    > > "Ad-Aware" pointed this out to me, but can't clean it.
    > >
    > > Norton doesn't recognize it as a virus.
    > >
    > > *I* can't delete it -- just get an "Access Denied" message (even in DOS mode).
    > >
    > > I did tell my firewall thing to deny it access to the 'net, and don't
    see
    > > any symptoms or anything, but I'd like to get rid of it.
    > >
    > > Anyone know what I should do?!?
    > >
    > > TIA,
    > >
    > > Bill "found some foreign sites about it but they didn't have a 'remove' button" S.
    > >
    > >
    >
    > Have you tried deleting the file in true DOS mode, where you reboot into "Command Prompt Only"?
    > That should work. If you are just opening a DOS window, then the file will still be in use and you
    > will be denied.

    Tried 3 times now. Get an error message (non Blue Screen) saying computer needs to re-start; I press
    any key and it shuts off. (My machine has more bugs than Rimmer's family tree!)

    Is there a way to "first boot" into DOS? I know I should know that, but... (one of the "F'
    keys, right?)

    >
    > There's also a new version of AdAware (6) out which may deal with it a little better.
    >
    > You could also see if you can find the reference that loads the file when you boot. Most likely
    > it's in your registry. You can search the registry
    for
    > a value, try searching for that file name and then deleting any reference you find to it (after
    > backing up, of course).

    That went over my head faster than you and JD on a steep climb @ 13,000!

    Bill "bootless" S.
     
  5. Mattb

    Mattb Guest

    "Sorni" <[email protected]> wrote in message
    news:[email protected]...
    > "MattB" <[email protected]> wrote in message news:[email protected]...
    > > "Sorni" <[email protected]> wrote in message
    > > news:D[email protected]...
    > > > Somehow I've picked up the friggin' "Trickler" trojan/spyware thing
    from
    > > > that dastardly Gator Corp.
    > > >
    > > > "Ad-Aware" pointed this out to me, but can't clean it.
    > > >
    > > > Norton doesn't recognize it as a virus.
    > > >
    > > > *I* can't delete it -- just get an "Access Denied" message (even in
    DOS
    > > > mode).
    > > >
    > > > I did tell my firewall thing to deny it access to the 'net, and don't
    > see
    > > > any symptoms or anything, but I'd like to get rid of it.
    > > >
    > > > Anyone know what I should do?!?
    > > >
    > > > TIA,
    > > >
    > > > Bill "found some foreign sites about it but they didn't have a
    'remove'
    > > > button" S.
    > > >
    > > >
    > >
    > > Have you tried deleting the file in true DOS mode, where you reboot into "Command Prompt Only"?
    > > That should work. If you are just opening a DOS window, then the file will still be in use and
    > > you will be denied.
    >
    >
    > Tried 3 times now. Get an error message (non Blue Screen) saying computer needs to re-start; I
    > press any key and it shuts off. (My machine has more bugs than Rimmer's family tree!)
    >
    > Is there a way to "first boot" into DOS? I know I should know that,
    but...
    > (one of the "F' keys, right?)
    >
    > >
    > > There's also a new version of AdAware (6) out which may deal with it a little better.
    > >
    > > You could also see if you can find the reference that loads the file
    when
    > > you boot. Most likely it's in your registry. You can search the registry
    > for
    > > a value, try searching for that file name and then deleting any
    reference
    > > you find to it (after backing up, of course).
    >
    > That went over my head faster than you and JD on a steep climb @ 13,000!
    >
    > Bill "bootless" S.
    >

    F8 for the menu to give you those choices. What version of Windows?
     
  6. John Harlow

    John Harlow Guest

    > F8 for the menu to give you those choices.

    ...when you first turn the machine on, keep pressing the F8 key between the time you see your "bios"
    message and the windows starting message. You may get a false message about a "keyboard error, press
    F1 to continue"* - just press F1 then press the hell out of F8.

    *(the irony of which always cracks me up)
     
  7. Sorni

    Sorni Guest

    "John Harlow" <[email protected]> wrote in message news:[email protected]...
    >
    > > F8 for the menu to give you those choices.
    >
    > ...when you first turn the machine on, keep pressing the F8 key between
    the
    > time you see your "bios" message and the windows starting message. You
    may
    > get a false message about a "keyboard error, press F1 to continue"* - just press F1 then press the
    > hell out of F8.
    >
    > *(the irony of which always cracks me up)

    Thanks Matt and John -- here's the current:

    I have Win 98. The error message (when I try to Restart in DOS) is a Windows Protection dealie.

    Did the F8 thing -- got the menu of choices -- picked #5 (Boot to Command Prompt, I think it was).

    Successfully got to the file...and it STILL won't delete! ("Access Denied" again.)

    I probably should leave well enough alone (everything's working as well as this buggy K6-2 allows,
    anyway), but it just, er, bugs me!

    Bill "I could try SAFE MODE command prompt I suppose (but bet it won't make a diff.)" S.

    PS: Due for a new Dell, Dude, anyway -- just always hate the ordeal of setting up crap...
     
  8. Mattb

    Mattb Guest

    "Sorni" <[email protected]> wrote in message
    news:[email protected]... <snip>
    > Thanks Matt and John -- here's the current:
    >
    > I have Win 98. The error message (when I try to Restart in DOS) is a Windows Protection dealie.
    >
    > Did the F8 thing -- got the menu of choices -- picked #5 (Boot to Command Prompt, I think it was).
    >
    > Successfully got to the file...and it STILL won't delete! ("Access
    Denied"
    > again.)
    >
    > I probably should leave well enough alone (everything's working as well as this buggy K6-2 allows,
    > anyway), but it just, er, bugs me!
    >
    > Bill "I could try SAFE MODE command prompt I suppose (but bet it won't
    make
    > a diff.)" S.
    >
    > PS: Due for a new Dell, Dude, anyway -- just always hate the ordeal of setting up crap...
    >

    How odd. I'd give the Safe Mode Command Prompt a try. Maybe the thing is loading from Autoexec.bat
    or config.sys which are both still run when you boot into Command Prompt (non-safe). But it seems
    like an outside shot. Most of these spyware apps use a more sophisticated method to load. If it
    still won't delete in SMCP you can try one more thing. Go to where this file is and type in the
    following:

    attrib -s -h -r <filename>

    It's possible that it's marked at a System file (s), Hidden file (h) or Read only (r) and that's why
    you can't delete it (although I'm pretty sure read-only doesn't matter but this shouldn't hurt).
    This will remove those settings. Then try to del it again.

    Matt (takin it personal now - Trickler MUST DIE!!!)
     
  9. Si

    Si Guest

    Check the file attributes. After booting to DOS, type "attrib filename" and it'll show you if the
    file is protected. It's probably got system, read-only and hidden attributes. To remove those
    attributes type "attrib -r - s -h filename" You should be able to delete it then.

    Si

    "Sorni" <[email protected]> wrote in message
    news:[email protected]...
    >
    > "John Harlow" <[email protected]> wrote in message news:[email protected]...
    > >
    > > > F8 for the menu to give you those choices.
    > >
    > > ...when you first turn the machine on, keep pressing the F8 key between
    > the
    > > time you see your "bios" message and the windows starting message. You
    > may
    > > get a false message about a "keyboard error, press F1 to continue"* -
    just
    > > press F1 then press the hell out of F8.
    > >
    > > *(the irony of which always cracks me up)
    >
    > Thanks Matt and John -- here's the current:
    >
    > I have Win 98. The error message (when I try to Restart in DOS) is a Windows Protection dealie.
    >
    > Did the F8 thing -- got the menu of choices -- picked #5 (Boot to Command Prompt, I think it was).
    >
    > Successfully got to the file...and it STILL won't delete! ("Access
    Denied"
    > again.)
    >
    > I probably should leave well enough alone (everything's working as well as this buggy K6-2 allows,
    > anyway), but it just, er, bugs me!
    >
    > Bill "I could try SAFE MODE command prompt I suppose (but bet it won't
    make
    > a diff.)" S.
    >
    > PS: Due for a new Dell, Dude, anyway -- just always hate the ordeal of setting up crap...
     
  10. John Harlow

    John Harlow Guest

    > Matt (takin it personal now - Trickler MUST DIE!!!)

    Heh - really!

    BTW, Bill - what is the filename you are trying to delete?
     
  11. Mattb

    Mattb Guest

    "Si" <[email protected]> wrote in message news:[email protected]...
    > Check the file attributes. After booting to DOS, type "attrib filename"
    and
    > it'll show you if the file is protected. It's probably got system,
    read-only
    > and hidden attributes. To remove those attributes type "attrib -r - s -h filename" You should be
    > able to delete it then.
    >
    > Si

    Hey, good idea!

    Matt
     
  12. Sorni

    Sorni Guest

    "Sorni" <[email protected]> wrote in message
    news:D[email protected]...
    > Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
    > Gator Corp.

    {Snip many helpful replies by Matt, John and Si -- see thread if interested}

    Well, the "Safe Mode" boot to command prompt didn't work either, but the "Attrib" command did the
    trick (that is, it "did in" the Trickler! :)

    Typed "attrib trickl~1.exe" and got back "r", so "-r" is all I used to change it. Then it deleted
    just fine (although I think I'll check again soon, not that I'm paranoid or anything. WHAT WAS
    THAT NOISE?!?)

    The full file name was something like "Trickler_1020" -- the 'net search I did turned up a few
    variations of the number part.

    Thanks again, guys -- I learned DOS commands back in the old days, but was smart enough NOT to learn
    how to mess with ATTRIB lest I screw up things BAD!

    Bill "our long (inter?)national nightmare has ended" S.
     
  13. Mattb

    Mattb Guest

    "Sorni" <[email protected]> wrote in message
    news:[email protected]...
    > "Sorni" <[email protected]> wrote in message
    > news:D[email protected]...
    > > Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
    > > Gator Corp.
    >
    > {Snip many helpful replies by Matt, John and Si -- see thread if
    interested}
    >
    >
    > Well, the "Safe Mode" boot to command prompt didn't work either, but the "Attrib" command did the
    > trick (that is, it "did in" the Trickler! :)
    >
    > Typed "attrib trickl~1.exe" and got back "r", so "-r" is all I used to change it. Then it deleted
    > just fine (although I think I'll check again soon, not that I'm paranoid or anything. WHAT WAS
    > THAT NOISE?!?)
    >
    > The full file name was something like "Trickler_1020" -- the 'net search I did turned up a few
    > variations of the number part.
    >
    > Thanks again, guys -- I learned DOS commands back in the old days, but was smart enough NOT to
    > learn how to mess with ATTRIB lest I screw up things BAD!
    >
    > Bill "our long (inter?)national nightmare has ended" S.
    >
    >

    Keel da Trickler!!! Die! Die! Die!

    Nice job. Despite what anyone says you _can_ follow directions.

    Matt

    "Gravity. It's not just a good idea, it's the law!"

    PS - I made a new sig. Woooo!
     
  14. Bomba

    Bomba Guest

    Sorni wrote:

    >>Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
    >>Gator Corp.

    Aw rats. A geek thread and I missed it. Still, I was taking the rigid SS through its paces which
    kinda compensates... :)
     
  15. Sorni

    Sorni Guest

    "bomba" <[email protected]> wrote in message news:[email protected]...
    > Sorni wrote:
    >
    > >>Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
    > >>Gator Corp.
    >
    > Aw rats. A geek thread and I missed it. Still, I was taking the rigid SS through its paces which
    > kinda compensates... :)

    Yeah, I figured you'd be among the first to jump in there! Glad you have an excellent excuse :)

    Bill "now I sorta miss it" S.
     
  16. Sorni

    Sorni Guest

    "MattB" <[email protected]> wrote in message news:[email protected]...

    > Nice job. Despite what anyone says you _can_ follow directions.

    Leave my ex-wives out of this!

    Bill "Trickler v. Trickster -- pay-per-view city!" S.
     
  17. Michael Paul

    Michael Paul Guest

    "MattB" <[email protected]> wrote in message news:[email protected]...
    > "Sorni" <[email protected]> wrote in message
    > news:[email protected]...
    > > "Sorni" <[email protected]> wrote in message
    > > news:D[email protected]...
    > > > Somehow I've picked up the friggin' "Trickler" trojan/spyware thing
    from
    > > > that dastardly Gator Corp.
    > >

    >
    > Nice job. Despite what anyone says you _can_ follow directions.
    >
    > Matt
    >
    > "Gravity. It's not just a good idea, it's the law!"
    >
    > PS - I made a new sig. Woooo!
    >
    >
    OH he can follow directions just fine. Now if you ask him to remove or install a part wtihout
    stripping something then look out!

    Michael
     
  18. "Si" <[email protected]> wrote in message news:[email protected]...
    > Check the file attributes. After booting to DOS, type "attrib filename"
    and
    > it'll show you if the file is protected. It's probably got system,
    read-only
    > and hidden attributes. To remove those attributes type "attrib -r - s -h filename" You should be
    > able to delete it then.
    >
    > Si
    >
    > "Sorni" <[email protected]> wrote in message
    > news:[email protected]...
    > >
    > > "John Harlow" <[email protected]> wrote in message news:[email protected]...
    > > >
    > > > > F8 for the menu to give you those choices.
    > > >
    > > > ...when you first turn the machine on, keep pressing the F8 key
    between
    > > the
    > > > time you see your "bios" message and the windows starting message.
    You
    > > may
    > > > get a false message about a "keyboard error, press F1 to continue"* -
    > just
    > > > press F1 then press the hell out of F8.
    > > >
    > > > *(the irony of which always cracks me up)
    > >
    > > Thanks Matt and John -- here's the current:
    > >
    > > I have Win 98. The error message (when I try to Restart in DOS) is a Windows Protection dealie.
    > >
    > > Did the F8 thing -- got the menu of choices -- picked #5 (Boot to
    Command
    > > Prompt, I think it was).
    > >
    > > Successfully got to the file...and it STILL won't delete! ("Access
    > Denied"
    > > again.)
    > >
    > > I probably should leave well enough alone (everything's working as well
    as
    > > this buggy K6-2 allows, anyway), but it just, er, bugs me!
    > >
    > > Bill "I could try SAFE MODE command prompt I suppose (but bet it won't
    > make
    > > a diff.)" S.
    > >
    > > PS: Due for a new Dell, Dude, anyway -- just always hate the ordeal of setting up crap...
    > >
    > >
    >
    >
    This all may be overkill. Is it because the application is already up? If IE is up (and perhaps
    anything which talks to the internet) tickler comes up. try to reboot, don't bring anything up
    except ad-aware and try again.

    Good luck!
    --
    Craig Brossman, Durango Colorado
     
  19. Sorni

    Sorni Guest

    "Michael Paul" <[email protected]> wrote in message
    news:[email protected]...
    >
    > "MattB" <[email protected]> wrote in message news:[email protected]...

    > > Nice job. Despite what anyone says you _can_ follow directions.
    > >

    > OH he can follow directions just fine. Now if you ask him to remove or install a part wtihout
    > stripping something then look out!

    So I like to take my clothes off... sue me!

    Bill "smartass*" S.

    *you, I mean*
     
  20. Michael Dart

    Michael Dart Guest

    Are you sure you want to discuss something as 'sensitive' as that in a public forum? You could go
    get some antibiotics. ;^)

    Mike - first Darsh now Bill...hmmmm.
     
Loading...
Thread Status:
Not open for further replies.
Loading...