OT: Anyone know how to delete The Trickler?!?



Status
Not open for further replies.
S

Sorni

Guest
Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly Gator Corp.

"Ad-Aware" pointed this out to me, but can't clean it.

Norton doesn't recognize it as a virus.

*I* can't delete it -- just get an "Access Denied" message (even in DOS mode).

I did tell my firewall thing to deny it access to the 'net, and don't see any symptoms or anything,
but I'd like to get rid of it.

Anyone know what I should do?!?

TIA,

Bill "found some foreign sites about it but they didn't have a 'remove' button" S.
 
"Sorni" <[email protected]> wrote in message
news:D[email protected]...
> Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
> Gator Corp.
>
> "Ad-Aware" pointed this out to me, but can't clean it.
>
> Norton doesn't recognize it as a virus.
>
> *I* can't delete it -- just get an "Access Denied" message (even in DOS mode).
>
> I did tell my firewall thing to deny it access to the 'net, and don't see any symptoms or
> anything, but I'd like to get rid of it.
>
> Anyone know what I should do?!?
>
> TIA,
>
> Bill "found some foreign sites about it but they didn't have a 'remove' button" S.
>
>

Have you tried deleting the file in true DOS mode, where you reboot into "Command Prompt Only"? That
should work. If you are just opening a DOS window, then the file will still be in use and you will
be denied.

There's also a new version of AdAware (6) out which may deal with it a little better.

You could also see if you can find the reference that loads the file when you boot. Most likely it's
in your registry. You can search the registry for a value, try searching for that file name and then
deleting any reference you find to it (after backing up, of course).

Matt
 
> Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
> Gator Corp.
>
> "Ad-Aware" pointed this out to me, but can't clean it.
>
> Norton doesn't recognize it as a virus.
>
> *I* can't delete it -- just get an "Access Denied" message (even in DOS mode).
>
> I did tell my firewall thing to deny it access to the 'net, and don't see any symptoms or
> anything, but I'd like to get rid of it.
>
> Anyone know what I should do?!?
>
> TIA,
>
> Bill "found some foreign sites about it but they didn't have a 'remove' button" S.

If you get "access denied" it's usually because the file is in use by another process (certainly
would be if the program is running). Is this an OS where you can startup in a DOS prompt (win 98)?
If so, you can delete it that way. Otherwise for NT and 2K (and I presume XP) you can use the
"recovery console" to get in and dig around.
http://www.windows2000faq.com/Articles/Index.cfm?ArticleID=14731
 
"MattB" <[email protected]> wrote in message news:[email protected]...
> "Sorni" <[email protected]> wrote in message
> news:D[email protected]...
> > Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
> > Gator Corp.
> >
> > "Ad-Aware" pointed this out to me, but can't clean it.
> >
> > Norton doesn't recognize it as a virus.
> >
> > *I* can't delete it -- just get an "Access Denied" message (even in DOS mode).
> >
> > I did tell my firewall thing to deny it access to the 'net, and don't
see
> > any symptoms or anything, but I'd like to get rid of it.
> >
> > Anyone know what I should do?!?
> >
> > TIA,
> >
> > Bill "found some foreign sites about it but they didn't have a 'remove' button" S.
> >
> >
>
> Have you tried deleting the file in true DOS mode, where you reboot into "Command Prompt Only"?
> That should work. If you are just opening a DOS window, then the file will still be in use and you
> will be denied.

Tried 3 times now. Get an error message (non Blue Screen) saying computer needs to re-start; I press
any key and it shuts off. (My machine has more bugs than Rimmer's family tree!)

Is there a way to "first boot" into DOS? I know I should know that, but... (one of the "F'
keys, right?)

>
> There's also a new version of AdAware (6) out which may deal with it a little better.
>
> You could also see if you can find the reference that loads the file when you boot. Most likely
> it's in your registry. You can search the registry
for
> a value, try searching for that file name and then deleting any reference you find to it (after
> backing up, of course).

That went over my head faster than you and JD on a steep climb @ 13,000!

Bill "bootless" S.
 
"Sorni" <[email protected]> wrote in message
news:[email protected]...
> "MattB" <[email protected]> wrote in message news:[email protected]...
> > "Sorni" <[email protected]> wrote in message
> > news:D[email protected]...
> > > Somehow I've picked up the friggin' "Trickler" trojan/spyware thing
from
> > > that dastardly Gator Corp.
> > >
> > > "Ad-Aware" pointed this out to me, but can't clean it.
> > >
> > > Norton doesn't recognize it as a virus.
> > >
> > > *I* can't delete it -- just get an "Access Denied" message (even in
DOS
> > > mode).
> > >
> > > I did tell my firewall thing to deny it access to the 'net, and don't
> see
> > > any symptoms or anything, but I'd like to get rid of it.
> > >
> > > Anyone know what I should do?!?
> > >
> > > TIA,
> > >
> > > Bill "found some foreign sites about it but they didn't have a
'remove'
> > > button" S.
> > >
> > >
> >
> > Have you tried deleting the file in true DOS mode, where you reboot into "Command Prompt Only"?
> > That should work. If you are just opening a DOS window, then the file will still be in use and
> > you will be denied.
>
>
> Tried 3 times now. Get an error message (non Blue Screen) saying computer needs to re-start; I
> press any key and it shuts off. (My machine has more bugs than Rimmer's family tree!)
>
> Is there a way to "first boot" into DOS? I know I should know that,
but...
> (one of the "F' keys, right?)
>
> >
> > There's also a new version of AdAware (6) out which may deal with it a little better.
> >
> > You could also see if you can find the reference that loads the file
when
> > you boot. Most likely it's in your registry. You can search the registry
> for
> > a value, try searching for that file name and then deleting any
reference
> > you find to it (after backing up, of course).
>
> That went over my head faster than you and JD on a steep climb @ 13,000!
>
> Bill "bootless" S.
>

F8 for the menu to give you those choices. What version of Windows?
 
> F8 for the menu to give you those choices.

...when you first turn the machine on, keep pressing the F8 key between the time you see your "bios"
message and the windows starting message. You may get a false message about a "keyboard error, press
F1 to continue"* - just press F1 then press the hell out of F8.

*(the irony of which always cracks me up)
 
"John Harlow" <[email protected]> wrote in message news:9Qy0a.12196$vm2.5667@rwcrnsc54...
>
> > F8 for the menu to give you those choices.
>
> ...when you first turn the machine on, keep pressing the F8 key between
the
> time you see your "bios" message and the windows starting message. You
may
> get a false message about a "keyboard error, press F1 to continue"* - just press F1 then press the
> hell out of F8.
>
> *(the irony of which always cracks me up)

Thanks Matt and John -- here's the current:

I have Win 98. The error message (when I try to Restart in DOS) is a Windows Protection dealie.

Did the F8 thing -- got the menu of choices -- picked #5 (Boot to Command Prompt, I think it was).

Successfully got to the file...and it STILL won't delete! ("Access Denied" again.)

I probably should leave well enough alone (everything's working as well as this buggy K6-2 allows,
anyway), but it just, er, bugs me!

Bill "I could try SAFE MODE command prompt I suppose (but bet it won't make a diff.)" S.

PS: Due for a new Dell, Dude, anyway -- just always hate the ordeal of setting up ****...
 
"Sorni" <[email protected]> wrote in message
news:[email protected]... <snip>
> Thanks Matt and John -- here's the current:
>
> I have Win 98. The error message (when I try to Restart in DOS) is a Windows Protection dealie.
>
> Did the F8 thing -- got the menu of choices -- picked #5 (Boot to Command Prompt, I think it was).
>
> Successfully got to the file...and it STILL won't delete! ("Access
Denied"
> again.)
>
> I probably should leave well enough alone (everything's working as well as this buggy K6-2 allows,
> anyway), but it just, er, bugs me!
>
> Bill "I could try SAFE MODE command prompt I suppose (but bet it won't
make
> a diff.)" S.
>
> PS: Due for a new Dell, Dude, anyway -- just always hate the ordeal of setting up ****...
>

How odd. I'd give the Safe Mode Command Prompt a try. Maybe the thing is loading from Autoexec.bat
or config.sys which are both still run when you boot into Command Prompt (non-safe). But it seems
like an outside shot. Most of these spyware apps use a more sophisticated method to load. If it
still won't delete in SMCP you can try one more thing. Go to where this file is and type in the
following:

attrib -s -h -r <filename>

It's possible that it's marked at a System file (s), Hidden file (h) or Read only (r) and that's why
you can't delete it (although I'm pretty sure read-only doesn't matter but this shouldn't hurt).
This will remove those settings. Then try to del it again.

Matt (takin it personal now - Trickler MUST DIE!!!)
 
Check the file attributes. After booting to DOS, type "attrib filename" and it'll show you if the
file is protected. It's probably got system, read-only and hidden attributes. To remove those
attributes type "attrib -r - s -h filename" You should be able to delete it then.

Si

"Sorni" <[email protected]> wrote in message
news:[email protected]...
>
> "John Harlow" <[email protected]> wrote in message news:9Qy0a.12196$vm2.5667@rwcrnsc54...
> >
> > > F8 for the menu to give you those choices.
> >
> > ...when you first turn the machine on, keep pressing the F8 key between
> the
> > time you see your "bios" message and the windows starting message. You
> may
> > get a false message about a "keyboard error, press F1 to continue"* -
just
> > press F1 then press the hell out of F8.
> >
> > *(the irony of which always cracks me up)
>
> Thanks Matt and John -- here's the current:
>
> I have Win 98. The error message (when I try to Restart in DOS) is a Windows Protection dealie.
>
> Did the F8 thing -- got the menu of choices -- picked #5 (Boot to Command Prompt, I think it was).
>
> Successfully got to the file...and it STILL won't delete! ("Access
Denied"
> again.)
>
> I probably should leave well enough alone (everything's working as well as this buggy K6-2 allows,
> anyway), but it just, er, bugs me!
>
> Bill "I could try SAFE MODE command prompt I suppose (but bet it won't
make
> a diff.)" S.
>
> PS: Due for a new Dell, Dude, anyway -- just always hate the ordeal of setting up ****...
 
> Matt (takin it personal now - Trickler MUST DIE!!!)

Heh - really!

BTW, Bill - what is the filename you are trying to delete?
 
"Si" <[email protected]> wrote in message news:[email protected]...
> Check the file attributes. After booting to DOS, type "attrib filename"
and
> it'll show you if the file is protected. It's probably got system,
read-only
> and hidden attributes. To remove those attributes type "attrib -r - s -h filename" You should be
> able to delete it then.
>
> Si

Hey, good idea!

Matt
 
"Sorni" <[email protected]> wrote in message
news:D[email protected]...
> Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
> Gator Corp.

{Snip many helpful replies by Matt, John and Si -- see thread if interested}

Well, the "Safe Mode" boot to command prompt didn't work either, but the "Attrib" command did the
trick (that is, it "did in" the Trickler! :)

Typed "attrib trickl~1.exe" and got back "r", so "-r" is all I used to change it. Then it deleted
just fine (although I think I'll check again soon, not that I'm paranoid or anything. WHAT WAS
THAT NOISE?!?)

The full file name was something like "Trickler_1020" -- the 'net search I did turned up a few
variations of the number part.

Thanks again, guys -- I learned DOS commands back in the old days, but was smart enough NOT to learn
how to mess with ATTRIB lest I screw up things BAD!

Bill "our long (inter?)national nightmare has ended" S.
 
"Sorni" <[email protected]> wrote in message
news:[email protected]...
> "Sorni" <[email protected]> wrote in message
> news:D[email protected]...
> > Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
> > Gator Corp.
>
> {Snip many helpful replies by Matt, John and Si -- see thread if
interested}
>
>
> Well, the "Safe Mode" boot to command prompt didn't work either, but the "Attrib" command did the
> trick (that is, it "did in" the Trickler! :)
>
> Typed "attrib trickl~1.exe" and got back "r", so "-r" is all I used to change it. Then it deleted
> just fine (although I think I'll check again soon, not that I'm paranoid or anything. WHAT WAS
> THAT NOISE?!?)
>
> The full file name was something like "Trickler_1020" -- the 'net search I did turned up a few
> variations of the number part.
>
> Thanks again, guys -- I learned DOS commands back in the old days, but was smart enough NOT to
> learn how to mess with ATTRIB lest I screw up things BAD!
>
> Bill "our long (inter?)national nightmare has ended" S.
>
>

Keel da Trickler!!! Die! Die! Die!

Nice job. Despite what anyone says you _can_ follow directions.

Matt

"Gravity. It's not just a good idea, it's the law!"

PS - I made a new sig. Woooo!
 
Sorni wrote:

>>Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
>>Gator Corp.

Aw rats. A geek thread and I missed it. Still, I was taking the rigid SS through its paces which
kinda compensates... :)
 
"bomba" <[email protected]> wrote in message news:[email protected]...
> Sorni wrote:
>
> >>Somehow I've picked up the friggin' "Trickler" trojan/spyware thing from that dastardly
> >>Gator Corp.
>
> Aw rats. A geek thread and I missed it. Still, I was taking the rigid SS through its paces which
> kinda compensates... :)

Yeah, I figured you'd be among the first to jump in there! Glad you have an excellent excuse :)

Bill "now I sorta miss it" S.
 
"MattB" <[email protected]> wrote in message news:[email protected]...
> "Sorni" <[email protected]> wrote in message
> news:[email protected]...
> > "Sorni" <[email protected]> wrote in message
> > news:D[email protected]...
> > > Somehow I've picked up the friggin' "Trickler" trojan/spyware thing
from
> > > that dastardly Gator Corp.
> >

>
> Nice job. Despite what anyone says you _can_ follow directions.
>
> Matt
>
> "Gravity. It's not just a good idea, it's the law!"
>
> PS - I made a new sig. Woooo!
>
>
OH he can follow directions just fine. Now if you ask him to remove or install a part wtihout
stripping something then look out!

Michael
 
"Si" <[email protected]> wrote in message news:[email protected]...
> Check the file attributes. After booting to DOS, type "attrib filename"
and
> it'll show you if the file is protected. It's probably got system,
read-only
> and hidden attributes. To remove those attributes type "attrib -r - s -h filename" You should be
> able to delete it then.
>
> Si
>
> "Sorni" <[email protected]> wrote in message
> news:[email protected]...
> >
> > "John Harlow" <[email protected]> wrote in message news:9Qy0a.12196$vm2.5667@rwcrnsc54...
> > >
> > > > F8 for the menu to give you those choices.
> > >
> > > ...when you first turn the machine on, keep pressing the F8 key
between
> > the
> > > time you see your "bios" message and the windows starting message.
You
> > may
> > > get a false message about a "keyboard error, press F1 to continue"* -
> just
> > > press F1 then press the hell out of F8.
> > >
> > > *(the irony of which always cracks me up)
> >
> > Thanks Matt and John -- here's the current:
> >
> > I have Win 98. The error message (when I try to Restart in DOS) is a Windows Protection dealie.
> >
> > Did the F8 thing -- got the menu of choices -- picked #5 (Boot to
Command
> > Prompt, I think it was).
> >
> > Successfully got to the file...and it STILL won't delete! ("Access
> Denied"
> > again.)
> >
> > I probably should leave well enough alone (everything's working as well
as
> > this buggy K6-2 allows, anyway), but it just, er, bugs me!
> >
> > Bill "I could try SAFE MODE command prompt I suppose (but bet it won't
> make
> > a diff.)" S.
> >
> > PS: Due for a new Dell, Dude, anyway -- just always hate the ordeal of setting up ****...
> >
> >
>
>
This all may be overkill. Is it because the application is already up? If IE is up (and perhaps
anything which talks to the internet) tickler comes up. try to reboot, don't bring anything up
except ad-aware and try again.

Good luck!
--
Craig Brossman, Durango Colorado
 
Are you sure you want to discuss something as 'sensitive' as that in a public forum? You could go
get some antibiotics. ;^)

Mike - first Darsh now Bill...hmmmm.
 
Status
Not open for further replies.