||||
Symantec.com > Security Response > Threats and Risks > Dialer.DialPlatform
PRINT THIS PAGE

Dialer.DialPlatform - Removal

Printer Friendly Page

Updated: February 13, 2007 11:37:34 AM
Type: Dialer
Risk Impact: High
File Names: Loader.dll.
Systems Affected: Windows 2000, Windows 95, Windows 98, Windows Me, Windows NT, Windows Server 2003, Windows XP


The following instructions pertain to all Symantec antivirus products that support Security Risk detection.
  1. Update the definitions.
  2. Close modem connections.
  3. Run a full system scan and write down the path and file names of all the files detected as Dialer.DialPlatform.
  4. Unregister the loader.dll file.
  5. Scan for and delete the files.
  6. Delete the value that was added to the registry.
For specific details on each of these steps, read the following instructions.

1. To update the definitions
To obtain the most recent definitions, start your Symantec program and run LiveUpdate.

2. To close modem connections
This risk uses available modems to create an Internet connection, sometimes without any visible signs. In order to successfully remove this threat, ensure that all modem-based Internet connections are disconnected before proceeding. For instructions on how to do this, consult the appropriate Internet service provider, computer manufacturer, or operating system documentation.

3. Recording the path to the ieloader.dll file.
  1. Start your Symantec antivirus program and run a full system scan.
  2. If any files are detected as Dialer.Dialplatform, record the path to the file.
    4. Unregistering the loader.dll file
    1. Click Start, and then click Run. (The Run dialog box appears.)
    2. Type, or copy and paste, the following text:

      regsvr32 /u <path to loader.dll>

      then click OK.

    3. If a dialog box confirming this action appears, click OK.

    5. To scan for and delete the files
    1. Start your Symantec antivirus program, and then run a full system scan.
    2. If any files are detected as Dialer.DialPlatform, click Delete.

      Note: If your Symantec antivirus product reports that it cannot delete a detected file, write down the path and file name. Then use Windows Explorer to locate and delete the file.
      5. Deleting the value from the registry
      WARNING: Symantec strongly recommends that you back up the registry before making any changes to it. Incorrect changes to the registry can result in permanent data loss or corrupted files. Modify the specified keys only. Read the document, "How to make a backup of the Windows registry," for instructions.

      Note: This is done to make sure all keys are removed. They may not be there if they were removed by regsvr32.

      Click Start, and then click Run. (The Run dialog box appears.)
      1. Type regedit

        Then click OK. (The Registry Editor opens.)

      2. Navigate to and delete the following keys if they exist:

        HKEY_LOCAL_MACHINE\Software\PTSSA
        HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2E246FAE-8420-11D9-870D-000C2917DE7F}
        HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F}
      3. Exit the Registry Editor.


        Search by name
        Example: W32.Beagle.AG@mm
        Windows 7
        Windows Vista Security
        ©1995 - 2009 Symantec Corporation
        Site Map|
        Legal Notices|
        Privacy Policy|
        |
        Contact Us|
        Global Sites|
        License Agreements|
        RSS