How to remove dlres.exe and rdve.exe:
When rebooted, I detected infection by a file called
dlres.exe in directory C:\Program Files\ Webdialer, which brought up a
dialer to 1 900 226 4260 at every reboot. The window said CONNECT and gave a rate of
$3.99/min or so in its title. Uninstalling it did not prevent it from being
reinstalled by a program called rdve.exe, which was lodged in C:\Windows and in
the Startup folder, as well as some other locations in my User directory and
the Default user one. Was eliminated by removing it from the Startup folder (Start-->All Programs-->Startup) as
well as from the Registry location
MyComputerHKEY_CURRENT_USERSoftwareMicrosoftWindowsCurrentVersionRun
Concurrent with the appearance of this program, scanning
activity was detected on port 139.
If you are a class-action lawyer and wish to find out who the
900 number belongs to and initiate litigation against the responsible party,
email alexdotcaltech dot edu to get the original file.
For more information, see Symantec's
security response
.
October 9 2002