dialer.tibs help

its a dialer program that uses a modem to get to websites.
keeps trying to connect to http;//install.xxxtool ....

Norton Anti-virus detects it, but cant delete it in normal mode. Norton says i have to reboot in safe-mode and scan again.

I have a sony vaio from this year, and cant seem to figure out how to reboot in safe mode. F8 just takes me to what drive i want to load from.

this dialer seems to have survived multiple scans from Ad-Aware SE, and
sygate firewall doesnt seem to stop it (though it maynot be connecting anywhere).

also, i cant delete the file manually.

it installs shortcuts onto the desktop going to:
C:\Program Files\WebSiteViewer\121711.exe" /ac:121711 /sk: /lc: /ul

the file 121711.exe cant be deleted manually.


i'm running windows XP. have scanned with bazooka, adaware, cwsshredder , BHOdemon

 

Hi Burnera,

This link might help: http://pestpatrol.com/pestinfo/t/tib_browser.asp Note that you have to disable the running processes before you can delete this crap.

I also suggest that you follow these steps: READ ME FIRST: Basic Spyware, Trojan And Virus Removal to further clean your machine. Keep track of the steps you can and cannot complete in case you need to post back for more help. Give computer specs - OS, etc. . . along with further symptoms.

MA's link is good too

Best luck

PP

 

i might have got it. i stopped the system restore function and ran adware again, now the website search folder is empty.


about safe mode: i dont know how! i can do it on any computer but mine, lol. F8 takes me to a list of my drives (cd, a, c, etc.) and asks which one i want to boot from, not what kind of boot.

running XP on a sony vaio, sp1. i can think of what other specs would be related to a restart... are there options i can access in XP for safe mode?
i thought i remembered seeing "restart in safe mode" somewhere in time.

an aside: i still find win 98 more user freindly.


edit: GAH!! its back .. same thing

 

thanks major attitude, you were right about the safemode

i got into safemode, scanned with ad-aware, cwshredder, about buster,
CCLeaner. i also have system restore turned off.

rebooted into normal mode, 10 min later without wandering the web (only went to google and here) cws search was back.

rebooted in safe mode, ran norton anti-virus. it took 2 hours and it found 14 files and a virus. was only able to fix 2 of the files. the virus was
bloodhound.

that suckes, so i ran everyhing above again.

rebooted into normal mode, all looked good.

then i got it back, cws search and website viewer again.

so i'm off to read your guides thoroughly, any suggestions in the mean time?

 

I have been fighting something that I thought was TIBS also; but now I think it is something else. I suspect that "it" is reloading TIBS and XXXToolbar and 'Plugin' as well as other crap. I threw everything in my arsenal at it. I have used Norton Antivirus 9.0, adaware 1.04, spybot S&D 13, webroot SpySweeper, Bulletproof Spyware-Adware Remover, SpyhunterS, Spywareblaster, and Spykiller2005, and Spybouncer.

I spent four hours in Safe Mode running all these. The last two or three did not find anything after the others had pretty much gotten rid of everything. Reboot and Voila! Reinfected!

Pest Patrol's web site says that to get rid of TIBS you must delete your win.com file. You get rid of your ability to run Windows at that point as it is a legitimate file.

Is there something else out there that hasn't been detected yet?