Your
generous donations help keep this site online!
|
Foistware: Liveshows Dialer
Liveshows is a dialler
program, a poular item among some adult Web sites. A dialer, often advertised
as a 'viewer' for adult materials, uses your computer's modem to dial a high-charge
per-minute phone number (e.g. 1-900 [US] or 0190 [Ger.]), often in another
country. Some dialers may also silently disconnect and reconnect your modem
even as you are surfing the Web, as soon as the program is executed.
This particular dialer is configurable by each site that wants to distribute
it, and there are a number of variations with unique filenames and behaviours.
Carol writes:
There are... at least 5 or 6 that I've seen that are {ahem} advertised via
spam. One of them does not install the registry entry and the file that runs
at startup to reinstall it. The others use various names for that file, the
dialer files themselves, and the shortcuts.
100% of the ones I've tracked have come as a voluntary download from a
website, usually advertised as XXX pictures, movies, etc. It doesn't SAY
it's a dialer but it doesn't automatically load (via Active-X or JS) and it
doesn't hide the fact that it's porn when it comes to the download, though
the spam email that originally leads to the site MAY well be misleading.
This dialer also does not dial by itself. These are the reasons you won't
find it classified as a trojan. Those that visit the site on first contact
with an internet connection, pop up a page even offline, dial by themselves,
or do tricks like the Connect2party in which the uninstaller actually
REinstalls, are classified as trojans.
Infection Method
A Liveshows installer reportly
comes as an attachment in a piece of unsolicited email. It is also installed
from some adult Web sites (see Carol's note above). If executed, a window
may appear every time the computer is started, hounding the user to accept
a set of Terms and install the dialer. The installer may also add install
links to the Start menu and desktop, which might re-appear after they are
deleted.
Removal Procedure
Carol provides the following removal instructions for the Liveshows dialer in its many variations:
"If you have tried to delete these icons and the files they point to but it
all comes back when you restart your computer, this is for you.
This applies to the most current version known and prevalent at the moment,
and a few variations.
1. Right-click on the desktop shortcut icon and select Properties from the menu. Make note of the information in the Target box. These are some of the files you will need to remove. It may look like C:\liveshows\dialer.exe or there may be other variations. Write it down exactly as it appears and close the Properties window.
2. Open Windows Explorer or MyComputer. Open C: (or the drive on which
it appears). Look in C: (no folder) for the files FINDFAST.EXE, filez.exe,
sexypicz.exe, cams.exe, or a file with a "sex" name or an icon that matches
the icon on your desktop. This will be the file you need to search for in
the Windows Registry in Step 4. You won't be able to delete this file right
now. Write down the name and leave this window open.
Edit the Registry If at any time what you are seeing does not seem
to match the description here, STOP, close the Registry Editor, and ask for
help. It is very important that you not delete the wrong item from the Registry.
3. Click Start then Run. Type REGEDIT in the box, then click OK. You should get a small window that says "Registry Editor" at the top.
---------------------------
Back up the Registry. If you don't know for sure that your computer
is automatically keeping backup copies of your Registry, it is best to make
a backup before going further. From the Registry Editor's REGISTRY menu,
click on EXPORT REGISTRY FILE. You should get a file manager box ready to
save it to Desktop. Name the file BACKUP.REG and make sure the Export Range
is set to ALL, then click SAVE. Then continue with the instructions. Delete
the Backup.reg from your desktop once you have verified that Liveshows has
been permanently removed and your computer is otherwise operating normally.
---------------------------
4. From the Registry Editor's EDIT menu, click on FIND. Search for the file identified in step *2* above.
5. When found, verify that the NAME column says "SystemTasks" and the DATA
column identifies the file found in Step *2* above, like "C:\sexypicz.exe"
or "C:\filez.exe" or "C:\FINDFAST.EXE" and that it is highlighted. Careful:
If that file is FINDFAST.EXE be sure it is "C:\FINDFAST.EXE" and NOT the
one in C:\Program Files\. The one in Program Files is part of MS Office.
If you find the Program Files one, key F3 on your keyboard to continue searching.
6. Once you have found the one whose DATA refers to your file in C: and verified that it is highlighted,
then use the Delete key on your keyboard to delete that entry. Key F3 on
your keyboard to continue searching until you get the notice that the search
is complete.
7. Close the Registry Editor from "Registry" menu -> Exit.
8. Right-click and Delete the desktop shortcut and the Start menu shortcut.
Delete the files identified in Step 1. If you have identified the "diallerprograms"
folder in the Program Files, be sure to delete only the "diallerprograms"
folder and NOT the Program Files folder. Restart your computer
9. The shortcuts should not reappear. Now delete the file identified in Step 2. Once that is done you are finished.
"
Links
Newsgroup
query of Liveshows dialer removal (Google Groups)
"All trademarks are hereby
acknowledged as the property of their respective owners." So don't even
THINK about suing me :)