Removing dialers
1. Using Enterprise Console2. Sophos Anti-Virus for Windows, version 7
3. Windows 95/98/Me
4. Macintosh OS X computers
5. NetWare
6. Linux
7. UNIX
8. OpenVMS
A Dialer is a program that typically dials a premium rate phone line, normally with the intent of gaining access to pornographic material. Please see the specific analysis for more information.
Where the analysis includes information on removal, those instructions should be used. Otherwise, do as follows.
1. Using Enterprise Console
You can remove dialers over a network using Enterprise Console.
2. Sophos Anti-Virus for Windows, version 7
To remove a dialer:
- Close down all programs.
- Go to Start|Programs|Sophos|Sophos Anti-Virus and run the 'Sophos Anti-Virus' program.
- In the 'Available scans' list, select the scan for which you want to enable removal, or use 'Setup a new scan' to scan your local disks. (Do not select a scheduled scan, as you will not be able to run this manually.)
- Click Edit|Configure this Scan.
- Select the Cleanup tab and select 'Automatically clean up items that contain virus/spyware'. Click Apply|OK.
- Click 'Save and Start' to save the scan, and run it immediately.
- At the end of the scan, click the link in 'Items passed to Quarantine' to open Quarantine manager.
- Select any items needing removal.
- From the 'Perform action' dropdown, select 'Delete'.
- Select 'Yes' or 'Yes to all' to delete files.
- Run another scan to ensure that the file has been removed.
- Click Edit|Configure this Scan.
- Select the Cleanup tab and deselect 'Automatically clean up items that contain virus/spyware'. Click Apply|OK.
If Sophos Anti-Virus cannot delete files because they are held open by the operating system, make a note of the names of the files, then do as follows.
- Download an emergency copy of SAV32CLI. On an uninfected Windows computer, run this file to extract the contents into a SAV32CLI folder on a medium that can be write-protected. Copy the SAV32CLI folder produced onto a medium that can be write-protected. Add any relevant IDEs to this folder and write-protect the disk (on a CD/R or CD/RW close the session).
- Restart the computer in Safe Mode. Go to Start|Shut Down. Select 'Restart' from the dropdown list and click 'OK'. Windows will restart. Press F8 when you see the following text at the bottom of the screen "For troubleshooting and advanced startup options for Windows 2000, press F8". In the Windows 2000 Advanced Options Menu, select the third option 'Safe Mode with Command Prompt'.
- At the affected computer, place the CD in the CD drive (D: in this example).
At the command prompt type
D:
to access the CD drive. Type:CD SAV32CLI
Then type:SAV32CLI -REMOVE -P=C:\LOGFILE.TXT
to remove the file. - Before leaving Safe Mode, edit any registry entries mentioned in the analysis recovery instructions. If problems persist, contact support.
![[TOP]](/images/arrowtop.gif){kind=small}
3. Windows 95/98/Me
To remove a dialer:
- Check the threat analysis for any special details on removal.
- Close down all programs.
- Go to Start|Programs|Sophos Anti-Virus and run the Sophos Anti-Virus program.
- Select the Immediate tab.
- Go to Options|Configuration. Select the 'Disinfection' or the 'Action' tab, (according to what is displayed in your window) select 'Infected files', select 'Delete' then click 'OK'.
- Click the green 'scan' arrow, or the 'GO' button (as appropriate) to run the scan.
- Delete the files. Run another scan to check it has gone.
- Go back to Options|Configuration. Select the 'Disinfection' or the 'Action' tab, then deselect 'Infected files' and 'Delete'. Click 'OK'.
Alternatively, find the file in Explorer and press the Shift and Del keys at the same time to delete it.
If the dialer cannot be removed because the files are held open by the operating system:
- Reboot the computer from a clean startup or system disk.
- Delete the file manually, or using the following DOS instructions:
You will need SWEEP for DOS on floppy disk. To do this, make a set of Emergency SAV disks.
- Check the analysis for any special details on removal.
- Reboot your PC from a clean system disk, put the SWEEP for DOS
disk in the floppy drive and at the A: prompt type:
SWEEP *: -REMOVEF
4. Macintosh OS X computers
To remove a dialer:
- Check the threat analysis for any special details.
- Close down all programs.
- Run the Sophos Anti-Virus program.
- Go to 'Sophos Anti-Virus preferences'.
- Choose 'Disinfection' from the 'Immediate Mode' menu.
- Select 'Infected Files' and 'Delete'.
- Close 'Sophos Anti-Virus preferences'.
- Click the green 'Play' arrow button.
- Click 'OK' when asked if files should be deleted.
- Go back to 'Disinfection' and deselect 'Infected Files' and 'Delete'.
- Alternatively, find the file and delete it.
5. NetWare
- Check the threat analysis for any special details on removal.
- Run a scan to locate the dialer file.
- Delete the file manually from your server.
6. Linux
- Check the threat analysis for details on the dialer and its removal.
- Use savscan with the -remove option
savscan -remove
- Run a scan to check that dialer files were deleted.
7. UNIX
- Check the threat analysis for any special details on removal.
- Use SWEEP with the -remove option
sweep -remove
Alternatively, find the file and delete it.
8. OpenVMS
- Check the threat analysis for any special details on removal.
- Delete the dialer files by running VSWEEP from DCL using the command line qualifier '/REMOVEF'.
- Note: '/REMOVEF' does not prompt for confirmation before deletion and should be used with caution.
Alternatively, find the file and delete it.
For details on the use of these command line qualifiers and sample batch files using them, see the Sophos Anti-Virus for OpenVMS user manual.
