WARNING: The following section includes step-by-step information on how to edit the Windows Registry, a large database containing system and program settings that are essential to how the OS (operating system) operates. Follow Registry-editing instructions to the letter and be sure to make a backup of your Registry before you begin (Registry errors can render your computer inoperable if you don't have a backup). This procedure differs depending on the OS you use. For more information on backing up and editing the Registry, see these articles: "Protect Yourself" and "Register Here."

How To Get Rid Of Dialer.Inproc.B

There are many versions of Dialer Trojan horses, and variations of this particular virus may have unique removal processes. If you believe the program is actively using your PC to place calls, unplug the phone line from the modem until the malware has been removed.

If you use the System Restore feature in Windows Me/XP, a copy of Dialer could remain in the System Restore backup folder. To remove it, disable System Restore. To do this in WinXP, click Start and Control Panel, double-click the System icon, select the System Restore tab, check the Turn Off System Restore checkbox, and click Apply. Confirm that you want to disable System Restore, and the infected backups will be deleted.

To remove the System Restore feature's backup files in WinMe, right-click the My Computer icon on the Desktop, select Properties, and select the Performance tab. Click File System and Troubleshooting. Select Disable System Restore and click OK. The infected backups will be deleted. Restart your computer.

To remove Dialer.Inproc.B manually, start Windows in Safe Mode by pressing the F8 key as Windows begins to boot. Open Windows Explorer, navigate to the Windows system directory (C:\WINDOWS\SYSTEM or C:\WINNT\SYSTEM32), and delete the Egcomservice2.dll and Egcomservice_1051.dll files.

You then need to edit the Windows Registry. Click Start and Run, type regedit in the Open box, and click OK. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\CLSID and delete these two keys by right-clicking each and selecting Delete:
{2AEEAC34-FD74-4142-B891-4B05C0C03C87}
{D7B59209-0ED9-4986-BD4A-527BE836C6B2}

Using the same deletion method, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\INTERFACE and delete this key:
{F8ACA5A0-060A-478A-8368-1407780D2251}

Next, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\TYPELIB and delete this key:
{AD9B275B-E42D-4C7F-9FFB-29B5FB81688B}

Finally, navigate to HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES and delete these four keys:

Egcomservice.egcomsvc
Egcomservice.egcomsvc.1
Egcomservice2.egcomsvc2
Egcomservice2.egcomsvc2.1

Close the Registry Editor to save the changes and restart the computer.

If you prefer to use an antivirus utility to remove Dialer, Symantec's Norton AntiVirus 2005 will do the job. First, run the program, click the LiveUpdate button to update its virus definitions, and restart the computer. Start Windows in Safe Mode by pressing F8 as Windows begins to boot. Start Norton AntiVirus 2005 again, click the Scan button, and wait for the program to find and remove the dialer files. When it is done, restart the PC.

After removing the dialer using either method, WinMe/XP users should re-enable the System Restore feature.

by Kevin Savetz