How to remove dlres.exe and rdve.exe:


When rebooted, I detected infection by a file called dlres.exe in directory C:\Program Files\ Webdialer, which brought up a dialer to 1 900 226 4260 at every reboot. The window said CONNECT and gave a rate of $3.99/min or so in its title. Uninstalling it did not prevent it from being reinstalled by a program called rdve.exe, which was lodged in C:\Windows and in the Startup folder, as well as some other locations in my User directory and the Default user one. Was eliminated by removing it from the Startup folder (Start-->All Programs-->Startup) as well as from the Registry location MyComputer\HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run

Concurrent with the appearance of this program, scanning activity was detected on port 139.


If you are a class-action lawyer and wish to find out who the 900 number belongs to and initiate litigation against the responsible party, email alex[dot]caltech [dot] edu to get the original file.

For more information, see Symantec's security response.


October 9 2002


To Alex's Home Page

This page has been visited times since October 11, 2002. This page is moving to my wiki.