Once again, I woke up this AM to a bright blue & white "e" icon on my desktop entitled "NoCreditCard"
Which means I had to spend more time cleaning up my system & searching my registry for their auto-downloaded/auto-installed crap.
This is easily the 5th time, in probably the past year, that I have had to clean their $hit off my computer. After receiving their first 2 bills for hundreds of dollars months ago, and doing all the necessary paperwork/phonecalls/etc, they are still finding ways to violate & harrass me. No, I NEVER sent them any payment, and I have not recieved anymore mail from them regarding payment or collection agencies, etc.
I have cancelled all long distance services on my home telephone. And I now unplug the modem every time I finish using the internet. I even use a pop-up stopper from Panicware (obvisously these vicious Alyon-related porn sites are immune to it).
Hopefully, even though they've managed to repeatedly install their auto-dialer on my computer, they will not be able to actually place calls with it.
For novices searching their computer for these files, one easy way is to check the properties of the new icon you see on your desktop. Check the date on it, then do a search from your start menu (Windows platform) for any files modified on that same date. Along with normal files, you will find all the auto-dialer files & directories... and you can easily delete them from there.
This time, in addition to their multiple shortcut icons installed on the desktop & start menu, they installed the following:
C:\Program Files\Instant Access
C:\Program Files\Instant Access\Center
C:\Program Files\Instant Access\Center\NoCreditCard shortcut
C:\Program Files\Instant Access\Dialer
C:\Program Files\Instant Access\Dialer\HTM_g2F3FQoQAQZ7FSmSwdGREwX
C:\Program Files\Instant Access\Dialer\HTM_g2F3FQoQAQZ7FSmSwdGREwX\Common
C:\Program Files\Instant Access\Dialer\HTM_g2F3FQoQAQZ7FSmSwdGREwX\Common\module.php
C:\Program Files\Instant Access\Dialer\HTM_g2F3FQoQAQZ7FSmSwdGREwX\Common\show_module.php
C:\Program Files\Instant Access\Dialer\HTM_g2F3FQoQAQZ7FSmSwdGREwX\ExitTraffic
C:\Program Files\Instant Access\Dialer\HTM_g2F3FQoQAQZ7FSmSwdGREwX\ExitTraffic\exit.php
C:\Program Files\Instant Access\Dialer\HTM_g2F3FQoQAQZ7FSmSwdGREwX\img
C:\Program Files\Instant Access\Dialer\HTM_g2F3FQoQAQZ7FSmSwdGREwX\img\banner.bmp
C:\Program Files\Instant Access\Dialer\HTM_g2F3FQoQAQZ7FSmSwdGREwX\img\ncc.ico
I did not see anything suspicious in the registry this time, though i believe that may be due to the fact that they couldn't actually place any outgoing calls with the modem, thus they were unable to be connected directly to my pc so they could download more $hit.
Previous times I had files & directories installed with the name "Egroup" or somesuch thing, in addition to "Instant Access"
So, just be warned... even if you think you've seen the last of them after the first attack, they'll find a way to worm themselves back into your lives & onto your computer systems.
I copied all of these files to a CD-ROM, so that I do have proof, if I ever need it. I will continue to seach my computer for any files i may have initially missed, because they tend to have a way of hiding things.
Aprille
Philadelphia, Pennsylvania
U.S.A.