|
#1
01-05-2006, 02:38 AM
|
|||
|
|||
EGroup.IEAccess.C (dialer)
Ok, IM here again with another problem. every afternoon when I go to my
computer, MS Antispyware tells me I need to remove EGroup.IEAccess.C(Dialer). I select remove and it is removed. NOT, It returns the next day after the Scheduled scan. I have removed Spysheriff from my computer, can this be another side affect? Thanks for everyones help with other issues!!! 
|
|
#2
01-05-2006, 02:38 AM
|
|||
|
|||
|
Re: EGroup.IEAccess.C (dialer)
From: "dtcar" <dtcar@discussions.microsoft.com>
| Ok, IM here again with another problem. every afternoon when I go to my | computer, MS Antispyware tells me I need to remove | EGroup.IEAccess.C(Dialer). I select remove and it is removed. NOT, It returns | the next day after the Scheduled scan. I have removed Spysheriff from my | computer, can this be another side affect? | Thanks for everyones help with other issues!!! Download MULTI_AV.EXE from the URL -- http://www.ik-cs.com/programs/virtools/Multi_AV.exe To use this utility, perform the following... Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } Choose; Unzip Choose; Close Execute; C:\AV-CLS\StartMenu.BAT { or Double-click on 'Start Menu' in C:\AV-CLS } NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your FireWall to allow it to download the needed AV vendor related files. C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} This will bring up the initial menu of choices and should be executed in Normal Mode. This way all the components can be downloaded from each AV vendor's web site. The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. You can choose to go to each menu item and just download the needed files or you can download the files and perform a scan in Normal Mode. Once you have downloaded the files needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key during boot] and re-run the menu again and choose which scanner you want to run in Safe Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help file. http://www.ik-cs.com/multi-av.htm * * * Please report back your results * * * -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#3
01-05-2006, 02:38 AM
|
|||
|
|||
|
Re: EGroup.IEAccess.C (dialer)
"David H. Lipman" wrote: > From: "dtcar" <dtcar@discussions.microsoft.com> > > | Ok, IM here again with another problem. every afternoon when I go to my > | computer, MS Antispyware tells me I need to remove > | EGroup.IEAccess.C(Dialer). I select remove and it is removed. NOT, It returns > | the next day after the Scheduled scan. I have removed Spysheriff from my > | computer, can this be another side affect? > | Thanks for everyones help with other issues!!! > > Download MULTI_AV.EXE from the URL -- > http://www.ik-cs.com/programs/virtools/Multi_AV.exe > > To use this utility, perform the following... > Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS } > Choose; Unzip > Choose; Close > > Execute; C:\AV-CLS\StartMenu.BAT > { or Double-click on 'Start Menu' in C:\AV-CLS } > > NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your > FireWall to allow it to download the needed AV vendor related files. > > C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS} > This will bring up the initial menu of choices and should be executed in Normal Mode. > This way all the components can be downloaded from each AV vendor's web site. > The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC. > > You can choose to go to each menu item and just download the needed files or you can > download the files and perform a scan in Normal Mode. Once you have downloaded the files > needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key > during boot] and re-run the menu again and choose which scanner you want to run in Safe > Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode. > > When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help > file. http://www.ik-cs.com/multi-av.htm > > > * * * Please report back your results * * * > > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > > OK, I have started the sophos scan. Should I do a complete scan with all of them or select a certain file with each?? >
|
|
#4
01-05-2006, 02:38 AM
|
|||
|
|||
|
Re: EGroup.IEAccess.C (dialer)
From: "dtcar" <dtcar@discussions.microsoft.com>
> > OK, I have started the sophos scan. Should I do a complete scan with all of them or > select a certain file with each?? Use Sophos, McAfee and Kaspersky and do a complete scan. Give them time to do their job. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#5
01-05-2006, 02:38 AM
|
|||
|
|||
|
Re: EGroup.IEAccess.C (dialer)
"David H. Lipman" wrote: > From: "dtcar" <dtcar@discussions.microsoft.com> > > > > > OK, I have started the sophos scan. Should I do a complete scan with all of them or > > select a certain file with each?? OK, will do, takes a while, LOL > > Use Sophos, McAfee and Kaspersky and do a complete scan. Give them time to do their job. > > -- > Dave > http://www.claymania.com/removal-trojan-adware.html > http://www.ik-cs.com/got-a-virus.htm > > >
|
|
#6
01-05-2006, 02:39 AM
|
|||
|
|||
|
Re: EGroup.IEAccess.C (dialer)
The last scan is finishing, in normal mode. I will display the results in a
few mins. Do you need to see results in safe mode as well. If so, I'll display them later after they have finished.
|
|
#7
01-05-2006, 02:39 AM
|
|||
|
|||
|
Re: EGroup.IEAccess.C (dialer)
Sophos Anti-Virus
Version 4.01.0 [Win32/Intel] Virus data version 4.01, January 2006 Includes detection for 116523 viruses, trojans and worms Copyright (c) 1989-2006 Sophos Plc, www.sophos.com System time 22:50:51, System date 20 December 2005 Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive -opt=ISCabinet IDE directory is: c:\AV-CLS\Sophos Using IDE file agent-gg.ide Using IDE file agobotuj.ide Using IDE file attech-b.ide Using IDE file bagdl-an.ide Using IDE file bagdl-ao.ide Using IDE file bagdl-ap.ide Using IDE file bagle-ar.ide Using IDE file bagle-ax.ide Using IDE file bagled-v.ide Using IDE file bagledar.ide Using IDE file bancb-jn.ide Using IDE file bancb-jx.ide Using IDE file bancb-kb.ide Using IDE file bancb-lb.ide Using IDE file bancb-lz.ide Using IDE file banco-fv.ide Using IDE file bankdl-z.ide Using IDE file banke-ik.ide Using IDE file banlo-bs.ide Using IDE file banlo-cl.ide Using IDE file bckdr-e.ide Using IDE file bckdrawr.ide Using IDE file borobt-x.ide Using IDE file brepbo-b.ide Using IDE file danmec-a.ide Using IDE file danmec-e.ide Using IDE file danmec-f.ide Using IDE file danmec-g.ide Using IDE file dasher-c.ide Using IDE file dldr-acm.ide Using IDE file dloa-abj.ide Using IDE file dloa-abq.ide Using IDE file dolebo-a.ide Using IDE file dumad-et.ide Using IDE file fasong-b.ide Using IDE file feebs-a.ide Using IDE file feute-bc.ide Using IDE file funot-a.ide Using IDE file grayb-au.ide Using IDE file ircbo-au.ide Using IDE file loosky-e.ide Using IDE file mainzz-f.ide Using IDE file mipbot-a.ide Using IDE file mytob-fz.ide Using IDE file mytob-gc.ide Using IDE file nailpola.ide Using IDE file nuclearo.ide Using IDE file pccli-ij.ide Using IDE file perda-i.ide Using IDE file poebot-t.ide Using IDE file rbot-afv.ide Using IDE file rbot-aoh.ide Using IDE file rbot-azu.ide Using IDE file rbot-baf.ide Using IDE file rbot-bal.ide Using IDE file rbot-bam.ide Using IDE file rbot-ban.ide Using IDE file rbot-bba.ide Using IDE file rbot-bbb.ide Using IDE file rbot-bcc.ide Using IDE file rbot-bcq.ide Using IDE file ritdoo-f.ide Using IDE file sdbo-agc.ide Using IDE file sdbo-agd.ide Using IDE file sdbo-agg.ide Using IDE file sdbo-agz.ide Using IDE file sdbt-agt.ide Using IDE file smal-cam.ide Using IDE file sober-z.ide Using IDE file spybotel.ide Using IDE file stinx-h.ide Using IDE file stinx-m.ide Using IDE file surila-i.ide Using IDE file surila-j.ide Using IDE file tileb-by.ide Using IDE file tileb-cb.ide Using IDE file tileb-cc.ide Using IDE file traxg-g.ide Using IDE file vbbot-i.ide Using IDE file zapch-ad.ide Using IDE file zapch-af.ide Using IDE file zlob-o.ide Full Scanning Could not check c:\Documents and Settings\Administrator\My Documents\Data\all_files4.exe\SfxArchiveData\Files /td.exe (corrupt) Could not check c:\Documents and Settings\Administrator\My Documents\Data\Data\all_files4.exe\SfxArchiveData\ Files/td.exe (corrupt) Could not check c:\Documents and Settings\Default User\My Documents\Data\all_files4.exe\SfxArchiveData\Files /td.exe (corrupt) Could not check c:\Documents and Settings\Default User\My Documents\Data\Data\all_files4.exe\SfxArchiveData\ Files/td.exe (corrupt) Could not open c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Could not open c:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Could not open c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Could not open c:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG >>> Virus 'Troj/ClsLdr-F' found in file c:\Documents and Settings\Owner\.jpi_cache\jar\1.0\count3.jar-6baf99bc-6b94c5dc.zip\Beyond.class >>> Virus 'Troj/ClsLdr-F' found in file c:\Documents and Settings\Owner\.jpi_cache\jar\1.0\count3.jar-6baf99bc-6b94c5dc.zip\BlackBox.class Removal successful >>> Virus 'Troj/Dloadr-ACN' found in file c:\Documents and Settings\Owner\.jpi_cache\jar\1.0\java.jar-8fba448-39f49514.zip\GetAccess.class >>> Virus 'Troj/Dloadr-ACN' found in file c:\Documents and Settings\Owner\.jpi_cache\jar\1.0\java.jar-8fba448-39f49514.zip\Installer.class Removal successful >>> Virus 'Troj/Dloadr-ACN' found in file c:\Documents and Settings\Owner\.jpi_cache\jar\1.0\java.jar-8fba448-663edb0d.zip\GetAccess.class >>> Virus 'Troj/Dloadr-ACN' found in file c:\Documents and Settings\Owner\.jpi_cache\jar\1.0\java.jar-8fba448-663edb0d.zip\Installer.class Removal successful >>> Virus 'Troj/Dloadr-ACN' found in file c:\Documents and Settings\Owner\.jpi_cache\jar\1.0\java.jar-8fba449-3d8d145f.zip\GetAccess.class >>> Virus 'Troj/Dloadr-ACN' found in file c:\Documents and Settings\Owner\.jpi_cache\jar\1.0\java.jar-8fba449-3d8d145f.zip\Installer.class Removal successful Could not open c:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Could not open c:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Could not check c:\Documents and Settings\Owner\My Documents\win2k_xp\enu\drivers\win2k_xp\hpzr3204.d l_\MS-DOS.5.Compress (part of multi volume archive) Password protected file c:\MCAF7A4.tmp\agentins.ui\agentins.ini Password protected file c:\MCAF7A4.tmp\agentins.ui\agntcons.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\agntinst.htm Password protected file c:\MCAF7A4.tmp\agentins.ui\agntinst.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\agntlang.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\default.htm Password protected file c:\MCAF7A4.tmp\agentins.ui\header.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\HtmlUtil.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\agentins.ini Password protected file c:\MCAF7A4.tmp\agentins.ui\agntcons.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\agntinst.htm Password protected file c:\MCAF7A4.tmp\agentins.ui\agntinst.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\agntlang.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\default.htm Password protected file c:\MCAF7A4.tmp\agentins.ui\header.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\HtmlUtil.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\images/bg_left_1x314.gif Password protected file c:\MCAF7A4.tmp\agentins.ui\images/icon_info_16x16.gif Password protected file c:\MCAF7A4.tmp\agentins.ui\images/icon_mcafee_61x61.gif Password protected file c:\MCAF7A4.tmp\agentins.ui\images/icon_progress_checked_13x13.gif Password protected file c:\MCAF7A4.tmp\agentins.ui\images/icon_progress_hot_13x13.gif Password protected file c:\MCAF7A4.tmp\agentins.ui\images/icon_progress_unchecked_13x13.gif Password protected file c:\MCAF7A4.tmp\agentins.ui\images/vssver.scc Password protected file c:\MCAF7A4.tmp\agentins.ui\InstUtil.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\instwiz.css Password protected file c:\MCAF7A4.tmp\agentins.ui\instxp.css Password protected file c:\MCAF7A4.tmp\agentins.ui\mcccom.lpk Password protected file c:\MCAF7A4.tmp\agentins.ui\setcss.vbs Password protected file c:\MCAF7A4.tmp\agentins.ui\vssver.scc Password protected file c:\MCAF7A4.tmp\vsoins.ui\default.htm Password protected file c:\MCAF7A4.tmp\vsoins.ui\header.vbs Password protected file c:\MCAF7A4.tmp\vsoins.ui\HtmlUtil.vbs Password protected file c:\MCAF7A4.tmp\vsoins.ui\default.htm Password protected file c:\MCAF7A4.tmp\vsoins.ui\header.vbs Password protected file c:\MCAF7A4.tmp\vsoins.ui\HtmlUtil.vbs Password protected file c:\MCAF7A4.tmp\vsoins.ui\images/bg_left_1x314.gif Password protected file c:\MCAF7A4.tmp\vsoins.ui\images/icon_info_16x16.gif Password protected file c:\MCAF7A4.tmp\vsoins.ui\images/icon_mcafee_61x61.gif Password protected file c:\MCAF7A4.tmp\vsoins.ui\images/icon_progress_checked_13x13.gif Password protected file c:\MCAF7A4.tmp\vsoins.ui\images/icon_progress_hot_13x13.gif Password protected file c:\MCAF7A4.tmp\vsoins.ui\images/icon_progress_unchecked_13x13.gif Password protected file c:\MCAF7A4.tmp\vsoins.ui\install.htm Password protected file c:\MCAF7A4.tmp\vsoins.ui\instutil.vbs Password protected file c:\MCAF7A4.tmp\vsoins.ui\instwiz.css Password protected file c:\MCAF7A4.tmp\vsoins.ui\instxp.css Password protected file c:\MCAF7A4.tmp\vsoins.ui\mcccom.lpk Password protected file c:\MCAF7A4.tmp\vsoins.ui\setcss.vbs Password protected file c:\MCAF7A4.tmp\vsoins.ui\VsoConst.vbs Password protected file c:\MCAF7A4.tmp\vsoins.ui\vsoins.ini Password protected file c:\MCAF7A4.tmp\vsoins.ui\vsolang.vbs Password protected file c:\MCAF7A4.tmp\vsoins.ui\VSOPropConst.vbs Password protected file c:\MCAF868.tmp\agentins.ui\agentins.ini Password protected file c:\MCAF868.tmp\agentins.ui\agntcons.vbs Password protected file c:\MCAF868.tmp\agentins.ui\agntinst.htm Password protected file c:\MCAF868.tmp\agentins.ui\agntinst.vbs Password protected file c:\MCAF868.tmp\agentins.ui\agntlang.vbs Password protected file c:\MCAF868.tmp\agentins.ui\default.htm Password protected file c:\MCAF868.tmp\agentins.ui\header.vbs Password protected file c:\MCAF868.tmp\agentins.ui\HtmlUtil.vbs Password protected file c:\MCAF868.tmp\agentins.ui\agentins.ini Password protected file c:\MCAF868.tmp\agentins.ui\agntcons.vbs Password protected file c:\MCAF868.tmp\agentins.ui\agntinst.htm Password protected file c:\MCAF868.tmp\agentins.ui\agntinst.vbs Password protected file c:\MCAF868.tmp\agentins.ui\agntlang.vbs Password protected file c:\MCAF868.tmp\agentins.ui\default.htm Password protected file c:\MCAF868.tmp\agentins.ui\header.vbs Password protected file c:\MCAF868.tmp\agentins.ui\HtmlUtil.vbs Password protected file c:\MCAF868.tmp\agentins.ui\images/bg_left_1x314.gif Password protected file c:\MCAF868.tmp\agentins.ui\images/icon_info_16x16.gif Password protected file c:\MCAF868.tmp\agentins.ui\images/icon_mcafee_61x61.gif Password protected file c:\MCAF868.tmp\agentins.ui\images/icon_progress_checked_13x13.gif Password protected file c:\MCAF868.tmp\agentins.ui\images/icon_progress_hot_13x13.gif Password protected file c:\MCAF868.tmp\agentins.ui\images/icon_progress_unchecked_13x13.gif Password protected file c:\MCAF868.tmp\agentins.ui\images/vssver.scc Password protected file c:\MCAF868.tmp\agentins.ui\InstUtil.vbs Password protected file c:\MCAF868.tmp\agentins.ui\instwiz.css Password protected file c:\MCAF868.tmp\agentins.ui\instxp.css Password protected file c:\MCAF868.tmp\agentins.ui\mcccom.lpk Password protected file c:\MCAF868.tmp\agentins.ui\setcss.vbs Password protected file c:\MCAF868.tmp\agentins.ui\vssver.scc Password protected file c:\MCAF868.tmp\vsoins.ui\default.htm Password protected file c:\MCAF868.tmp\vsoins.ui\header.vbs Password protected file c:\MCAF868.tmp\vsoins.ui\HtmlUtil.vbs Password protected file c:\MCAF868.tmp\vsoins.ui\default.htm Password protected file c:\MCAF868.tmp\vsoins.ui\header.vbs Password protected file c:\MCAF868.tmp\vsoins.ui\HtmlUtil.vbs Password protected file c:\MCAF868.tmp\vsoins.ui\images/bg_left_1x314.gif Password protected file c:\MCAF868.tmp\vsoins.ui\images/icon_info_16x16.gif Password protected file c:\MCAF868.tmp\vsoins.ui\images/icon_mcafee_61x61.gif Password protected file c:\MCAF868.tmp\vsoins.ui\images/icon_progress_checked_13x13.gif Password protected file c:\MCAF868.tmp\vsoins.ui\images/icon_progress_hot_13x13.gif Password protected file c:\MCAF868.tmp\vsoins.ui\images/icon_progress_unchecked_13x13.gif Password protected file c:\MCAF868.tmp\vsoins.ui\install.htm Password protected file c:\MCAF868.tmp\vsoins.ui\instutil.vbs Password protected file c:\MCAF868.tmp\vsoins.ui\instwiz.css Password protected file c:\MCAF868.tmp\vsoins.ui\instxp.css Password protected file c:\MCAF868.tmp\vsoins.ui\mcccom.lpk Password protected file c:\MCAF868.tmp\vsoins.ui\setcss.vbs Password protected file c:\MCAF868.tmp\vsoins.ui\VsoConst.vbs Password protected file c:\MCAF868.tmp\vsoins.ui\vsoins.ini Password protected file c:\MCAF868.tmp\vsoins.ui\vsolang.vbs Password protected file c:\MCAF868.tmp\vsoins.ui\VSOPropConst.vbs Could not open c:\System Volume Information\catalog.wci\CiCL0001.000 Could not open c:\System Volume Information\catalog.wci\CiP10000.000 Could not open c:\System Volume Information\catalog.wci\CiP20000.000 Could not open c:\System Volume Information\catalog.wci\CiPT0000.000 Could not open c:\System Volume Information\catalog.wci\CiSL0001.000 Could not open c:\System Volume Information\catalog.wci\CiSP0000.000 Could not open c:\System Volume Information\catalog.wci\CiST0000.000 Could not open c:\System Volume Information\catalog.wci\CiVP0000.000 Could not open c:\System Volume Information\catalog.wci\INDEX.000 Could not check c:\WINDOWS\Registration\R000000000007.clb (corrupt) Could not check c:\WINDOWS\Registration\R000000000008.clb (corrupt) Could not check c:\WINDOWS\Registration\R000000000009.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000000a.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000000b.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000000c.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000000d.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000000e.clb (corrupt) Could not check c:\WINDOWS\Registration\R00000000000f.clb (corrupt) Could not check c:\WINDOWS\Registration\R000000000010.clb (corrupt) Could not check c:\WINDOWS\Registration\R000000000011.clb (corrupt) Could not check c:\WINDOWS\Registration\R000000000012.clb (corrupt) Could not check c:\WINDOWS\Registration\R000000000013.clb (corrupt) Could not open c:\WINDOWS\SYSTEM32\config\system.LOG Could not check c:\WINDOWS\SYSTEM32\emptyregdb.dat (corrupt) >>> Virus fragment 'W95/Whog-878b' found in file c:\WINDOWS\SYSTEM32\PAV.SIG Removal successful Could not open d:\ 1 master boot record swept. 45719 files swept in 1 hour, 41 minutes and 0 seconds. 138 errors were encountered. 9 viruses were discovered. 5 files out of 45719 were infected. Please send infected samples to Sophos for analysis. For advice consult www.sophos.com, email support@sophos.com or telephone +44 1235 559933 102 encrypted files were not checked. Ending Sophos Anti-Virus. Virus Scan Report File -------------------------------------------------------------------------------- Virus Scan Information -------------------------------------------------------------------------------- McAfee VirusScan for Win32 v4.40.0 Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights reserved. (408) 988-3832 LICENSED COPY - Sep 23 2004 Scan engine v4.4.00 for Win32. Virus data file v4654 created Dec 20 2005 Scanning for 166827 viruses, trojans and variants. -------------------------------------------------------------------------------- Virus Scan Results -------------------------------------------------------------------------------- 12/21/2005 07:51:43 Options: /ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL /PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /MIME /HTML "C:\AV-CLS\MCAFEE\SCANREPORT.HTML" Scanning C: [HP_PAVILION] C:\setup_td.exe ... Found potentially unwanted program Adware-Verticity. The file or process has been deleted. Scanning C:\*.* C:\Documents and Settings\Administrator\My Documents\Data\Data\MemWatcher2.exe ... Found potentially unwanted program Adware-MemWatcher. The file or process has been deleted. C:\Documents and Settings\Administrator\My Documents\Data\MemWatcher2.exe .... Found potentially unwanted program Adware-MemWatcher. The file or process has been deleted. C:\Documents and Settings\Default User\My Documents\Data\Data\MemWatcher2.exe ... Found potentially unwanted program Adware-MemWatcher. The file or process has been deleted. C:\Documents and Settings\Default User\My Documents\Data\MemWatcher2.exe ... Found potentially unwanted program Adware-MemWatcher. The file or process has been deleted. C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\loaderadv599.jar -568e5afb-1b00f5e7.zip\DUMMY.CLASS ... Found the Exploit-ByteVerify trojan !!! C:\Documents and Settings\Owner\.jpi_cache\jar\1.0\loaderadv599.jar -568e5afc-49ed7fe3.zip\DUMMY.CLASS ... Found the Exploit-ByteVerify trojan !!! C:\Documents and Settings\Owner\Local Settings\Temp\ckz1b5ce\Files\sx.htm .... Found potentially unwanted program Generic Adware.txt. The file or process has been deleted. C:\hp\bin\Terminator.exe ... Found potentially unwanted program KillApp. The file or process has been deleted. C:\Program Files\Microsoft AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\366F388F-EF3A-411F-B16D-053606 ... Found potentially unwanted program Generic Adware.txt. The file or process has been deleted. C:\Program Files\Microsoft AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\38DFA670-753A-45DE-A38C-70A721 ... Found potentially unwanted program Adware-IEDriver. The file or process has been deleted. C:\Program Files\Microsoft AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\4AD6813D-51FD-4806-BE2F-81DB54 ... Found potentially unwanted program Adware-IEDriver. The file or process has been deleted. C:\Program Files\Microsoft AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\4BC48C24-0E96-4F2F-BF76-D2D36D ... Found potentially unwanted program Adware-IEDriver. The file or process has been deleted. C:\Program Files\Microsoft AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\AD6A6354-7B97-4D98-8068-E09099 ... Found potentially unwanted program Adware-IEDriver. The file or process has been deleted. C:\Program Files\Microsoft AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\E9087615-38B6-47A2-884E-8EC016 ... Found potentially unwanted program Adware-IEDriver. The file or process has been deleted. C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll ... Found potentially unwanted program Viewpoint. The file or process has been deleted. C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.inf ... Found potentially unwanted program Adware-GAIN.inf. The file or process has been deleted. C:\WINDOWS\SYSTEM32\c35b7s.dll ... Found the Generic MultiDropper.f trojan !!! The file or process has been deleted. C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20031204-133128.backup ... Found potentially unwanted program QHosts-33!hosts. The virus has been removed from the file. Checking for another virus in the file ... C:\WINDOWS\SYSTEM32\sb.htm ... Found potentially unwanted program Generic Adware.txt. The file or process has been deleted. C:\WINDOWS\SYSTEM32\sx.htm ... Found potentially unwanted program Generic Adware.txt. The file or process has been deleted. Summary report on C:\*.* File(s) Total files: ........... 142143 Clean: ................. 142012 Possibly Infected: ..... 3 Cleaned: ............... 1 Deleted: ............... 18 Non-critical Error(s): 2 Master Boot Record(s): ......... 1 Possibly Infected: ..... 0 Boot Sector(s): ................ 1 Possibly Infected: ..... 0 Time: 01:01.51 -------------------------------------------------------------------------------- Visit the McAfee Online Web Site Need some help or advice? Send email to Technical Support.
|
|
#8
01-05-2006, 02:39 AM
|
|||
|
|||
|
Re: EGroup.IEAccess.C (dialer)
From: "dtcar" <dtcar@discussions.microsoft.com>
| Sophos Anti-Virus | Version 4.01.0 [Win32/Intel] | Virus data version 4.01, January 2006 | Includes detection for 116523 viruses, trojans and worms | Copyright (c) 1989-2006 Sophos Plc, www.sophos.com | | System time 22:50:51, System date 20 December 2005 | Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive < snip > There were certainly Trojans and adware found. I can't wait to see the Kaspersky report. In the mean time, I see you have Trojans in your Java cache... Dump the contents of your Sun Java cache - Start --> settings --> control panel --> Java applet --> cache --> clear or Start --> settings --> control panel --> Java applet --> general --> settings --> delete files or... Delete all ZIP files in... C:\Documents and Settings\Owner\.jpi_cache\jar\1.0 Based upon the adware found... Please download, install and update the following software... Ad-aware SE v1.06 http://www.lavasoft.de/ http://www.lavasoftusa.com/ SpyBot Search and Destroy v1.4 http://security.kolla.de/ After the software is updated, I suggest scanning the system in Safe Mode. I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects that may be on the PC. BHODemon http://www.definitivesolutions.com/bhodemon.htm http://www.majorgeeks.com/downloadge...4332b4b8b8442d -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
|
#9
01-05-2006, 02:39 AM
|
|||
|
|||
|
Re: EGroup.IEAccess.C (dialer)
Hey David, I tried to paste the Kaspersky Report, its to big will it be ok to
seperate it and post, I do have spybot and ad-aware on my computer , so I will be running those programs asap. But im not sure it is SE
|
|
#10
01-05-2006, 02:39 AM
|
|||
|
|||
|
Re: EGroup.IEAccess.C (dialer)
From: "dtcar" <dtcar@discussions.microsoft.com>
| Hey David, I tried to paste the Kaspersky Report, its to big will it be ok to | seperate it and post, I do have spybot and ad-aware on my computer , so I | will be running those programs asap. But im not sure it is SE Yes or you can email me directly. Just remove ~nospam~ DLipman~nospam~@Verizon.Net Remember my instructions for dumping the Sun Java cache. -- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
|
 |
| Thread Tools | Search this Thread |
| Display Modes | |
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| where is my phone dialer? | Jack Folliard | Windows XP General | 5 | 01-06-2006 02:05 AM |
| Address Book Phone Dialer | Akshay | Outlook Express | 1 | 01-05-2006 11:16 PM |
| Dialer | OhJazz | Windows XP General | 4 | 01-05-2006 11:13 PM |
| Remote Access Dialer | D Phillips | Windows XP New Users | 1 | 01-05-2006 02:53 AM |
| recovering phone number data from dialer | Netserv666 | Windows XP General | 3 | 01-05-2006 02:35 AM |
Linear Mode
