EGroup.IEAccess.C (dialer)

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

Ok, IM here again with another problem. every afternoon when I go to my
computer, MS Antispyware tells me I need to remove
EGroup.IEAccess.C(Dialer). I select remove and it is removed. NOT, It returns
the next day after the Scheduled scan. I have removed Spysheriff from my
computer, can this be another side affect?
Thanks for everyones help with other issues!!!
 
From: "dtcar" <[email protected]>

| Ok, IM here again with another problem. every afternoon when I go to my
| computer, MS Antispyware tells me I need to remove
| EGroup.IEAccess.C(Dialer). I select remove and it is removed. NOT, It returns
| the next day after the Scheduled scan. I have removed Spysheriff from my
| computer, can this be another side affect?
| Thanks for everyones help with other issues!!!

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *
 
David H. Lipman said:
From: "dtcar" <[email protected]>

| Ok, IM here again with another problem. every afternoon when I go to my
| computer, MS Antispyware tells me I need to remove
| EGroup.IEAccess.C(Dialer). I select remove and it is removed. NOT, It returns
| the next day after the Scheduled scan. I have removed Spysheriff from my
| computer, can this be another side affect?
| Thanks for everyones help with other issues!!!

Download MULTI_AV.EXE from the URL --
http://www.ik-cs.com/programs/virtools/Multi_AV.exe

To use this utility, perform the following...
Execute; Multi_AV.exe { Note: You must use the default folder C:\AV-CLS }
Choose; Unzip
Choose; Close

Execute; C:\AV-CLS\StartMenu.BAT
{ or Double-click on 'Start Menu' in C:\AV-CLS }

NOTE: You may have to disable your software FireWall or allow WGET.EXE to go through your
FireWall to allow it to download the needed AV vendor related files.

C:\AV-CLS\StartMenu.BAT -- { or Double-click on 'Start Menu' in C:\AV-CLS}
This will bring up the initial menu of choices and should be executed in Normal Mode.
This way all the components can be downloaded from each AV vendor's web site.
The choices are; Sophos, Trend, McAfee, Kaspersky, Exit this menu and Reboot the PC.

You can choose to go to each menu item and just download the needed files or you can
download the files and perform a scan in Normal Mode. Once you have downloaded the files
needed for each scanner you want to use, you should reboot the PC into Safe Mode [F8 key
during boot] and re-run the menu again and choose which scanner you want to run in Safe
Mode. It is suggested to run the scanners in both Safe Mode and Normal Mode.

When the menu is displayed hitting 'H' or 'h' will bring up a more comprehensive PDF help
file. http://www.ik-cs.com/multi-av.htm


* * * Please report back your results * * *


--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm

OK, I have started the sophos scan. Should I do a complete scan with all of them or select a certain file with each??
Click to expand...
 
From: "dtcar said:
OK, I have started the sophos scan. Should I do a complete scan with all of them or
select a certain file with each??
Click to expand...

Use Sophos, McAfee and Kaspersky and do a complete scan. Give them time to do their job.
 
The last scan is finishing, in normal mode. I will display the results in a
few mins. Do you need to see results in safe mode as well. If so, I'll
display them later after they have finished.
 
Sophos Anti-Virus
Version 4.01.0 [Win32/Intel]
Virus data version 4.01, January 2006
Includes detection for 116523 viruses, trojans and worms
Copyright (c) 1989-2006 Sophos Plc, www.sophos.com

System time 22:50:51, System date 20 December 2005
Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive
-opt=ISCabinet

IDE directory is: c:\AV-CLS\Sophos

Using IDE file agent-gg.ide
Using IDE file agobotuj.ide
Using IDE file attech-b.ide
Using IDE file bagdl-an.ide
Using IDE file bagdl-ao.ide
Using IDE file bagdl-ap.ide
Using IDE file bagle-ar.ide
Using IDE file bagle-ax.ide
Using IDE file bagled-v.ide
Using IDE file bagledar.ide
Using IDE file bancb-jn.ide
Using IDE file bancb-jx.ide
Using IDE file bancb-kb.ide
Using IDE file bancb-lb.ide
Using IDE file bancb-lz.ide
Using IDE file banco-fv.ide
Using IDE file bankdl-z.ide
Using IDE file banke-ik.ide
Using IDE file banlo-bs.ide
Using IDE file banlo-cl.ide
Using IDE file bckdr-e.ide
Using IDE file bckdrawr.ide
Using IDE file borobt-x.ide
Using IDE file brepbo-b.ide
Using IDE file danmec-a.ide
Using IDE file danmec-e.ide
Using IDE file danmec-f.ide
Using IDE file danmec-g.ide
Using IDE file dasher-c.ide
Using IDE file dldr-acm.ide
Using IDE file dloa-abj.ide
Using IDE file dloa-abq.ide
Using IDE file dolebo-a.ide
Using IDE file dumad-et.ide
Using IDE file fasong-b.ide
Using IDE file feebs-a.ide
Using IDE file feute-bc.ide
Using IDE file funot-a.ide
Using IDE file grayb-au.ide
Using IDE file ircbo-au.ide
Using IDE file loosky-e.ide
Using IDE file mainzz-f.ide
Using IDE file mipbot-a.ide
Using IDE file mytob-fz.ide
Using IDE file mytob-gc.ide
Using IDE file nailpola.ide
Using IDE file nuclearo.ide
Using IDE file pccli-ij.ide
Using IDE file perda-i.ide
Using IDE file poebot-t.ide
Using IDE file rbot-afv.ide
Using IDE file rbot-aoh.ide
Using IDE file rbot-azu.ide
Using IDE file rbot-baf.ide
Using IDE file rbot-bal.ide
Using IDE file rbot-bam.ide
Using IDE file rbot-ban.ide
Using IDE file rbot-bba.ide
Using IDE file rbot-bbb.ide
Using IDE file rbot-bcc.ide
Using IDE file rbot-bcq.ide
Using IDE file ritdoo-f.ide
Using IDE file sdbo-agc.ide
Using IDE file sdbo-agd.ide
Using IDE file sdbo-agg.ide
Using IDE file sdbo-agz.ide
Using IDE file sdbt-agt.ide
Using IDE file smal-cam.ide
Using IDE file sober-z.ide
Using IDE file spybotel.ide
Using IDE file stinx-h.ide
Using IDE file stinx-m.ide
Using IDE file surila-i.ide
Using IDE file surila-j.ide
Using IDE file tileb-by.ide
Using IDE file tileb-cb.ide
Using IDE file tileb-cc.ide
Using IDE file traxg-g.ide
Using IDE file vbbot-i.ide
Using IDE file zapch-ad.ide
Using IDE file zapch-af.ide
Using IDE file zlob-o.ide

Full Scanning

Could not check c:\Documents and Settings\Administrator\My
Documents\Data\all_files4.exe\SfxArchiveData\Files/td.exe (corrupt)
Could not check c:\Documents and Settings\Administrator\My
Documents\Data\Data\all_files4.exe\SfxArchiveData\Files/td.exe (corrupt)
Could not check c:\Documents and Settings\Default User\My
Documents\Data\all_files4.exe\SfxArchiveData\Files/td.exe (corrupt)
Could not check c:\Documents and Settings\Default User\My
Documents\Data\Data\all_files4.exe\SfxArchiveData\Files/td.exe (corrupt)
Could not open c:\Documents and Settings\LocalService\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat
Could not open c:\Documents and Settings\LocalService\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
Could not open c:\Documents and Settings\NetworkService\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat
Could not open c:\Documents and Settings\NetworkService\Local
Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOGRemoval successful
Could not open c:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat
Could not open c:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG
Could not check c:\Documents and Settings\Owner\My
Documents\win2k_xp\enu\drivers\win2k_xp\hpzr3204.dl_\MS-DOS.5.Compress (part
of multi volume archive)
Password protected file c:\MCAF7A4.tmp\agentins.ui\agentins.ini
Password protected file c:\MCAF7A4.tmp\agentins.ui\agntcons.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\agntinst.htm
Password protected file c:\MCAF7A4.tmp\agentins.ui\agntinst.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\agntlang.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\default.htm
Password protected file c:\MCAF7A4.tmp\agentins.ui\header.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\HtmlUtil.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\agentins.ini
Password protected file c:\MCAF7A4.tmp\agentins.ui\agntcons.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\agntinst.htm
Password protected file c:\MCAF7A4.tmp\agentins.ui\agntinst.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\agntlang.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\default.htm
Password protected file c:\MCAF7A4.tmp\agentins.ui\header.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\HtmlUtil.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\images/bg_left_1x314.gif
Password protected file c:\MCAF7A4.tmp\agentins.ui\images/icon_info_16x16.gif
Password protected file
c:\MCAF7A4.tmp\agentins.ui\images/icon_mcafee_61x61.gif
Password protected file
c:\MCAF7A4.tmp\agentins.ui\images/icon_progress_checked_13x13.gif
Password protected file
c:\MCAF7A4.tmp\agentins.ui\images/icon_progress_hot_13x13.gif
Password protected file
c:\MCAF7A4.tmp\agentins.ui\images/icon_progress_unchecked_13x13.gif
Password protected file c:\MCAF7A4.tmp\agentins.ui\images/vssver.scc
Password protected file c:\MCAF7A4.tmp\agentins.ui\InstUtil.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\instwiz.css
Password protected file c:\MCAF7A4.tmp\agentins.ui\instxp.css
Password protected file c:\MCAF7A4.tmp\agentins.ui\mcccom.lpk
Password protected file c:\MCAF7A4.tmp\agentins.ui\setcss.vbs
Password protected file c:\MCAF7A4.tmp\agentins.ui\vssver.scc
Password protected file c:\MCAF7A4.tmp\vsoins.ui\default.htm
Password protected file c:\MCAF7A4.tmp\vsoins.ui\header.vbs
Password protected file c:\MCAF7A4.tmp\vsoins.ui\HtmlUtil.vbs
Password protected file c:\MCAF7A4.tmp\vsoins.ui\default.htm
Password protected file c:\MCAF7A4.tmp\vsoins.ui\header.vbs
Password protected file c:\MCAF7A4.tmp\vsoins.ui\HtmlUtil.vbs
Password protected file c:\MCAF7A4.tmp\vsoins.ui\images/bg_left_1x314.gif
Password protected file c:\MCAF7A4.tmp\vsoins.ui\images/icon_info_16x16.gif
Password protected file c:\MCAF7A4.tmp\vsoins.ui\images/icon_mcafee_61x61.gif
Password protected file
c:\MCAF7A4.tmp\vsoins.ui\images/icon_progress_checked_13x13.gif
Password protected file
c:\MCAF7A4.tmp\vsoins.ui\images/icon_progress_hot_13x13.gif
Password protected file
c:\MCAF7A4.tmp\vsoins.ui\images/icon_progress_unchecked_13x13.gif
Password protected file c:\MCAF7A4.tmp\vsoins.ui\install.htm
Password protected file c:\MCAF7A4.tmp\vsoins.ui\instutil.vbs
Password protected file c:\MCAF7A4.tmp\vsoins.ui\instwiz.css
Password protected file c:\MCAF7A4.tmp\vsoins.ui\instxp.css
Password protected file c:\MCAF7A4.tmp\vsoins.ui\mcccom.lpk
Password protected file c:\MCAF7A4.tmp\vsoins.ui\setcss.vbs
Password protected file c:\MCAF7A4.tmp\vsoins.ui\VsoConst.vbs
Password protected file c:\MCAF7A4.tmp\vsoins.ui\vsoins.ini
Password protected file c:\MCAF7A4.tmp\vsoins.ui\vsolang.vbs
Password protected file c:\MCAF7A4.tmp\vsoins.ui\VSOPropConst.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\agentins.ini
Password protected file c:\MCAF868.tmp\agentins.ui\agntcons.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\agntinst.htm
Password protected file c:\MCAF868.tmp\agentins.ui\agntinst.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\agntlang.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\default.htm
Password protected file c:\MCAF868.tmp\agentins.ui\header.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\HtmlUtil.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\agentins.ini
Password protected file c:\MCAF868.tmp\agentins.ui\agntcons.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\agntinst.htm
Password protected file c:\MCAF868.tmp\agentins.ui\agntinst.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\agntlang.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\default.htm
Password protected file c:\MCAF868.tmp\agentins.ui\header.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\HtmlUtil.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\images/bg_left_1x314.gif
Password protected file c:\MCAF868.tmp\agentins.ui\images/icon_info_16x16.gif
Password protected file
c:\MCAF868.tmp\agentins.ui\images/icon_mcafee_61x61.gif
Password protected file
c:\MCAF868.tmp\agentins.ui\images/icon_progress_checked_13x13.gif
Password protected file
c:\MCAF868.tmp\agentins.ui\images/icon_progress_hot_13x13.gif
Password protected file
c:\MCAF868.tmp\agentins.ui\images/icon_progress_unchecked_13x13.gif
Password protected file c:\MCAF868.tmp\agentins.ui\images/vssver.scc
Password protected file c:\MCAF868.tmp\agentins.ui\InstUtil.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\instwiz.css
Password protected file c:\MCAF868.tmp\agentins.ui\instxp.css
Password protected file c:\MCAF868.tmp\agentins.ui\mcccom.lpk
Password protected file c:\MCAF868.tmp\agentins.ui\setcss.vbs
Password protected file c:\MCAF868.tmp\agentins.ui\vssver.scc
Password protected file c:\MCAF868.tmp\vsoins.ui\default.htm
Password protected file c:\MCAF868.tmp\vsoins.ui\header.vbs
Password protected file c:\MCAF868.tmp\vsoins.ui\HtmlUtil.vbs
Password protected file c:\MCAF868.tmp\vsoins.ui\default.htm
Password protected file c:\MCAF868.tmp\vsoins.ui\header.vbs
Password protected file c:\MCAF868.tmp\vsoins.ui\HtmlUtil.vbs
Password protected file c:\MCAF868.tmp\vsoins.ui\images/bg_left_1x314.gif
Password protected file c:\MCAF868.tmp\vsoins.ui\images/icon_info_16x16.gif
Password protected file c:\MCAF868.tmp\vsoins.ui\images/icon_mcafee_61x61.gif
Password protected file
c:\MCAF868.tmp\vsoins.ui\images/icon_progress_checked_13x13.gif
Password protected file
c:\MCAF868.tmp\vsoins.ui\images/icon_progress_hot_13x13.gif
Password protected file
c:\MCAF868.tmp\vsoins.ui\images/icon_progress_unchecked_13x13.gif
Password protected file c:\MCAF868.tmp\vsoins.ui\install.htm
Password protected file c:\MCAF868.tmp\vsoins.ui\instutil.vbs
Password protected file c:\MCAF868.tmp\vsoins.ui\instwiz.css
Password protected file c:\MCAF868.tmp\vsoins.ui\instxp.css
Password protected file c:\MCAF868.tmp\vsoins.ui\mcccom.lpk
Password protected file c:\MCAF868.tmp\vsoins.ui\setcss.vbs
Password protected file c:\MCAF868.tmp\vsoins.ui\VsoConst.vbs
Password protected file c:\MCAF868.tmp\vsoins.ui\vsoins.ini
Password protected file c:\MCAF868.tmp\vsoins.ui\vsolang.vbs
Password protected file c:\MCAF868.tmp\vsoins.ui\VSOPropConst.vbs
Could not open c:\System Volume Information\catalog.wci\CiCL0001.000
Could not open c:\System Volume Information\catalog.wci\CiP10000.000
Could not open c:\System Volume Information\catalog.wci\CiP20000.000
Could not open c:\System Volume Information\catalog.wci\CiPT0000.000
Could not open c:\System Volume Information\catalog.wci\CiSL0001.000
Could not open c:\System Volume Information\catalog.wci\CiSP0000.000
Could not open c:\System Volume Information\catalog.wci\CiST0000.000
Could not open c:\System Volume Information\catalog.wci\CiVP0000.000
Could not open c:\System Volume Information\catalog.wci\INDEX.000
Could not check c:\WINDOWS\Registration\R000000000007.clb (corrupt)
Could not check c:\WINDOWS\Registration\R000000000008.clb (corrupt)
Could not check c:\WINDOWS\Registration\R000000000009.clb (corrupt)
Could not check c:\WINDOWS\Registration\R00000000000a.clb (corrupt)
Could not check c:\WINDOWS\Registration\R00000000000b.clb (corrupt)
Could not check c:\WINDOWS\Registration\R00000000000c.clb (corrupt)
Could not check c:\WINDOWS\Registration\R00000000000d.clb (corrupt)
Could not check c:\WINDOWS\Registration\R00000000000e.clb (corrupt)
Could not check c:\WINDOWS\Registration\R00000000000f.clb (corrupt)
Could not check c:\WINDOWS\Registration\R000000000010.clb (corrupt)
Could not check c:\WINDOWS\Registration\R000000000011.clb (corrupt)
Could not check c:\WINDOWS\Registration\R000000000012.clb (corrupt)
Could not check c:\WINDOWS\Registration\R000000000013.clb (corrupt)
Could not open c:\WINDOWS\SYSTEM32\config\system.LOG
Could not check c:\WINDOWS\SYSTEM32\emptyregdb.dat (corrupt)Removal successful
Could not open d:\

1 master boot record swept.
45719 files swept in 1 hour, 41 minutes and 0 seconds.
138 errors were encountered.
9 viruses were discovered.
5 files out of 45719 were infected.
Please send infected samples to Sophos for analysis.
For advice consult www.sophos.com, email (e-mail address removed)
or telephone +44 1235 559933
102 encrypted files were not checked.
Ending Sophos Anti-Virus.

Virus Scan Report File

--------------------------------------------------------------------------------
Virus Scan Information
--------------------------------------------------------------------------------

McAfee VirusScan for Win32 v4.40.0
Copyright (c) 1992-2004 Networks Associates Technology Inc. All rights
reserved.
(408) 988-3832 LICENSED COPY - Sep 23 2004

Scan engine v4.4.00 for Win32.
Virus data file v4654 created Dec 20 2005
Scanning for 166827 viruses, trojans and variants.


--------------------------------------------------------------------------------
Virus Scan Results
--------------------------------------------------------------------------------



12/21/2005 07:51:43


Options:
/ADL /UNZIP /WINMEM /SUB /ANALYZE /PANALYZE /STREAMS /CLEAN /ALL /DEL
/PROGRAM /EXCLUDE C:\AV-CLS\EXCLIST.TXT /MIME /HTML
"C:\AV-CLS\MCAFEE\SCANREPORT.HTML"

Scanning C: [HP_PAVILION]
C:\setup_td.exe ... Found potentially unwanted program Adware-Verticity.
The file or process has been deleted.
Scanning C:\*.*
C:\Documents and Settings\Administrator\My
Documents\Data\Data\MemWatcher2.exe ... Found potentially unwanted program
Adware-MemWatcher.
The file or process has been deleted.
C:\Documents and Settings\Administrator\My Documents\Data\MemWatcher2.exe
.... Found potentially unwanted program Adware-MemWatcher.
The file or process has been deleted.
C:\Documents and Settings\Default User\My
Documents\Data\Data\MemWatcher2.exe ... Found potentially unwanted program
Adware-MemWatcher.
The file or process has been deleted.
C:\Documents and Settings\Default User\My Documents\Data\MemWatcher2.exe ...
Found potentially unwanted program Adware-MemWatcher.
The file or process has been deleted.
C:\Documents and
Settings\Owner\.jpi_cache\jar\1.0\loaderadv599.jar-568e5afb-1b00f5e7.zip\DUMMY.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and
Settings\Owner\.jpi_cache\jar\1.0\loaderadv599.jar-568e5afc-49ed7fe3.zip\DUMMY.CLASS ... Found the Exploit-ByteVerify trojan !!!
C:\Documents and Settings\Owner\Local Settings\Temp\ckz1b5ce\Files\sx.htm
.... Found potentially unwanted program Generic Adware.txt.
The file or process has been deleted.
C:\hp\bin\Terminator.exe ... Found potentially unwanted program KillApp.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\366F388F-EF3A-411F-B16D-053606 ... Found potentially unwanted program Generic Adware.txt.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\38DFA670-753A-45DE-A38C-70A721 ... Found potentially unwanted program Adware-IEDriver.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\4AD6813D-51FD-4806-BE2F-81DB54 ... Found potentially unwanted program Adware-IEDriver.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\4BC48C24-0E96-4F2F-BF76-D2D36D ... Found potentially unwanted program Adware-IEDriver.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\AD6A6354-7B97-4D98-8068-E09099 ... Found potentially unwanted program Adware-IEDriver.
The file or process has been deleted.
C:\Program Files\Microsoft
AntiSpyware\Quarantine\5D43686C-C8E1-489D-ACBD-D05646\E9087615-38B6-47A2-884E-8EC016 ... Found potentially unwanted program Adware-IEDriver.
The file or process has been deleted.
C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll ... Found
potentially unwanted program Viewpoint.
The file or process has been deleted.
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\HDPlugin1019.inf ... Found
potentially unwanted program Adware-GAIN.inf.
The file or process has been deleted.
C:\WINDOWS\SYSTEM32\c35b7s.dll ... Found the Generic MultiDropper.f trojan !!!
The file or process has been deleted.
C:\WINDOWS\SYSTEM32\drivers\etc\hosts.20031204-133128.backup ... Found
potentially unwanted program QHosts-33!hosts.
The virus has been removed from the file.
Checking for another virus in the file ...
C:\WINDOWS\SYSTEM32\sb.htm ... Found potentially unwanted program Generic
Adware.txt.
The file or process has been deleted.
C:\WINDOWS\SYSTEM32\sx.htm ... Found potentially unwanted program Generic
Adware.txt.
The file or process has been deleted.

Summary report on C:\*.*
File(s)
Total files: ........... 142143
Clean: ................. 142012
Possibly Infected: ..... 3
Cleaned: ............... 1
Deleted: ............... 18
Non-critical Error(s): 2
Master Boot Record(s): ......... 1
Possibly Infected: ..... 0
Boot Sector(s): ................ 1
Possibly Infected: ..... 0


Time: 01:01.51
 
From: "dtcar" <[email protected]>

| Sophos Anti-Virus
| Version 4.01.0 [Win32/Intel]
| Virus data version 4.01, January 2006
| Includes detection for 116523 viruses, trojans and worms
| Copyright (c) 1989-2006 Sophos Plc, www.sophos.com
|
| System time 22:50:51, System date 20 December 2005
| Command line qualifiers are: -f -di -all -remove -mime -mbr -noc -archive

< snip >

There were certainly Trojans and adware found.

I can't wait to see the Kaspersky report.

In the mean time, I see you have Trojans in your Java cache...

Dump the contents of your Sun Java cache -
Start --> settings --> control panel --> Java applet --> cache --> clear
or
Start --> settings --> control panel --> Java applet --> general --> settings --> delete
files

or...

Delete all ZIP files in...

C:\Documents and Settings\Owner\.jpi_cache\jar\1.0

Based upon the adware found...

Please download, install and update the following software...

Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

SpyBot Search and Destroy v1.4
http://security.kolla.de/

After the software is updated, I suggest scanning the system in Safe Mode.

I also suggest downloading, installing and updating BHODemon for any Browser Helper Objects
that may be on the PC.

BHODemon
http://www.definitivesolutions.com/bhodemon.htm
http://www.majorgeeks.com/downloadget.php?id=3550&file=11&evp=245a87539eea8ed6904332b4b8b8442d
 
Hey David, I tried to paste the Kaspersky Report, its to big will it be ok to
seperate it and post, I do have spybot and ad-aware on my computer , so I
will be running those programs asap. But im not sure it is SE
 
From: "dtcar" <[email protected]>

| Hey David, I tried to paste the Kaspersky Report, its to big will it be ok to
| seperate it and post, I do have spybot and ad-aware on my computer , so I
| will be running those programs asap. But im not sure it is SE

Yes or you can email me directly.

Just remove ~nospam~ [email protected]

Remember my instructions for dumping the Sun Java cache.
 
I have removed the problem with EGroup.IEAccess.C (Dialer). The Sophos,
McAfee, and Kasperski Seemed to do their job. I ran the Ad-Aware 6 And found
2 spyware file to delete, Spybot did not find a thing. I dumped the java and
have ran ms antispyware and norton. Norton has found Trojan. Vicsfram virus,
it said it was located in C:\windows\system32\ddd.exe. and could not fix or
quarantine. I also ran all the above in safe mode.
 
From: "dtcar" <[email protected]>

| I have removed the problem with EGroup.IEAccess.C (Dialer). The Sophos,
| McAfee, and Kasperski Seemed to do their job. I ran the Ad-Aware 6 And found
| 2 spyware file to delete, Spybot did not find a thing. I dumped the java and
| have ran ms antispyware and norton. Norton has found Trojan. Vicsfram virus,
| it said it was located in C:\windows\system32\ddd.exe. and could not fix or
| quarantine. I also ran all the above in safe mode.

Ad-aware 6 is no lomger supported nor updated. Soon there will be a new version called
Ad-aware 2006.

Remove Ad-aware 6 then please download, install and update the following software...

Ad-aware SE v1.06
http://www.lavasoft.de/
http://www.lavasoftusa.com/

After it is updated, I suggested scanning in Safe Mode.
 
From: "dtcar" <[email protected]>

| grrrrrr, EGroup.EIAccess.C (Dialer) has reappeared.
|
| "dtcar" wrote:
|
What software is finding this and in what is the fully qualified name and path to the file
that is found to have it ?
 
The next time it pops up I will copy the file and post. Thanks for all the
time you are putting into this.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Preventing trojan dialers in XP? 2
Windows cannot find hardware device after spyware infection 1
LookingFor (dialer) 1
Windows\inet20001\winlogon.ex 6
Dialer Update Annoyance 3
Audio for Phone Dialer... 2
Phone Dialer 1
Compatiblity of Microsoft's Antispyware with others 10

Back
Top