Hi everybody, I'm new round these parts!

Discussion in 'other security issues & news' started by Camden Cretin, May 6, 2005.

Thread Status:
Not open for further replies.
  1. Camden Cretin

    Camden Cretin Registered Member

    Joined:
    May 6, 2005
    Posts:
    4
    Right then, I am very happy to receive large quantities of wisdom from all of you sages on this great site and as a gesture of goodwill I am prepared to devote my huge reservoirs of technical ignorance to all.

    Currently I am plagued by a set of Casino viruses and something called the lovemail.com. I have checked out these using Spybot S&D and the Bazooka scan. Bazooka gives me a set of instructions to eliminate the miscreant software. All fine up to step 7 where I resart te PC (running under XP (home edition). Then step 8


    8. 8. Delete the following files and directories.
    %SystemDir%\EGDHTML__1024.dll
    %SystemDir%\EGDial.dll
    %SystemDir%\ia.dll
    %SystemDir%\mseggrpid.dll
    Note: %SystemDir% is a variable (?). By default this is C:\Windows\System32 (Windows XP)


    Anyway, I am unable to locate any of these files. Am I missing something?
    Advice greatly appreciated. Oh, and I hope I am in the correct forum?

    Cheers

    Camden Cretin
    o_O
     
  2. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Welcome to Wilders Camden [​IMG]
    We'll move this a little later after I know you have read this reply....to a more appropriate Forum....but be assured there's no problem where it is for the moment ;)

    Do you have XP setup to show all files ?

    To configure Windows to show all files

     
    Last edited: May 6, 2005
  3. Capp

    Capp Registered Member

    Joined:
    Oct 16, 2004
    Posts:
    2,125
    Location:
    United States
    Welcome to Wilders!!!

    Always glad to help out.

    Have you tried doing a search for the files (Start | Search | Find Files)?

    Have you tried scanning with anything other than Spybot S&D...such as Ad-Aware or Microsoft Anti-Spyware?
    You can get them here:
    Ad-Aware: http://www.lavasoftusa.com/software/adaware/
    MSAS: http://www.microsoft.com/athome/security/spyware/software/default.mspx

    These two should be able to remove the files, if they are bad.

    Also, if the files you listed are "hidden" you may not be able to see them.
    With My computer open: Go to Tools | Folder Options | View and click the line that says "Show Hidden Files and Folders" Then click OK.

    Good Luck and let us know how it goes :)
     
  4. Camden Cretin

    Camden Cretin Registered Member

    Joined:
    May 6, 2005
    Posts:
    4
    Hi Bubba, hi Capp

    Thanks for your swift response.
    Right, I have got XP set to show all files. Are you saying that the files I could not locate through using Bazooka should now be visible? :doubt:

    CC
     
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
    Yes, those files *should* be visible now :)
     
  6. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Did Spybot find these Casino viruses and lovemail.com....and if so....could you share with us the information and\or screen shot of this. That also goes for Bazooka....what type info did they show :doubt:

    I have also now moved this thread to a more appropriate Forum.
     
  7. Camden Cretin

    Camden Cretin Registered Member

    Joined:
    May 6, 2005
    Posts:
    4
    Right sorry about the delay in getting back.
    I have run the Bazooka scan again with predictably same results. I have repeated checking for the files that Bazooka specifies in the step 8 but I still cannot locate them irrespective of having set the hide to off re system files. I have also run an Adaware scan and this is its log:



    ~snipped Adaware log....Bubba~
     
    Last edited by a moderator: May 6, 2005
  8. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Hey Camden,

    We no longer permit posting of un-solicited logs such as that from Adaware per our Announcement thread
    From the looks of that log....I suggest you do at least 2 things to attempt to clean up that dialer:

    EGroup Dialer Object Recognized!
    Type : Regkey
    Data :
    Category : Malware
    Comment :
    Rootkey : HKEY_USERS
    Object : S-1-5-21-1370210032-3300272234-3145739464-1006\software\egdhtml


    1)Follow this link and download the latest version build of Adware which is 1.05 and any pertanent un-install\re-install instructions.

    2)Within that Announcement thread mentioned above is an image linking over to a site that lists a number of other security forums, some of which still provide that service. If you want your log reviewed, you'll need to pick a site and read their spyware scanning and cleaning (HijackThis posting) guidelines, following all their required steps carefully, and then posting as directed.

    Two of the bigger forums for HijackThis log processing, (meaning they process more log threads each day than many others) are: SpywareInfo.com and CastleCops.com.

    http://computercops.biz/forums.html

    http://spywarewarrior.com/index.php

    Regards,
    Bubba
     
  9. Camden Cretin

    Camden Cretin Registered Member

    Joined:
    May 6, 2005
    Posts:
    4
    Hi Bubba

    Thanks for all your advice I will get on with your recommendations asap. Sorry abut posting the Bazooka log. :oops: Remember, Cretin by name, Cretin by nature! :doubt:

    CC.
     
  10. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    Cretin....it will not be held against you :eek:

    Let us know how it goes Please.
     
Loading...
Thread Status:
Not open for further replies.