Thursday, December 4, 2008

EGroup Adware

How To Remove EGroup?
You must download trial version of "Exterminate-It" antivirus software,to check your computer instantly.
EGroup is dangerous virus:
Adware are programs that facilitate delivery for advertising content
to the user and in some cases gather information from the user's computer,
including information related to Internet browser usage or other computer habits


EGroup It also known as:

[Other]Adware.InstantAccess,eGroup

EGroup Symptoms:

Files:
[%SYSTEM%]\eglivecam_1028.dll
[%SYSTEM%]\ia.dll
[%SYSTEM%]\LiveService_5.dll
[%SYSTEM%]\mseggrpid.dll
[%WINDOWS%]\downloaded program files\egdhtml.inf
[%WINDOWS%]\downloaded program files\egdhtml_pack.inf
[%WINDOWS%]\downloaded program files\ia.inf
[%WINDOWS%]\downloaded program files\ieaccess2.inf
[%WINDOWS%]\tmlpcert2005
[%PROFILE%]\spesial.nils1\start-meny\instant access.lnk
[%SYSTEM%]\egdhtml_1017.dll
[%SYSTEM%]\egdhtml_1019.dll
[%SYSTEM%]\egdhtml_1021.dll
[%SYSTEM%]\egdial.dll
[%SYSTEM%]\eghtmldialer.dll
[%SYSTEM%]\liveservice_5.dll
[%WINDOWS%]\access.exe
[%WINDOWS%]\downloaded program files\eghtmldialer.inf
[%WINDOWS%]\start menu\instant access.lnk
[%WINDOWS%]\system\egdial.dll
[%WINDOWS%]\system\eghtmldialer.dll
[%SYSTEM%]\eglivecam_1028.dll
[%SYSTEM%]\ia.dll
[%SYSTEM%]\LiveService_5.dll
[%SYSTEM%]\mseggrpid.dll
[%WINDOWS%]\downloaded program files\egdhtml.inf
[%WINDOWS%]\downloaded program files\egdhtml_pack.inf
[%WINDOWS%]\downloaded program files\ia.inf
[%WINDOWS%]\downloaded program files\ieaccess2.inf
[%WINDOWS%]\tmlpcert2005
[%PROFILE%]\spesial.nils1\start-meny\instant access.lnk
[%SYSTEM%]\egdhtml_1017.dll
[%SYSTEM%]\egdhtml_1019.dll
[%SYSTEM%]\egdhtml_1021.dll
[%SYSTEM%]\egdial.dll
[%SYSTEM%]\eghtmldialer.dll
[%SYSTEM%]\liveservice_5.dll
[%WINDOWS%]\access.exe
[%WINDOWS%]\downloaded program files\eghtmldialer.inf
[%WINDOWS%]\start menu\instant access.lnk
[%WINDOWS%]\system\egdial.dll
[%WINDOWS%]\system\eghtmldialer.dll

Folders:
[%WINDOWS%]\eghtmldialer
[%WINDOWS%]\egroup
[%WINDOWS%]\dialpass

Registry Keys:
HKEY_CLASSES_ROOT\clsid\{486e48b5-abf2-42bb-a327-2679df3fb822}
HKEY_CLASSES_ROOT\clsid\{b843da96-2b2d-447e-90ab-b92929aa11af}
HKEY_CLASSES_ROOT\eghtmldialer.htmldialer
HKEY_CLASSES_ROOT\eghtmldialer.htmldialer.1
HKEY_CLASSES_ROOT\interface\{62bfaec2-82a5-4117-a98b-fea89413d924}
HKEY_CLASSES_ROOT\interface\{81c2f7f3-f930-455e-9aa5-0876d387c787}
HKEY_CLASSES_ROOT\interface\{901166a5-f137-4b27-bc4c-ca611debdced}
HKEY_CLASSES_ROOT\typelib\{7699aef9-f83a-44fa-b374-aa02cedf247d}
HKEY_CURRENT_USER\software\egroup
HKEY_LOCAL_MACHINE\software\classes\clsid\{50ad557e-3426-41fd-afdd-2af39bb1c387}
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{50AD557E-3426-41FD-AFDD-2AF39BB1C387}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:\windows\system32\egdhtml_1021.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\uninstall\instant access
HKEY_CLASSES_ROOT\clsid\{2abe804b-4d3a-41bf-a172-304627874b45}
HKEY_CLASSES_ROOT\egdhtml.egdialhtml
HKEY_CLASSES_ROOT\egdhtml.egdialhtml.1
HKEY_CLASSES_ROOT\egdialobject.egdial
HKEY_CLASSES_ROOT\egdialobject.egdial.1
HKEY_CLASSES_ROOT\interface\{2f668a6d-2ec7-4e3a-a485-819e210738d6}
HKEY_CLASSES_ROOT\nsconfig.nsbrowserconfig.2
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{486e48b5-abf2-42bb-a327-2679df3fb822}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{50ad557e-3426-41fd-afdd-2af39bb1c387}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{94742e3f-d9a1-4780-9a87-2ffa43655da2}
HKEY_LOCAL_MACHINE\software\microsoft\code store database\distribution units\{b843da96-2b2d-447e-90ab-b92929aa11af}
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]\egdhtml_1021.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]\eghtmldialer.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\system\egdhtml_1021.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]\system\eghtmldialer.dll
HKEY_USERS\.default\software\egdhtml

Registry Values:
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\c:/windows/system32/eglivecam_1028.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/eglivecam_1028.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%SYSTEM%]/eglivecam_1028.dll
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.3/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\moduleusage\[%WINDOWS%]/downloaded program files/conflict.3/navinst2.ocx
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shareddlls
HKEY_USERS\.default\remoteaccess\addresses
HKEY_USERS\.default\software\microsoft\windows\currentversion\wintrust\trust providers\software publishing\trust database\0


You must clean you computer ASAP !!!
Download Free Trial Version of antivirus software here, to check your computer instantly.

Also Be Aware of the Following Threats:
Badpapots Downloader Removal instruction
Remove Alma Trojan
DeUpgrade Trojan Cleaner
Phantom.of.the.Keyboard Spyware Removal
Removing RemoteSaucer Backdoor

No comments: