How to remove instant access?

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Nermi

Thread Starter
Joined
Jul 25, 2004
Messages
31
My computer is infected with "instant access", which is I think a spyware. I have run antivirus program several times but it did not find anything.
Ad-aware did not find anything either.
SpyBot did find find few things, but they don't seem to be related to instant access. It did fix them all.
Pestpatrol has found 76 items related to "instant access", under name eGroup. I had done a little research and found that eGroup is a company that makes this spyware.
On the first try PestPatrol seemed to remove / delete all items, but next day they were all back. I guess there are some items in the registry that are not cleaned out.
I have tried to uninstall instant access from Add/Remove prog. but it doesn't seem to be a real uninstall, it prompts me to connect to the Internet.
If I try to delete Intant Access folder in Prog. files, it is gone until the next boot. The same happens when I uncheck the box in startup folder.

I have no idea what to do next. :confused:

Please, help me.

Thank you.

Nermi
 
Joined
Jul 26, 2002
Messages
46,353
Please do this:

First create a permanent folder somewhere like in My Documents and name it Hijack This.

Now Click here to download Hijack This. Download it and click "Save". Save it to the Hijack This folder you just created.

Click on Hijackthis.exe to launch the program. Click on the Do a system scan and save a logfile button. It will scan and then ask you to save the log. Click "Save" to save the log file and then the log will open in notepad.

Click on "Edit > Select All" then click on "Edit > Copy" then Paste the log back here in a reply.

DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
 

Nermi

Thread Starter
Joined
Jul 25, 2004
Messages
31
Sorry for the delay, I was out of town.

Logfile of HijackThis v1.99.1
Scan saved at 11:31:07 AM, on 7/4/05
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\\WINDOWS\\SYSTEM\\KERNEL32.DLL
C:\\WINDOWS\\SYSTEM\\MSGSRV32.EXE
C:\\WINDOWS\\SYSTEM\\MPREXE.EXE
C:\\WINDOWS\\SYSTEM\\mmtask.tsk
C:\\WINDOWS\\SYSTEM\\MSTASK.EXE
C:\\PROGRAM FILES\\CA\\ETRUST EZ ARMOR\\ETRUST EZ ANTIVIRUS\\ISAFE.EXE
C:\\WINDOWS\\EXPLORER.EXE
C:\\WINDOWS\\SYSTEM\\SYSTRAY.EXE
C:\\PROGRAM FILES\\CA\\ETRUST EZ ARMOR\\ETRUST EZ ANTIVIRUS\\VETMSG.EXE
C:\\PROGRAM FILES\\CA\\ETRUST EZ ARMOR\\ETRUST EZ ANTIVIRUS\\CAVTRAY.EXE
C:\\PROGRAM FILES\\CA\\ETRUST EZ ARMOR\\ETRUST EZ ANTIVIRUS\\CAVRID.EXE
C:\\PROGRAM FILES\\PESTPATROL\\PPMEMCHECK.EXE
C:\\PROGRAM FILES\\PESTPATROL\\COOKIEPATROL.EXE
C:\\WINDOWS\\SYSTEM\\FCAPJM.EXE
C:\\PROGRAM FILES\\IISYSTEM WIPER\\SYSTEMWIPER.EXE
C:\\WINDOWS\\RUNDLL32.EXE
C:\\PROGRAM FILES\\CALLWAVE\\IAM.EXE
C:\\WINDOWS\\SYSTEM\\RNAAPP.EXE
C:\\WINDOWS\\SYSTEM\\TAPISRV.EXE
C:\\WINDOWS\\SYSTEM\\WMIEXE.EXE
C:\\WINDOWS\\DESKTOP\\HIJACKTHIS\\HIJACKTHIS.EXE

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\\program files\\google\\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\\WINDOWS\\SYSTEM\\MSDXM.OCX
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\\program files\\google\\googletoolbar1.dll
O4 - HKLM\\..\\Run: [SystemTray] SysTray.Exe
O4 - HKLM\\..\\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\\..\\Run: [VetAlert] C:\\PROGRA~1\\CA\\ETRUST~1\\ETRUST~1\\VETMSG.EXE
O4 - HKLM\\..\\Run: [CaAvTray] \"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVTray.exe\"
O4 - HKLM\\..\\Run: [CAVRID] \"C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\CAVRID.exe\"
O4 - HKLM\\..\\Run: [PPMemCheck] C:\\PROGRA~1\\PESTPA~1\\PPMemCheck.exe
O4 - HKLM\\..\\Run: [CookiePatrol] C:\\PROGRA~1\\PESTPA~1\\CookiePatrol.exe
O4 - HKLM\\..\\Run: [fcapjm] c:\\windows\\system\\fcapjm.exe
O4 - HKLM\\..\\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\\..\\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\\..\\RunServices: [CAISafe] C:\\Program Files\\CA\\eTrust EZ Armor\\eTrust EZ Antivirus\\ISafe.exe
O4 - HKCU\\..\\Run: [iIWiper] C:\\PROGRAM FILES\\IISYSTEM WIPER\\SYSTEMWIPER.EXE m
O4 - HKCU\\..\\Run: [Instant Access] rundll32.exe EGDACCESS_1060.dll,InstantAccess
O4 - Startup: Internet Answering Machine.lnk = C:\\Program Files\\CallWave\\IAM.EXE
O8 - Extra context menu item: &Google Search - res://C:\\PROGRAM FILES\\GOOGLE\\GOOGLETOOLBAR1.DLL/cmsearch.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\\PROGRAM FILES\\GOOGLE\\GOOGLETOOLBAR1.DLL/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\\PROGRAM FILES\\GOOGLE\\GOOGLETOOLBAR1.DLL/cmsimilar.html
O8 - Extra context menu item: Backward Links - res://C:\\PROGRAM FILES\\GOOGLE\\GOOGLETOOLBAR1.DLL/cmbacklinks.html
O8 - Extra context menu item: Translate into English - res://C:\\PROGRAM FILES\\GOOGLE\\GOOGLETOOLBAR1.DLL/cmtrans.html
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/051d97c3e29187b9e515/netzip/RdxIE601.cab
O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binaries/IA/svcsysnet32_EN.cab
O16 - DPF: {1604DF98-D1A5-44FE-844A-98D6FD0518D0} - http://akamai.downloadv3.com/binaries/EGDAccess/EGDACCESS_1060.cab

Thank you.

Nermi
 
Joined
Jul 26, 2002
Messages
46,353
* Go here to download CCleaner.
  • Install CCleaner
  • Launch CCleaner and look in the upper right corner and click on the "Options" button.
  • Click "Advanced" and remove the check by "Only delete files in Windows temp folders older than 48 hours".
  • Click OK
  • Do not run CCleaner yet. You will run it later in safe mode.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\\..\\Run: [fcapjm] c:\\windows\\system\\fcapjm.exe

O4 - HKCU\\..\\Run: [Instant Access] rundll32.exe EGDACCESS_1060.dll,InstantAccess

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/051d97c...ip/RdxIE601.cab

O16 - DPF: {31DDC1FD-CEA3-4837-A6DC-87E67015ADC9} - http://akamai.downloadv3.com/binari...sysnet32_EN.cab

O16 - DPF: {1604DF98-D1A5-44FE-844A-98D6FD0518D0} - http://akamai.downloadv3.com/binari...ACCESS_1060.cab



* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste the following line then click on the button that has the red circle with the X in the middle. It will ask for confimation to delete the file. Click Yes..

c:\windows\system\fcapjm.exe

Exit the Killbox.


* Delete this folder:

C:\PROGRAM FILES\Instant Access


* Start Ccleaner and click Run Cleaner


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Restart back into Windows normally now.


* Go here and download Ad-Aware SE.
  • Install the program and launch it.
  • First in the main window look in the bottom right corner and click on Check for updates now
  • Click Connect and download the latest reference files.
  • From main window click Start then under Select a scan Mode tick Perform full system scan.
  • Next deselect Search for negligible risk entries.
  • Now to scan just click the Next button.
  • When the scan is finished mark everything for removal and get rid of it.
  • Right-click the window and choose select all from the drop down menu and click Next
  • Restart your computer.


* Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Members online

Top