Jump to content


Photo

efeca.dll and fp4u03h93.dll


  • Please log in to reply
8 replies to this topic

#1 bonnyfused

bonnyfused

    Member

  • Members
  • 84 posts

Posted 02 November 2005 - 12:27 PM

Hello everybody! Any clues about what those DLLs in the subject are? VirIT (Italian SpyWare and antivirus) detects EFECA.DLL, but can't do nothing... Trend Micro's SysClean Package detects FP4U03H9E.DLL but can't do anything... It seems that both are "in use"... Need help! Many thanks...

#2 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,734 posts
  • Gender:Female


Posted 02 November 2005 - 12:39 PM

It's called Look2Me or L2m.....

Download SpySweeper trial edition from here: http://www.webroot.c...=1&wt.mc_id=417

Update the definitions, then run the program and remove all that is found.

Next, clean out all the temporary files and cookies on your system. Go to Start > Run and enter: cleanmgr. Let it scan your system for files to remove. Check these three boxes and then press ok to remove: Temporary Files, Temporary Internet Files, Recycle Bin.

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

Note: If you cannot delete them all at once because you have too many, then click and hold ctrl and highlight a batch of them at a time. Once highlighted, R-click over the highlight and select delete.

Then use "Start > Run" and type in "%temp%" (without the quotes). Delete the entire contents of that "temp" folder (use "Edit > Select All", press "Delete", click "Yes").

Then, Empty your Temporary Internet Cache completely. Close all instances of Outlook and and Internet Explorer, then use "Control Panel > Internet Options > General tab" and click the "Delete File" button. When prompted place a check in: "Delete all offline content", then click OK.

Then, use Windows Explorer to clean out ALL the other temp folders on your system (navigate to the folder, use "Edit > Select All", press "Delete", click "Yes"):

* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\
* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

* C:\Windows\Prefetch\

* Empty your "Recycle Bin".

Run those antivirus scans again and see if you're clean

MS - MVP Consumer Security 2006 thru 2014


#3 bonnyfused

bonnyfused

    Member

  • Members
  • 84 posts

Posted 02 November 2005 - 02:03 PM

It's called Look2Me or L2m.....

[snip]

Run those antivirus scans again and see if you're clean

Do I have to run all the stuff in "Safe Mode" or in "Normal Mode"?
I just run:
AD-Aware
SpyBot S&D
Trend Micro SysClean
VirIT
HiJackThis

all in SAFE MODE...

Just give me this answer, I'll then start with Spy Sweeper...

#4 Jacee

Jacee

    Madam Admin <aka> Maude

  • Admins
  • 27,734 posts
  • Gender:Female


Posted 02 November 2005 - 02:09 PM

I'd run the anti virus in safe mode, but it's up to you.

MS - MVP Consumer Security 2006 thru 2014


#5 bonnyfused

bonnyfused

    Member

  • Members
  • 84 posts

Posted 03 November 2005 - 06:10 AM

It's called Look2Me or L2m.....

Well, are you sure it's Look2Me? I used Symantec's Look2Me Fix Tool, but it didn't detect it at all!
Now I'm running SpySweeper, I'll let you know what goes on.

#6 bonnyfused

bonnyfused

    Member

  • Members
  • 84 posts

Posted 03 November 2005 - 08:56 AM

OK, done everything, I still get an annnoying thing: when Windows XP starts up, something is trying to open up the internet connection. This "something" reads: ballzout.info Anybody knows what to do?

#7 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,079 posts
  • Gender:Female


Posted 03 November 2005 - 09:18 AM

When I searched google it sent me to paintball information
Try msconfig and see whats loading at startups.
http://www.netsquirrel.com/msconfig/
How to use MSCONFIG

http://castlecops.com/StartupList.html
StartupList Index

TASK Manager...then click on the task button
http://www.answersthatwork.com/


You don't mention having a firewall....if you don't have one at least try a free one.

Read over this post from users of free services.
http://pcpitstop.inv...l=free firewall

Edited by Juliet, 03 November 2005 - 09:29 AM.

Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013

#8 bonnyfused

bonnyfused

    Member

  • Members
  • 84 posts

Posted 03 November 2005 - 09:54 AM

OK, I used the plain and simple method of "regedit": I seeked for "ballzout" and found some interesting stuff under: HKCU\Software\Microsoft\RAS Autodial\Addresses\ Many many keys pointing either to IP addresses or to hostnames... I deleted the whole "Addresses" key (which contained the suspicious ones) and recreated it. Now it seems to be gone!

#9 Juliet

Juliet

    Advanced Member

  • Trusted Malware Techs
  • 22,079 posts
  • Gender:Female


Posted 03 November 2005 - 10:11 AM

good news :tup:
Please do not PM me for HJT help, we all benefit from posting on the open board.
Sometimes the angels fly close enough to you that you can hear the flutter of their wings..
MS - MVP Consumer Security 2009 - 2013




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users