Jump to content
Sign in to follow this  
bonnyfused

efeca.dll and fp4u03h93.dll

Recommended Posts

Hello everybody!

Any clues about what those DLLs in the subject are?

 

VirIT (Italian SpyWare and antivirus) detects EFECA.DLL, but can't do nothing...

Trend Micro's SysClean Package detects FP4U03H9E.DLL but can't do anything...

 

It seems that both are "in use"...

 

Need help! Many thanks...

Share this post


Link to post
Share on other sites

It's called Look2Me or L2m.....

 

Download SpySweeper trial edition from here: http://www.webroot.com/consumer?rc=266&ac=...=1&wt.mc_id=417

 

Update the definitions, then run the program and remove all that is found.

 

Next, clean out all the temporary files and cookies on your system. Go to Start > Run and enter: cleanmgr. Let it scan your system for files to remove. Check these three boxes and then press ok to remove: Temporary Files, Temporary Internet Files, Recycle Bin.

 

Also, go to Start > Find/search > Files or folders > in the named box, type: *.tmp and choose Edit > select all -> File > delete.

 

Note: If you cannot delete them all at once because you have too many, then click and hold ctrl and highlight a batch of them at a time. Once highlighted, R-click over the highlight and select delete.

 

Then use "Start > Run" and type in "%temp%" (without the quotes). Delete the entire contents of that "temp" folder (use "Edit > Select All", press "Delete", click "Yes").

 

Then, Empty your Temporary Internet Cache completely. Close all instances of Outlook and and Internet Explorer, then use "Control Panel > Internet Options > General tab" and click the "Delete File" button. When prompted place a check in: "Delete all offline content", then click OK.

 

Then, use Windows Explorer to clean out ALL the other temp folders on your system (navigate to the folder, use "Edit > Select All", press "Delete", click "Yes"):

 

* C:\Documents and Settings\<Your Profile>\Local Settings\Temp\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temporary Internet Files\

* C:\Documents and Settings\<Any other users Profile>\Local Settings\Temp\

 

* C:\Windows\Prefetch\

 

* Empty your "Recycle Bin".

 

Run those antivirus scans again and see if you're clean

Share this post


Link to post
Share on other sites

It's called Look2Me or L2m.....

 

[snip]

 

Run those antivirus scans again and see if you're clean

Do I have to run all the stuff in "Safe Mode" or in "Normal Mode"?

I just run:

AD-Aware

SpyBot S&D

Trend Micro SysClean

VirIT

HiJackThis

 

all in SAFE MODE...

 

Just give me this answer, I'll then start with Spy Sweeper...

Share this post


Link to post
Share on other sites

It's called Look2Me or L2m.....

 

Well, are you sure it's Look2Me? I used Symantec's Look2Me Fix Tool, but it didn't detect it at all!

Now I'm running SpySweeper, I'll let you know what goes on.

Share this post


Link to post
Share on other sites

OK, done everything, I still get an annnoying thing: when Windows XP starts up, something is trying to open up the internet connection. This "something" reads: ballzout.info

 

Anybody knows what to do?

Share this post


Link to post
Share on other sites

When I searched google it sent me to paintball information

Try msconfig and see whats loading at startups.

http://www.netsquirrel.com/msconfig/

How to use MSCONFIG

 

http://castlecops.com/StartupList.html

StartupList Index

 

TASK Manager...then click on the task button

http://www.answersthatwork.com/

 

You don't mention having a firewall....if you don't have one at least try a free one.

Read over this post from users of free services.

http://pcpitstop.invisionzone.com/index.ph...l=free+firewall

Edited by Juliet

Share this post


Link to post
Share on other sites

OK, I used the plain and simple method of "regedit": I seeked for "ballzout" and found some interesting stuff under:

 

HKCU\Software\Microsoft\RAS Autodial\Addresses\

 

Many many keys pointing either to IP addresses or to hostnames... I deleted the whole "Addresses" key (which contained the suspicious ones) and recreated it.

Now it seems to be gone!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

Sign in to follow this  

Click here to Read Amazon Reviews!



×