Instant Access.......

Hi I'm Having a problem with a reocuring desktop file. It is named instant access (I think its from a pornographic site) Lol. Anyway I deleted it and have scanned all my windows files using the search box(windows xp). But it always returns everytime I start my computer. If I click on start and then all programs its always at the top of the list. Can anyone help me to get rid of it? As I said it only appears when I start my computer and I have searched the name and deleted all the files relating to it but it still comes up. Thankyou very much to anyone who replies.

 

Hello choof,

Start with these two malware cleaners:

SyBot http://tomcoyote.org/SPYBOT/

Ad-Aware http://www.lavasoft.de/software/adaware/

Run SpyBot first, then Ad-Aware.

Good idea to run both in safe mode with a known problem - at least have all other windows closed.

Post back with the results.

Regards - Charles

 

Might be a dialer

HI

This looks like a dialer to me.

If the tools mentioned wont help You try some "surgery"

Try to not only delete the actual prog and files.
- disconnect from the net
- empty Your cache and the scripts dir
(this program with it's files probably is dropped by a ActiveX, Java or other active element in Your "Temporary Internet Files" or "C:\WINDOWS\Downloaded Program Files ")
- now remove all stains this prog left

=> adjust Your IE security settings: if You don't want to set them on "high ", disable at least ActiveX and as much Scripting as possible.

AND:
Get a Firewall and/with dialerprotection.


Hope this helps

 

Hello......I used the tools and it got rid of the the instant acess. I am having the problem now that everytime I start my computer an error box comes up saying it can't find the file! I set a restore point before I tried it so I restored it and checked it out. It is hidden in Windows\System 32\EGDIAL.dll and that is the file it is saying it can not find when it starts up. Windows still works fine without it, but is there anyway that I can stop the box popping up everytime my desktop loads?............They are great tools by the way. And it was a **** dialer! Thanks heaps maybe you two might be able to shed some light on this one. THANKYOU.

 

Hi choof,

*I set a restore point before I tried it so I restored it and checked it out.* Excellent!

Two ways to handle this.

First, if you have a restore point prior to the infestation, restore to that point and copy the .dll file out to a 3.5. Then undo the restore back to the present and download that missing .dll to /System32 folder.

Or, second, using the sfc command:

Start > Run > cmd

Enter sfc /scannow and have your XP install disc handy. There is a space between sfc and /

sfc - system file checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

If you want to see what was replaced, right click My Computer > manage, expand event viewer > system.

Regards - Charles

EDIT: I just re-read my post, and WRONG ADVICE about the restore! You still have parts of the dialer on your system.

Re-run SSD and make sure to do it in safe mode.

Download and run HijackThis http://www.tomcoyote.org/hjt/

Has a tutorial along with the download. Look at the startup entries. Anything you don't recognize is suspect. At that point you can do a selective startup thru msconfig, or the list will tell you from where the startup originates. Also, it wouldn't hurt to run the sfc process.

You may also have a BHO (Browser Helper Object) that the dialer put on your system. The Hijackthis reg entries will list those on your system.

This program will also list them and allow you to disable one W/O removing it to test the results: http://www.definitivesolutions.com/bhodemon.htm

 

Yeah.......

Hi Charles. I realized that it was the wrong info after I tried it but learnt something and found out a few things to. I tried Hijack and it worked like a charm. Thanyou very much for helping me out. I would have been lost without your help thats for sure. Everything is fine now and working perfectly. Thanyou again very much keep up the good work of helping everyone out as you can. Cheers Choof.

 

Hi Choof,

You're welcome. Glad it all worked.

Now that you have a "clean" Hijackthis scan, save it and use it as a baseline for future scans.

The BHODemon I really like as well. I check if new software install them, I can then make a decision whether to allow it or not. An example of one that was useless: I got a new version of MSN8. Along with it, got an install of MS's PictureInPicture - didn't ask for it (a roll of the eyes). Don't know whether I want it or not - much less go on-line with it, its really clumsy. PIP put a BHO on the browser. Spotted it right away and disabled it. After seeing no ill affects, deleted it.

Regards - Charles