IETLBASS.dll trojan

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
cannot access or repair it. I have quarantined it but still keeps coming
back, I have tried both adaware and spybot to no avail. The damn pop up
keeps coming back and I can't get rid of it - any ideas?
13 answers Last reply
More about ietlbass trojan
  1. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    There are anti virus News Groups specifically for this type of discussion.

    microsoft.public.scripting.virus.discussion
    microsoft.public.security.virus
    alt.comp.virus
    alt.comp.anti-virus

    1) If you are using WinME or WinXP, disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    2) Reboot your PC into Safe Mode
    3) Using your NAV software, perform a Full Scan of your platform and clean/delete any
    infectors found
    4) Restart your PC and perform a "final" Full Scan of your platform
    5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
    reboot your PC.
    6) If you are using WinME or WinXP, create a new Restore point
    7) Please report back your results


    --
    Dave


    "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
    news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
    | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
    | cannot access or repair it. I have quarantined it but still keeps coming
    | back, I have tried both adaware and spybot to no avail. The damn pop up
    | keeps coming back and I can't get rid of it - any ideas?
  2. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
    PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
    under safe mode with system restore disabled, using an updated NAV and at
    least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
    CWShredder) - still no luck.

    With the CWS, I'd also tried using the manual cleaning method (cleaning the
    registries) posted on a number of sites but had failed to find the
    AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
    display the problem, together with the ietlbass.dll (identified by NAV)
    everytime I reboot the computer.

    Does anyone else have any other ideas please?

    Dave

    "David H. Lipman" wrote:

    > There are anti virus News Groups specifically for this type of discussion.
    >
    > microsoft.public.scripting.virus.discussion
    > microsoft.public.security.virus
    > alt.comp.virus
    > alt.comp.anti-virus
    >
    > 1) If you are using WinME or WinXP, disable System Restore
    > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    > 2) Reboot your PC into Safe Mode
    > 3) Using your NAV software, perform a Full Scan of your platform and clean/delete any
    > infectors found
    > 4) Restart your PC and perform a "final" Full Scan of your platform
    > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    > System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
    > reboot your PC.
    > 6) If you are using WinME or WinXP, create a new Restore point
    > 7) Please report back your results
    >
    >
    > --
    > Dave
    >
    >
    >
    >
    > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
    > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
    > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
    > | cannot access or repair it. I have quarantined it but still keeps coming
    > | back, I have tried both adaware and spybot to no avail. The damn pop up
    > | keeps coming back and I can't get rid of it - any ideas?
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Dave:

    Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
    definition file for Adaware SE v1.05

    Please use the following information...


    1) Download the following three items...

    Trend Sysclean Package
    http://www.trendmicro.com/download/dcs.asp

    Latest Trend Pattern File.
    http://www.trendmicro.com/download/pattern.asp

    Adaware SE (free personal version v1.05)
    http://www.lavasoftusa.com/

    Create a directory.
    On drive "C:\"
    (e.g., "c:\New Folder")
    or the desktop
    (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

    Download Sysclean.com and place it in that directory.
    Download the Trend Pattern File by obtaining the ZIP file.
    For example; lpt341.zip

    Extract the contents of the ZIP file and place the contents in the same directory as
    sysclean.com.

    2) Update Adaware with the latest definitions.
    3) Disable System Restore
    http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    platform and clean/delete any infectors/parasites found.
    (a few cycles may be needed)
    6) Restart your PC and perform a "final" Full Scan of your platform using both the
    Trend Sysclean utility and Adaware
    7) Re-enable System Restore and re-apply any System Restore preferences,
    (e.g. HD space to use suggested 400 ~ 600MB),
    8) Reboot your PC.
    9) Create a new Restore point


    * * * Please report your results ! * * *


    --
    Dave L.
    http://www.claymania.com/removal-trojan-adware.html


    "Dave" <Dave@discussions.microsoft.com> wrote in message
    news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
    | Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
    | PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
    | under safe mode with system restore disabled, using an updated NAV and at
    | least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
    | CWShredder) - still no luck.
    |
    | With the CWS, I'd also tried using the manual cleaning method (cleaning the
    | registries) posted on a number of sites but had failed to find the
    | AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
    | display the problem, together with the ietlbass.dll (identified by NAV)
    | everytime I reboot the computer.
    |
    | Does anyone else have any other ideas please?
    |
    | Dave
    |
    | "David H. Lipman" wrote:
    |
    | > There are anti virus News Groups specifically for this type of discussion.
    | >
    | > microsoft.public.scripting.virus.discussion
    | > microsoft.public.security.virus
    | > alt.comp.virus
    | > alt.comp.anti-virus
    | >
    | > 1) If you are using WinME or WinXP, disable System Restore
    | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    | > 2) Reboot your PC into Safe Mode
    | > 3) Using your NAV software, perform a Full Scan of your platform and clean/delete
    any
    | > infectors found
    | > 4) Restart your PC and perform a "final" Full Scan of your platform
    | > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    | > System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
    | > reboot your PC.
    | > 6) If you are using WinME or WinXP, create a new Restore point
    | > 7) Please report back your results
    | >
    | >
    | > --
    | > Dave
    | >
    | >
    | >
    | >
    | > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
    | > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
    | > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
    | > | cannot access or repair it. I have quarantined it but still keeps coming
    | > | back, I have tried both adaware and spybot to no avail. The damn pop up
    | > | keeps coming back and I can't get rid of it - any ideas?
    | >
    | >
    | >
  4. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Thanks Dave

    Did everything recommended, including scanning both in the Administrator and
    my normal user profile (does it matter anyway?), twice with both software.
    No bugs found. When I did another scan under normal mode, another bug was
    found and removed but not the two I mentioned. Spy Sweeper continued to
    report AddClass and NAV reported ietlbass.dll............this is getting very
    annoying.....

    Any more ideas....please?


    "David H. Lipman" wrote:

    > Dave:
    >
    > Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
    > definition file for Adaware SE v1.05
    >
    > Please use the following information...
    >
    >
    > 1) Download the following three items...
    >
    > Trend Sysclean Package
    > http://www.trendmicro.com/download/dcs.asp
    >
    > Latest Trend Pattern File.
    > http://www.trendmicro.com/download/pattern.asp
    >
    > Adaware SE (free personal version v1.05)
    > http://www.lavasoftusa.com/
    >
    > Create a directory.
    > On drive "C:\"
    > (e.g., "c:\New Folder")
    > or the desktop
    > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
    >
    > Download Sysclean.com and place it in that directory.
    > Download the Trend Pattern File by obtaining the ZIP file.
    > For example; lpt341.zip
    >
    > Extract the contents of the ZIP file and place the contents in the same directory as
    > sysclean.com.
    >
    > 2) Update Adaware with the latest definitions.
    > 3) Disable System Restore
    > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    > platform and clean/delete any infectors/parasites found.
    > (a few cycles may be needed)
    > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
    > Trend Sysclean utility and Adaware
    > 7) Re-enable System Restore and re-apply any System Restore preferences,
    > (e.g. HD space to use suggested 400 ~ 600MB),
    > 8) Reboot your PC.
    > 9) Create a new Restore point
    >
    >
    > * * * Please report your results ! * * *
    >
    >
    > --
    > Dave L.
    > http://www.claymania.com/removal-trojan-adware.html
    >
    >
    >
    >
    > "Dave" <Dave@discussions.microsoft.com> wrote in message
    > news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
    > | Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
    > | PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
    > | under safe mode with system restore disabled, using an updated NAV and at
    > | least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
    > | CWShredder) - still no luck.
    > |
    > | With the CWS, I'd also tried using the manual cleaning method (cleaning the
    > | registries) posted on a number of sites but had failed to find the
    > | AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
    > | display the problem, together with the ietlbass.dll (identified by NAV)
    > | everytime I reboot the computer.
    > |
    > | Does anyone else have any other ideas please?
    > |
    > | Dave
    > |
    > | "David H. Lipman" wrote:
    > |
    > | > There are anti virus News Groups specifically for this type of discussion.
    > | >
    > | > microsoft.public.scripting.virus.discussion
    > | > microsoft.public.security.virus
    > | > alt.comp.virus
    > | > alt.comp.anti-virus
    > | >
    > | > 1) If you are using WinME or WinXP, disable System Restore
    > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    > | > 2) Reboot your PC into Safe Mode
    > | > 3) Using your NAV software, perform a Full Scan of your platform and clean/delete
    > any
    > | > infectors found
    > | > 4) Restart your PC and perform a "final" Full Scan of your platform
    > | > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    > | > System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
    > | > reboot your PC.
    > | > 6) If you are using WinME or WinXP, create a new Restore point
    > | > 7) Please report back your results
    > | >
    > | >
    > | > --
    > | > Dave
    > | >
    > | >
    > | >
    > | >
    > | > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
    > | > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
    > | > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
    > | > | cannot access or repair it. I have quarantined it but still keeps coming
    > | > | back, I have tried both adaware and spybot to no avail. The damn pop up
    > | > | keeps coming back and I can't get rid of it - any ideas?
    > | >
    > | >
    > | >
    >
    >
    >
  5. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Please submit the IETBLASS.DLL to Virus Total --
    http://www.virustotal.com/flash/index_en.html
    The submission will then be tested against several different AV vendor's scanners.

    Another way to submit is to send the suspect file to the following email address
    scan<at>virustotal.com
    { replace <at> with @ } with only the word SCAN as the subject.

    Please post back the EXACT results.

    --
    Dave


    "Dave" <Dave@discussions.microsoft.com> wrote in message
    news:09F6F256-553F-4707-B556-EC63004603D2@microsoft.com...
    | Thanks Dave
    |
    | Did everything recommended, including scanning both in the Administrator and
    | my normal user profile (does it matter anyway?), twice with both software.
    | No bugs found. When I did another scan under normal mode, another bug was
    | found and removed but not the two I mentioned. Spy Sweeper continued to
    | report AddClass and NAV reported ietlbass.dll............this is getting very
    | annoying.....
    |
    | Any more ideas....please?
    |
    |
    | "David H. Lipman" wrote:
    |
    | > Dave:
    | >
    | > Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
    | > definition file for Adaware SE v1.05
    | >
    | > Please use the following information...
    | >
    | >
    | > 1) Download the following three items...
    | >
    | > Trend Sysclean Package
    | > http://www.trendmicro.com/download/dcs.asp
    | >
    | > Latest Trend Pattern File.
    | > http://www.trendmicro.com/download/pattern.asp
    | >
    | > Adaware SE (free personal version v1.05)
    | > http://www.lavasoftusa.com/
    | >
    | > Create a directory.
    | > On drive "C:\"
    | > (e.g., "c:\New Folder")
    | > or the desktop
    | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
    | >
    | > Download Sysclean.com and place it in that directory.
    | > Download the Trend Pattern File by obtaining the ZIP file.
    | > For example; lpt341.zip
    | >
    | > Extract the contents of the ZIP file and place the contents in the same directory as
    | > sysclean.com.
    | >
    | > 2) Update Adaware with the latest definitions.
    | > 3) Disable System Restore
    | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    | > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    | > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    | > platform and clean/delete any infectors/parasites found.
    | > (a few cycles may be needed)
    | > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
    | > Trend Sysclean utility and Adaware
    | > 7) Re-enable System Restore and re-apply any System Restore preferences,
    | > (e.g. HD space to use suggested 400 ~ 600MB),
    | > 8) Reboot your PC.
    | > 9) Create a new Restore point
    | >
    | >
    | > * * * Please report your results ! * * *
    | >
    | >
    | > --
    | > Dave L.
    | > http://www.claymania.com/removal-trojan-adware.html
    | >
    | >
    | >
    | >
    | > "Dave" <Dave@discussions.microsoft.com> wrote in message
    | > news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
    | > | Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
    | > | PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
    | > | under safe mode with system restore disabled, using an updated NAV and at
    | > | least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
    | > | CWShredder) - still no luck.
    | > |
    | > | With the CWS, I'd also tried using the manual cleaning method (cleaning the
    | > | registries) posted on a number of sites but had failed to find the
    | > | AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
    | > | display the problem, together with the ietlbass.dll (identified by NAV)
    | > | everytime I reboot the computer.
    | > |
    | > | Does anyone else have any other ideas please?
    | > |
    | > | Dave
    | > |
    | > | "David H. Lipman" wrote:
    | > |
    | > | > There are anti virus News Groups specifically for this type of discussion.
    | > | >
    | > | > microsoft.public.scripting.virus.discussion
    | > | > microsoft.public.security.virus
    | > | > alt.comp.virus
    | > | > alt.comp.anti-virus
    | > | >
    | > | > 1) If you are using WinME or WinXP, disable System Restore
    | > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    | > | > 2) Reboot your PC into Safe Mode
    | > | > 3) Using your NAV software, perform a Full Scan of your platform and
    clean/delete
    | > any
    | > | > infectors found
    | > | > 4) Restart your PC and perform a "final" Full Scan of your platform
    | > | > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    | > | > System Restore preferences, (e.g. HD space to use suggested 200 ~
    400MB),
    | > | > reboot your PC.
    | > | > 6) If you are using WinME or WinXP, create a new Restore point
    | > | > 7) Please report back your results
    | > | >
    | > | >
    | > | > --
    | > | > Dave
    | > | >
    | > | >
    | > | >
    | > | >
    | > | > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
    | > | > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
    | > | > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
    | > | > | cannot access or repair it. I have quarantined it but still keeps coming
    | > | > | back, I have tried both adaware and spybot to no avail. The damn pop up
    | > | > | keeps coming back and I can't get rid of it - any ideas?
    | > | >
    | > | >
    | > | >
    | >
    | >
    | >
  6. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Sorry Dave but I'm really new to all this. How do I find the quarantined
    file on my NAV (the ietlbass.dll)? Also, I think the AddClass identified by
    Spy Sweeper is a registry entry, so how should I be submitting this for
    further analysis?

    Many thanks.

    "David H. Lipman" wrote:

    > Please submit the IETBLASS.DLL to Virus Total --
    > http://www.virustotal.com/flash/index_en.html
    > The submission will then be tested against several different AV vendor's scanners.
    >
    > Another way to submit is to send the suspect file to the following email address
    > scan<at>virustotal.com
    > { replace <at> with @ } with only the word SCAN as the subject.
    >
    > Please post back the EXACT results.
    >
    > --
    > Dave
  7. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    This is the Hijack This log, would this help at all with an analysis?

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
    C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
    /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [PHIME2002ASync]
    C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
    /IMEName
    O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
    -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
    Sweeper\SpySweeper.exe" /0
    O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
    Office\Office10\OSA.EXE
    O4 - Global Startup: RealAudio.exe
    O4 - Global Startup: SpySubtract.lnk = C:\Program
    Files\InterMute\SpySubtract\SpySub.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel -
    res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
    C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger -
    {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://www2.cinema.com.hk
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
    http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O17 -
    HKLM\System\CCS\Services\Tcpip\..\{7AC5C497-CE21-43F0-8BBC-F1F2E7FEDE55}:
    NameServer = 218.102.62.71 205.252.144.122
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
    C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: DefWatch - Symantec Corporation - C:\Program
    Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
    Files\iPod\bin\iPodService.exe
    O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Program
    Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe


    "Dave" wrote:

    > Sorry Dave but I'm really new to all this. How do I find the quarantined
    > file on my NAV (the ietlbass.dll)? Also, I think the AddClass identified by
    > Spy Sweeper is a registry entry, so how should I be submitting this for
    > further analysis?
    >
    > Many thanks.
    >
    > "David H. Lipman" wrote:
    >
    > > Please submit the IETBLASS.DLL to Virus Total --
    > > http://www.virustotal.com/flash/index_en.html
    > > The submission will then be tested against several different AV vendor's scanners.
    > >
    > > Another way to submit is to send the suspect file to the following email address
    > > scan<at>virustotal.com
    > > { replace <at> with @ } with only the word SCAN as the subject.
    > >
    > > Please post back the EXACT results.
    > >
    > > --
    > > Dave
    >
  8. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Forget about the Registry entry. It would be up to SpySweeper to identify it.

    As for NAV's quarantine. I don't support Norton/Symantec AV software (by choices) so I
    don't know where the file is kept. However, if the file is quarantined then it is in a
    "safe" location and NAV/SAV should give you the capability of dumping any quarantine cache.

    --
    Dave


    "Dave" <Dave@discussions.microsoft.com> wrote in message
    news:C19E8719-D656-4CE9-8888-E7BB66951588@microsoft.com...
    | Sorry Dave but I'm really new to all this. How do I find the quarantined
    | file on my NAV (the ietlbass.dll)? Also, I think the AddClass identified by
    | Spy Sweeper is a registry entry, so how should I be submitting this for
    | further analysis?
    |
    | Many thanks.
    |
    | "David H. Lipman" wrote:
    |
    | > Please submit the IETBLASS.DLL to Virus Total --
    | > http://www.virustotal.com/flash/index_en.html
    | > The submission will then be tested against several different AV vendor's scanners.
    | >
    | > Another way to submit is to send the suspect file to the following email address
    | > scan<at>virustotal.com
    | > { replace <at> with @ } with only the word SCAN as the subject.
    | >
    | > Please post back the EXACT results.
    | >
    | > --
    | > Dave
    |
  9. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    SUCCESS!!!!!

    McAfee online picked up two infect files:

    RealAudio.exe (Ad Clicker-BV virus)
    tstlb.hta (VBS/Psyme virus)

    I found and deleted both files and was good to go, no more warnings.

    Many thanks for guiding me along Dave.
  10. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Anytime. I am glad all is well.

    --
    Dave


    "Dave" <Dave@discussions.microsoft.com> wrote in message
    news:70ED14F6-4066-49B9-AB24-71EEAB2A818A@microsoft.com...
    | SUCCESS!!!!!
    |
    | McAfee online picked up two infect files:
    |
    | RealAudio.exe (Ad Clicker-BV virus)
    | tstlb.hta (VBS/Psyme virus)
    |
    | I found and deleted both files and was good to go, no more warnings.
    |
    | Many thanks for guiding me along Dave.
    |
    |
    |
    |
  11. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Hi

    THanks a million David - the sysclean.com file did the trick - very slow but
    worked fine. Thanks too for writing your advice insimple non-technical words
    - for a non-IT litereate person it makes it much easier.

    Motz

    "David H. Lipman" wrote:

    > Dave:
    >
    > Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
    > definition file for Adaware SE v1.05
    >
    > Please use the following information...
    >
    >
    > 1) Download the following three items...
    >
    > Trend Sysclean Package
    > http://www.trendmicro.com/download/dcs.asp
    >
    > Latest Trend Pattern File.
    > http://www.trendmicro.com/download/pattern.asp
    >
    > Adaware SE (free personal version v1.05)
    > http://www.lavasoftusa.com/
    >
    > Create a directory.
    > On drive "C:\"
    > (e.g., "c:\New Folder")
    > or the desktop
    > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
    >
    > Download Sysclean.com and place it in that directory.
    > Download the Trend Pattern File by obtaining the ZIP file.
    > For example; lpt341.zip
    >
    > Extract the contents of the ZIP file and place the contents in the same directory as
    > sysclean.com.
    >
    > 2) Update Adaware with the latest definitions.
    > 3) Disable System Restore
    > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    > platform and clean/delete any infectors/parasites found.
    > (a few cycles may be needed)
    > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
    > Trend Sysclean utility and Adaware
    > 7) Re-enable System Restore and re-apply any System Restore preferences,
    > (e.g. HD space to use suggested 400 ~ 600MB),
    > 8) Reboot your PC.
    > 9) Create a new Restore point
    >
    >
    > * * * Please report your results ! * * *
    >
    >
    > --
    > Dave L.
    > http://www.claymania.com/removal-trojan-adware.html
    >
    >
    >
    >
    > "Dave" <Dave@discussions.microsoft.com> wrote in message
    > news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
    > | Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
    > | PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
    > | under safe mode with system restore disabled, using an updated NAV and at
    > | least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
    > | CWShredder) - still no luck.
    > |
    > | With the CWS, I'd also tried using the manual cleaning method (cleaning the
    > | registries) posted on a number of sites but had failed to find the
    > | AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
    > | display the problem, together with the ietlbass.dll (identified by NAV)
    > | everytime I reboot the computer.
    > |
    > | Does anyone else have any other ideas please?
    > |
    > | Dave
    > |
    > | "David H. Lipman" wrote:
    > |
    > | > There are anti virus News Groups specifically for this type of discussion.
    > | >
    > | > microsoft.public.scripting.virus.discussion
    > | > microsoft.public.security.virus
    > | > alt.comp.virus
    > | > alt.comp.anti-virus
    > | >
    > | > 1) If you are using WinME or WinXP, disable System Restore
    > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    > | > 2) Reboot your PC into Safe Mode
    > | > 3) Using your NAV software, perform a Full Scan of your platform and clean/delete
    > any
    > | > infectors found
    > | > 4) Restart your PC and perform a "final" Full Scan of your platform
    > | > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    > | > System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
    > | > reboot your PC.
    > | > 6) If you are using WinME or WinXP, create a new Restore point
    > | > 7) Please report back your results
    > | >
    > | >
    > | > --
    > | > Dave
    > | >
    > | >
    > | >
    > | >
    > | > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
    > | > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
    > | > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
    > | > | cannot access or repair it. I have quarantined it but still keeps coming
    > | > | back, I have tried both adaware and spybot to no avail. The damn pop up
    > | > | keeps coming back and I can't get rid of it - any ideas?
    > | >
    > | >
    > | >
    >
    >
    >
  12. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Thank you for that feedback. It is valuable for the QC loop so I can provide even better
    answers.

    Do you have the SYSCLEAN.LOG and see what Sysclean caught ?

    --
    Dave


    "Motz_uk" <Motzuk@discussions.microsoft.com> wrote in message
    news:E7BE4753-497F-4494-9446-C31352D1671F@microsoft.com...
    | Hi
    |
    | THanks a million David - the sysclean.com file did the trick - very slow but
    | worked fine. Thanks too for writing your advice insimple non-technical words
    | - for a non-IT litereate person it makes it much easier.
    |
    | Motz
    |
    | "David H. Lipman" wrote:
    |
    | > Dave:
    | >
    | > Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
    | > definition file for Adaware SE v1.05
    | >
    | > Please use the following information...
    | >
    | >
    | > 1) Download the following three items...
    | >
    | > Trend Sysclean Package
    | > http://www.trendmicro.com/download/dcs.asp
    | >
    | > Latest Trend Pattern File.
    | > http://www.trendmicro.com/download/pattern.asp
    | >
    | > Adaware SE (free personal version v1.05)
    | > http://www.lavasoftusa.com/
    | >
    | > Create a directory.
    | > On drive "C:\"
    | > (e.g., "c:\New Folder")
    | > or the desktop
    | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
    | >
    | > Download Sysclean.com and place it in that directory.
    | > Download the Trend Pattern File by obtaining the ZIP file.
    | > For example; lpt341.zip
    | >
    | > Extract the contents of the ZIP file and place the contents in the same directory as
    | > sysclean.com.
    | >
    | > 2) Update Adaware with the latest definitions.
    | > 3) Disable System Restore
    | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    | > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    | > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    | > platform and clean/delete any infectors/parasites found.
    | > (a few cycles may be needed)
    | > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
    | > Trend Sysclean utility and Adaware
    | > 7) Re-enable System Restore and re-apply any System Restore preferences,
    | > (e.g. HD space to use suggested 400 ~ 600MB),
    | > 8) Reboot your PC.
    | > 9) Create a new Restore point
    | >
    | >
    | > * * * Please report your results ! * * *
    | >
    | >
    | > --
    | > Dave L.
    | > http://www.claymania.com/removal-trojan-adware.html
    | >
    | >
    | >
    | >
    | > "Dave" <Dave@discussions.microsoft.com> wrote in message
    | > news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
    | > | Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
    | > | PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
    | > | under safe mode with system restore disabled, using an updated NAV and at
    | > | least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
    | > | CWShredder) - still no luck.
    | > |
    | > | With the CWS, I'd also tried using the manual cleaning method (cleaning the
    | > | registries) posted on a number of sites but had failed to find the
    | > | AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
    | > | display the problem, together with the ietlbass.dll (identified by NAV)
    | > | everytime I reboot the computer.
    | > |
    | > | Does anyone else have any other ideas please?
    | > |
    | > | Dave
    | > |
    | > | "David H. Lipman" wrote:
    | > |
    | > | > There are anti virus News Groups specifically for this type of discussion.
    | > | >
    | > | > microsoft.public.scripting.virus.discussion
    | > | > microsoft.public.security.virus
    | > | > alt.comp.virus
    | > | > alt.comp.anti-virus
    | > | >
    | > | > 1) If you are using WinME or WinXP, disable System Restore
    | > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    | > | > 2) Reboot your PC into Safe Mode
    | > | > 3) Using your NAV software, perform a Full Scan of your platform and
    clean/delete
    | > any
    | > | > infectors found
    | > | > 4) Restart your PC and perform a "final" Full Scan of your platform
    | > | > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    | > | > System Restore preferences, (e.g. HD space to use suggested 200 ~
    400MB),
    | > | > reboot your PC.
    | > | > 6) If you are using WinME or WinXP, create a new Restore point
    | > | > 7) Please report back your results
    | > | >
    | > | >
    | > | > --
    | > | > Dave
    | > | >
    | > | >
    | > | >
    | > | >
    | > | > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
    | > | > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
    | > | > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
    | > | > | cannot access or repair it. I have quarantined it but still keeps coming
    | > | > | back, I have tried both adaware and spybot to no avail. The damn pop up
    | > | > | keeps coming back and I can't get rid of it - any ideas?
    | > | >
    | > | >
    | > | >
    | >
    | >
    | >
  13. Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

    Here is the quick way to get rid of the IETLBASS.dll problem.

    First, delete RealPlayer in Control Panel->Add/Remove programs.

    Then click Start->Run and type in "msconfig"

    Click on the startup tab, then uncheck RealPlayer.exe and uncheck the two
    entries that have no name.

    Click Apply->Close, reboot and the problem is gone.

    "David H. Lipman" wrote:

    > Thank you for that feedback. It is valuable for the QC loop so I can provide even better
    > answers.
    >
    > Do you have the SYSCLEAN.LOG and see what Sysclean caught ?
    >
    > --
    > Dave
    >
    >
    >
    >
    > "Motz_uk" <Motzuk@discussions.microsoft.com> wrote in message
    > news:E7BE4753-497F-4494-9446-C31352D1671F@microsoft.com...
    > | Hi
    > |
    > | THanks a million David - the sysclean.com file did the trick - very slow but
    > | worked fine. Thanks too for writing your advice insimple non-technical words
    > | - for a non-IT litereate person it makes it much easier.
    > |
    > | Motz
    > |
    > | "David H. Lipman" wrote:
    > |
    > | > Dave:
    > | >
    > | > Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
    > | > definition file for Adaware SE v1.05
    > | >
    > | > Please use the following information...
    > | >
    > | >
    > | > 1) Download the following three items...
    > | >
    > | > Trend Sysclean Package
    > | > http://www.trendmicro.com/download/dcs.asp
    > | >
    > | > Latest Trend Pattern File.
    > | > http://www.trendmicro.com/download/pattern.asp
    > | >
    > | > Adaware SE (free personal version v1.05)
    > | > http://www.lavasoftusa.com/
    > | >
    > | > Create a directory.
    > | > On drive "C:\"
    > | > (e.g., "c:\New Folder")
    > | > or the desktop
    > | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
    > | >
    > | > Download Sysclean.com and place it in that directory.
    > | > Download the Trend Pattern File by obtaining the ZIP file.
    > | > For example; lpt341.zip
    > | >
    > | > Extract the contents of the ZIP file and place the contents in the same directory as
    > | > sysclean.com.
    > | >
    > | > 2) Update Adaware with the latest definitions.
    > | > 3) Disable System Restore
    > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    > | > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
    > | > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
    > | > platform and clean/delete any infectors/parasites found.
    > | > (a few cycles may be needed)
    > | > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
    > | > Trend Sysclean utility and Adaware
    > | > 7) Re-enable System Restore and re-apply any System Restore preferences,
    > | > (e.g. HD space to use suggested 400 ~ 600MB),
    > | > 8) Reboot your PC.
    > | > 9) Create a new Restore point
    > | >
    > | >
    > | > * * * Please report your results ! * * *
    > | >
    > | >
    > | > --
    > | > Dave L.
    > | > http://www.claymania.com/removal-trojan-adware.html
    > | >
    > | >
    > | >
    > | >
    > | > "Dave" <Dave@discussions.microsoft.com> wrote in message
    > | > news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
    > | > | Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
    > | > | PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
    > | > | under safe mode with system restore disabled, using an updated NAV and at
    > | > | least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
    > | > | CWShredder) - still no luck.
    > | > |
    > | > | With the CWS, I'd also tried using the manual cleaning method (cleaning the
    > | > | registries) posted on a number of sites but had failed to find the
    > | > | AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
    > | > | display the problem, together with the ietlbass.dll (identified by NAV)
    > | > | everytime I reboot the computer.
    > | > |
    > | > | Does anyone else have any other ideas please?
    > | > |
    > | > | Dave
    > | > |
    > | > | "David H. Lipman" wrote:
    > | > |
    > | > | > There are anti virus News Groups specifically for this type of discussion.
    > | > | >
    > | > | > microsoft.public.scripting.virus.discussion
    > | > | > microsoft.public.security.virus
    > | > | > alt.comp.virus
    > | > | > alt.comp.anti-virus
    > | > | >
    > | > | > 1) If you are using WinME or WinXP, disable System Restore
    > | > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
    > | > | > 2) Reboot your PC into Safe Mode
    > | > | > 3) Using your NAV software, perform a Full Scan of your platform and
    > clean/delete
    > | > any
    > | > | > infectors found
    > | > | > 4) Restart your PC and perform a "final" Full Scan of your platform
    > | > | > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
    > | > | > System Restore preferences, (e.g. HD space to use suggested 200 ~
    > 400MB),
    > | > | > reboot your PC.
    > | > | > 6) If you are using WinME or WinXP, create a new Restore point
    > | > | > 7) Please report back your results
    > | > | >
    > | > | >
    > | > | > --
    > | > | > Dave
    > | > | >
    > | > | >
    > | > | >
    > | > | >
    > | > | > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
    > | > | > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
    > | > | > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
    > | > | > | cannot access or repair it. I have quarantined it but still keeps coming
    > | > | > | back, I have tried both adaware and spybot to no avail. The damn pop up
    > | > | > | keeps coming back and I can't get rid of it - any ideas?
    > | > | >
    > | > | >
    > | > | >
    > | >
    > | >
    > | >
    >
    >
    >
Ask a new question

Read More

Trojan DLL Windows XP