Sign in with
Sign up | Sign in
Your question

IETLBASS.dll trojan

Last response: in Windows XP
Share
Anonymous
January 11, 2005 8:31:05 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
cannot access or repair it. I have quarantined it but still keeps coming
back, I have tried both adaware and spybot to no avail. The damn pop up
keeps coming back and I can't get rid of it - any ideas?

More about : ietlbass dll trojan

Anonymous
January 11, 2005 11:49:30 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

There are anti virus News Groups specifically for this type of discussion.

microsoft.public.scripting.virus.discussion
microsoft.public.security.virus
alt.comp.virus
alt.comp.anti-virus

1) If you are using WinME or WinXP, disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
2) Reboot your PC into Safe Mode
3) Using your NAV software, perform a Full Scan of your platform and clean/delete any
infectors found
4) Restart your PC and perform a "final" Full Scan of your platform
5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
reboot your PC.
6) If you are using WinME or WinXP, create a new Restore point
7) Please report back your results


--
Dave




"Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
| Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
| cannot access or repair it. I have quarantined it but still keeps coming
| back, I have tried both adaware and spybot to no avail. The damn pop up
| keeps coming back and I can't get rid of it - any ideas?
January 11, 2005 1:43:04 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
under safe mode with system restore disabled, using an updated NAV and at
least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
CWShredder) - still no luck.

With the CWS, I'd also tried using the manual cleaning method (cleaning the
registries) posted on a number of sites but had failed to find the
AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
display the problem, together with the ietlbass.dll (identified by NAV)
everytime I reboot the computer.

Does anyone else have any other ideas please?

Dave

"David H. Lipman" wrote:

> There are anti virus News Groups specifically for this type of discussion.
>
> microsoft.public.scripting.virus.discussion
> microsoft.public.security.virus
> alt.comp.virus
> alt.comp.anti-virus
>
> 1) If you are using WinME or WinXP, disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
> 2) Reboot your PC into Safe Mode
> 3) Using your NAV software, perform a Full Scan of your platform and clean/delete any
> infectors found
> 4) Restart your PC and perform a "final" Full Scan of your platform
> 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
> System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
> reboot your PC.
> 6) If you are using WinME or WinXP, create a new Restore point
> 7) Please report back your results
>
>
> --
> Dave
>
>
>
>
> "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
> news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
> | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
> | cannot access or repair it. I have quarantined it but still keeps coming
> | back, I have tried both adaware and spybot to no avail. The damn pop up
> | keeps coming back and I can't get rid of it - any ideas?
>
>
>
Related resources
Anonymous
January 11, 2005 6:16:19 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Dave:

Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
definition file for Adaware SE v1.05

Please use the following information...


1) Download the following three items...

Trend Sysclean Package
http://www.trendmicro.com/download/dcs.asp

Latest Trend Pattern File.
http://www.trendmicro.com/download/pattern.asp

Adaware SE (free personal version v1.05)
http://www.lavasoftusa.com/

Create a directory.
On drive "C:\"
(e.g., "c:\New Folder")
or the desktop
(e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")

Download Sysclean.com and place it in that directory.
Download the Trend Pattern File by obtaining the ZIP file.
For example; lpt341.zip

Extract the contents of the ZIP file and place the contents in the same directory as
sysclean.com.

2) Update Adaware with the latest definitions.
3) Disable System Restore
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
4) Reboot your PC into Safe Mode and shutdown as many applications as possible
5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
platform and clean/delete any infectors/parasites found.
(a few cycles may be needed)
6) Restart your PC and perform a "final" Full Scan of your platform using both the
Trend Sysclean utility and Adaware
7) Re-enable System Restore and re-apply any System Restore preferences,
(e.g. HD space to use suggested 400 ~ 600MB),
8) Reboot your PC.
9) Create a new Restore point


* * * Please report your results ! * * *


--
Dave L.
http://www.claymania.com/removal-trojan-adware.html




"Dave" <Dave@discussions.microsoft.com> wrote in message
news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
| Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
| PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
| under safe mode with system restore disabled, using an updated NAV and at
| least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
| CWShredder) - still no luck.
|
| With the CWS, I'd also tried using the manual cleaning method (cleaning the
| registries) posted on a number of sites but had failed to find the
| AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
| display the problem, together with the ietlbass.dll (identified by NAV)
| everytime I reboot the computer.
|
| Does anyone else have any other ideas please?
|
| Dave
|
| "David H. Lipman" wrote:
|
| > There are anti virus News Groups specifically for this type of discussion.
| >
| > microsoft.public.scripting.virus.discussion
| > microsoft.public.security.virus
| > alt.comp.virus
| > alt.comp.anti-virus
| >
| > 1) If you are using WinME or WinXP, disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
| > 2) Reboot your PC into Safe Mode
| > 3) Using your NAV software, perform a Full Scan of your platform and clean/delete
any
| > infectors found
| > 4) Restart your PC and perform a "final" Full Scan of your platform
| > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
| > System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
| > reboot your PC.
| > 6) If you are using WinME or WinXP, create a new Restore point
| > 7) Please report back your results
| >
| >
| > --
| > Dave
| >
| >
| >
| >
| > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
| > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
| > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
| > | cannot access or repair it. I have quarantined it but still keeps coming
| > | back, I have tried both adaware and spybot to no avail. The damn pop up
| > | keeps coming back and I can't get rid of it - any ideas?
| >
| >
| >
January 12, 2005 10:37:05 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thanks Dave

Did everything recommended, including scanning both in the Administrator and
my normal user profile (does it matter anyway?), twice with both software.
No bugs found. When I did another scan under normal mode, another bug was
found and removed but not the two I mentioned. Spy Sweeper continued to
report AddClass and NAV reported ietlbass.dll............this is getting very
annoying.....

Any more ideas....please?


"David H. Lipman" wrote:

> Dave:
>
> Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
> definition file for Adaware SE v1.05
>
> Please use the following information...
>
>
> 1) Download the following three items...
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend Pattern File.
> http://www.trendmicro.com/download/pattern.asp
>
> Adaware SE (free personal version v1.05)
> http://www.lavasoftusa.com/
>
> Create a directory.
> On drive "C:\"
> (e.g., "c:\New Folder")
> or the desktop
> (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
>
> Download Sysclean.com and place it in that directory.
> Download the Trend Pattern File by obtaining the ZIP file.
> For example; lpt341.zip
>
> Extract the contents of the ZIP file and place the contents in the same directory as
> sysclean.com.
>
> 2) Update Adaware with the latest definitions.
> 3) Disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
> 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
> 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
> platform and clean/delete any infectors/parasites found.
> (a few cycles may be needed)
> 6) Restart your PC and perform a "final" Full Scan of your platform using both the
> Trend Sysclean utility and Adaware
> 7) Re-enable System Restore and re-apply any System Restore preferences,
> (e.g. HD space to use suggested 400 ~ 600MB),
> 8) Reboot your PC.
> 9) Create a new Restore point
>
>
> * * * Please report your results ! * * *
>
>
> --
> Dave L.
> http://www.claymania.com/removal-trojan-adware.html
>
>
>
>
> "Dave" <Dave@discussions.microsoft.com> wrote in message
> news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
> | Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
> | PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
> | under safe mode with system restore disabled, using an updated NAV and at
> | least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
> | CWShredder) - still no luck.
> |
> | With the CWS, I'd also tried using the manual cleaning method (cleaning the
> | registries) posted on a number of sites but had failed to find the
> | AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
> | display the problem, together with the ietlbass.dll (identified by NAV)
> | everytime I reboot the computer.
> |
> | Does anyone else have any other ideas please?
> |
> | Dave
> |
> | "David H. Lipman" wrote:
> |
> | > There are anti virus News Groups specifically for this type of discussion.
> | >
> | > microsoft.public.scripting.virus.discussion
> | > microsoft.public.security.virus
> | > alt.comp.virus
> | > alt.comp.anti-virus
> | >
> | > 1) If you are using WinME or WinXP, disable System Restore
> | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
> | > 2) Reboot your PC into Safe Mode
> | > 3) Using your NAV software, perform a Full Scan of your platform and clean/delete
> any
> | > infectors found
> | > 4) Restart your PC and perform a "final" Full Scan of your platform
> | > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
> | > System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
> | > reboot your PC.
> | > 6) If you are using WinME or WinXP, create a new Restore point
> | > 7) Please report back your results
> | >
> | >
> | > --
> | > Dave
> | >
> | >
> | >
> | >
> | > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
> | > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
> | > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
> | > | cannot access or repair it. I have quarantined it but still keeps coming
> | > | back, I have tried both adaware and spybot to no avail. The damn pop up
> | > | keeps coming back and I can't get rid of it - any ideas?
> | >
> | >
> | >
>
>
>
Anonymous
January 12, 2005 2:00:41 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Please submit the IETBLASS.DLL to Virus Total --
http://www.virustotal.com/flash/index_en.html
The submission will then be tested against several different AV vendor's scanners.

Another way to submit is to send the suspect file to the following email address
scan<at>virustotal.com
{ replace <at> with @ } with only the word SCAN as the subject.

Please post back the EXACT results.

--
Dave




"Dave" <Dave@discussions.microsoft.com> wrote in message
news:09F6F256-553F-4707-B556-EC63004603D2@microsoft.com...
| Thanks Dave
|
| Did everything recommended, including scanning both in the Administrator and
| my normal user profile (does it matter anyway?), twice with both software.
| No bugs found. When I did another scan under normal mode, another bug was
| found and removed but not the two I mentioned. Spy Sweeper continued to
| report AddClass and NAV reported ietlbass.dll............this is getting very
| annoying.....
|
| Any more ideas....please?
|
|
| "David H. Lipman" wrote:
|
| > Dave:
| >
| > Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
| > definition file for Adaware SE v1.05
| >
| > Please use the following information...
| >
| >
| > 1) Download the following three items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend Pattern File.
| > http://www.trendmicro.com/download/pattern.asp
| >
| > Adaware SE (free personal version v1.05)
| > http://www.lavasoftusa.com/
| >
| > Create a directory.
| > On drive "C:\"
| > (e.g., "c:\New Folder")
| > or the desktop
| > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >
| > Download Sysclean.com and place it in that directory.
| > Download the Trend Pattern File by obtaining the ZIP file.
| > For example; lpt341.zip
| >
| > Extract the contents of the ZIP file and place the contents in the same directory as
| > sysclean.com.
| >
| > 2) Update Adaware with the latest definitions.
| > 3) Disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
| > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
| > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
| > platform and clean/delete any infectors/parasites found.
| > (a few cycles may be needed)
| > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
| > Trend Sysclean utility and Adaware
| > 7) Re-enable System Restore and re-apply any System Restore preferences,
| > (e.g. HD space to use suggested 400 ~ 600MB),
| > 8) Reboot your PC.
| > 9) Create a new Restore point
| >
| >
| > * * * Please report your results ! * * *
| >
| >
| > --
| > Dave L.
| > http://www.claymania.com/removal-trojan-adware.html
| >
| >
| >
| >
| > "Dave" <Dave@discussions.microsoft.com> wrote in message
| > news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
| > | Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
| > | PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
| > | under safe mode with system restore disabled, using an updated NAV and at
| > | least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
| > | CWShredder) - still no luck.
| > |
| > | With the CWS, I'd also tried using the manual cleaning method (cleaning the
| > | registries) posted on a number of sites but had failed to find the
| > | AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
| > | display the problem, together with the ietlbass.dll (identified by NAV)
| > | everytime I reboot the computer.
| > |
| > | Does anyone else have any other ideas please?
| > |
| > | Dave
| > |
| > | "David H. Lipman" wrote:
| > |
| > | > There are anti virus News Groups specifically for this type of discussion.
| > | >
| > | > microsoft.public.scripting.virus.discussion
| > | > microsoft.public.security.virus
| > | > alt.comp.virus
| > | > alt.comp.anti-virus
| > | >
| > | > 1) If you are using WinME or WinXP, disable System Restore
| > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
| > | > 2) Reboot your PC into Safe Mode
| > | > 3) Using your NAV software, perform a Full Scan of your platform and
clean/delete
| > any
| > | > infectors found
| > | > 4) Restart your PC and perform a "final" Full Scan of your platform
| > | > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
| > | > System Restore preferences, (e.g. HD space to use suggested 200 ~
400MB),
| > | > reboot your PC.
| > | > 6) If you are using WinME or WinXP, create a new Restore point
| > | > 7) Please report back your results
| > | >
| > | >
| > | > --
| > | > Dave
| > | >
| > | >
| > | >
| > | >
| > | > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
| > | > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
| > | > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
| > | > | cannot access or repair it. I have quarantined it but still keeps coming
| > | > | back, I have tried both adaware and spybot to no avail. The damn pop up
| > | > | keeps coming back and I can't get rid of it - any ideas?
| > | >
| > | >
| > | >
| >
| >
| >
January 12, 2005 2:00:42 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Sorry Dave but I'm really new to all this. How do I find the quarantined
file on my NAV (the ietlbass.dll)? Also, I think the AddClass identified by
Spy Sweeper is a registry entry, so how should I be submitting this for
further analysis?

Many thanks.

"David H. Lipman" wrote:

> Please submit the IETBLASS.DLL to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against several different AV vendor's scanners.
>
> Another way to submit is to send the suspect file to the following email address
> scan<at>virustotal.com
> { replace <at> with @ } with only the word SCAN as the subject.
>
> Please post back the EXACT results.
>
> --
> Dave
January 12, 2005 2:00:43 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

This is the Hijack This log, would this help at all with an analysis?

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil
/RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync]
C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE
/IMEName
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe"
-atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy
Sweeper\SpySweeper.exe" /0
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office10\OSA.EXE
O4 - Global Startup: RealAudio.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program
Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www2.cinema.com.hk
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004061001/housecall...
O17 -
HKLM\System\CCS\Services\Tcpip\..\{7AC5C497-CE21-43F0-8BBC-F1F2E7FEDE55}:
NameServer = 218.102.62.71 205.252.144.122
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: DefWatch - Symantec Corporation - C:\Program
Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program
Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client - Symantec Corporation - C:\Program
Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe



"Dave" wrote:

> Sorry Dave but I'm really new to all this. How do I find the quarantined
> file on my NAV (the ietlbass.dll)? Also, I think the AddClass identified by
> Spy Sweeper is a registry entry, so how should I be submitting this for
> further analysis?
>
> Many thanks.
>
> "David H. Lipman" wrote:
>
> > Please submit the IETBLASS.DLL to Virus Total --
> > http://www.virustotal.com/flash/index_en.html
> > The submission will then be tested against several different AV vendor's scanners.
> >
> > Another way to submit is to send the suspect file to the following email address
> > scan<at>virustotal.com
> > { replace <at> with @ } with only the word SCAN as the subject.
> >
> > Please post back the EXACT results.
> >
> > --
> > Dave
>
Anonymous
January 12, 2005 3:16:06 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Forget about the Registry entry. It would be up to SpySweeper to identify it.

As for NAV's quarantine. I don't support Norton/Symantec AV software (by choices) so I
don't know where the file is kept. However, if the file is quarantined then it is in a
"safe" location and NAV/SAV should give you the capability of dumping any quarantine cache.

--
Dave




"Dave" <Dave@discussions.microsoft.com> wrote in message
news:C19E8719-D656-4CE9-8888-E7BB66951588@microsoft.com...
| Sorry Dave but I'm really new to all this. How do I find the quarantined
| file on my NAV (the ietlbass.dll)? Also, I think the AddClass identified by
| Spy Sweeper is a registry entry, so how should I be submitting this for
| further analysis?
|
| Many thanks.
|
| "David H. Lipman" wrote:
|
| > Please submit the IETBLASS.DLL to Virus Total --
| > http://www.virustotal.com/flash/index_en.html
| > The submission will then be tested against several different AV vendor's scanners.
| >
| > Another way to submit is to send the suspect file to the following email address
| > scan<at>virustotal.com
| > { replace <at> with @ } with only the word SCAN as the subject.
| >
| > Please post back the EXACT results.
| >
| > --
| > Dave
|
January 12, 2005 3:16:07 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

SUCCESS!!!!!

McAfee online picked up two infect files:

RealAudio.exe (Ad Clicker-BV virus)
tstlb.hta (VBS/Psyme virus)

I found and deleted both files and was good to go, no more warnings.

Many thanks for guiding me along Dave.
Anonymous
January 12, 2005 5:54:40 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Anytime. I am glad all is well.

--
Dave




"Dave" <Dave@discussions.microsoft.com> wrote in message
news:70ED14F6-4066-49B9-AB24-71EEAB2A818A@microsoft.com...
| SUCCESS!!!!!
|
| McAfee online picked up two infect files:
|
| RealAudio.exe (Ad Clicker-BV virus)
| tstlb.hta (VBS/Psyme virus)
|
| I found and deleted both files and was good to go, no more warnings.
|
| Many thanks for guiding me along Dave.
|
|
|
|
Anonymous
January 13, 2005 8:01:04 AM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Hi

THanks a million David - the sysclean.com file did the trick - very slow but
worked fine. Thanks too for writing your advice insimple non-technical words
- for a non-IT litereate person it makes it much easier.

Motz

"David H. Lipman" wrote:

> Dave:
>
> Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
> definition file for Adaware SE v1.05
>
> Please use the following information...
>
>
> 1) Download the following three items...
>
> Trend Sysclean Package
> http://www.trendmicro.com/download/dcs.asp
>
> Latest Trend Pattern File.
> http://www.trendmicro.com/download/pattern.asp
>
> Adaware SE (free personal version v1.05)
> http://www.lavasoftusa.com/
>
> Create a directory.
> On drive "C:\"
> (e.g., "c:\New Folder")
> or the desktop
> (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
>
> Download Sysclean.com and place it in that directory.
> Download the Trend Pattern File by obtaining the ZIP file.
> For example; lpt341.zip
>
> Extract the contents of the ZIP file and place the contents in the same directory as
> sysclean.com.
>
> 2) Update Adaware with the latest definitions.
> 3) Disable System Restore
> http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
> 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
> 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
> platform and clean/delete any infectors/parasites found.
> (a few cycles may be needed)
> 6) Restart your PC and perform a "final" Full Scan of your platform using both the
> Trend Sysclean utility and Adaware
> 7) Re-enable System Restore and re-apply any System Restore preferences,
> (e.g. HD space to use suggested 400 ~ 600MB),
> 8) Reboot your PC.
> 9) Create a new Restore point
>
>
> * * * Please report your results ! * * *
>
>
> --
> Dave L.
> http://www.claymania.com/removal-trojan-adware.html
>
>
>
>
> "Dave" <Dave@discussions.microsoft.com> wrote in message
> news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
> | Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
> | PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
> | under safe mode with system restore disabled, using an updated NAV and at
> | least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
> | CWShredder) - still no luck.
> |
> | With the CWS, I'd also tried using the manual cleaning method (cleaning the
> | registries) posted on a number of sites but had failed to find the
> | AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
> | display the problem, together with the ietlbass.dll (identified by NAV)
> | everytime I reboot the computer.
> |
> | Does anyone else have any other ideas please?
> |
> | Dave
> |
> | "David H. Lipman" wrote:
> |
> | > There are anti virus News Groups specifically for this type of discussion.
> | >
> | > microsoft.public.scripting.virus.discussion
> | > microsoft.public.security.virus
> | > alt.comp.virus
> | > alt.comp.anti-virus
> | >
> | > 1) If you are using WinME or WinXP, disable System Restore
> | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
> | > 2) Reboot your PC into Safe Mode
> | > 3) Using your NAV software, perform a Full Scan of your platform and clean/delete
> any
> | > infectors found
> | > 4) Restart your PC and perform a "final" Full Scan of your platform
> | > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
> | > System Restore preferences, (e.g. HD space to use suggested 200 ~ 400MB),
> | > reboot your PC.
> | > 6) If you are using WinME or WinXP, create a new Restore point
> | > 7) Please report back your results
> | >
> | >
> | > --
> | > Dave
> | >
> | >
> | >
> | >
> | > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
> | > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
> | > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
> | > | cannot access or repair it. I have quarantined it but still keeps coming
> | > | back, I have tried both adaware and spybot to no avail. The damn pop up
> | > | keeps coming back and I can't get rid of it - any ideas?
> | >
> | >
> | >
>
>
>
Anonymous
January 13, 2005 12:03:49 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Thank you for that feedback. It is valuable for the QC loop so I can provide even better
answers.

Do you have the SYSCLEAN.LOG and see what Sysclean caught ?

--
Dave




"Motz_uk" <Motzuk@discussions.microsoft.com> wrote in message
news:E7BE4753-497F-4494-9446-C31352D1671F@microsoft.com...
| Hi
|
| THanks a million David - the sysclean.com file did the trick - very slow but
| worked fine. Thanks too for writing your advice insimple non-technical words
| - for a non-IT litereate person it makes it much easier.
|
| Motz
|
| "David H. Lipman" wrote:
|
| > Dave:
| >
| > Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
| > definition file for Adaware SE v1.05
| >
| > Please use the following information...
| >
| >
| > 1) Download the following three items...
| >
| > Trend Sysclean Package
| > http://www.trendmicro.com/download/dcs.asp
| >
| > Latest Trend Pattern File.
| > http://www.trendmicro.com/download/pattern.asp
| >
| > Adaware SE (free personal version v1.05)
| > http://www.lavasoftusa.com/
| >
| > Create a directory.
| > On drive "C:\"
| > (e.g., "c:\New Folder")
| > or the desktop
| > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
| >
| > Download Sysclean.com and place it in that directory.
| > Download the Trend Pattern File by obtaining the ZIP file.
| > For example; lpt341.zip
| >
| > Extract the contents of the ZIP file and place the contents in the same directory as
| > sysclean.com.
| >
| > 2) Update Adaware with the latest definitions.
| > 3) Disable System Restore
| > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
| > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
| > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
| > platform and clean/delete any infectors/parasites found.
| > (a few cycles may be needed)
| > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
| > Trend Sysclean utility and Adaware
| > 7) Re-enable System Restore and re-apply any System Restore preferences,
| > (e.g. HD space to use suggested 400 ~ 600MB),
| > 8) Reboot your PC.
| > 9) Create a new Restore point
| >
| >
| > * * * Please report your results ! * * *
| >
| >
| > --
| > Dave L.
| > http://www.claymania.com/removal-trojan-adware.html
| >
| >
| >
| >
| > "Dave" <Dave@discussions.microsoft.com> wrote in message
| > news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
| > | Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
| > | PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
| > | under safe mode with system restore disabled, using an updated NAV and at
| > | least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
| > | CWShredder) - still no luck.
| > |
| > | With the CWS, I'd also tried using the manual cleaning method (cleaning the
| > | registries) posted on a number of sites but had failed to find the
| > | AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
| > | display the problem, together with the ietlbass.dll (identified by NAV)
| > | everytime I reboot the computer.
| > |
| > | Does anyone else have any other ideas please?
| > |
| > | Dave
| > |
| > | "David H. Lipman" wrote:
| > |
| > | > There are anti virus News Groups specifically for this type of discussion.
| > | >
| > | > microsoft.public.scripting.virus.discussion
| > | > microsoft.public.security.virus
| > | > alt.comp.virus
| > | > alt.comp.anti-virus
| > | >
| > | > 1) If you are using WinME or WinXP, disable System Restore
| > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
| > | > 2) Reboot your PC into Safe Mode
| > | > 3) Using your NAV software, perform a Full Scan of your platform and
clean/delete
| > any
| > | > infectors found
| > | > 4) Restart your PC and perform a "final" Full Scan of your platform
| > | > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
| > | > System Restore preferences, (e.g. HD space to use suggested 200 ~
400MB),
| > | > reboot your PC.
| > | > 6) If you are using WinME or WinXP, create a new Restore point
| > | > 7) Please report back your results
| > | >
| > | >
| > | > --
| > | > Dave
| > | >
| > | >
| > | >
| > | >
| > | > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
| > | > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
| > | > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
| > | > | cannot access or repair it. I have quarantined it but still keeps coming
| > | > | back, I have tried both adaware and spybot to no avail. The damn pop up
| > | > | keeps coming back and I can't get rid of it - any ideas?
| > | >
| > | >
| > | >
| >
| >
| >
Anonymous
January 19, 2005 4:16:30 PM

Archived from groups: microsoft.public.windowsxp.security_admin (More info?)

Here is the quick way to get rid of the IETLBASS.dll problem.

First, delete RealPlayer in Control Panel->Add/Remove programs.

Then click Start->Run and type in "msconfig"

Click on the startup tab, then uncheck RealPlayer.exe and uncheck the two
entries that have no name.

Click Apply->Close, reboot and the problem is gone.

"David H. Lipman" wrote:

> Thank you for that feedback. It is valuable for the QC loop so I can provide even better
> answers.
>
> Do you have the SYSCLEAN.LOG and see what Sysclean caught ?
>
> --
> Dave
>
>
>
>
> "Motz_uk" <Motzuk@discussions.microsoft.com> wrote in message
> news:E7BE4753-497F-4494-9446-C31352D1671F@microsoft.com...
> | Hi
> |
> | THanks a million David - the sysclean.com file did the trick - very slow but
> | worked fine. Thanks too for writing your advice insimple non-technical words
> | - for a non-IT litereate person it makes it much easier.
> |
> | Motz
> |
> | "David H. Lipman" wrote:
> |
> | > Dave:
> | >
> | > Adaware 6 is outdated, unsupported and no longer updated. As of Today there is a NEW
> | > definition file for Adaware SE v1.05
> | >
> | > Please use the following information...
> | >
> | >
> | > 1) Download the following three items...
> | >
> | > Trend Sysclean Package
> | > http://www.trendmicro.com/download/dcs.asp
> | >
> | > Latest Trend Pattern File.
> | > http://www.trendmicro.com/download/pattern.asp
> | >
> | > Adaware SE (free personal version v1.05)
> | > http://www.lavasoftusa.com/
> | >
> | > Create a directory.
> | > On drive "C:\"
> | > (e.g., "c:\New Folder")
> | > or the desktop
> | > (e.g., "C:\Documents and Settings\lipman\Desktop\New Folder")
> | >
> | > Download Sysclean.com and place it in that directory.
> | > Download the Trend Pattern File by obtaining the ZIP file.
> | > For example; lpt341.zip
> | >
> | > Extract the contents of the ZIP file and place the contents in the same directory as
> | > sysclean.com.
> | >
> | > 2) Update Adaware with the latest definitions.
> | > 3) Disable System Restore
> | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
> | > 4) Reboot your PC into Safe Mode and shutdown as many applications as possible
> | > 5) Using both the Trend Sysclean utility and Adaware, perform a Full Scan of your
> | > platform and clean/delete any infectors/parasites found.
> | > (a few cycles may be needed)
> | > 6) Restart your PC and perform a "final" Full Scan of your platform using both the
> | > Trend Sysclean utility and Adaware
> | > 7) Re-enable System Restore and re-apply any System Restore preferences,
> | > (e.g. HD space to use suggested 400 ~ 600MB),
> | > 8) Reboot your PC.
> | > 9) Create a new Restore point
> | >
> | >
> | > * * * Please report your results ! * * *
> | >
> | >
> | > --
> | > Dave L.
> | > http://www.claymania.com/removal-trojan-adware.html
> | >
> | >
> | >
> | >
> | > "Dave" <Dave@discussions.microsoft.com> wrote in message
> | > news:B620C0F5-EDDB-47CC-BC26-D95A63B50F00@microsoft.com...
> | > | Sorry to intrude but I'm also getting the same problem with ietlbass.dll,
> | > | PLUS AddClass.exe (apparently a variant of CooWebSearch?). Tried to clean
> | > | under safe mode with system restore disabled, using an updated NAV and at
> | > | least 4 other ADware/Spyware removers (Spybot, Ad-ware6, Spysweeper,
> | > | CWShredder) - still no luck.
> | > |
> | > | With the CWS, I'd also tried using the manual cleaning method (cleaning the
> | > | registries) posted on a number of sites but had failed to find the
> | > | AddClass.exe file in C:\Windows as the final step. Spysweeper continues to
> | > | display the problem, together with the ietlbass.dll (identified by NAV)
> | > | everytime I reboot the computer.
> | > |
> | > | Does anyone else have any other ideas please?
> | > |
> | > | Dave
> | > |
> | > | "David H. Lipman" wrote:
> | > |
> | > | > There are anti virus News Groups specifically for this type of discussion.
> | > | >
> | > | > microsoft.public.scripting.virus.discussion
> | > | > microsoft.public.security.virus
> | > | > alt.comp.virus
> | > | > alt.comp.anti-virus
> | > | >
> | > | > 1) If you are using WinME or WinXP, disable System Restore
> | > | > http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore...
> | > | > 2) Reboot your PC into Safe Mode
> | > | > 3) Using your NAV software, perform a Full Scan of your platform and
> clean/delete
> | > any
> | > | > infectors found
> | > | > 4) Restart your PC and perform a "final" Full Scan of your platform
> | > | > 5) If you are using WinME or WinXP,Re-enable System Restore and re-apply any
> | > | > System Restore preferences, (e.g. HD space to use suggested 200 ~
> 400MB),
> | > | > reboot your PC.
> | > | > 6) If you are using WinME or WinXP, create a new Restore point
> | > | > 7) Please report back your results
> | > | >
> | > | >
> | > | > --
> | > | > Dave
> | > | >
> | > | >
> | > | >
> | > | >
> | > | > "Motz_uk" <Motz_uk@discussions.microsoft.com> wrote in message
> | > | > news:411586FD-76B3-47EF-AF06-E7784D7A1E67@microsoft.com...
> | > | > | Norton keeps telling me it has found a trojan C:\windows\ietlbass.dll , but
> | > | > | cannot access or repair it. I have quarantined it but still keeps coming
> | > | > | back, I have tried both adaware and spybot to no avail. The damn pop up
> | > | > | keeps coming back and I can't get rid of it - any ideas?
> | > | >
> | > | >
> | > | >
> | >
> | >
> | >
>
>
>
!