We have had several of our clients and many of our own computers allegedly infected with " dial/egroup.l" . Unfortunately, the Fortinet antivirus website has almost no information on this, and we don' t see anything on the other antivirus vendor' s websites with this name.
From the point of Forticlient AV detecting the alleged bad stuff in countless DLLs, several programs, not surprisingly, won' t run. Browsers don' t work, and no Microsoft Office (2003) software runs. If we disable the Forticlient Realtime AV, then restart the computer in " safe mode with networking" and do a full scan on Trend Micro' s site, we get nothing detected. McAfee and others don' t detect anything.
My suspicion is that this is a false positive. This " infection" is happening on far too many machines simultaneously, including many that are firewalled and behind a FG100/FG60 and never leave the office.
Has anyone else experienced this?
As I investigate this further, I' ll update this thread.
Cheers,
Chris