21 replies to this topic

[Melax]

Hi Old Man, I guess I'm not alone with the Red MSE Icon ! Well I'm not going to worry about it as the service is started, and I can just click on the icon to change the display status to green, hopefully Microsoft will come up with a fix soon.... As for the Sound Icon, I Merged the File according to your instructions et Voila, My sound icon is back in the tray under the user thunder, It's been almost a year now since I lost it !! Thank you a million !!!! Kind regards,

[oldman960]

Hi Melax,

Glad that worked for you.

One more scan to see if there is anything lurking in the background.

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.


Go here to run an online scannner from
ESET

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)

• Tick the box next to YES, I accept the Terms of Use.
• Click Start
• When asked, allow the activex control to install
• Disable your Antivirus software. You can usually do this with its Notfication Tray icon near the clock
• Click Start
• Make sure that the option "Remove found threats" is Unchecked, and the option "Scan unwanted applications" is Checked.
• Click Scan.
• Wait for the scan to finish.
• Re-enable your Antivirus software.
• A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. or C:\Program Files\ESET\log.txtWe will need this later.

Please post back with the ESET log.

If all is well we'll clean up our tools when you post back.

Thanks

[Melax]

Hi Old Man, I ran ESET but made a mistake... I failed to uncheck " remove found Threats" well ESET did find 1 infection and removed it , the following is the removed item in qustion: **********C:\System Volume Information\_restore{DD4FD162-72F1-4002-917C-FD595A423827}\RP408\A0425937.exe Win32/Adware.Toolbar.Dealio application deleted - quarantined *********** Then I shutdown the computer, to perform a cold boot and ran ESET again , making sure to follow your instructions . Please find the log of the second scan. ******************************************************************************** ********************************* ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=1dbea1ac04b622488724a82775909b5c # end=finished # remove_checked=false # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-19 04:19:02 # local_time=2011-03-19 12:19:02 (-0500, Eastern Daylight Time) # country="United States" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 0 0 0 0 # compatibility_mode=6143 16777215 0 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=158102 # found=0 # cleaned=0 # scan_time=4657 ******************************************************************************** ***************

[oldman960]

Hi Melax,

The ESET detection was an old infected restore point. No harm done as this would have been removed when we remove the tools. I have people not allow ESET to automatically remove detections to guard against false positives.

Your logs look good. So if no other problems we'll cleanup and send you on your way.

From your desktop, please delete, if present

• any notepads/logs that we created
• savesettings.reg

Next

* Create a new restore point

You must be logged on to an administrator account

• Go to Start - All Programs - Accessories - System Tools - System Restore.
• Click Create a restore point, and then click Next.
• In the text box labeled Restore Point Description, type a name for this restore point
• click create

* Remove old restore points

• Go to Start - All Programs - Accessories - system tools.
• Launch the Disk Cleanup tool and let it run.
• When it finishes a box with tabs will appear, select the more options tab.
• On this tab you will find a section for System Restore.
• If you press the Clean Up button for that section, Windows will delete all restore points except for the most recent one.

Next

Open OTL then click the Clean Up button. You may get prompted by your firewall that OTL wants to contact the internet - allow this. A cleanup.txt will be downloaded, a message dialog will ask you if you want to proceed with the cleanup process, click Yes. This will do some clean up tasks and delete some of the tools you have downloaded plus itself.


I suggest you keep MBAM. Keep it updated and use it regularly.

ESET online scan can be removed via add/remove programs.


Some Recommendations and prevention tips

Basic security consists of 1 antivirus program, 1 resident antispyware program, 1 on demand antispyware program and a firewall. Just add a firewall to what you have.

* If you are behind a router Windows firewall should be fine. Otherwise a 3rd party firewall with outbound monitoring is recommended.

Click FIREWALL for links and tutorials to good, free and paid for firewalls. (Note: Zone Alarm is becoming bloatware,IMO)


You should also use Spyware Blaster to help immunize your computer.

- SpywareBlaster will add a large list of programs and sites into your Internet Explorer
settings that will protect you from running and downloading known malicious programs.

OR

A guide to understanding and using the hosts file.

Learn how your Hosts file can protect you and how you can protect it.
Besides the Hosts file information, there are links to a very good updated hosts file, a host file manager. and some programs that can protect your hosts file.
HOSTS

Please read the info on disabling the DNS Client before installing a custom hosts file.


-Secure your Internet Explorer

From within Internet Explorer click on the Tools menu and then click on Options.

• Click once on the Security tab
• Click once on the Internet icon so it becomes highlighted.
• Click once on the Custom Level button.
• Change the Download signed ActiveX controls to Prompt
• Change the Download unsigned ActiveX controls to Disable
• Change the Initialize and script ActiveX controls not marked as safe to Disable
• Change the Installation of desktop items to Prompt
• Change the Launching programs and files in an IFRAME to Prompt
• Change the Navigate sub-frames across different domains to Prompt
• When all these settings have been made, click on the OK button.
• If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.


- Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis


- Make sure you have reset Automatic Updates to your chosen optionClick your start button > Control Panel > System


- Keep your antivirus program updated, as well as any other security programs you have.


-More tips and programs can be found HERE


- You may also want to read this article By Tony Klein
http://www.freedomli...pic.php?t=22879

I'll leave this thread open for a couple of days, please post back if you have any problems.

Take care

[Melax]

Hi Oldman,

Cleanup following your instructions performed !

I'm going to explore the sites you've suggested regarding keeping computers safe. It was an invaluable help you gave me, I'll keep visiting this site and will highly recommend it, When able I'll help in any way I can.


Kind Regards,

Edited by Melax, 20 March 2011 - 10:18 AM.

[oldman960]

Hi Melax, You are more than welcome. Glad I was able to assist. Take care, keep safe.

[oldman960]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.