32 replies to this topic

[Susan528]

Hello Matt, I do not know why you cannot start your antivirus. I would recommend uninstall it and install it. I hate to recommend that because I have had problems in the past with anti-virus software not uninstalling cleanly and then it can be a chore to remove it. I will get back to you with more instructions about prevention.

[Matt1833]

Susan, Great, I appreciate it. Thank you for everything. So I assume everytihng is taken care of for now and will wait to here back form you at your convenience. Thanks., Matt! (soon to be a donating member)

[Susan528]

Hello Matt,

Your logs appear to be clean now.

You had the following file present.
csrrs.exe .

Csrrs.exe is a process which is registered as the W32.Gaobot.AO Worm. This Trojan allows attackers to access your computer, stealing passwords and personal data, and spreads via network shares with weak passwords as well the Windows Dcom-RPC Vulnerability:

I advise you to change all your passwords. Also since it spreads by networks, be aware that other computers in the network may be infected.

STEP 1.
======
Cleanmgr
To clean temporary files:

• Go > start > run and type cleanmgr and click OK
• Scan your system for files to remove.
• Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
• Click OK to remove those files.
• Click Yes to confirm deletion.

STEP 2.( Windows XP only)
======
Prefetch Folder
Open C:\Windows\Prefetch\
Delete All files in this folder but not the Prefetch folder

STEP 3.- Only for Windows XP and ME
======
System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)

• Turn off System Restore.
• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• Check Turn off System Restore.
• Click Apply, and then click OK.

Reboot.

Turn ON System Restore.

• On the Desktop, right-click My Computer.
• Click Properties.
• Click the System Restore tab.
• UN-Check *Turn off System Restore*.
• Click Apply, and then click OK.

STEP 4.
======
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

• Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
  
  
  See this link for a listing of some online & their stand-alone antivirus programs:
  Virus, Spyware, and Malware Protection and Removal Resources
  
  
• Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  
  
• Test your Firewall - Please test your firewall and make sure it is working properly.
  Test Firewall
  
  
• Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  
  
• Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
  A tutorial on installing & using this product can be found here:
  Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  
  
• Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
  A tutorial on installing & using this product can be found here:
  Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  
  
• Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
  A tutorial on installing & using this product can be found here:
  Using SpywareBlaster to protect your computer from Spyware and Malware
  
• Update your Java to the latest version. Uninstall any and all versions you have listed in add/remove programs and install the latest version from here: http://www.java.com/en/
  
  
• Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
  
• More info on how to prevent malware you can also find here (By Tony Klein)
  and here: http://wiki.castleco...nt_Re-infection

Follow this list and your potential for being infected again will reduce dramatically.

Thank you for allowing me to assist you.

Susan