Jump to content

Build Theme!
  •  
  • Infected?

big grin WE'RE SURE THAT YOU'LL LOVE US!

We invite you to ask questions, share experiences, and learn. It's 100% free. Did we mention that it's free. It is. It's free. Join 91603 other members! Anybody can ask, anybody can answer. Consistently helpful members with best answers are invited to staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

HijackThis Log to Analyze


  • This topic is locked This topic is locked
10 replies to this topic

#1 RonG

RonG

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 25 February 2007 - 05:04 PM

Logfile of HijackThis v1.99.1 Scan saved at 3:04:42 PM, on 25/02/2007 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: C:\winnt\System32\smss.exe C:\winnt\system32\winlogon.exe C:\winnt\system32\services.exe C:\winnt\system32\lsass.exe C:\winnt\system32\svchost.exe C:\winnt\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINNT\System32\svchost.exe C:\Program Files\FSI\F-Prot\fpavupdm.exe C:\winnt\System32\nvsvc32.exe C:\winnt\installdmr.exe C:\winnt\system32\MSTask.exe C:\winnt\System32\WBEM\WinMgmt.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\winnt\Explorer.exe C:\WINNT\system32\dla\tfswctrl.exe C:\Program Files\FSI\F-Prot\F-Sched.exe C:\Program Files\FSI\F-Prot\F-StopW.EXE C:\winnt\System32\internat.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\FSI\F-Prot\FP-Updater\Updater.exe C:\Program Files\FSI\F-Prot\FP-Win.exe D:\My Documents\Other Software\HijackThis\HijackThis.exe O2 - BHO: (no name) - {1492E46E-D5D8-4BA6-BF1C-78967C67AF22} - C:\winnt\System32\urqnnkh.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - HKCU\..\Run: [internat.exe] internat.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O20 - Winlogon Notify: rpcc - C:\WINNT\System32\rpcc.dll (file missing) O20 - Winlogon Notify: urqnnkh - C:\winnt\SYSTEM32\urqnnkh.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\winnt\System32\nvsvc32.exe O23 - Service: JPEG Image Optimisation Installation Driver (RegEditor) - Unknown owner - C:\winnt\installdmr.exe

    Advertisements

Register to Remove


#2 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 25 February 2007 - 05:17 PM

Hi RonGand welcome to Tom Coyote forums

I am currently looking over your log. As I am an Undergraduate, everything that I post to you must be checked by an Admin or Moderator. Thus, there may be a tiny bit of a delay between posts, but it shouldn't be too long. I will post back shortly with a potential fix.

Thanks for your patience!
dan

#3 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 26 February 2007 - 10:22 AM

Hi RonG

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

Thanks dan

#4 RonG

RonG

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 27 February 2007 - 09:10 PM

I ran VundoFix and nothing unusual was found. Here is the log: VundoFix V6.3.9 Checking Java version... Sun Java not detected Scan started at 7:40:11 PM 27/02/2007 Listing files found while scanning.... No infected files were found. Beginning removal... Here is the lastest HijackThis log: Logfile of HijackThis v1.99.1 Scan saved at 7:44:28 PM, on 27/02/2007 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: C:\winnt\System32\smss.exe C:\winnt\system32\winlogon.exe C:\winnt\system32\services.exe C:\winnt\system32\lsass.exe C:\winnt\system32\svchost.exe C:\winnt\System32\WBEM\WinMgmt.exe C:\winnt\Explorer.exe C:\Program Files\Windows NT\Accessories\WORDPAD.EXE D:\My Documents\Other Software\HijackThis\HijackThis.exe O2 - BHO: (no name) - {1492E46E-D5D8-4BA6-BF1C-78967C67AF22} - C:\winnt\System32\urqnnkh.dll O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O20 - Winlogon Notify: rpcc - C:\WINNT\System32\rpcc.dll (file missing) O20 - Winlogon Notify: urqnnkh - C:\winnt\SYSTEM32\urqnnkh.dll O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\winnt\System32\nvsvc32.exe O23 - Service: JPEG Image Optimisation Installation Driver (RegEditor) - Unknown owner - C:\winnt\installdmr.exe The problem I'm having is similar to search on did in Google on tcpipcom. It appears that have a virus that takes over this program. Once I make turn on my cable modem and start IE, it takes over copying a bunch of random lettered exe files to my c:\ drive, places the tcpipmon icon in my sys tray, and then proceeds to take over my internet connection to the point where I can't access anything. I eventually get "page cannot be displayed" errors and the internet stops working. This is a new reinstall of Windows 2000, so I must of picked it up during the point of install where is vulnerable to attack. Thanks again for all your help.

#5 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 28 February 2007 - 11:11 AM

Hi RonG

Was this program: "F-Prot Antivirus" an old antivirus program you had on your system?It could be that it's leftovers and will deal with it soon.
________________

Double-click VundoFix.exe to run it again.
Right Click inside the listbox (white box) and click add more files
Copy&Paste the entries below into the open boxes

C:\winnt\SYSTEM32\urqnnkh.dll
C:\WINNT\System32\rpcc.dll

Click Add Files and Click Close Window
Click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log.
Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot,allow the computer to reboot and VundoFix to load.

Just add the very same files as before and Click Remove Vundo.

post me the log and New HJT log thanks dan

#6 RonG

RonG

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 02 March 2007 - 08:06 PM

The F-Prot virus software was installed recently. I was using it in an attempt to remove this virus. Here is the lastest log file from the VundoFix run. VundoFix V6.3.9 Checking Java version... Sun Java not detected Scan started at 7:40:11 PM 27/02/2007 Listing files found while scanning.... No infected files were found. Beginning removal... Beginning removal... Attempting to delete c:\winnt\system32\urqnnkh.dll c:\winnt\system32\urqnnkh.dll Could not be deleted. Performing Repairs to the registry. Done! Beginning removal... Attempting to delete c:\winnt\system32\urqnnkh.dll c:\winnt\system32\urqnnkh.dll Has been deleted! Performing Repairs to the registry. Done! Here is the latest HijackThis log file: Logfile of HijackThis v1.99.1 Scan saved at 6:56:40 PM, on 02/03/2007 Platform: Windows 2000 (WinNT 5.00.2195) MSIE: Internet Explorer v5.00 (5.00.2920.0000) Running processes: C:\winnt\System32\smss.exe C:\winnt\system32\winlogon.exe C:\winnt\system32\services.exe C:\winnt\system32\lsass.exe C:\winnt\system32\svchost.exe C:\winnt\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINNT\System32\svchost.exe C:\Program Files\FSI\F-Prot\fpavupdm.exe C:\winnt\System32\nvsvc32.exe C:\winnt\installdmr.exe C:\winnt\system32\MSTask.exe C:\winnt\System32\WBEM\WinMgmt.exe C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe C:\winnt\Explorer.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINNT\system32\dla\tfswctrl.exe C:\Program Files\WinZip\WZQKPICK.EXE D:\My Documents\Other Software\HijackThis\HijackThis.exe O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [FRISK FP-Scheduler] C:\Program Files\FSI\F-Prot\F-Sched.exe STARTUP O4 - HKLM\..\Run: [F-StopW] C:\Program Files\FSI\F-Prot\F-StopW.EXE O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O10 - Unknown file in Winsock LSP: c:\winnt\system32\avgfwafu.dll O20 - Winlogon Notify: rpcc - C:\WINNT\System32\rpcc.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: AVG Firewall (AVGFwSrv) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgfwsrv.exe O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\winnt\System32\dmadmin.exe O23 - Service: F-Prot Antivirus Update Monitor - FRISK Software - C:\Program Files\FSI\F-Prot\fpavupdm.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\winnt\System32\nvsvc32.exe O23 - Service: JPEG Image Optimisation Installation Driver (RegEditor) - Unknown owner - C:\winnt\installdmr.exe Thanks again. RonG

#7 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 03 March 2007 - 10:38 AM

Hi RonG

Download ATF Cleaner by Atribune and save it to your Desktop.
Do not use yet!

Ewido is now known as ( AVG Anti-Spyware.)

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates.
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
Dont use yet!

We need to reveal system folders
  • Close all programs so that you are at your desktop.
  • Double-click on the My Computer icon.
  • Select the Tools menu and click Folder Options
  • After the new window appears select the View tab.
  • Place a checkmark in the checkbox labeled Display the contents of system folders
  • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders
  • Remove the checkmark from the checkbox labeled Hide file extensions for known file types
  • Remove the checkmark from the checkbox labeled Hide protected operating system files
  • Press the Apply and then the ok button and shut down my computer
  • Now your computer is configured to show all hidden files.
  • For you and the tools to be able to see appropriate files we need to Show Hidden Files
Re-boot into safe mode

  • Next, please reboot your computer in Safe Mode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear use arrow up to highlight
  • Select the first option, to run Windows in Safe Mode hit enter.
  • For additional help in booting into Safe Mode, see the following site: HERE
________________

Run HijackThis, select Do a system scan only and place checks against the following entries (if they are still present)
O20 - Winlogon Notify: rpcc - C:\WINNT\System32\rpcc.dll (file missing)


WITH ALL OTHER WINDOWS CLOSED Click on Fix Checked and exit

Right click start, In the drop down menu click "Explore" Then navigate to each file\ folder in the left hand pane, which will reveal its content in the right hand pane, highlight file or folder right click and Delete, if present:

C:\WINNT\System32\rpcc.dll

Run ATF cleaner
  • Double click ATF-Cleaner.exe to run the program.
  • Check the following boxes:
    • Windows Temp
    • Current User Temp
    • All Users Temp
    • Temporary Internet Files
    • Prefetch
    • Recycle Bin
    • Java Cache
  • The rest are optional - if you want to remove the lot, check Select All.
  • Now click Empty Selected.
  • When you get the Done Cleaning message, click OK.
  • If you use Firefox browser.
    • Click Firefox at the top and choose: Select All
    • If you would like to keep your saved passwords, please click No at the prompt.
    • Click the Empty Selected button.
  • If you use Opera browser.
    • Click Opera at the top and choose: Select All
    • If you would like to keep your saved passwords, please click No at the prompt.
    • Click the Empty Selected button.

Run AVG Anti-Spyware

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Automatically generate report after every scan and uncheck Only if threats were found.
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.
    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)

      Posted Image
  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
_____________

please do an online scan with Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
  • Extended (If available otherwise Standard)
  • Scan Options:
  • Scan Archives
  • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

Please include new HJT log, AVG Anti-Spyware log and kaspersky log
in your next post
Thanks dan

#8 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 08 March 2007 - 05:19 AM

Hi, how we doing? dan

#9 RonG

RonG

    New Member

  • New Member
  • Pip
  • 4 posts

Posted 14 March 2007 - 01:30 PM

This was a fairly new install of the OS with not much else on the HD so I did the following to eradicate the virus(s). Deleted the partitions, fixed the MBR using fdisk /mbr, and then using a utility from Western Digitial I wiped the disk clean. I was at the point where I couldn't stop my PC from rebooting every minute or so due to the virus. Thanks again for all your help. RonG

#10 dan12

dan12

    Advanced Member

  • Authentic Member
  • PipPipPipPip
  • 998 posts
  • Interests:Horse riding, computer's

Posted 14 March 2007 - 02:23 PM

Hi RonG

To help you on your way.
  • Keep your system up-to-date
    Visit Windows Update regularly.
  • Keep your antivirus and firewall up-to-date
    Scan your computer regularly with your antivirus.
  • Use Ad-Aware
    Download and install Ad-Aware. Update it and scan your computer regularly with it.
  • Use AVG Anti-Spyware
    Update it and scan your computer regularly with it.
  • Use Spybot S&D
    Download and install Spybot S&D. Update it and scan your computer regularly with it.
  • Install SpywareBlaster
    SpywareBlaster will prevent spyware from being installed.
  • Install MVPS Hosts file
    This prevents your computer from connecting to harmful sites.
  • Use Firefox browser
    Firefox is faster, safer and better browser than Internet Explorer.
  • Read this article by TonyKlein
    So how did I get infected in the first place?
  • Stand Up and Be Counted !
    The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Regards dan

#11 little eagle

little eagle

    spyware hawk

  • Visiting Fellow
  • PipPipPipPipPipPip
  • 8,968 posts
  • Interests:spyware

Posted 25 March 2007 - 10:10 PM

Glad we could be of assistance. This topic is now closed. If you wish it reopened, please send us an email (Click for address) with a link to your thread.

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.

Coyote's Installed programs for prevention:

http://forums.tomcoy...showtopic=31418

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Visit the CoyoteStore http://TomCoyote.org/coyotestore.php

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users