01 - hosts keep returning
#31
Posted 08 March 2007 - 02:09 PM
Register to Remove
#32
Posted 08 March 2007 - 02:33 PM
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#33
Posted 08 March 2007 - 05:33 PM
Logfile of HijackThis v1.99.1
Scan saved at 6:29:12 PM, on 3/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\TWEAKM~1\TMTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\KH Blocker\khb.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Weather Watcher\ww.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AdsGone\adsgone.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Football\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Fred\Application Data\Mozilla\Profiles\default\olcuyixv.slt\prefs.js)
O1 - Hosts: 216.77.188.41 home.bellsouth.net
O1 - Hosts: 209.40.97.64 ad2.m5-systems.com
O1 - Hosts: 63.71.15.89 wellspan-secure.org
O1 - Hosts: 63.71.8.111 web1.zixmail.net
O1 - Hosts: 66.135.202.164 cgi.ebay.com
O1 - Hosts: 66.135.192.34 pages.motors.ebay.com
O1 - Hosts: 70.84.70.85 forums.tomcoyote.org
O1 - Hosts: 205.255.236.10 www.amsouth.com
O1 - Hosts: 205.255.232.10 ibank.amsouth.com
O1 - Hosts: 72.246.119.132 home.americanexpress.com
O1 - Hosts: 12.29.100.25 www99.americanexpress.com
O1 - Hosts: 159.54.226.224 www.tennessean.com
O1 - Hosts: 194.129.79.7 view.atdmt.com
O1 - Hosts: 209.97.34.29 forums.tennessean.com
O1 - Hosts: 72.32.5.117 www.break.com
O1 - Hosts: 64.237.103.151 rotator.adjuggler.com
O1 - Hosts: 68.142.83.76 info.break.com
O1 - Hosts: 209.225.0.34 servedby.advertising.com
O1 - Hosts: 209.10.222.100 ad2.adecn.com
O1 - Hosts: 66.35.208.150 media.adrevolver.com
O1 - Hosts: 72.14.209.104 pagead2.googlesyndication.com
O1 - Hosts: 68.142.197.198 my.yahoo.com
O1 - Hosts: 69.147.112.160 login.yahoo.com
O1 - Hosts: 209.191.123.14 sports.yahoo.com
O1 - Hosts: 206.190.39.151 us.f526.mail.yahoo.com
O1 - Hosts: 209.191.86.116 us.f387.mail.yahoo.com
O1 - Hosts: 69.147.114.210 www.yahoo.com
O1 - Hosts: 207.46.199.30 www.microsoft.com
O1 - Hosts: 207.68.178.12 rad.microsoft.com
O1 - Hosts: 65.55.192.126 update.microsoft.com
O1 - Hosts: 207.46.211.252 c.microsoft.com
O1 - Hosts: 207.46.248.248 support.microsoft.com
O1 - Hosts: 207.138.126.191 download.microsoft.com
O1 - Hosts: 68.142.197.58 calendar.yahoo.com
O1 - Hosts: 209.160.65.87 virusscan.jotti.org
O1 - Hosts: 70.84.70.85 www.tomcoyote.org
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O1 - Hosts: 216.180.231.76 asap.maddoktor2.com
O1 - Hosts: 82.165.180.19 www.malwarecomplaints.info
O1 - Hosts: 206.190.56.229 finance.yahoo.com
O1 - Hosts: 216.252.106.98 streamerapi.finance.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: TweakMASTER Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~1\TweakBHO.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TweakMASTER] "C:\PROGRA~1\TWEAKM~1\TMTray.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [KH Blocker] C:\Program Files\KH Blocker\khb.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [WeatherWatcher] C:\Program Files\Weather Watcher\ww.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AdsGone 2006.lnk = C:\Program Files\AdsGone\adsgone.exe
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1170805567156
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
#34
Posted 08 March 2007 - 09:41 PM
Disable Microsoft Windows Defender:
We need to disable your Microsoft Windows Defender Real-time Protection as it may interfere with the fixes that we need to make.
- Open Microsoft Windows Defender. Click Start, Programs, Windows Defender
- Click on Tools, General Settings.
- Under Real-time protection options, unselect the Turn on real-time protection check box
- Click Save
Scan with HijackThis. Place a check against each of the following:
O1 - Hosts: 216.77.188.41 home.bellsouth.net
O1 - Hosts: 209.40.97.64 ad2.m5-systems.com
O1 - Hosts: 63.71.15.89 wellspan-secure.org
O1 - Hosts: 63.71.8.111 web1.zixmail.net
O1 - Hosts: 66.135.202.164 cgi.ebay.com
O1 - Hosts: 66.135.192.34 pages.motors.ebay.com
O1 - Hosts: 70.84.70.85 forums.tomcoyote.org
O1 - Hosts: 205.255.236.10 www.amsouth.com
O1 - Hosts: 205.255.232.10 ibank.amsouth.com
O1 - Hosts: 72.246.119.132 home.americanexpress.com
O1 - Hosts: 12.29.100.25 www99.americanexpress.com
O1 - Hosts: 159.54.226.224 www.tennessean.com
O1 - Hosts: 194.129.79.7 view.atdmt.com
O1 - Hosts: 209.97.34.29 forums.tennessean.com
O1 - Hosts: 72.32.5.117 www.break.com
O1 - Hosts: 64.237.103.151 rotator.adjuggler.com
O1 - Hosts: 68.142.83.76 info.break.com
O1 - Hosts: 209.225.0.34 servedby.advertising.com
O1 - Hosts: 209.10.222.100 ad2.adecn.com
O1 - Hosts: 66.35.208.150 media.adrevolver.com
O1 - Hosts: 72.14.209.104 pagead2.googlesyndication.com
O1 - Hosts: 68.142.197.198 my.yahoo.com
O1 - Hosts: 69.147.112.160 login.yahoo.com
O1 - Hosts: 209.191.123.14 sports.yahoo.com
O1 - Hosts: 206.190.39.151 us.f526.mail.yahoo.com
O1 - Hosts: 209.191.86.116 us.f387.mail.yahoo.com
O1 - Hosts: 69.147.114.210 www.yahoo.com
O1 - Hosts: 207.46.199.30 www.microsoft.com
O1 - Hosts: 207.68.178.12 rad.microsoft.com
O1 - Hosts: 65.55.192.126 update.microsoft.com
O1 - Hosts: 207.46.211.252 c.microsoft.com
O1 - Hosts: 207.46.248.248 support.microsoft.com
O1 - Hosts: 207.138.126.191 download.microsoft.com
O1 - Hosts: 68.142.197.58 calendar.yahoo.com
O1 - Hosts: 209.160.65.87 virusscan.jotti.org
O1 - Hosts: 70.84.70.85 www.tomcoyote.org
O1 - Hosts: 202.27.184.102 www.xtra.co.nz
O1 - Hosts: 216.180.231.76 asap.maddoktor2.com
O1 - Hosts: 82.165.180.19 www.malwarecomplaints.info
O1 - Hosts: 206.190.56.229 finance.yahoo.com
O1 - Hosts: 216.252.106.98 streamerapi.finance.yahoo.com
Close all windows or browsers except for Hijackthis. Click on Fix Checked when finished and exit HijackThis.
================
If they still don't die:
Make Sure Internet Explorer is NOT open when trying this)
Launch HijackThis, Select None of the above, Click Config, click the 'Open'Misc Tools'Section -> 'Open hosts file manager'. Delete every line (select each line and click 'Delete line(s)') except the very first top lines beginning with # and: 127.0.0.1 localhost
Once finished, click the 'Open in Notepad' button. It should look like this:
# Copyright © 1993-1999 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost
=============
I would like to check some registry settings please.
Create a new folder on the desktop.
Copy the contents of this next code box to Notepad.
Name the file inspect.bat
Save as Type: All files
Save in that new folder on the desktop.
Double click on inspect.bat and let it run.
When finished it will open a file in Notepad.
That file will be named lsa.txt
Please post the contents of lsa.txt into your next reply here.
If not exist Files MkDir Files regedit /a /e files\2.txt HKEY_CURRENT_USER\Software\Microsoft\OLE regedit /a /e files\3.txt HKEY_CURRENT_USER\System\CurrentControlSet\Control\Lsa regedit /a /e files\4.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Ole regedit /a /e files\5.txt HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa regedit /e /a files\6.txt HKEY_USERS\DEFAULT\SYSTEM\CURRENTCONTROLSET\CONTROL\LSA regedit /a /e files\7.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center" regedit /a /e files\8.txt "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center" Regedit /a /e files\9.txt HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies Regedit /a /e files\10.txt HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies Regedit /a /e files\11.txt HKEY_LOCAL_MACHINE\SOFTWARE\Policies\WindowsFirewall Regedit /a /e files\12.txt HKEY_CURRENT_USER\SOFTWARE\Policies\WindowsFirewall regedit /a /e files\13.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters regedit /a /e files\14.txt HKEY_LOCAL_MACHINE\SYSTEM\Services\SharedAccess Copy files\*.txt = lsa.txt rmdir /s /q files Start Notepad lsa.txt
===========
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#35
Posted 08 March 2007 - 10:43 PM
#36
Posted 08 March 2007 - 11:10 PM
#37
Posted 09 March 2007 - 07:34 AM
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#38
Posted 19 March 2007 - 11:45 PM
Edited by Susan528, 19 March 2007 - 11:45 PM.
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
#39
Posted 20 March 2007 - 04:38 PM
Logfile of HijackThis v1.99.1
Scan saved at 6:22:22 PM, on 3/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\tbctray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Football\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://home.bellsouth.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bellsouth.net/
N3 - Netscape 7: user_pref("browser.search.defaultengine", "http://www.google.com/"); (C:\Documents and Settings\Fred\Application Data\Mozilla\Profiles\default\olcuyixv.slt\prefs.js)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboForm.dll
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: Customize Menu &4 - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: Fill Forms &] - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms &[ - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onec...lscbase9602.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1170805567156
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.5.0) - http://javadl-esd.su...indows-i586.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: avgwlntf - C:\WINDOWS\SYSTEM32\avgwlntf.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
#40
Posted 20 March 2007 - 08:57 PM
Your hijackthis log appears to be clean. No 01s and no Tweakmaster! You do need to update your Java though. Please do the following to help keep your system malware-free.
STEP 1.
======
DON’T BECOME OVERCONFIDENT WITH ANTIVIRUS APPLICATIONS INSTALLED!!!
auggust, your log appears to be clean. You need to update your Java though. Please do the following to help keep your system clean.
http://forum.malware...39eba6ea0b5e8ee
Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.
"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."
Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
- Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
- Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
- Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
A tutorial on installing & using this product can be found here:
Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
- Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
A tutorial on installing & using this product can be found here:
Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
- Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware
- Updating Java
- Download the latest version of Java Runtime Environment (JRE) 6.0.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
- Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
- More info on how to prevent malware you can also find here (By Tony Klein)
Thank you for allowing me to assist you.
Susan
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
Register to Remove
#41
Posted 22 March 2007 - 04:05 AM
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
Make sure you use proper prevention to keep from having problems occur to your computer in the future.
Coyote's Installed programs for prevention:
http://forums.tomcoy...showtopic=31418
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Visit the CoyoteStore http://TomCoyote.org/coyotestore.php
Proud member of ASAP since 2005
The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.
Want to help others? Come join us in the Class Room and learn how.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users