Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93081 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Trojan.CWSMeup.b


  • This topic is locked This topic is locked
91 replies to this topic

#16 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 19 March 2007 - 05:47 AM

Good work cortspop! :) Your logs appear to be clean. GMER found no rootkits!
Please follow the following steps to help keep your system malware-free!

STEP 1.
======
System Restore for Windows XP
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
  • Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Reboot.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check *Turn off System Restore*.
  • Click Apply, and then click OK.

STEP 2.
======
DON’T BECOME OVERCONFIDENT WITH ANTIVIRUS APPLICATIONS INSTALLED!!!

http://forum.malware...39eba6ea0b5e8ee

Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.

"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."


Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  • More info on how to prevent malware you can also find here (By Tony Klein)
Follow this list and your potential for being infected again will reduce dramatically.

Thank you for allowing me to assist you.

Susan
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

    Advertisements

Register to Remove


#17 cortspop

cortspop

    Authentic Member

  • Authentic Member
  • PipPip
  • 162 posts

Posted 19 March 2007 - 07:41 PM

Thank you so much, Susan. I had a problem getting online but contacted McAfee and they sent me a tool to fix McAfee. Computer seems to be working perfectly now. Thanks again! Marty

#18 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 19 March 2007 - 11:09 PM

Glad everything is working fine now! :) You are welcome and thanks for using TomCoyote.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#19 cortspop

cortspop

    Authentic Member

  • Authentic Member
  • PipPip
  • 162 posts

Posted 20 March 2007 - 04:57 AM

Am I supposed to reenable tea timer now? Exactly how do I do that?

#20 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 20 March 2007 - 05:54 AM

http://www.malwarehe...t-teatimer.html

Here's a link above to show how to enable TeaTimer.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#21 cortspop

cortspop

    Authentic Member

  • Authentic Member
  • PipPip
  • 162 posts

Posted 20 March 2007 - 05:18 PM

When I try to re-enable tea timer I get a barrage of pop-ups asking to allow or deny changes and I have no idea what they are asking. When I click deny another one immediately pops up. What do I do? Marty

#22 cortspop

cortspop

    Authentic Member

  • Authentic Member
  • PipPip
  • 162 posts

Posted 20 March 2007 - 08:11 PM

Until further instructions, I have unchecked Tea timer to stop the pop-ups and have left Spybot open and just minimized it. Please help!! It seems like I have heard that there are problems with the McAfee-Spybot combination. I have McAfee free with my Comcast service so I would like to keep it if possible. Marty

#23 cortspop

cortspop

    Authentic Member

  • Authentic Member
  • PipPip
  • 162 posts

Posted 21 March 2007 - 05:17 AM

I have now closed Spybot but I need further instructions. Marty

#24 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 21 March 2007 - 06:39 AM

Hi Marty,

Try this and see if it affects the TeaTimer. Let me know.

http://forums.spybot...read.php?t=3922
How can I disable the notifications popping up when a download was blocked (e.g. Avenue A, Inc., DoubleClick)?

This message is created by the bad download blocker for IE, a tool of Spybot-S&D. Please run Spybot-S&D and go to the Immunize page. There you will find a drop down menu where you should select Block all bad pages silently. With that option set the notifications will no longer come up, but you will still have the protection.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#25 cortspop

cortspop

    Authentic Member

  • Authentic Member
  • PipPip
  • 162 posts

Posted 21 March 2007 - 07:39 PM

This time when I re-enable Tea Timer I do not get the barrage of pop-ups. I noticed two things: 1. The instructions show the checkbox above "Block all bad pages silently" unchecked. My box is checked by "Enable permanent blocking of bad addresses in Internet Explorer." 2. When I click on the Resident mode of Spybot I notice that the box beside "Resident 'SD Helper' (Internet Explorer bad download blocker) active" is checked and the instructions show it unchecked. Do I need to change these settings? Also, after re-enabling Tea Timer and starting Internet Explorer I get a pop-up from McAfee that asks whether I want to allow a registry change. When I deny it, I get a row of 5 pop-ups from Spybot saying "20:25 Registry change denied Resident denied the change of Search Assistant (category Browser page) based on your black list." Help!!!

    Advertisements

Register to Remove


#26 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 21 March 2007 - 08:22 PM

For the Resident IE try Block all pages silently- the top and Use Resident in IE sessions- the bottom Let me know if this helps.
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#27 cortspop

cortspop

    Authentic Member

  • Authentic Member
  • PipPip
  • 162 posts

Posted 22 March 2007 - 05:19 AM

I don't understand this last instruction. Are you saying un-check "Resident 'SD Helper' (Internet Explorer bad download blocker) active"? under resident protection status and also uncheck "Enable permanent blocking of bad addresses in Internet Explorer" ?

#28 Susan528

Susan528

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 3,194 posts

Posted 22 March 2007 - 05:50 AM

Try this:

Posted Image
Posted Image

Proud member of ASAP since 2005

The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Come join us in the Class Room and learn how.

#29 cortspop

cortspop

    Authentic Member

  • Authentic Member
  • PipPip
  • 162 posts

Posted 22 March 2007 - 04:21 PM

This isn't how my Spybot looks. I am very confused. When I click Immunize I get a pop-up saying "All known bad products are already blocked." There is an "OK" block to click to get rid of this pop-up. After clicking "OK" I get the Immunize page and there is a green checkmark with a message that says "All known bad products are already blocked" Under this in blue is the message "Permanently running bad download blocker for Internet Explorer" Under this is another green checkmark with the message "Browser Helper to block bad downloads is installed." Under this is a checkbox that is checked with the message "Enable permanent blocking of bad addresses in Internet Explorer" Under this is the drop-down box with the 3 choices. "Block all bad pages silently." is highlighted. When I click on the Tools menu "Resident" is checked in the right column. Checking Resident in the left column produces two checkboxes: 1. Resident SD Helper active 2. Resident Tea Timer active Both of these checkboxes are checked. I am still getting the five pop-ups from Spybot but now they are blank except for "not responding".

#30 cortspop

cortspop

    Authentic Member

  • Authentic Member
  • PipPip
  • 162 posts

Posted 23 March 2007 - 05:05 AM

This morning when I turned on the computer I am still getting the 5 pop-ups saying "Registry change denied. Resident denied the change of Search Assistant (category Browser page) based on your black list."

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users