Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91983 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Ie Popups Em.pc-on-internet.com And Avsystemcare


  • This topic is locked This topic is locked
7 replies to this topic

#1 matt_james27

matt_james27

    New Member

  • Authentic Member
  • Pip
  • 3 posts

Posted 12 September 2007 - 11:49 AM

Hello, I've been regularly getting internet explorer popups which start at em.pc-on-internet.com then redirect to ads or spyware software ads, in particular : AVSystemCare
I've tried scanning with Ad-Aware and Spybot with no luck, any help is greatly appreciated :weee:

also i did a google search and found a program that automatically adds a bunch of ad weblinks to your restricted sites under internet explorer options o i used it and think because of this now i cannot edit my internet explorer security settings, they are all greyed out and at teh bottom it says : some settings are managed by your system administrator how can i solve this? system restore? i cant rmemeber the programs name

here is my hijackthis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:35:07, on 12/09/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Users\Yasin\AppData\Local\Microsoft\bymhohhv.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9c.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SystemTraySD] C:\Program Files\SpywareDetector\SDSystemTray.exe -AUTO
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [CTRegRun] C:\Windows\CTRegRun.EXE
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [bymhohhv] c:\users\yasin\appdata\local\microsoft\bymhohhv.exe bymhohhv
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {4E62C4DE-627D-4604-B157-4B7D6B09F02E} (AccountTracking Profile Manager Class) - https://moneymanager...unttracking.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} -
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} -
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} -
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} -
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: SDService - Max Secure Software - C:\Program Files\SpywareDetector\SDService.exe

--
End of file - 8685 bytes

hi thanks for quik reply, here's everything:



ACDSee 9 Photo Manager
Ad-Aware 2007
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Reader 8.1.0
Adobe Shockwave Player
Apple Mobile Device Support
Apple Software Update
Ares 2.0.9
ATW
AVerMedia M779 Driver
BitComet 0.91
Broadcom 440x 10/100 Integrated Controller
Broadcom Management Programs
CCleaner (remove only)
CDDRV_Installer
CleanUp!
Creative ALchemy (X-Fi Edition)
Creative Audio Console
Creative MediaSource 5
Cucusoft DVD to iPod + iPod Video Converter Suite 6.1.5.15
DivX Content Uploader
DivX Converter
DivX Player
DivX Web Player
DSA Theory Test
DVD Decrypter (Remove Only)
DVD Shrink 3.2
Feeding Frenzy 2
HijackThis 2.0.2
iTunes
iTunes Library Updater
J2SE Runtime Environment 5.0 Update 9
Java™ SE Runtime Environment 6 Update 1
KhalInstallWrapper
K-Lite Codec Pack 3.4.0 Full
LimeWire PRO 4.13.0
Logitech Audio Echo Cancellation Component
Logitech Communications Manager
Logitech Desktop Messenger
Logitech SetPoint
Macromedia Flash Player 8
Mega Manager
Messenger Plus! Live & Sponsor (CiD)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB929729)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
MpcStar 1.9
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
Nero 7 Premium
neroxml
NOD32 antivirus system
NOD32 FiX
OpenAL
Opera 9.23
PSP Video 9 2.25
QuickTime
RealPlayer
Security Update for Excel 2007 (KB936509)
Security Update for Office 2007 (KB934062)
Security Update for Office 2007 (KB936514)
Security Update for Publisher 2007 (KB936646)
Security Update for the 2007 Microsoft Office System (KB936960)
SimCity 4 Deluxe
SimsWeather (remove only)
Sothink PSP Video Converter
Spybot - Search & Destroy 1.4
Spyware Detector
Spyware Doctor 5.0
The Sims 2
The Sims 2 Family Fun Stuff
The Sims 2 Pets
The Sims 2 University
The Sims™ 2 H&M® Fashion Stuff
The Sims™ 2 Seasons
TomTom HOME
Update for Office 2007 (KB932080)
Update for Office 2007 (KB934391)
Update for Office 2007 (KB934393)
Update for Outlook 2007 (KB937608)
Update for Outlook 2007 Junk Email Filter (kb936644)
Update for Word 2007 (KB934173)
VideoLAN VLC media player 0.8.6b
Vista Codec Package
VobSub v2.23 (Remove Only)
WD Diagnostics
WD Spindown or Stop Utility for External Drive, v1.00
Windows Live Messenger
Windows Live Sign-in Assistant
WinRAR archiver

Edited by LDTate, 12 September 2007 - 06:16 PM.

    Advertisements

Register to Remove


#2 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 18 September 2007 - 10:42 PM

Hi matt_james27,

The program that has locked your IE setting is probably Spybot S&D, here is a quote from it's help file, you probably need to run Spybot as an administrator (right-click the icon to do this) in order for this to work:

Internet Explorer tells you to contact your administrator when you try to access the IE settings?

This can happen if you use Spybot-S&D in advanced mode and you have used the Immunize feature without reading all the text.

Please start Spybot-S&D again in advanced mode (usually from the Start menu group Spybot - Search & Destroy, until you have already changed the desktop icon to advanced mode).
Select Tools in the left bar, then IE tweaks.
There you will see a group Recommended miscellaneous locks. Untick the checkboxes in front of both Lock IE... options.
You may need to close all Explorer windows, and maybe even restart Windows before these changes take place.
Hint: this lock function has been added mostly for multi-user environments where you would not want other users of your computer to change your IE settings. If you are the only user of your computer, there is no real need to enable them.


To clean your machine, first we need to uninstall some programs, please open Start->Control Panel->Programs and Features
Find and uninstall these:

J2SE Runtime Environment 5.0 Update 9
Java™ SE Runtime Environment 6 Update 1
Messenger Plus! Live & Sponsor (CiD)

Messenger Plus is bundled with malware, and the Java installations are out of date and now a security risk, you can get the latest update (version 6 update 2) from here

You appear to be using a cracked version if NOD32. Cracked programs are illegal, and cracked versions of security software are not reliable. Please uninstall NOD32 and NOD32FiX and install a legal antivirus program. I recommend you choose one of these free products which offer equivalent protection:
Antivir: http://www.free-av.com/
AVG Antivirus: http://free.grisoft.com/doc/1
Whichever antivirus program you choose, make sure you update it with the latest definitions and set it to automatically update itself.

You have the Megaupload Toolbar installed, this software tracks the websites you visit and provides the information to advertisers. I recommend you remove it, to do so, find and remove Mega Manager.

You have a program called Spyware Detector installed on your computer. This program was until recently classified as a Rogue antispyware program. Typically, these programs do not provide any security benefits, and use false positives to goad users into purchasing a full version of the program. I strongly suggest you remove it - to do so, find SpywareDetector and remove it.

You have Logitech Desktop Messenger installed on your system. This is a background process which can access the internet without your knowledge or consent. Although it can assist in providing software updates for your Logitech hardware, it uses resources on your machine and the fact that it accesses the internet without your approval is potentially dangerous. I recommend you remove this program, to do so, find Logitech Desktop Messenger and remove it.

You have several P2P file sharing programs installed on your computer. These particular programs do not come bundled with malware as some P2P programs do, but peer-to-peer file sharing networks are one of the biggest sources of malware we see. Anything downloaded from them cannot be trusted to be clean, because even if the file appears to be what it claims to be, it can have malware embedded in it.
I recommend you remove it, but of course the choice is yours. To remove, find and remove these programs:

BitComet incl toolbar BitComet 0.91
LimeWire PRO 4.13.0
Ares 2.0.9


Then, open HijackThis (right-click and select Run as administrator), choose Do a system scan only and place a checkmark next to the following lines:

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O4 - HKCU\..\Run: [bymhohhv] c:\users\yasin\appdata\local\microsoft\bymhohhv.exe bymhohhv

These lines are associated with BitComet, Mega Manager and Logitech Desktop Messenger, please check the lines associated with the programs you have removed:

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.7.4.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: Download Link Using Mega Manager... - C:\Program Files\Megaupload\Mega Manager\mm_file.htm

Then close all open windows apart from HijackThis, press Fix checked, OK the prompt and close HijackThis.

Then, reboot your computer.

Make hidden/system files and folders visible:
Click Start Orb-> Computer, press Alt once, then from the top menu select Tools, Click Folder Options and select the View tab
Under the Hidden files and folders heading SELECT Show hidden files and folders
UNCHECK the Hide extensions for known file types option
UNCHECK the Hide protected operating system files (recommended) option
Click Yes to confirm and press OK

Use Windows Explorer (right-click Start, select Explore) to find and delete the following file:

C:\Users\Yasin\AppData\Local\Microsoft\bymhohhv.exe

If it not present then that's OK but if you have trouble deleting it, please let me know in your next response.

Next press Start, copy/paste the following command (it's one long command) into the search box. Hold down Shift and Ctrl then press Enter to execute it:

cmd /c dir /a /s c:\bymhohhv*.* >> "%userprofile%\desktop\look.txt"

A black box and a file on your Desktop called look.txt. Please wait until the black box closes before opening look.txt. Post the contents of look.txt in your next response.

Download Dr.WEB CureIt to your desktop from here:
ftp://ftp.drweb.com/pub/drweb/cureit/cureit.exe
  • Right-click cureit.exe and choose Run as administrator to start the program. Allow the UAC prompt.
  • Press Start and then OK to start the Express scan
  • The Express scan takes just a few moments to finish, if something is found, click Yes to cure it
  • Once the short scan has finished, Click Options->Change settings
  • Choose the Scan tab and UN-CHECK Heuristic analysis
  • Choose the Actions tab and next to Infected objects select Move, then press OK to close the settings box.
  • Note: please ensure you have made the settings changes BEFORE scanning
  • Select all hard drives to be scanned by clicking on them - choose all drives - a red dot confirms they will be scanned
  • Click the green arrow on the right to start the scan
  • Click Yes to all if it asks if you want to move a file
  • Click File-> Save report list and save the report to your desktop
  • Close Dr.Web Cureit and reboot your computer (this is important as files may be moved/deleted during reboot)
Once complete, please post the Dr Web report and a new HijackThis log.
ASAP & UNITE Member

#3 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 21 September 2007 - 11:55 PM

Hi, Do you still need help with your machine? If the instructions are unclear or something isn't working, please let me know before proceeding.
ASAP & UNITE Member

#4 matt_james27

matt_james27

    New Member

  • Authentic Member
  • Pip
  • 3 posts

Posted 23 September 2007 - 02:58 PM

hello, sorry for late response, i found sum folders called brontok... which is a worm/virus? so in the end i just backed up my stuff, virus scanned it, formatted pc and reinstalled windows from scratch. the cure it scanner you gave me took hours and hours and would not finish, so i gave up many thanks for all your help though, please close this thread thnx again matt

#5 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 23 September 2007 - 07:19 PM

Hi matt_james27,

I'm sorry to hear you had difficulty :( however it's good to hear your problems are resolved.

Here are some tips to help you keep your computer clean:

Spywareblaster is a free program which prevents the download and installation of Internet Explorer ActiveX based malware by immunizing your system against it. You can download Spywareblaster from here and a tutorial to help you get started is available here.

Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Please take care when downloading programs. One of the easiest ways to be infected is to download freeware/shareware programs which come laden with malware - this includes allowing websites to install browser plug-ins orActiveX controls. Before downloading, it is crucial to check whether the source is reputable.
One way to check is to use McAfee SiteAdvisor. Copy the domain name into the space provided and SiteAdvisor will give you a report on the website which can help you decide if it is safe. They also have a toolbar for IE and Firefox which adds this functionality to your browser.

Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

Find out more about how to prevent infection in the future
http://forum.malware...pic.php?p=33687

Please post back to let me know that you have read this, and if there are any further issues.
ASAP & UNITE Member

#6 matt_james27

matt_james27

    New Member

  • Authentic Member
  • Pip
  • 3 posts

Posted 25 September 2007 - 07:30 AM

thnx for the advice will be using some of it :)

#7 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 25 September 2007 - 07:33 AM

You're most welcome :) best of luck
ASAP & UNITE Member

#8 silver

silver

    Malware Expert Emeritus

  • Authentic Member
  • PipPipPipPipPip
  • 2,994 posts

Posted 25 September 2007 - 07:34 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
ASAP & UNITE Member

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users