Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93104 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Secure PC Cleaner Malware/Adware


  • This topic is locked This topic is locked
14 replies to this topic

#1 BonusLevel

BonusLevel

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 07 January 2008 - 05:15 AM

A webpage called Secure PC Cleaner has hijacked my computer and changes the background to a scary "YOUR PRIVACY IS IN DANGER" picture. Various fake claims of spyware keep popping up in Windows-esque alert boxes. Help! Here is my log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:51:56 PM, on 1/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\eSnips\ClientGW.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\Chatango\Chatango.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\XP Antivirus\xpantiviruspro.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Shao Jie\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com.sg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: BDEX System - {5085333B-FD15-4754-A571-852F7077C5F2} - C:\WINDOWS\dxpvqlmqng.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O3 - Toolbar: The ensfolr - {A037112F-183D-4E98-8CEA-1A0D93BA9F48} - C:\WINDOWS\ensfolr.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [eSnips] "C:\Program Files\eSnips\ClientGW.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Total Uninstall Agent] "C:\Program Files\Total Uninstall 4\TuAgent.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Chatango] C:\Program Files\Chatango\Chatango.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [XP Antivirus] C:\Program Files\XP Antivirus\xpantiviruspro.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Shao Jie\Local Settings\Temp\{D6FF3341-90C8-4384-8C6D-D8CF34ADCDFD}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} (SmartCode ViewerX VNC Control) - http://www.s-code.co...cab/viewerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1138330133975
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: prodigy1 - {063D3E58-85A4-45D8-B7BB-6ACE6D775774} - prodigys323.dll (file missing)
O21 - SSODL: ampkfst - {DBFA195B-B2F4-4F65-8858-D6C84844358E} - C:\WINDOWS\ampkfst.dll
O21 - SSODL: bklgvsf - {2C740C51-6A0B-46C5-9A14-C6119463F41B} - C:\WINDOWS\bklgvsf.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 11964 bytes

Please help ASAP. Thanks!

    Advertisements

Register to Remove


#2 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 11 January 2008 - 02:16 PM

Hello, and welcome to the forum.

My name is Simon V., and I'll be glad to help you with your computer problems.

Step 1

Please download SmitfraudFix (by S!ri).

  • Double-click on SmitfraudFix.exe. A screen will pop up. Select Option 1 (Search) by typing 1 and hit Enter. A text file will appear, which will list the infected files. Save it to a convenient location.
  • The log will also be saved here: C:\rapport.txt

Note: process.exe is detected by some Anti-Virus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.

Step 2

Please download and install CCleaner.

Open CCleaner. On the Windows tab, leave the default options alone.

  • On the Applications tab, check (tick) all the boxes except Saved Form Information. This will remove all your saved passwords if you leave this box checked.
  • Click on the Run Cleaner button at the bottom right hand corner.
  • When the cleaner has finisihed, click Tools in the Left Pane.
  • Verify that Uninstall is highlighted in color, or click on it.
  • In the lower right, click Save to Text File.
  • Pull down the arrow at the top of the Save dialog and choose Desktop as the location.
  • You can leave the filename as install.txt.
  • Click Save, then exit Ccleaner.

Step 3

In your next reply, please post:

  • the SmitfraudFix log (C:\rapport.txt)
  • the CCleaner Uninstall List (install.txt)
  • a new HijackThis log


#3 BonusLevel

BonusLevel

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 12 January 2008 - 02:03 AM

Sorry, but I have referred to the other posts others had made and finally solved the problem! Sorry for the inconvenience caused. Thanks for the help! However, I am worried that there might be traces of the Adware in my hard drive. What can I do to make sure that there isn't?

#4 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 12 January 2008 - 04:39 AM

Hi :)

I'm glad your problem is solved. We'll check whether traces are left by running an online scan:

Close all programs before continuing, and try not to run anything during the scan.

Please do an online scan with Kaspersky WebScanner. (You will need to use Internet Explorer to run this scan)

On the welcome screen, click Accept.

You will be promted to install an ActiveX component from Kaspersky, click Install.

  • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on Next.
  • Now click on Scan Settings.
  • In the scan settings make sure that the following are selected:

  • Scan using the following Anti-Virus database:

    Extended (if available, otherwise Standard)

  • Scan Options:

    Scan Archives
    Scan Mail Bases

  • Click OK.
  • Now under Select a Target to Scan:

    Select My Computer.

  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button and save the file to your desktop. Post the contents of the Kaspersky Online Scan report in your next reply.


#5 BonusLevel

BonusLevel

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 12 January 2008 - 08:13 AM

So far, the scanner has done 39%, detected 1 virus, 3 infected files and has been running for an hour and a half. I'll update when it's done... Thanks, Simon!

EDIT----
The Scanner's done already and boy, do I have infected items! But I have a question... Why do they skip so many files? And I know that they are locked, but is it safe to be UNABLE to open them?

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, January 13, 2008 7:20:30 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 12/01/2008
Kaspersky Anti-Virus database records: 508736
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 234493
Number of viruses found: 15
Number of infected objects: 67
Number of suspicious objects: 0
Duration of the scan process: 04:27:54

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\Adobe Reader Speed Launch.lnk Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\AppleSoftwareUpdate.job Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BrtINS32.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BrtINST.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\BrtINSTL.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\Check Updates for Windows Live Toolbar.job Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\Dos_Command.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\FileNameStartUpAllUsers.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\FileNameStartUpCurrentUser.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\LOG_FileVer.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\LOG_FileVer2.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\Microsoft Office.lnk Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\P1_BR_collect.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\P3_FileVer.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\P3_os_info.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\P4_Brother.reg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\P4_Modem.reg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\P4_run.reg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\P4_ScnDev.reg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\P4_USB_chip.reg Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\PrinterList.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\ProcessList.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\Progress_log_collect.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Brother\BrLog\BrCollectDir\SetUpAPI.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shao Jie\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\cert8.db Object is locked skipped
C:\Documents and Settings\Shao Jie\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\GoogleToolbarData\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Shao Jie\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\history.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\key3.db Object is locked skipped
C:\Documents and Settings\Shao Jie\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\parent.lock Object is locked skipped
C:\Documents and Settings\Shao Jie\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Shao Jie\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Shao Jie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Shao Jie\Application Data\Teleca\Telecalib\Logging\Application logs\SpecificUSB_log.txt Object is locked skipped
C:\Documents and Settings\Shao Jie\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\Desktop\Sy's\games\Neses\NES\fceu-0.98.12.win.zip/fceu.exe Infected: Trojan-Dropper.Win32.Agent.dmj skipped
C:\Documents and Settings\Shao Jie\Desktop\Sy's\games\Neses\NES\fceu-0.98.12.win.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Shao Jie\Desktop\Sy's\games\Neses\NES\fceu.exe Infected: Trojan-Dropper.Win32.Agent.dmj skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Microsoft\Messenger\tan_shaoyun@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Microsoft\Messenger\tan_shaoyun@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Microsoft\Messenger\tan_shaoyun@hotmail.com\SharingMetadata\Working\database_B6D4_FC49_D4FC_CFD\dfsr.db Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Microsoft\Messenger\tan_shaoyun@hotmail.com\SharingMetadata\Working\database_B6D4_FC49_D4FC_CFD\fsr.log Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Microsoft\Messenger\tan_shaoyun@hotmail.com\SharingMetadata\Working\database_B6D4_FC49_D4FC_CFD\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Microsoft\Messenger\tan_shaoyun@hotmail.com\SharingMetadata\Working\database_B6D4_FC49_D4FC_CFD\tmp.edb Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Microsoft\Windows Live Contacts\tan_shaoyun@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Microsoft\Windows Live Contacts\tan_shaoyun@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Application Data\Mozilla\Firefox\Profiles\ywxkai7m.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\History\History.IE5\MSHist012008011220080113\index.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Temp\flaDD7.tmp Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Temp\Perflib_Perfdata_640.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Temp\Perflib_Perfdata_dcc.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Temp\Perflib_Perfdata_f4c.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Temp\~DF10A5.tmp Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Temp\~DF10C1.tmp Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Temp\~DF427C.tmp Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Temp\~DF436D.tmp Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Temp\~DFDE28.tmp Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Shao Jie\My Documents\My Chat Logs\January 2008\fuzzywuzzy_bunny@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Shao Jie\My Documents\My Chat Logs\January 2008\gnakgnim@hotmail.com.html Object is locked skipped
C:\Documents and Settings\Shao Jie\My Documents\My Chat Logs\January 2008\ngyzj@yahoo.com.sg.html Object is locked skipped
C:\Documents and Settings\Shao Jie\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Shao Jie\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Shao Jie\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Shao Yun\My Documents\Backups\Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\Documents and Settings\Shao Yun\My Documents\Backups\Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\Documents and Settings\Shao Yun\My Documents\Backups\Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\Documents and Settings\Shao Yun\My Documents\Backups\Vista Transformation Pack 6.0.exe WiseSFX: infected - 3 skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\cache\FND7A.NFI Infected: Trojan-Downloader.Win32.Small.fwb skipped
C:\Program Files\ESET\cache\FND7C.NFI Infected: Trojan-Downloader.Win32.PurityScan.eu skipped
C:\Program Files\ESET\cache\FND8A.NFI Infected: Backdoor.Win32.Rbot.cmx skipped
C:\Program Files\ESET\infected\5VW5ENDA.NQF Infected: Trojan-PSW.Win32.WOW.ru skipped
C:\Program Files\ESET\infected\OVQR05DA.NQF Infected: Trojan-Downloader.Win32.Small.fwb skipped
C:\Program Files\ESET\infected\PSRE2YDA.NQF/data0007 Infected: Trojan-Downloader.Win32.Zlob.bqu skipped
C:\Program Files\ESET\infected\PSRE2YDA.NQF NSIS: infected - 1 skipped
C:\Program Files\ESET\infected\PSRE2YDA.NQF PE-Crypt.XorPE: infected - 1 skipped
C:\Program Files\ESET\infected\RR5BXLCA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.csg skipped
C:\Program Files\ESET\infected\RR5BXLCA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.csg skipped
C:\Program Files\ESET\infected\RR5BXLCA.NQF NSIS: infected - 2 skipped
C:\Program Files\ESET\infected\RR5BXLCA.NQF PE-Crypt.XorPE: infected - 2 skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\QooBox\Quarantine\C\Documents and Settings\Shao Jie\Application Data\DOBE~1\spool32.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.eu skipped
C:\RECYCLER\S-1-5-21-725345543-839522115-2147124373-1004\Dc246.exe Infected: Backdoor.Win32.SdBot.bmq skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP191\A0056955.exe Object is locked skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP191\A0056963.exe Object is locked skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP191\A0056988.exe Object is locked skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP191\A0057001.exe Object is locked skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP191\A0057019.exe Object is locked skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP191\A0057021.exe Object is locked skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP191\A0057023.exe Object is locked skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP191\A0057024.exe Object is locked skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP191\A0057026.exe Object is locked skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP191\A0057027.exe Object is locked skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP195\A0060296.exe Infected: Backdoor.Win32.SdBot.bmq skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP202\A0061431.exe/data0006 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP202\A0061431.exe Inno: infected - 1 skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP219\A0066248.exe Infected: Trojan.Win32.Inject.pv skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP219\A0066250.exe Infected: Trojan.Win32.Obfuscated.mt skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP219\A0066251.exe Infected: Trojan-Downloader.Win32.PurityScan.eu skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP219\A0066257.exe Infected: Trojan-Downloader.Win32.PurityScan.eu skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP221\A0071572.exe/crack.exe Infected: Trojan-Downloader.Win32.Zlob.frk skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP221\A0071572.exe ZIP: infected - 1 skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP222\A0071584.exe Infected: Trojan-Downloader.Win32.PurityScan.eu skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP222\A0071635.exe Infected: not-a-virus:FraudTool.Win32.XPAntivirus.f skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP223\A0071871.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP223\A0071871.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP223\A0071871.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP223\A0071871.exe WiseSFX: infected - 3 skipped
C:\System Volume Information\_restore{003857D7-E1D2-4CD4-BED8-62CA0F7E9C46}\RP224\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\3165508e3239568e384e\update\update.exe Object is locked skipped
D:\3165508e3239568e384e\update\wpdinstallutil.dll Object is locked skipped
D:\b04b79cb6434eced3a\update\update.exe Object is locked skipped
D:\b04b79cb6434eced3a\update\wpdinstallutil.dll Object is locked skipped
D:\cdb29e0af5aaacd648af9595ba9e\update\update.exe Object is locked skipped
D:\RECYCLER\S-1-5-21-725345543-839522115-2147124373-1004\Dd1\My Documents\My Documents\vtp5_5\Vista Transformation Pack 5.5.exe/WISE0039.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\RECYCLER\S-1-5-21-725345543-839522115-2147124373-1004\Dd1\My Documents\My Documents\vtp5_5\Vista Transformation Pack 5.5.exe/WISE0058.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\RECYCLER\S-1-5-21-725345543-839522115-2147124373-1004\Dd1\My Documents\My Documents\vtp5_5\Vista Transformation Pack 5.5.exe/WISE0058.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\RECYCLER\S-1-5-21-725345543-839522115-2147124373-1004\Dd1\My Documents\My Documents\vtp5_5\Vista Transformation Pack 5.5.exe WiseSFX: infected - 3 skipped
D:\SY\Desktop\vtp6\Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\Desktop\vtp6\Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\Desktop\vtp6\Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\Desktop\vtp6\Vista Transformation Pack 6.0.exe WiseSFX: infected - 3 skipped
D:\SY\Desktop\vtp6.zip/Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\Desktop\vtp6.zip/Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\Desktop\vtp6.zip/Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\Desktop\vtp6.zip/Vista Transformation Pack 6.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\Desktop\vtp6.zip ZIP: infected - 4 skipped
D:\SY\My Documents\Backups\Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\My Documents\Backups\Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\My Documents\Backups\Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\My Documents\Backups\Vista Transformation Pack 6.0.exe WiseSFX: infected - 3 skipped
D:\SY\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\SY\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\SY\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
D:\SY\SmitfraudFix.exe RarSFX: infected - 2 skipped
D:\SY\Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\Vista Transformation Pack 6.0.exe WiseSFX: infected - 3 skipped
D:\SY\vtp6.zip/Vista Transformation Pack 6.0.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\vtp6.zip/Vista Transformation Pack 6.0.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\vtp6.zip/Vista Transformation Pack 6.0.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\vtp6.zip/Vista Transformation Pack 6.0.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
D:\SY\vtp6.zip ZIP: infected - 4 skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

Scan process completed.

Edited by BonusLevel, 12 January 2008 - 05:25 PM.


#6 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 13 January 2008 - 05:00 AM

Hi :)

Why do they skip so many files? And I know that they are locked, but is it safe to be UNABLE to open them?

They are locked because they were in use during the scan. Sometimes an infected file is locked, and the scanner can't access it. That's why they are reported, but it normally shouldn't be a problem that you can't access them.

Navigate to the following files using Windows Explorer and delete them when found:

C:\Documents and Settings\Shao Jie\Desktop\Sy's\games\Neses\NES\fceu-0.98.12.win.zip
C:\Documents and Settings\Shao Jie\Desktop\Sy's\games\Neses\NES\fceu.exe
C:\Program Files\ESET\cache\FND7A.NFI
C:\Program Files\ESET\cache\FND7C.NFI
C:\Program Files\ESET\cache\FND8A.NFI

Empty your Recycle Bin.

Please post a new HijackThis log in your next reply and tell me how your computer is currently running.

#7 BonusLevel

BonusLevel

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 13 January 2008 - 05:22 AM

Files found & deleted very easily. Thanks for the info, Simon!
By the way, what's the time at your country? I've been waiting since morning (12 hrs ago) and now its 7:20pm in Singapore.

Here's the log:

HijackThis Log--------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:19:27 PM, on 1/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\SiteAdvisor\6172\SAService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Shao Jie\Desktop\Anti-viruses\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.msn.com.sg
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O2 - BHO: BDEX System - {5085333B-FD15-4754-A571-852F7077C5F2} - C:\WINDOWS\dxpvqlmqng.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: del.icio.us Toolbar Helper - {7AA07AE6-01EF-44EC-93CA-9D7CD41CCDB6} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6172\SiteAdv.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O3 - Toolbar: del.icio.us - {981FE6A8-260C-4930-960F-C3BC82746CB0} - C:\Program Files\del.icio.us\Internet Explorer Buttons\dlcsIE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: eSnips - {ED1184DA-E57E-4480-99D0-A16809037F54} - C:\Program Files\eSnips\SnipBar.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6172\SiteAdv.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -startup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Total Uninstall Agent] "C:\Program Files\Total Uninstall 4\TuAgent.exe"
O4 - HKCU\..\Run: [RocketDock] "C:\WINDOWS\BricoPacks\Crystal Clear\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Startup: RollerCoaster Tycoon 3 Registration.lnk = C:\Documents and Settings\Shao Jie\Local Settings\Temp\{D6FF3341-90C8-4384-8C6D-D8CF34ADCDFD}\{907B4640-266B-4A21-92FB-CD1A86CD0F63}\ATR1.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Snip to my eSnips account - C:\Program Files\eSnips\res\SnipIt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {62FA83F7-20EC-4D62-AC86-BAB705EE1CCD} (SmartCode ViewerX VNC Control) - http://www.s-code.co...cab/viewerx.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1138330133975
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O21 - SSODL: ampkfst - {DBFA195B-B2F4-4F65-8858-D6C84844358E} - C:\WINDOWS\ampkfst.dll (file missing)
O21 - SSODL: bklgvsf - {2C740C51-6A0B-46C5-9A14-C6119463F41B} - C:\WINDOWS\bklgvsf.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SiteAdvisor Service - Unknown owner - C:\Program Files\SiteAdvisor\6172\SAService.exe

--
End of file - 11653 bytes

#8 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 13 January 2008 - 06:24 AM

Hi :)

I kinda missed your last post, hence the late reply. It's around 1 P.M. here.

Step 1

Open HijackThis, perform a scan and put a check next to the following items (if present):

O2 - BHO: BDEX System - {5085333B-FD15-4754-A571-852F7077C5F2} - C:\WINDOWS\dxpvqlmqng.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - Startup: PowerReg Scheduler V3.exe
O21 - SSODL: ampkfst - {DBFA195B-B2F4-4F65-8858-D6C84844358E} - C:\WINDOWS\ampkfst.dll (file missing)
O21 - SSODL: bklgvsf - {2C740C51-6A0B-46C5-9A14-C6119463F41B} - C:\WINDOWS\bklgvsf.dll (file missing)


Close all programs except HijackThis and click on Fix checked.

Step 2

Your Java software is out of date. Follow these instructions to update it:

  • Go to Start and click on Control Panel, then double-click on Add or Remove Programs.
  • Search for previously installed versions of Java (J2SE Runtime Environment), and remove it. It should have this icon next to it: Posted Image
  • Then download and install Java Runtime Environment (JRE) 6 Update 4.

Let me know if any problems remain in your next reply.

#9 BonusLevel

BonusLevel

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 13 January 2008 - 07:37 AM

The HijackThis deletions is done... But I can't seem to get the Java Runtime Environment (JRE) 6 Update 4. I always seem to download Update 3, which is shown in my Add or Remove Programs window. Why do I need to update Java?

P.S. I feel like joining the battle against Malware. Any suggestions?

#10 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 13 January 2008 - 07:44 AM

Updating Java is important because older versions are exploitable and pose a security risk. Are you downloading the off line of on line installer? To join the fight against malware, look in my signature for two excellent malware removal schools (Malware Removal and WhatTheTech). Only join one of the schools, following two courses may confuse you, as (slightly) different methods are learned.

#11 BonusLevel

BonusLevel

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 13 January 2008 - 08:05 AM

I just found out I installed both updates :P... How Now?

Edited by BonusLevel, 13 January 2008 - 08:14 AM.


#12 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 13 January 2008 - 08:12 AM

Congratulations, your log looks clean. Please advise of any problems you are still experiencing, or follow these simple steps to keep your computer clean in the future:

Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

Step 1: Turn off System Restore:

  • On the desktop, right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Check Turn off System Restore
  • Click Apply, and then click OK

Step 2: Reboot your computer.

Step 3: Turn on System Restore:

  • On the desktop, right-click My Computer
  • Click Properties
  • Click the System Restore tab
  • Uncheck Turn off System Restore
  • Click Apply, and then click OK

Note: Only do this once, NOT on a regular basis!

Make your Internet Explorer More Secure

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.

  • Change the Download signed ActiveX controls to Prompt.
  • Change the Download unsigned ActiveX controls to Disable.
  • Change the Initialise and script ActiveX controls not marked as safe to Disable.
  • Change the Installation of desktop items to Prompt.
  • Change the Launching programs and files in an IFRAME to Prompt.
  • Change the Navigate sub-frames across different domains to Prompt.
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.

  • Next press the Apply button and then the OK to exit the Internet Properties page.

Use a Firewall - Without a firewall your computer is susceptible to being hacked and taken over. The Windows firewall isn't sufficient as it only monitors incoming connections.

Here are a few (free) firewalls, please download and install one of them:


Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here: http://www.bleepingc...tutorial43.html

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial can be found here: http://www.bleepingc...tutorial49.html

Install IE-Spyad - IE-Spyad places more than 4000 dubious websites and domains in the IE Restricted list. This severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites. A tutorial on installing this product can be found here: http://www.spywarewa...rce.htm#IESPYAD

Update All Your Security Programs Regularly - Make sure you update all your security programs (Anti-Virus, Firewall, Anti-Spyware) regularly (once a weak, at least). Without regular updates you WILL NOT be protected when new malicious programs are released.

You can also read this excellent article by TonyKlein: So how did I get infected in the first place?

Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted! - Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. You have to be registered to post. After registering just find your country room and register your complaint. The infection you had was Smitfraud.

#13 BonusLevel

BonusLevel

    New Member

  • New Member
  • Pip
  • 8 posts

Posted 13 January 2008 - 08:16 AM

Thank you so very much, Simon. I bet my computer couldn't be any cleaner than this than if I had went somewhere else to ask for solutions. Thank you once again! P.S.: What are each of the malware removal schools' strong points, and which do you recommend?

#14 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 13 January 2008 - 08:55 AM

Thank you so very much, Simon. I bet my computer couldn't be any cleaner than this than if I had went somewhere else to ask for solutions. Thank you once again!

P.S.: What are each of the malware removal schools' strong points, and which do you recommend?

The two malware schools that I link to in my signature are both good ones. The strong point of Malware Removal University is that you can post at multiple forums, whereas the WhatTheTech school only permits you to post here. I can't really comment on the school at WhatTheTech, as I haven't followed the course here. I can say however that at both sites you will find excellent training staff.

#15 Simon V.

Simon V.

    MRU Emeritus

  • Authentic Member
  • PipPipPipPip
  • 897 posts

Posted 17 January 2008 - 12:24 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users