Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91738 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

[Resolved] Cyberlog.x and PSW.x-VIr


  • This topic is locked This topic is locked
24 replies to this topic

#16 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 20 April 2008 - 02:49 PM

A. Warning. Please note that this fix is specific for this poster and should not be used by anyone else:

1. Before we make changes to your registry, we need to make a back up of the key that we are going to work on:

To back up the key please do the following
  • Copy the contents of the Code Box below to Notepad.
  • Name the file export.reg
  • Change the "Save as Type" to All Files
  • and Save it on the desktop
regedit /e C:\export-run.reg "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run"
Double-click the expor-run.reg file
The backup file will be placed in your C:\ directory as export-run.reg .

If there is a fatal error you can simply double click on the export.reg you just created to restore the registry to the state it was in before you began.
Warning. Do not click it except if I tell you to do so. Double clicking it will reintroduce the malware to your computer and can have other unexpected effects.

2. Please do this:
  • Copy the contents of the Code Box below to Notepad.
  • Name the file as fix.reg
  • Change the Save as Type to All Files
  • and Save it on the desktop
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]
"1"=-
Make sure there are NO blank lines before REGEDIT4

Then double-click on the fix.reg file, and when it prompts to merge say yes.


B. Using Internet Explorer, please do a Kaspersky Online Scan

Answer Yes, when prompted to install an ActiveX component.
  • The program will then begin downloading the latest definition files.
  • Once the files have been downloaded click on NEXT
  • Locate the Scan Settings button & configure as follows:
    • Scan using the following Anti-Virus database:
      • Extended
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK & have it scan My Computer
  • Once the scan is complete, it will provide a report if your system is infected. It does not provide an option to clean/disinfect. We only require a report from it.

    Posted Image

  • Click the Save as Text button to save the file to your desktop and post it in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

    Advertisements

Register to Remove


#17 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 20 April 2008 - 04:37 PM

when i double clicked the "export.reg" file i made on the desktop, it asked me "are you sure you want to add the information in C:\Documents and Settings\gvk\Desktop\export.reg to the registry?" to which i clicked yes. then this error message came up: "cannot import C:\Documents and Settings\gvk\Desktop\export.reg: The specified file is not a registry script. You can only import binary registry files from within the registry editor." what did i do wrong? I will wait for your reply before i make the fix.reg file.

#18 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 20 April 2008 - 04:51 PM

Warning. Do not click it except if I tell you to do so.


Please read the instructions more attentively
, we are playing with the registry here.

Continue with the fix.reg portion followed by the Kaspersky scan.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#19 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 22 April 2008 - 06:12 AM

------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Tuesday, April 22, 2008 8:12:45 AM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 21/04/2008 Kaspersky Anti-Virus database records: 719519 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ Scan Statistics: Total number of scanned objects: 212929 Number of viruses found: 16 Number of infected objects: 50 Number of suspicious objects: 0 Duration of the scan process: 04:49:38 Infected Object Name / Virus Name / Last Action C:\Deckard\System Scanner\20080418235524\backup\DOCUME~1\gvkudav\LOCALS~1\Temp\zfe1.exe Infected: not-virus:Hoax.Win32.Renos.bry skipped C:\Deckard\System Scanner\20080418235524\backup\DOCUME~1\gvkudav\LOCALS~1\Temp\zfe2.exe Infected: Trojan-Downloader.Win32.Zlob.ljr skipped C:\Deckard\System Scanner\20080418235524\backup\WINDOWS\temp\NN_193E.tmp\upgrade.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Deckard\System Scanner\20080418235524\backup\WINDOWS\temp\NN_193E.tmp\upgrade.exe/stream Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Deckard\System Scanner\20080418235524\backup\WINDOWS\temp\NN_193E.tmp\upgrade.exe NSIS: infected - 2 skipped C:\Deckard\System Scanner\20080418235524\backup\WINDOWS\temp\NN_305.tmp\upgrade.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet.l skipped C:\Deckard\System Scanner\20080418235524\backup\WINDOWS\temp\NN_305.tmp\upgrade.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Deckard\System Scanner\20080418235524\backup\WINDOWS\temp\NN_305.tmp\upgrade.exe/stream Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Deckard\System Scanner\20080418235524\backup\WINDOWS\temp\NN_305.tmp\upgrade.exe NSIS: infected - 3 skipped C:\Deckard\System Scanner\20080418235524\backup\WINDOWS\temp\NN_BA7.tmp\upgrade.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.OneStep.e skipped C:\Deckard\System Scanner\20080418235524\backup\WINDOWS\temp\NN_BA7.tmp\upgrade.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Deckard\System Scanner\20080418235524\backup\WINDOWS\temp\NN_BA7.tmp\upgrade.exe/stream Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Deckard\System Scanner\20080418235524\backup\WINDOWS\temp\NN_BA7.tmp\upgrade.exe NSIS: infected - 3 skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\08f8194d54dc445522ae64668200a35b_3ffe4398-0cfd-4600-a75d-7e469a03576b Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080420_Time-100400234_EnterceptExceptions.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080420_Time-100400234_EnterceptRules.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_SKUDAV.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_SKUDAV.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped C:\Documents and Settings\gvkudav\Application Data\Mozilla\Firefox\Profiles\3iha9hqv.default\cert8.db Object is locked skipped C:\Documents and Settings\gvkudav\Application Data\Mozilla\Firefox\Profiles\3iha9hqv.default\flashgot.log Object is locked skipped C:\Documents and Settings\gvkudav\Application Data\Mozilla\Firefox\Profiles\3iha9hqv.default\history.dat Object is locked skipped C:\Documents and Settings\gvkudav\Application Data\Mozilla\Firefox\Profiles\3iha9hqv.default\key3.db Object is locked skipped C:\Documents and Settings\gvkudav\Application Data\Mozilla\Firefox\Profiles\3iha9hqv.default\parent.lock Object is locked skipped C:\Documents and Settings\gvkudav\Application Data\Mozilla\Firefox\Profiles\3iha9hqv.default\search.sqlite Object is locked skipped C:\Documents and Settings\gvkudav\Application Data\Mozilla\Firefox\Profiles\3iha9hqv.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\gvkudav\Cookies\index.dat Object is locked skipped C:\Documents and Settings\gvkudav\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\gvkudav\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\gvkudav\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\Documents and Settings\gvkudav\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped C:\Documents and Settings\gvkudav\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\gvkudav\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\gvkudav\Local Settings\Application Data\Mozilla\Firefox\Profiles\3iha9hqv.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\gvkudav\Local Settings\Application Data\Mozilla\Firefox\Profiles\3iha9hqv.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\gvkudav\Local Settings\Application Data\Mozilla\Firefox\Profiles\3iha9hqv.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\gvkudav\Local Settings\Application Data\Mozilla\Firefox\Profiles\3iha9hqv.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\gvkudav\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\gvkudav\Local Settings\History\History.IE5\MSHist012008042120080422\index.dat Object is locked skipped C:\Documents and Settings\gvkudav\Local Settings\Temp\hsperfdata_gvkudav\848 Object is locked skipped C:\Documents and Settings\gvkudav\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\gvkudav\NTUSER.DAT Object is locked skipped C:\Documents and Settings\gvkudav\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\gvkudav.ECS\NTUSER.DAT Object is locked skipped C:\Documents and Settings\gvkudav.ECS\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8I1TUD5F\upgrade[1].cab/upgrade.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.OneStep.e skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8I1TUD5F\upgrade[1].cab/upgrade.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8I1TUD5F\upgrade[1].cab/upgrade.exe/stream Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8I1TUD5F\upgrade[1].cab/upgrade.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8I1TUD5F\upgrade[1].cab CAB: infected - 4 skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9JKUMN6Y\upgrade[1].cab/upgrade.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.NewDotNet.l skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9JKUMN6Y\upgrade[1].cab/upgrade.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9JKUMN6Y\upgrade[1].cab/upgrade.exe/stream Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9JKUMN6Y\upgrade[1].cab/upgrade.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\9JKUMN6Y\upgrade[1].cab CAB: infected - 4 skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BIBNJ7JV\upgrade[1].cab/upgrade.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BIBNJ7JV\upgrade[1].cab/upgrade.exe/stream Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BIBNJ7JV\upgrade[1].cab/upgrade.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BIBNJ7JV\upgrade[1].cab CAB: infected - 3 skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Data\master.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Data\mastlog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Data\model.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Data\modellog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Data\tempdb.mdf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Data\templog.ldf Object is locked skipped C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\LOG\ERRORLOG Object is locked skipped C:\Program Files\Network Associates\System Compliance Profiler\PtchScan.log Object is locked skipped C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\RMErrorLog0.txt Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP200\A0017398.dll Infected: not-a-virus:AdWare.Win32.NewDotNet.l skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP200\A0017399.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP224\A0019261.dll Infected: not-a-virus:AdWare.Win32.OneStep.e skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP224\A0019262.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP248\A0020166.exe Infected: not-a-virus:AdWare.Win32.OneStep.c skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP253\A0020415.exe Infected: Trojan-Downloader.Win32.Zlob.lka skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP254\A0020523.exe Infected: Trojan-Downloader.Win32.Zlob.lja skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP254\A0020530.exe Infected: Trojan-Downloader.Win32.Zlob.lja skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP254\A0020531.exe Infected: Trojan-Downloader.Win32.Zlob.lka skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP257\A0020699.dll Infected: Trojan-Downloader.Win32.Zlob.ljw skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP257\A0020700.exe Infected: Trojan-Downloader.Win32.Zlob.ljl skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP257\A0021089.exe Infected: Trojan-Downloader.Win32.Zlob.ljz skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP257\A0021090.exe Infected: Trojan-Downloader.Win32.Zlob.lka skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP257\A0021091.exe Infected: not-virus:Hoax.Win32.Gavec.bc skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP257\A0021092.exe Infected: Trojan-Downloader.Win32.Zlob.lja skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP257\A0021093.exe Infected: Trojan-Downloader.Win32.Zlob.lkd skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP257\A0021095.exe Infected: Trojan-Downloader.Win32.Zlob.ljx skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP257\A0021101.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP257\A0021102.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{D4D126DA-587D-4E0A-BE5D-DF44CC681A0F}\RP258\change.log Object is locked skipped C:\WINDOWS\CSC\00000001 Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_7e0.dat Object is locked skipped Scan process completed.

#20 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 22 April 2008 - 08:38 AM

Things are looking much better :thumbup: The infections picked up by Kaspersky are all in Quarantine or will be removed by the following procedure.

A. Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


B. Please post a final HijackThis log for confirmation and tell he how your system is running. If all is OK, we will proceed with the final cleanup procedures.


Regards,

Trevuren
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#21 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 22 April 2008 - 09:36 AM

the ATFcleaner does not work for some reason...I downloaded it from that link and it's a tiny file. when i double click the exe, the program doesn't start.

#22 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 22 April 2008 - 09:42 AM

We will then proceed the old way:

Clean out your Temporary Internet files. Proceed as follows:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.

Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#23 chaos

chaos

    New Member

  • New Member
  • Pip
  • 12 posts

Posted 22 April 2008 - 10:39 AM

Deckard's System Scanner v20071014.68
Run by gvkudav on 2008-04-22 12:33:52
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as gvk.exe) ---------------------------------------------

Unable to find log (file not found); running clone.
-- HijackThis Clone ------------------------------------------------------------


Emulating logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2008-04-22 12:37:47
Platform: Windows XP Service Pack 2 (5.01.2600)
MSIE: Internet Explorer (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Novell\xtagent.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$INVENTORCONTENT\Binn\sqlservr.exe
C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Novell\ZENworks\WM.EXE
C:\Program Files\Novell\ZENworks\WMRUNDLL.EXE
C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Intel\Wireless\Bin\iFrmewrk.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\shstat.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\Directcd.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Documents and Settings\gvkudav\Desktop\dss.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsof...search.asp?p=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.aim.com/r...nclient/vec.adp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=198.163.152.229:3124
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [ZENRC Tray Icon] C:\WINDOWS\system32\zentray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Fix AutoCAD.lnk = C:\ECS\FixAutoCAD.reg
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Novell delivered applications - {C1994287-422F-47aa-8E5E-6323E210A125} - C:\Program Files\Novell\ZENworks\AxNalServer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.ma...t/ultrashim.cab
O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL
O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL
O18 - Protocol: pcl - {182D0C85-206F-4103-B4FA-DCC1FB0A0A44} - C:\Program Files\Autodesk\Inventor Professional 10\Bin\HSPCLPRO10.dll
O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: CADopia License Manager - Macrovision Corporation - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Flexlm (lmgrd) - Macrovision Corporation - C:\OrCAD\OrCAD_10.5\IntelliCAD 4\LicenseManager\lmgrd.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Novell Application Launcher (NALNTSERVICE) - Novell, Inc. - C:\Program Files\Novell\ZENworks\NALNTSRV.EXE
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Novell ZENworks Remote Management Agent (Remote Management Agent) - Novell, Inc. - C:\Program Files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe
O23 - Service: Remote Solver for COSMOSFloWorks 2005 - Unknown owner - C:\Program Files\COSMOS Applications\FloWorks\bin\StandAloneSlv.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKEEPER.exe
O23 - Service: Novell XTier Agent Services (XTAgent) - Novell, Inc. - C:\WINDOWS\system32\Novell\xtagent.exe
O23 - Service: Workstation Manager (ZFDWM) - Novell, Inc. - C:\Program Files\Novell\ZENworks\WM.EXE


--
End of file - 8481 bytes

-- Files created between 2008-03-22 and 2008-04-22 -----------------------------

2008-04-21 18:16:39 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-04-21 18:16:37 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-04-21 18:16:36 0 d-------- C:\WINDOWS\LastGood
2008-04-19 09:41:47 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-19 09:41:32 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-04-19 09:41:32 0 d-------- C:\Documents and Settings\gvkudav\Application Data\SUPERAntiSpyware.com
2008-04-19 00:05:55 2870 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-18 19:09:38 0 d-------- C:\Program Files\Trend Micro
2008-04-17 20:14:27 0 d-------- C:\Program Files\Lavasoft
2008-04-17 20:14:26 0 d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-13 05:07:36 5404 --a------ C:\WINDOWS\system32\winmenu32.dll
2008-04-06 02:12:45 0 d-------- C:\Program Files\Cedelia


-- Find3M Report ---------------------------------------------------------------

2008-04-21 23:14:18 0 d-------- C:\Documents and Settings\gvkudav\Application Data\DNA
2008-04-19 09:39:17 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-04-16 21:52:03 0 d-------- C:\Documents and Settings\gvkudav\Application Data\dvdcss
2008-04-07 21:04:14 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-24 02:59:41 0 d-------- C:\Program Files\Java
2008-03-21 13:13:35 0 d-------- C:\Program Files\iPod
2008-03-18 17:01:09 0 d-------- C:\Documents and Settings\gvkudav\Application Data\Macromedia
2008-03-18 17:01:07 8928 --a------ C:\WINDOWS\mozver.dat
2008-03-16 17:22:46 0 d-------- C:\Documents and Settings\gvkudav\Application Data\BitTorrent
2008-03-14 10:38:26 0 d-------- C:\Program Files\Common Files
2008-03-14 10:38:26 0 d-------- C:\Program Files\Common Files\Futuremark Shared
2008-03-14 10:38:13 0 d-------- C:\Documents and Settings\gvkudav\Application Data\InstallShield
2008-03-13 12:12:53 0 d-------- C:\Program Files\DNA
2008-03-13 12:12:46 0 d-------- C:\Documents and Settings\gvkudav\Application Data\BitTorrent DNA
2008-03-05 13:25:15 796672 --a------ C:\WINDOWS\GPInstall.exe <Not Verified; Qsc; GP-Install>
2008-03-01 18:45:11 0 d-------- C:\Program Files\iTunes
2008-03-01 18:42:42 0 d-------- C:\Program Files\QuickTime


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"@"="" []
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [10/30/2004 03:59 PM]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [05/12/2005 10:00 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [12/07/2005 03:55 AM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"AdaptecDirectCD"="C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [12/17/2002 01:28 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [02/22/2008 04:25 AM]
"ZENRC Tray Icon"="C:\WINDOWS\system32\zentray.exe" [01/17/2005 11:33 AM]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [01/11/2008 11:16 PM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [02/01/2008 12:13 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/19/2008 02:10 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AIM"="C:\Program Files\AIM\aim.exe" [08/01/2006 03:35 PM]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [04/10/2008 11:25 PM]
"Veoh"="C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" [04/01/2008 06:35 PM]
"@"="" []
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [02/29/2008 04:03 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart16.exe [1/4/2006 2:47:19 PM]
Fix AutoCAD.lnk - C:\ECS\FixAutoCAD.reg [2/3/2006 2:37:59 PM]
Service Manager.lnk - C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe [12/17/2002 6:23:32 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"=1 (0x1)
"CompatibleRUPSecurity"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{763370C4-268E-4308-A60C-D8DA0342BE32}"= C:\Program Files\Novell\ZENworks\NalShell.dll [09/09/2005 12:54 PM 430080]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 12:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"System"="ziswin.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 12:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 09/07/2004 05:08 PM 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification]
C:\WINDOWS\system32\Novell\XtNotify.dll 01/10/2005 01:36 PM 24576 C:\WINDOWS\system32\Novell\xtnotify.dll


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9302810e-e094-11dc-acc5-0013cebbb612}]
AutoRun\command- E:\LaunchU3.exe




-- End of Deckard's System Scanner: finished at 2008-04-22 12:38:51 ------------

The system seems to be running normally.

#24 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 22 April 2008 - 01:09 PM

Congratulations, your log looks CLEAN

There are a few things you must do once you system is completely clean:

1. DELETE SmitfraudFix from your desktop.

2. Now Set a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools can not access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.
Here are some tips to reduce the potential for spyware infection in the future:

1. Make your Internet Explorer More Secure
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab.
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.

    • Change the Download signed ActiveX controls to Prompt.
    • Change the Download unsigned ActiveX controls to Disable.
    • Change the Initialise and script ActiveX controls not marked as safe to Disable.
    • Change the Installation of desktop items to Prompt.
    • Change the Launching programs and files in an IFRAME to Prompt.
    • Change the Navigate sub-frames across different domains to Prompt.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
2. Update your Anti-Virus Software - I can not overemphasize the need for you to update your Anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

3. Make sure you keep your Windows OS current by visiting Windows update regularly to download and install any critical updates and service packs. Without these you are leaving the back door open.

4. Consider a custom hosts file such as MVPS HOSTS. This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial by WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

5. Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.

6. Install Spybot - Search and Destroy - Download and install Spybot - Search and Destroy with its TeaTimer option. This will provide real time spyware and hijacker protection on your computer alongside your virus protection. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
Instructions for - Spybot S & D and Ad-aware

7. Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place?
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

#25 Trevuren

Trevuren

    Teacher Emeritus

  • Authentic Member
  • PipPipPipPipPipPip
  • 8,632 posts
  • Interests:Woodworking

Posted 23 April 2008 - 08:59 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.
Microsoft MVP Consumer Security 2008 - 2009


Proud graduate of TC/WTT Classroom



The help you receive here is free. If you wish to show your appreciation, then you may donate to help keep us online.

Want to help others? Join the ClassRoom and learn how.


Posted Image

    Advertisements

Register to Remove

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users