Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need help

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Shaun83 » July 19th, 2006, 2:41 am

:D :D :D :D :D

Hi Kim,

Looks like you got my system cleaned up. I really can't express enough thanks. I really appreciate it.

I do have a couple more questions from your last post:

Java - I got the latest update. In my add/remove I have "Jave 2 Runtime Environment, SE v1.4.1_02" & "Java Web Start" in addition to the new version. Do I want to remove both of those?

The downloads you had posted - should I get all of those or is that just some things I might consider running. If I don't need all of them, would you list the ones you would recommend running together.

I currently use Norton Security (anti-virus & firewall), but my subscription is going to need renewed shortly. Do you think it is as good as any or do you prefer something else?

I clicked the link in your signature, but I'm really not sure exactly what caused all my problems. I know Spysheriff was present at one point. Was that the root of everything?

Thanks again,
Shaun
Shaun83
Regular Member
 
Posts: 37
Joined: July 16th, 2006, 8:41 pm
Advertisement
Register to Remove

Unread postby Kimberly » July 19th, 2006, 12:09 pm

Hello Shaun,

You're welcome, glad we could assist you with cleaning up your computer.

Java - I got the latest update. In my add/remove I have "Jave 2 Runtime Environment, SE v1.4.1_02" & "Java Web Start" in addition to the new version. Do I want to remove both of those?

I would indeed suggest removing the old Runtimes. (Jave 2 Runtime Environment, SE v1.4.1_02) If you leave them on the PC, the vulnerabilities still can be exploited. Since you have the latest update installed already, it might be possible that the lastest update will not work if you remove v1.4.1_02. In that situation, remove all runtimes and reinstall the latest one. Java Web Start seems to be a separate download, might wanna check out your version. If it needs to be updated, uninstall the previous version and reinstall the new one. Java Web Start can be founded here :
http://java.sun.com/products/javawebstart/download.jsp

The downloads you had posted - should I get all of those or is that just some things I might consider running. If I don't need all of them, would you list the ones you would recommend running together.

You shouldn't get all the downloads of course, they are just a guide of products that may help you in protecting your PC. I would install Spywareblaster, it disables a big list of BHO's and cookies by setting a killbit in the registry. The program does not need to run all the time. IE-SPYAD will put a big list of websites in your restricted zone, that means that those websited will have restricted access (no scripting, no activex ...) so they will not be able to perform "bad things" on your PC. Firetrust Toolbar has actually over 100.000 sites that are blocked. If you visit a site and it's on the toolbar's list, you will get a warning that it is not recommended to enter the site. If you still wish to visit the site, you can do that by clicking on Enter site. Database is almost updated daily. Free version allows blocking and manual updates. Paid version shows why a site is blocked and you have daily automatic updates.

Now after that it is not easy ... my preferred application is ProcessGuard, it stops about anything. If an application wants to run, you have to allow it. If an application wants to terminate a program (like your firewall or antivirus), install a driver ... you have to allow it. dll injection, global hooks, instal of services, drivers ... to be honest a rootkit would have a hard time to install itself with PG. On the other hand, you will have to allow some programs to create global hooks, install services ... It has a learning mode but you shouldn't leave learning mode running all the time. Turning off PG when Norton has other updates than the virus definitions is essential or it will block norton from installing IDS signatures (deletes & creates new driver), and from installing common client updates. If installing Windows Updates, turn it off too. If you are comfortable with your PC, I really recommend it. With some time it is really easy to set up and run. If you follow the instructions that are given on the ProcessGuard forum you should have no problems.
http://www.wilderssecurity.com/forumdisplay.php?f=13

If PG seems too difficult, Ewido is a very nice program too. In the paid version you can leave the automatic updates, the real-time protection running. I did notice that the real-time protection in the previous version did slow down a little bit internet browsing, never tried in the 4.0 version. If you have enough RAM, you shouldn't feel it at all. Ewido is very good in catching stuff too, we use it very often.

If it were me : Spyware Blaster, IE-SPYADD, ProcessGuard and a firewall / antivirus of course. I also have a router which includes a hardware firewall, it helps alot with blocking intrusion attempts, port scanning and it isn't a program (software) that can be terminated from running.

But that is a personal choice of course.

I currently use Norton Security (anti-virus & firewall), but my subscription is going to need renewed shortly. Do you think it is as good as any or do you prefer something else?

Norton ... many people don't like it, it's a huge debate. I run both myself and I never had trouble with them. I'm still using the 2003 version, I consider that one as the last acceptable version they made. In more recent versions they added new features and the program becomes kinda heavier to run. (needs more ressources). I remember I did install the 2004 trial when it was released and it crashed my PC rather often, behaved differently. Finally I kept 2003 and did renew subscription.
Norton's Firewall is rather highly configurable if not set to automatic rule creating, if set to automatic then it's kinda useless but that's the case with every program. As alternatives, in the paid ones I like Kaspersky as an antivirus and Outpost as a firewall. Oustpost may cause blue screens on some PC's from what I heared though. Sunbelt Kerio is a nice firewall too, it has a 30 days trial and then some features are turned off. If you prefer to keep the additional features, you need to buy the product. But even with the advanced features turned off, it remains a good program. As a free antivirus, I would recommend AVG - http://free.grisoft.com/doc/1
On the same page you can find info about Ewido since they recently did take over Ewido. Being honest, I would turn myself towards another solution than Norton ... although no antivirus is really able to stop a rootkit from being installed. They detect some files of Haxdoor but it's already too late, it's installed.

I clicked the link in your signature, but I'm really not sure exactly what caused all my problems. I know Spysheriff was present at one point. Was that the root of everything?

Spysheriff might have been the cause or not, hard to tell. Bundles are rotating and are different on each PC. I have seen infections that are not too heavy and others that are similar to yours. Spysheriff is rather old, the pe386 rootkit is very recent, so is the Haxdoor variant you had. But that doesn't mean anything. Spysheriff type of infections often drop trojans on your system that are able to download other components and update them ... It's really hard to tell. Even if we would know the site were you got infected in the first place, it does not mean we will get the same infection. Maybe they aren't linked at all. You might have visited another site where you got the keylogger and the rootkits. If Spysheriff was not very recent (I mean just before this happend), I would suggest the Other Infections section at Malware Complaints.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Shaun83 » July 19th, 2006, 5:13 pm

Hi Kim,

Have 1 problem now. I installed Spywareblaster, IE-SPYAD, & Firetrust Toolbar. I am still running Norton Antivirus & Firewall. I keep getting runtime errors as I surf the web using Aol. It has given line #s 1333, 2, 17, 34, 78, 158, 11, 28. Any ideas what could cause that? I reinstalled AOL and that did not help.
Shaun83
Regular Member
 
Posts: 37
Joined: July 16th, 2006, 8:41 pm

Unread postby Kimberly » July 19th, 2006, 6:31 pm

Hello Shaun,

I'm not familiar with AOL issues. Thier browser should relay on IE settings ...

One question tho, in one of your posts you did mention Internet Explorer 7 beta 3. Did you really install it ? (last log shows IE 6 SP2)

Couple of thoughts / reflexions ...

1. Is AOL software compatible with IE 7 ?
2. Firetrust toolbar does not work with IE 7 right now according to the website. If IE 7 installed that might be an issue.

Spyware Blaster + IE7 beta 3 works, IE-SPYAD .. no idea but technically registry settings for restricted zones didn't change so it should work correctly.

Run time errors sounds as a Java issue to me though. Will check out if I can find more information about your issue.

Do you get any additional error messages ? like Error: Connection to the host timed out or Error: 'Host lookup failed' ...

Broadband or dialup ?

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Shaun83 » July 19th, 2006, 8:14 pm

Hi Kim,

I haven't had any other issues. I have a broadband connection. I will try uninstalling Firetrust and see if that does it. If so, maybe I can get back to IE6.

Thanks,
Shaun
Shaun83
Regular Member
 
Posts: 37
Joined: July 16th, 2006, 8:41 pm

Unread postby Shaun83 » July 19th, 2006, 11:35 pm

Hi Kim,

I uninstalled Spywareblaster, IE-SPYAD, & Firetrust. Then I went to one of the sights that was giving me a problem. It was an AOL link that comes up with their startup page, so I know it is a safe site. I got one error, but I had been getting 7 or 8 when I went there before, so my problem must have been in one of those programs. I am going to reinstall them one at a time and see which one is the problem for me.

Thanks,
Shaun
Shaun83
Regular Member
 
Posts: 37
Joined: July 16th, 2006, 8:41 pm

Unread postby Kimberly » July 19th, 2006, 11:56 pm

Hi Shaun,

If you are using Internet Explorer 7, you should remove the firetrust toolbar. You can do this from the shortcut in the start menu. Firetrust > Sitehound > Uninstall. Reboot the computer after removal and make sure that all browser are closed when doing this.

Before installing additional stuff, were you able to browse internet with IE 7 installed ? Browsing using AOL browser ?

I have been thinking a little bit about your errors. If I was using IE (not AOL browser) the errors would make me think of active scripting. Windows Host Scripting ... Start > Run > type Cscript and Hit Enter. Should display it's version.

Dunno if applies but I found this on a forum, someone had issues with Internet Explorer 7 and AOL. The person was unable to get Online ...

For Your information.
The AOL software has a duplicate Internet Explorer program within its software (IE 6) and it runs alongside the Windows IE6 program But with the New IE7 ...As you have found out they don't get along ,hence the issues.
As far as I know there are no Beta tests running to match these up KW: Beta I suspect it'll be a brand new version of the AOL software which will have this on board...No tests running either on these.


Let us know.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Shaun83 » July 20th, 2006, 12:22 am

Hi Kim,

That quote from the forum might help explain one thing to me. I uninstalled IE7 and tried to install 6. It would not install because it said a higher version was present. I couldn't find any trace of the 7, but maybe it detected an upgraded version of 6 through AOL. Maybe I'll try uninstalling AOL & IE7 and then install 6 and reinstall AOL. I know AOL is probably more trouble than it is worthand I need to get rid of AOL anyway, but it has been my email address forever and I don't want to have to get another one right now.

Thanks,
Shaun
Shaun83
Regular Member
 
Posts: 37
Joined: July 16th, 2006, 8:41 pm

Unread postby Kimberly » July 20th, 2006, 12:31 am

Hello Shaun,

That might be an explanation indeed and worth a try. Dunno which version you tried to install but before you did install IE 7, IE 6 SP2 was installed so I don't know if you won't get the same message. (higher version present). There is a way to repair IE 6 ... I'll try to find back the steps in my bookmarks and post them back here.

Your original install ... did you get the CD of XP ? Was it the first version or with SP1 or with SP2 already ?

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Shaun83 » July 20th, 2006, 9:18 am

Hi Kim,

I think I had the original of XP. I know I at least had to get SP2.
Shaun83
Regular Member
 
Posts: 37
Joined: July 16th, 2006, 8:41 pm

Unread postby Kimberly » July 20th, 2006, 12:11 pm

Hello Shaun,

To repair or reinstall Internet Explorer on Windows XP with Service Pack 2, reinstall Service Pack 2.

Source : http://support.microsoft.com/default.aspx?kbid=318378

You probably will have to reinstall security updates from Windows Update.

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby Shaun83 » July 20th, 2006, 1:52 pm

Hi Kim,

Thanks for the info. I'm about to leave to go out of town until Monday. Just wanted to let you know in case you posted any questions. Thanks again for all the help. I'll post again when I get back and let you know how everything is running.

Shaun
Shaun83
Regular Member
 
Posts: 37
Joined: July 16th, 2006, 8:41 pm

Unread postby Kimberly » July 20th, 2006, 2:27 pm

Hello Shaun,

Enjoy your trip. :)

A freshman who is using AOL, gave me this info which might help to troubleshoot your problem:

Click Start, All Programs, AOL, click AOL System Information

Navigate to the WAOL tab.

***Any items listed in red do not meet the recommended system requirements. This may shed some light on the situation.***

Kim
User avatar
Kimberly
MRU Teacher Emeritus
 
Posts: 3505
Joined: June 15th, 2005, 12:57 am

Unread postby 'KotaGuy » August 5th, 2006, 1:58 pm

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
'KotaGuy
Admin/Teacher Emeritus
 
Posts: 12472
Joined: April 7th, 2005, 7:06 pm
Location: Alberta, Canada
Advertisement
Register to Remove

Previous

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 73 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware