Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

My Desktop

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: My Desktop

Unread postby wolfenstien » March 29th, 2008, 7:46 pm

Just now finished scanning.... 4tb is alot to scan with this AV I guess... LOL
I will post back the results from the above steps in a bit when i am done with them.
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm
Advertisement
Register to Remove

Re: My Desktop

Unread postby wolfenstien » March 31st, 2008, 4:06 am

ok.... here we go:

Combofix log:

ComboFix 08-03-24.2 - Serp 2008-03-30 4:51:43.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.240 [GMT -4:00]
Running from: C:\Documents and Settings\Serp\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Serp\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\system32\clfcqeav.ini
C:\WINDOWS\system32\etdvnqly.ini
C:\WINDOWS\system32\ewhadhjy.ini
C:\WINDOWS\system32\pucyqcty.in
.
TimedOut: progfile.dat
-- Script messages for sUBs --

CF14319.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-28 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-28 "C:\Program Files\*"
CF14319.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"
Findstr -MIF:/ "\\TTC\.pdb InsertAdvertisement"
GREP -i "C:\\Program Files\\[^\\]*\\[^\\]*$"
VFind -tf -s282624 "C:\Program Files\????????*[0-9].dll"
CF14319.exe /c " VFind.exe -ltf -s-1000000 -d+2007-12-28 "C:\Program Files\*" >progfile.dat"
VFind.exe -ltf -s-1000000 -d+2007-12-28 "C:\Program Files\*"
CF14319.exe /c " dir /a/s/b C:\_desktop.ini C:\desktop_.ini C:\cnsmin* C:\_install.exe >DirRoot"

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Serp\Application Data\inst.exe
C:\WINDOWS\system32\clfcqeav.ini
C:\WINDOWS\system32\etdvnqly.ini
C:\WINDOWS\system32\ewhadhjy.ini

.
((((((((((((((((((((((((( Files Created from 2008-02-28 to 2008-03-30 )))))))))))))))))))))))))))))))
.

2008-03-25 22:25 . 2007-12-04 07:54 95,608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-03-25 22:25 . 2007-12-04 09:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-03-25 22:25 . 2007-12-04 09:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-03-25 22:25 . 2007-12-04 09:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-03-25 22:25 . 2007-12-04 09:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-03-25 22:25 . 2007-12-04 09:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-03-25 22:24 . 2008-03-26 03:18 <DIR> d-------- C:\Program Files\Avast4
2008-03-25 22:24 . 2007-12-04 08:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-03-25 22:24 . 2004-01-09 04:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-03-25 13:01 . 2008-03-25 13:33 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-03-25 12:28 . 2008-03-25 13:40 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-03-23 20:22 . 2008-03-23 20:22 <DIR> d-------- C:\Deckard
2008-03-23 20:19 . 2008-02-22 02:33 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-03-23 20:17 . 2008-03-23 20:17 <DIR> d-------- C:\Program Files\Common Files\Java
2008-03-23 19:59 . 2008-03-25 22:15 121 --a------ C:\WINDOWS\bdagent.INI
2008-03-20 11:52 . 2008-03-21 11:52 1,539,164 ---hs---- C:\WINDOWS\system32\pucyqcty.ini
2008-03-19 23:44 . 2008-03-19 23:44 <DIR> d-------- C:\Program Files\Xilisoft
2008-03-13 22:57 . 2008-03-13 22:58 <DIR> d-------- C:\Program Files\Fallout2
2008-03-11 08:05 . 2008-03-11 08:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\vsosdk
2008-03-10 12:46 . 2008-03-13 23:02 52,736 --a------ C:\WINDOWS\ipuninst.exe
2008-03-10 12:43 . 2008-03-10 12:49 <DIR> d-------- C:\Program Files\Fallout
2008-03-05 00:26 . 2008-03-05 00:26 <DIR> d-------- C:\Program Files\Better File Rename
2008-03-05 00:01 . 2008-03-05 00:01 <DIR> d-------- C:\Program Files\Batch File Renamer 2.51
2008-03-02 15:22 . 2008-03-02 15:22 <DIR> d-------- C:\Program Files\Avanquest update
2008-03-02 15:22 . 2008-03-02 15:22 <DIR> d-------- C:\Documents and Settings\Serp\Application Data\InstallShield
2008-03-02 14:35 . 2008-03-02 14:35 11 --a------ C:\WINDOWS\SA2004.ini
2008-02-28 12:15 . 2008-03-17 10:11 <DIR> d-------- C:\Documents and Settings\Serp\Application Data\Intuit
2008-02-28 12:12 . 2008-02-28 12:12 <DIR> d-------- C:\Program Files\Common Files\Intuit
2008-02-28 12:12 . 2008-02-28 12:12 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2008-02-28 12:12 . 2007-10-22 19:58 1,721,712 --------- C:\WINDOWS\system32\InetClnt.dll
2008-02-28 12:11 . 2008-02-28 16:28 <DIR> d-------- C:\Program Files\TurboTax
2008-02-26 15:09 . 2008-02-26 15:09 97,216 --a------ C:\WINDOWS\system32\drivers\AnyDVD.sys
2008-02-23 21:33 . 2008-02-23 21:33 244 --ah----- C:\sqmnoopt04.sqm
2008-02-23 21:33 . 2008-02-23 21:33 232 --ah----- C:\sqmdata04.sqm
2008-02-22 20:02 . 2008-03-02 14:37 <DIR> d-------- C:\Program Files\RM Converter 3
2008-02-22 14:08 . 2008-03-02 14:27 <DIR> d-------- C:\Program Files\VSO
2008-02-22 14:08 . 2006-09-29 12:24 217,127 --a------ C:\WINDOWS\system32\drv43260.dll
2008-02-22 14:08 . 2006-09-29 12:25 208,935 --a------ C:\WINDOWS\system32\drv33260.dll
2008-02-22 14:08 . 2006-09-29 12:26 176,165 --a------ C:\WINDOWS\system32\drv23260.dll
2008-02-22 14:08 . 2007-03-18 21:37 65,602 --a------ C:\WINDOWS\system32\cook3260.dll
2008-02-21 13:52 . 2008-02-21 13:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-02-21 13:51 . 2008-02-21 13:51 <DIR> d-------- C:\Program Files\Common Files\Adobe Systems Shared
2008-02-21 12:41 . 2008-03-19 23:43 <DIR> d-------- C:\Program Files\AAC Audio Converter
2008-02-21 12:34 . 2008-02-21 12:36 <DIR> d-------- C:\Program Files\MKVtoolnix
2008-02-15 03:11 . 2007-12-10 15:24 159,458 --a------ C:\WINDOWS\system32\nvapps.nvb
2008-02-15 03:10 . 2008-02-15 03:10 <DIR> d-------- C:\NVIDIA
2008-02-15 03:10 . 2007-12-05 03:53 356,352 --a------ C:\WINDOWS\system32\NVUNINST.EXE
2008-02-15 02:36 . 2008-02-15 02:36 0 --a------ C:\WINDOWS\iPlayer.INI
2008-02-15 02:30 . 2008-03-02 14:30 <DIR> d-------- C:\Program Files\InterActual
2008-02-12 12:25 . 2008-02-12 12:25 <DIR> d-------- C:\Documents and Settings\Serp\Application Data\Apple Computer
2008-02-09 21:21 . 2008-03-19 20:16 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-09 21:21 . 2008-02-09 21:21 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-09 13:11 . 2008-02-09 13:49 409 --a------ C:\TempVer.tmp
2008-02-09 13:10 . 2005-04-15 20:58 1,351,392 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-02-09 13:10 . 2005-04-15 20:58 1,071,088 --a------ C:\WINDOWS\system32\MSCOMCTL.OCX
2008-02-09 13:10 . 1998-06-24 00:00 166,200 --a------ C:\WINDOWS\system32\MSMASK32.OCX
2008-02-09 13:10 . 1998-06-18 14:28 32,768 --a------ C:\WINDOWS\system32\REGTOOL5.dll
2008-02-09 13:10 . 2000-04-05 21:29 28,672 --a------ C:\WINDOWS\system32\VBWHYPERLINK.ocx
2008-02-07 13:32 . 2008-02-26 13:06 <DIR> d-------- C:\Program Files\PokerStars
2008-02-04 23:01 . 2008-02-04 23:01 <DIR> d-------- C:\Documents and Settings\Serp\Application Data\Move Networks
2008-02-04 21:15 . 2008-02-04 21:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\1.0.0.0

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-30 08:56 --------- d-----w C:\Documents and Settings\Serp\Application Data\Skype
2008-03-30 08:50 --------- d-----w C:\Documents and Settings\Serp\Application Data\uTorrent
2008-03-28 02:02 --------- d-----w C:\Program Files\Project64 1.6
2008-03-26 17:40 --------- d-----w C:\Program Files\Messenger Detect
2008-03-24 00:19 --------- d-----w C:\Program Files\Java
2008-03-11 14:49 --------- d-----w C:\Documents and Settings\All Users\Application Data\1Click DVD Copy Pro
2008-03-11 12:14 --------- d-----w C:\Program Files\1Click DVD Copy Pro
2008-03-04 18:25 --------- d-----w C:\Documents and Settings\Serp\Application Data\Vso
2008-03-04 18:24 47,360 ----a-w C:\WINDOWS\system32\drivers\pcouffin.sys
2008-03-04 18:24 47,360 ----a-w C:\Documents and Settings\Serp\Application Data\pcouffin.sys
2008-03-04 18:10 --------- d-----w C:\Program Files\Soulseek
2008-03-02 19:48 87,608 ----a-w C:\Documents and Settings\Serp\Application Data\ezpinst.exe
2008-03-02 19:27 --------- d-----w C:\Program Files\Motorola Phone Tools
2008-03-02 19:22 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-02 18:39 --------- d-----w C:\Program Files\Visual Business Cards
2008-03-02 18:38 --------- d-----w C:\Program Files\Yahoo!
2008-03-02 18:38 --------- d-----w C:\Program Files\Xvid
2008-03-02 18:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\YAHOO
2008-03-02 18:35 --------- d-----w C:\Program Files\Street Atlas USA 2004
2008-03-02 18:34 --------- d-----w C:\Program Files\Smart MP3 Renamer
2008-03-02 18:34 --------- d-----w C:\Documents and Settings\Serp\Application Data\SUPERAntiSpyware.com
2008-03-02 18:32 --------- d-----w C:\Program Files\Musicmatch
2008-03-02 18:30 --------- d-----w C:\Program Files\MP3TagEditor
2008-03-02 18:28 --------- d-----w C:\Program Files\GIMP-2.0
2008-03-02 18:27 --------- d-----w C:\Program Files\DVD2one V2
2008-03-02 18:22 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-02 18:02 --------- d-----w C:\Program Files\Opera
2008-02-21 17:11 --------- d-----w C:\Program Files\Lotto007
2007-01-25 18:55 92,064 ----a-w C:\Documents and Settings\Serp\mqdmmdm.sys
2007-01-25 18:55 9,232 ----a-w C:\Documents and Settings\Serp\mqdmmdfl.sys
2007-01-25 18:55 79,328 ----a-w C:\Documents and Settings\Serp\mqdmserd.sys
2007-01-25 18:55 66,656 ----a-w C:\Documents and Settings\Serp\mqdmbus.sys
2007-01-25 18:55 6,208 ----a-w C:\Documents and Settings\Serp\mqdmcmnt.sys
2007-01-25 18:55 5,936 ----a-w C:\Documents and Settings\Serp\mqdmwhnt.sys
2007-01-25 18:55 4,048 ----a-w C:\Documents and Settings\Serp\mqdmcr.sys
2007-01-25 18:55 25,600 ----a-w C:\Documents and Settings\Serp\usbsermptxp.sys
2007-01-25 18:55 22,768 ----a-w C:\Documents and Settings\Serp\usbsermpt.sys
.

((((((((((((((((((((((((((((( snapshot@2008-03-25_ 9.29.59.85 )))))))))))))))))))))))))))))))))))))))))
.
- 2004-08-04 09:00:00 112,128 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2004-03-31 17:28:00 131,072 ----a-w C:\WINDOWS\system32\mapi32.dll
+ 2008-03-26 03:03:38 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_630.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2006-11-30 22:49 4662776]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-06-08 15:18 23233576]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00 15360]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2007-04-03 18:29 165784]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-02-29 15:55 1686464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TV Card Remote Control Device Monitor"="C:\WINDOWS\878RMTMon.exe" [2005-07-14 13:00 352256]
"DisplayTrayIcon"="C:\WINDOWS\system32\TrayIcon.exe" [2001-10-17 22:27 147456]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 23:46 624248]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 02:41 8523776]
"nwiz"="nwiz.exe" [2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 02:41 81920]
"BVRPLiveUpdate"="C:\Program Files\Avanquest update\Engine\Setup.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"avast!"="C:\PROGRA~1\Avast4\ashDisp.exe" [2007-12-04 08:00 79224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office Outlook 2003 (2).lnk - C:\WINDOWS\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\outicon.exe [2007-01-12 18:15:22 794624]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=C:\WINDOWS\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
--a------ 2007-05-10 23:46 624248 C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2007-10-10 20:51 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
--a------ 2006-11-16 20:04 139264 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 05:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTHelper]
--a------ 2006-08-11 15:56 17920 C:\WINDOWS\CTHELPER.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
--a------ 2006-08-11 15:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MimBoot]
C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MMTray]
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2007-12-05 02:41 8523776 C:\WINDOWS\system32\NvCpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2007-12-05 02:41 81920 C:\WINDOWS\system32\NvMcTray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2007-12-05 02:41 1626112 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2007-12-11 11:56 286720 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Start WingMan Profiler]
--a------ 2005-04-18 12:16 73728 C:\Program Files\Logitech\Profiler\lwemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\FlashFXP\\flashfxp.exe"=
"C:\\Program Files\\Soulseek\\slsk.exe"=
"C:\\Program Files\\Microsoft Office\\OFFICE11\\FRONTPG.EXE"=
"C:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"C:\\Program Files\\Opera\\Opera.exe"=
"C:\\Program Files\\uTorrent\\utorrent.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"C:\\Program Files\\IBP 9\\IBP.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"62535:TCP"= 62535:TCP:torrent
"62535:UDP"= 62535:UDP:torrent
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R2 878TVCard;Bt878 TV Card - Video Capture;C:\WINDOWS\system32\drivers\Bt878.sys [2005-09-05 13:00]
R2 878TVTuner;Bt878 TV Card - TV Tuner;C:\WINDOWS\system32\drivers\BtTuner.sys [2005-09-05 13:00]
R2 878Xbar;Bt878 TV Card - Crossbar;C:\WINDOWS\system32\drivers\BtXbar.sys [2005-09-05 13:00]
S3 motccgp;Motorola USB Composite Device Driver;C:\WINDOWS\system32\DRIVERS\motccgp.sys [2007-02-27 14:31]
S3 motccgpfl;MotCcgpFlService;C:\WINDOWS\system32\DRIVERS\motccgpfl.sys [2007-01-23 19:03]
S3 MotDev;Motorola Inc. USB Device;C:\WINDOWS\system32\DRIVERS\motodrv.sys [2006-12-14 10:27]
S3 Oasis;Oasis;C:\WINDOWS\system32\DRIVERS\Oasisusb.sys [2001-08-16 01:03]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bdx REG_MULTI_SZ scan

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-30 04:56:37
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
TV Card Remote Control Device Monitor = C:\WINDOWS\878RMTMon.exe?????w??????????T?a?`B2?x??????? x??????????????x???????????x?2?????????????????????????????????x?2?????hB2?????????T?a?x?2?m?a?x??????????????|4B2??w???????????????w???????????????????????????????????w??h????????????w??(????w????A????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-30 4:57:53
ComboFix-quarantined-files.txt 2008-03-30 08:57:38
ComboFix2.txt 2008-03-25 13:30:19



+++++++++++++++++++
++++++++++++++++++++
+++++++++++++++++++


MalWareBytes Log:

Malwarebytes' Anti-Malware 1.09
Database version: 568

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|)
Objects scanned: 175538
Time elapsed: 1 hour(s), 35 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



+++++++++++++++++++++==
+++++++++++++++++++++
+++++++++++++++++++++


Kaspersky Log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, March 31, 2008 3:47:22 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 31/03/2008
Kaspersky Anti-Virus database records: 673658
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
N:\

Scan Statistics:
Total number of scanned objects: 143789
Number of viruses found: 9
Number of infected objects: 34
Number of suspicious objects: 0
Duration of the scan process: 06:40:47

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\call256.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\callmember256.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\chat1024.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\chat512.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\chatmember256.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\chatmsg1024.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\chatmsg2048.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\chatmsg256.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\chatmsg32768.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\chatmsg512.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\chatmsg8192.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\chatsync\56\56559ee70d27c84e.dat Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\chatsync\fe\feec9044d4a82a1f.dat Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\contactgroup256.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\dyncontent\bundle.dat Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\index2.dat Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\profile256.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\transfer1024.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\transfer256.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\transfer512.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\user1024.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\user16384.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\user4096.dbb Object is locked skipped
C:\Documents and Settings\Serp\Application Data\Skype\C*C*L*\voicemail256.dbb Object is locked skipped
C:\Documents and Settings\Serp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Application Data\Microsoft\Messenger\****@hotmail.com\SharingMetadata\Logs\Dfsr00005.log Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Application Data\Microsoft\Messenger\****@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Application Data\Microsoft\Messenger\****@hotmail.com\SharingMetadata\Working\database_FC04_1E2D_41D_EC00\dfsr.db Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Application Data\Microsoft\Messenger\****@hotmail.com\SharingMetadata\Working\database_FC04_1E2D_41D_EC00\fsr.log Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Application Data\Microsoft\Messenger\****@hotmail.com\SharingMetadata\Working\database_FC04_1E2D_41D_EC00\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Application Data\Microsoft\Messenger\****@hotmail.com\SharingMetadata\Working\database_FC04_1E2D_41D_EC00\tmp.edb Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Application Data\Microsoft\Windows Live Contacts\****@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Application Data\Microsoft\Windows Live Contacts\****@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\History\History.IE5\MSHist012008033020080331\index.dat Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Temp\Perflib_Perfdata_648.dat Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Temp\~DF4CFA.tmp Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Temp\~DF4E46.tmp Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Temp\~DF7D78.tmp Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Temp\~DF7E6D.tmp Object is locked skipped
C:\Documents and Settings\Serp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Serp\My Documents\My Web Sites\intothesky test2\test1\vnc-E4_2_7-x86_win32.zip/vnc-E4_2_7-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Documents and Settings\Serp\My Documents\My Web Sites\intothesky test2\test1\vnc-E4_2_7-x86_win32.zip/vnc-E4_2_7-x86_win32.exe/file2 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Serp\My Documents\My Web Sites\intothesky test2\test1\vnc-E4_2_7-x86_win32.zip/vnc-E4_2_7-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Serp\My Documents\My Web Sites\intothesky test2\test1\vnc-E4_2_7-x86_win32.zip/vnc-E4_2_7-x86_win32.exe/file5 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Documents and Settings\Serp\My Documents\My Web Sites\intothesky test2\test1\vnc-E4_2_7-x86_win32.zip/vnc-E4_2_7-x86_win32.exe/file6 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Serp\My Documents\My Web Sites\intothesky test2\test1\vnc-E4_2_7-x86_win32.zip/vnc-E4_2_7-x86_win32.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Documents and Settings\Serp\My Documents\My Web Sites\intothesky test2\test1\vnc-E4_2_7-x86_win32.zip ZIP: infected - 6 skipped
C:\Documents and Settings\Serp\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Serp\NTUSER.DAT.LOG Object is locked skipped
C:\Program Files\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Avast4\DATA\integ\avast.int Object is locked skipped
C:\Program Files\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\RealVNC\VNC4\vncclipboard.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Program Files\RealVNC\VNC4\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\RealVNC\VNC4\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.427 skipped
C:\Program Files\RealVNC\VNC4\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Serp.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Serp.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Serp.log Object is locked skipped
C:\QooBox\Quarantine\catchme2008-03-25_ 92506.92.zip/pmkji.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
C:\QooBox\Quarantine\catchme2008-03-25_ 92506.92.zip ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{546FE2A1-02A0-4C54-BC43-D7E4664B1B6F}\RP476\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S8EECB7C6.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_630.dat Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{546FE2A1-02A0-4C54-BC43-D7E4664B1B6F}\RP476\change.log Object is locked skipped
E:\RECYCLER\NPROTECT\00000172.EXE Object is locked skipped
E:\RECYCLER\NPROTECT\00000173.DLL Object is locked skipped
E:\RECYCLER\NPROTECT\00000174.DLL Object is locked skipped
E:\RECYCLER\NPROTECT\00000175.EXE Object is locked skipped
E:\RECYCLER\NPROTECT\00000176.DLL Object is locked skipped
E:\RECYCLER\NPROTECT\00000180.EXE Object is locked skipped
E:\RECYCLER\NPROTECT\00000181.EXE Object is locked skipped
E:\RECYCLER\NPROTECT\00000187.RAR Object is locked skipped
E:\RECYCLER\NPROTECT\00000188.RAR Object is locked skipped
E:\RECYCLER\NPROTECT\00000189.RAR Object is locked skipped
E:\RECYCLER\NPROTECT\00000190.avi Object is locked skipped
E:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
E:\System Volume Information\_restore{546FE2A1-02A0-4C54-BC43-D7E4664B1B6F}\RP473\A0060490.exe/file06 Infected: not-a-virus:Client-SMTP.Win32.JMail.43 skipped
E:\System Volume Information\_restore{546FE2A1-02A0-4C54-BC43-D7E4664B1B6F}\RP473\A0060490.exe Inno: infected - 1 skipped
E:\System Volume Information\_restore{546FE2A1-02A0-4C54-BC43-D7E4664B1B6F}\RP476\change.log Object is locked skipped
E:\System Volume Information\_restore{B5EC0A65-DE4B-47F1-8A2C-F2442137FDB9}\RP193\A0073686.EXE/data0000.cab/1.txt Infected: not-a-virus:Monitor.Win32.WinSpy.88 skipped
E:\System Volume Information\_restore{B5EC0A65-DE4B-47F1-8A2C-F2442137FDB9}\RP193\A0073686.EXE/data0000.cab/4.txt Infected: Trojan-Spy.Win32.WinSpy.aa skipped
E:\System Volume Information\_restore{B5EC0A65-DE4B-47F1-8A2C-F2442137FDB9}\RP193\A0073686.EXE/data0000.cab/7.txt Infected: Trojan-Spy.Win32.WinSpy.aa skipped
E:\System Volume Information\_restore{B5EC0A65-DE4B-47F1-8A2C-F2442137FDB9}\RP193\A0073686.EXE/data0000.cab/8.txt Infected: not-a-virus:Monitor.Win32.WinSpy.t skipped
E:\System Volume Information\_restore{B5EC0A65-DE4B-47F1-8A2C-F2442137FDB9}\RP193\A0073686.EXE/data0000.cab/10.txt Infected: not-a-virus:Monitor.Win32.WinSpy.88 skipped
E:\System Volume Information\_restore{B5EC0A65-DE4B-47F1-8A2C-F2442137FDB9}\RP193\A0073686.EXE/data0000.cab/fix.exe Infected: Trojan.Win32.Small.ajj skipped
E:\System Volume Information\_restore{B5EC0A65-DE4B-47F1-8A2C-F2442137FDB9}\RP193\A0073686.EXE/data0000.cab Infected: Trojan.Win32.Small.ajj skipped
E:\System Volume Information\_restore{B5EC0A65-DE4B-47F1-8A2C-F2442137FDB9}\RP193\A0073686.EXE Rsrc-Package: infected - 7 skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{546FE2A1-02A0-4C54-BC43-D7E4664B1B6F}\RP476\change.log Object is locked skipped
G:\Jasons Thumb Drive\IT\Tools\vnc-4_1_1-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped
G:\Jasons Thumb Drive\IT\Tools\vnc-4_1_1-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped
G:\Jasons Thumb Drive\IT\Tools\vnc-4_1_1-x86_win32.exe Inno: infected - 2 skipped
G:\RECYCLER\NPROTECT\00000003.avi Object is locked skipped
G:\RECYCLER\NPROTECT\00000004.bmp Object is locked skipped
G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
G:\System Volume Information\_restore{546FE2A1-02A0-4C54-BC43-D7E4664B1B6F}\RP476\change.log Object is locked skipped

Scan process completed.
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: My Desktop

Unread postby ktreffin » March 31st, 2008, 4:24 pm

Hi wolfenstien,

Thanks for the logs. I am reviewing them now, and should post back either tonight or first thing tomorrow with the next step. Thanks for your patience.

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: My Desktop

Unread postby wolfenstien » March 31st, 2008, 4:36 pm

Hey, thank you for your patience. I really did not expect avast to take three days to scan this thing...
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: My Desktop

Unread postby ktreffin » March 31st, 2008, 5:20 pm

Hello wolfenstein,

4tb is alot to scan with this AV I guess

:shock: I can see why it took so long!!

The Kaspersky log and the Malwarebytes' Anti-Malware scan don't show a lot. Kaspersky did hit on a remote administration tool. Are you familiar with the VNC or RealVNC tool? I believe that this is legit, but I do want to check with you because if it is malicious it could cause some really big problems.

Otherwise, how are things running? Are you still having any type of problems? Let me know if you are, and please explain them if you can.

Thanks,
Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: My Desktop

Unread postby wolfenstien » April 1st, 2008, 10:01 am

Yeah, RealVNC is legit, I run it across my network and on some other computers across the net that I need to be able to access from home, or where ever else. It is 128 bit encryption, and I change the passwords regularly on all of them.

As for anything weird on here, no, I did get a pop up (which i never get) when i went to DL Malwarebytes.... but it hasnt happened again, so i am thinking that I accedently clicked something without realizing it...
Other than that.... nothing weird.
wolfenstien
Banned Member
 
Posts: 58
Joined: March 15th, 2008, 9:57 pm

Re: My Desktop

Unread postby ktreffin » April 2nd, 2008, 3:30 pm

Congratulations wolfenstien, Your Log appears to be clean! Image

How is your system running? Are you still having problems? Please let me know if any problems still exist before moving on.

Now that you are clean, I got some tips & tricks for you to keep your computer clean and secure. The first few (like removing dangerous tools and Windows Update) have to be done, the others are option (beginning with Spybot S &D).

It may seem like your system will be too much protected with all these things installed, but a lot of programs aren't running always on the background so don't slow down your computer. Please take a look at the following things:

Remove dangerous tools - Because some tools we used can be dangerous if they're used in the wrong way we have to remove some of them. Please remove the following tools:
Uninstall Combofix

  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image
You can also delete any logs we have produced, and empty your Recycle bin.

Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
Turn off System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Check Turn off System Restore
Click Apply, and then click OK

Reboot.

Turn on System Restore.
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab
Uncheck Turn off System Restore
Click Apply, and then click OK
NOTE: only do this ONCE, NOT on a regular basis!

Re hide your system files To do so, please follow the steps below:
  • Double-click My Computer.
  • Click the Tools menu, and then click Folder Options.
  • Click the View tab.
  • Put a check by "Hide file extensions for known file types."
  • Under the "Hidden files" folder, select "Do not show hidden files and folders."
  • Check "Hide protected operating system files."
  • Click Apply, and then click OK.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound/outbound not sure). Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most used:
Comodo
Kerio
ZoneAlarm

Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
Tutorail for Spybot S & D

Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. You can download it here:
SpywareBlaster

Install WinPatrol - As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You can download it from this website:
WinPatrol
The developer is a well-known man in the MalWare Removal business. If you really like WinPatrol think about upgrading to the PLUS version. It will give you additional features and you will only have to pay once, for your whole malware-free life.

Install MVPS HOSTS - This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers.
For information on how to download and install, please read this tutorial here:
WinHelp2002
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

Use an alternative Internet Browser - Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:
Firefox << Most used, I use this one myself.
Opera

Bookmark general cleanup links - It could be that your computer is becoming slower and slower. This is not always the cause of malware. Most of the times it's malware when you're computer is suddenly getting slow or doing strange. When the slowdown increases slowly check (so now bookmark) these links for tips & tricks:
Help! My computer is slow
Slow Computer? Check here first; it may not be malware

Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.[/list]
Follow this list and your potential for being infected again will reduce dramatically.

Stand Up and Be Counted!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints called Malware Complaints. Please register there first! Then follow the instructions here:
<link>

>> Here << you can see how you can help us.

Have a happy computing day!!

Ken
User avatar
ktreffin
Retired Graduate
 
Posts: 1864
Joined: February 28th, 2007, 11:12 pm
Location: USA, Florida

Re: My Desktop

Unread postby Simon V. » April 6th, 2008, 4:12 am

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the username used. If the username does not match the one in the thread linked, the email will be deleted.
User avatar
Simon V.
MRU Emeritus
MRU Emeritus
 
Posts: 3388
Joined: November 11th, 2006, 3:35 pm
Location: Antwerp, Belgium
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 21 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware