Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Antivirus program 2 trojan horses quarantined

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Antivirus program 2 trojan horses quarantined

Unread postby judyplantz » March 10th, 2009, 11:14 pm

Sorry it took so long, been a crazy couple of days...I have no doubt you know all about crazy days with all of the issues you deal with. :bounce:


Each sector scanned on Kaspersky yielded no result...Reports were blank.

RSIT log:

Logfile of random's system information tool 1.05 (written by random/random)
Run by judy at 2009-03-10 22:12:23
Microsoft Windows XP Professional Service Pack 3
System drive C: has 72 GB (94%) free of 76 GB
Total RAM: 239 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:12:40, on 3/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\LTMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Documents and Settings\judy\Desktop\RSIT.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\judy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Mail to a Friend... - http://client.alexa.com/holiday/script/ ... mailto.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/microso ... 3837989077
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 3837976374
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9535DC02-ECC3-4712-A6CE-7620E7198714}: NameServer = 142.161.130.154 142.161.2.154
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 4650 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\User_Feed_Synchronization-{2F596269-74BE-4162-88E1-E16F297CDF22}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-01-07 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll [2009-01-07 522224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-03-03 35840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-03-03 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - &Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll [2009-01-07 251504]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"LTMSG"=LTMSG.exe 7 []
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-03-03 148888]
"avgnt"=C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-06-12 266497]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2008-10-25 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2008-09-05 241704]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-03-10 21:16:30 ----D---- C:\WINDOWS\LastGood
2009-03-10 10:04:01 ----SHD---- C:\Config.Msi
2009-03-09 17:43:56 ----D---- C:\Program Files\Typing Tutor
2009-03-09 12:35:55 ----D---- C:\_OTMoveIt
2009-03-09 12:28:40 ----D---- C:\WINDOWS\ERDNT
2009-03-09 12:26:45 ----D---- C:\Program Files\ERUNT
2009-03-09 09:45:57 ----A---- C:\WINDOWS\system32\tmp.txt
2009-03-09 09:45:49 ----A---- C:\rapport.txt
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\WS2Fix.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\VCCLSID.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\VACFix.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\swxcacls.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\swsc.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\swreg.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\SrchSTS.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\Process.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\o4Patch.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\IEDFix.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\IEDFix.C.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\dumphive.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\Agent.OMZ.Fix.exe
2009-03-09 09:45:08 ----A---- C:\WINDOWS\system32\404Fix.exe
2009-03-08 10:00:54 ----A---- C:\Rooter.txt
2009-03-08 10:00:19 ----D---- C:\Rooter$
2009-03-06 17:38:11 ----D---- C:\Program Files\Stamina
2009-03-06 17:21:40 ----D---- C:\WINDOWS\system32\Adobe
2009-03-05 00:21:22 ----D---- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-03-05 00:21:07 ----D---- C:\Program Files\SUPERAntiSpyware
2009-03-05 00:21:07 ----D---- C:\Documents and Settings\judy\Application Data\SUPERAntiSpyware.com
2009-03-04 22:31:08 ----D---- C:\Program Files\Avira
2009-03-04 22:31:08 ----D---- C:\Documents and Settings\All Users\Application Data\Avira
2009-03-04 19:39:04 ----D---- C:\Documents and Settings\judy\Application Data\Malwarebytes
2009-03-04 19:38:57 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-03-04 19:38:57 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-03-04 18:55:25 ----D---- C:\Program Files\Trend Micro
2009-03-04 17:54:23 ----D---- C:\Program Files\CCleaner
2009-03-03 11:42:37 ----A---- C:\WINDOWS\system32\javaws.exe
2009-03-03 11:42:36 ----A---- C:\WINDOWS\system32\javaw.exe
2009-03-03 11:42:36 ----A---- C:\WINDOWS\system32\java.exe
2009-03-03 11:42:11 ----D---- C:\Program Files\Java
2009-02-25 19:27:52 ----D---- C:\Program Files\Common Files\Adobe AIR
2009-02-18 14:14:28 ----D---- C:\Program Files\Yahoo!

======List of files/folders modified in the last 1 months======

2009-03-10 22:12:40 ----A---- C:\WINDOWS\ModemLog_Agere Win Modem.txt
2009-03-10 21:58:25 ----D---- C:\WINDOWS\Temp
2009-03-10 21:18:55 ----HD---- C:\WINDOWS\inf
2009-03-10 21:17:14 ----D---- C:\WINDOWS\Prefetch
2009-03-10 21:17:12 ----HD---- C:\WINDOWS\$hf_mig$
2009-03-10 21:17:10 ----D---- C:\WINDOWS
2009-03-10 21:16:28 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-10 20:57:40 ----D---- C:\WINDOWS\system32
2009-03-10 12:22:33 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-10 10:04:17 ----SHD---- C:\WINDOWS\Installer
2009-03-10 10:04:16 ----D---- C:\Program Files\Common Files
2009-03-10 09:56:33 ----RD---- C:\Program Files
2009-03-08 09:21:40 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2009-03-07 19:06:52 ----D---- C:\rsit
2009-03-06 17:21:50 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-03-04 22:31:11 ----D---- C:\WINDOWS\system32\drivers
2009-03-04 19:10:58 ----SD---- C:\Documents and Settings\judy\Application Data\Microsoft
2009-03-04 17:57:02 ----D---- C:\WINDOWS\Minidump
2009-03-04 17:57:02 ----D---- C:\WINDOWS\Debug
2009-03-04 13:36:13 ----HD---- C:\$AVG8.VAULT$
2009-03-03 11:42:22 ----A---- C:\WINDOWS\system32\deploytk.dll
2009-03-01 00:00:39 ----A---- C:\WINDOWS\win.ini
2009-02-26 10:31:10 ----D---- C:\Documents and Settings\All Users\Application Data\NOS
2009-02-25 19:34:10 ----D---- C:\Program Files\Adobe
2009-02-25 19:34:08 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe
2009-02-25 11:29:56 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-02-11 13:14:51 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-10-30 75072]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2007-03-01 28352]
R2 Fallback;Fallback; C:\WINDOWS\system32\DRIVERS\HSF_FALL.sys [2001-08-17 289887]
R2 Fsks;Fsks; C:\WINDOWS\system32\DRIVERS\HSF_FSKS.sys [2001-08-17 115807]
R2 K56;K56; C:\WINDOWS\system32\DRIVERS\HSF_K56K.sys [2001-08-17 391199]
R2 SoftFax;SoftFax; C:\WINDOWS\system32\DRIVERS\HSF_FAXX.sys [2001-08-17 199711]
R2 Tones;Tones; C:\WINDOWS\system32\DRIVERS\HSF_TONE.sys [2001-08-17 50751]
R2 V124;V124; C:\WINDOWS\system32\DRIVERS\HSF_V124.sys [2001-08-17 488383]
R3 avgntflt;avgntflt; \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
R3 ltmodem5;Agere Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2003-12-12 652689]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S2 mdmxsdk;mdmxsdk; C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys []
S3 basic2;basic2; C:\WINDOWS\system32\DRIVERS\HSF_BSC2.sys [2001-08-17 67167]
S3 es1371;Creative AudioPCI (ES1371,ES1373) (WDM); C:\WINDOWS\system32\drivers\es1371mp.sys [2007-11-21 37376]
S3 hsf_msft;hsf_msft; C:\WINDOWS\system32\DRIVERS\HSF_MSFT.sys [2001-08-17 542879]
S3 MODEMCSA;Unimodem Streaming Filter Device; C:\WINDOWS\system32\drivers\MODEMCSA.sys [2001-08-17 16128]
S3 Rksample;Rksample; C:\WINDOWS\system32\DRIVERS\HSF_SAMP.sys [2001-08-17 57471]
S3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\System32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
S3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2004-08-04 20992]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;Avira AntiVir Personal - Free Antivirus Scheduler; C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-15 68865]
R2 AntiVirService;Avira AntiVir Personal - Free Antivirus Guard; C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-15 151297]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-03-03 152984]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-07 137200]

-----------------EOF-----------------
judyplantz
Banned Member
 
Posts: 29
Joined: December 28th, 2008, 8:10 pm
Advertisement
Register to Remove

Re: Antivirus program 2 trojan horses quarantined

Unread postby Dakeyras » March 11th, 2009, 7:15 am

Hi :)

Sorry it took so long, been a crazy couple of days...I have no doubt you know all about crazy days with all of the issues you deal with.
That is fine and I understand perfectly :thumbup:

Each sector scanned on Kaspersky yielded no result...Reports were blank.

OK I am prepared to except this. Though a report would have still been able to be generated and saved/posted and I would have preferred to view it personally. Not a problem however.

Congratulations your computer now appears to be malware free!

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well. Plus bare in mind my prior advice about upgrading the presently installed RAM(Random Access Memory).

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Next:

Now I just have a few tasks for your good self and some advice etc.

Clean up with OTMoveIt3

  • Double-click OTMoveIt3.exe to start the program.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTMoveIt main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Reset the System Restore points:

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >> System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
  • Next click Start >> Run... and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed Anti-Virus application, Avira AntiVir Personal automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advice you run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed. The two backups I had you create, leave in-place for a few weeks as a precautionary measure. Then create a new back up and delete them if you wish.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Make your Internet Explorer safer:

For Internet Explorer 7

Please read this article to configure Internet Explorer 7 properly.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above.

Next:

There is no sign of a software firewall installed on your system. Regardless if using a hardware type and or using the inbuilt Windows Service Pack 2(SP3 if you chose to upgrade) firewall this is a necessary application as it will also provide outbound protection where as the aforementioned do not..

I highly advise you download ONE of the following firewalls and install it. Restart the computer for changes to take effect.


This article is a excellent resource regarding the aforementioned firewalls: Understanding and Using Firewalls

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein:

So how did I get infected in the first place?

Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!

Any questions ? feel free to ask, if not stay safe! :)
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Antivirus program 2 trojan horses quarantined

Unread postby judyplantz » March 11th, 2009, 10:15 am

Thank you very much!

I have one question that was brought to mind when you commented that you would have rather viewed the Kaspersky report yourself. Is it a typical and normal thing for the Kaspersky reports to be completely empty - I mean not even a word? That is how they were.

And also - Do I replace Windows firewall with Online Armour? Or what?
judyplantz
Banned Member
 
Posts: 29
Joined: December 28th, 2008, 8:10 pm

Re: Antivirus program 2 trojan horses quarantined

Unread postby Dakeyras » March 11th, 2009, 12:06 pm

Hi :)

Thank you very much!

Your very welcome!

I have one question that was brought to mind when you commented that you would have rather viewed the Kaspersky report yourself. Is it a typical and normal thing for the Kaspersky reports to be completely empty - I mean not even a word? That is how they were.

That is absolutely fine, if you would have chose to save a copy even though it appeared nothing to save. A log report would have been generated. I will assure you however if I had reason to suspect anything was remiss I would have asked for a alternative online scan :thumbup:

And also - Do I replace Windows firewall with Online Armour? Or what?

You do not need to install a software firewall if you so wish, merely a advised recommendation:
Regardless if using a hardware type and or using the inbuilt Windows Service Pack 3 firewall. A software firewall is a advised application as it will also provide outbound protection where as the aforementioned do not.

By default either of the two free software firewalls I recommended should automatically turn of the Windows XP SP3 firewall during their respective installation process.

If they do not however, how to do so manually:

  • Click Start >> Run >> and type Firewall.cpl >> OK
  • On the General tab, click Off (not recommended) >> OK
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Antivirus program 2 trojan horses quarantined

Unread postby judyplantz » March 11th, 2009, 1:37 pm

Thanks again;

I would like to ask if there is any chance that my website carries any infection as a result of this? Is that even possible?
judyplantz
Banned Member
 
Posts: 29
Joined: December 28th, 2008, 8:10 pm

Re: Antivirus program 2 trojan horses quarantined

Unread postby Dakeyras » March 11th, 2009, 2:01 pm

Hi :)

You're welcome!

The infection you had was a remnant of the SmitFraud fake alert family and associated rubbish that comes with it. Which initially your installed Anti-Virus caught for the most part and we cleared up the rest etc.

I do not think your website would be at risk re the aforementioned but that is not a subject matter I have much knowledge about to be honest. As I deal primarily with Anti-Malware support for Home Computers. Geeks to Go however have a specific forum for Web Development and the Team Members there may be better suited to advise.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Antivirus program 2 trojan horses quarantined

Unread postby judyplantz » March 11th, 2009, 4:46 pm

Thank you for the advice;

I am now wondering why my computer clock will not reset to twelve-hour format, it now says 15:43, any suggestions?

Plus I also would like to know if you could tell me a good forum to go to for configuring sound, as I cannot get my sound to work at all.

Something tells me that I may be contacting you again next few days, as my computer is acting peculiar it seems.
judyplantz
Banned Member
 
Posts: 29
Joined: December 28th, 2008, 8:10 pm

Re: Antivirus program 2 trojan horses quarantined

Unread postby Dakeyras » March 11th, 2009, 5:36 pm

Hi :)

I am now wondering why my computer clock will not reset to twelve-hour format, it now says 15:43, any suggestions?

OK easiest way to change the setting as follows:

  • Start >> Control Panel >> Regional and Language Options >> Regional Options >> Customise >> Time
  • Next to Time Format click on the drop down menu and select H:mm:ss >> OK >> Apply >> OK

Plus I also would like to know if you could tell me a good forum to go to for configuring sound, as I cannot get my sound to work at all.

Specific Hardware Support:


Something tells me that I may be contacting you again next few days, as my computer is acting peculiar it seems.

Peculiar eh, could you be more descriptive please ?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Antivirus program 2 trojan horses quarantined

Unread postby Dakeyras » March 12th, 2009, 8:31 am

Hi :)

Any further questions ? could you let myself know either way please. So I can then ask for this topic to be closed, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Antivirus program 2 trojan horses quarantined

Unread postby judyplantz » March 12th, 2009, 10:05 am

Well first of all, it is slower than ever, and the computer has been cleaned out to bare minimum, except for the files that was asked to download to remove virus, the ERUNT files are missing, my modem won't connect very well (cannot get high speed where I live).

By the way, how do I remove Rooter.exe? I totally appreciate everything you have done, if I seem frustrated, it is because I see things happening, and by myself am powerlesss to correct them. Thanks.
judyplantz
Banned Member
 
Posts: 29
Joined: December 28th, 2008, 8:10 pm

Re: Antivirus program 2 trojan horses quarantined

Unread postby Dakeyras » March 12th, 2009, 10:47 am

Hi :)

Well first of all, it is slower than ever, and the computer has been cleaned out to bare minimum, except for the files that was asked to download to remove virus, the ERUNT files are missing, my modem won't connect very well (cannot get high speed where I live).

Have you carried out my advice outlined here ?
Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well. Plus bare in mind my prior advice about upgrading the presently installed RAM(Random Access Memory).

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Next:

Now I just have a few tasks for your good self and some advice etc.

This will go a long way towards improving overall system performance. The ERUNT files may have been removed by OTCleanIT though in the location they were residing, should not have been. I will check with the developer, thank you for bringing this to my attention. Not a lot I can do about your connection speed I am afraid that you would need to address with your actual Internet Service Provider.

By the way, how do I remove Rooter.exe? I totally appreciate everything you have done, if I seem frustrated, it is because I see things happening, and by myself am powerlesss to correct them. Thanks.

Merely delete Rooter.exe from the desktop and following(if present):

The text file: C:\Rooter.txt
The Folder: C:\Rooter$

Then empty your Recycle Bin.

I can appreciate your frustration and its no problem for myself I assure you. As far as I can tell your system is now malware free. Out of interest did these problems arise after installing a software firewall ?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Antivirus program 2 trojan horses quarantined

Unread postby judyplantz » March 12th, 2009, 9:42 pm

Now that you mention it, yes.

I just wanted to say one more time, thanks so much for your patience and help. You are a wonderful bunch!
judyplantz
Banned Member
 
Posts: 29
Joined: December 28th, 2008, 8:10 pm

Re: Antivirus program 2 trojan horses quarantined

Unread postby Dakeyras » March 13th, 2009, 8:07 am

Hi :)

Now that you mention it, yes.
I was thinking this may be the situation.

I just wanted to say one more time, thanks so much for your patience and help. You are a wonderful bunch!
You're welcome! Thank you for the compliment on behalf of myself and colleagues.

OK sometimes certain brands of a Software Firewall will just not work on any one Computer as every system is different and has its own footprint so to speak because of say for example software installed and or available resources.

I think in your situation having a Software Firewall is always going to be problematic until you address the Random Access Memory issue. So I propose you uninstall which ever you did install via Add/Remove in the Control Panel then reboot your system.

Next:

Sometimes once removed those applications should re-enable the XP SP3 firewall. Though not always the case so I will ask you to check shortly. Having this inbuilt firewall enabled again is better than nothing, just keep a eye on the Exceptions list(the tab is located next to the General tab) as many applications have a habit of adding themselves to this without your knowledge.

Re-enable the XP SP3 Firewall:

  • Click Start >> Run >> and type Firewall.cpl >> OK
  • On the General tab, click On (recommended) >> OK

Any other questions feel free to ask and or just let myself known please all is well, thank you.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Antivirus program 2 trojan horses quarantined

Unread postby judyplantz » March 13th, 2009, 12:57 pm

Oky sir, will do!

:flower:
judyplantz
Banned Member
 
Posts: 29
Joined: December 28th, 2008, 8:10 pm

Re: Antivirus program 2 trojan horses quarantined

Unread postby Dakeyras » March 14th, 2009, 8:40 am

Hi :)

All OK ? Any further questions etc ?
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 41 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware