Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Sandbites's PC freezing

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Sandbites's PC freezing

Unread postby Dakeyras » May 4th, 2009, 5:49 pm

Hi :)

Many thanks for your time.
You're very welcome!

I dont understand the question but if i may;
I did not sent up this program, i didnt touch anything; the only thing i did before i gave you the previous results (Rooter and RSIT) is I opened msconfig.exe and on Startup Selection I clicked normal startup
OK that is fine and not a problem.

Next:

It looks like you have recently removed a Java installation, leaving the remnants behind can be used as a possible back-door for malware to infect a system. So I will be targeting all Java related entries for removal shortly.

Note: If you wish for instructions on how to download/install the latest version of Java correctly let myself know in your next reply.

Next:

Please re-run System Repair Engineer again as there is one more File Association - JS that still requires repairing.

Host File Reset:

We need to reset your Computers host file as follows:

  • Open Notepad.
  • Copy and Paste everything from the Code Box below into Notepad: <-- Start >> Run... type in notepad and select OK
Code: Select all
@Echo off
pushd\windows\system32\drivers\etc
attrib -h -s -r hosts
echo 127.0.0.1  localhost>HOSTS
attrib +r +h +s hosts
popd
del %0
  • Go to File >> Save As
  • Save File name as "Dakeyras.bat" <-- Make sure to include the quotes.
  • Change Save as Type to All Files and save the file to your Desktop.
  • It should look like this: Image

Now right click on the desktop Dakeyras.bat and select Run as Administrator to run the batch file. It will self-delete when completed.

Next:

Right click HiJackThis and select Run as Administrator to start the application. Then select the option Scan. Check the boxes next to all the entries listed below (if present):

O4 - Global Startup: AutorunsDisabled

Now click on Fix Checked. Close HiJackThis.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please go here and download ERUNT.
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Right-click on erunt-setup.exe and select Run as Administrator to install ERUNT by following the prompts.
  • Use the default install settings but say no to the portion that asks you to add ERUNT to the Start-Up folder. You can enable this option later if you wish.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup. Note: the default location is C:\WINDOWS\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.

Next:

Please download OTMoveIT3 to your Desktop.

  • Right-click on OTMoveIt3.exe and select Run as Administrator to start the program.
  • Copy the lines from the codebox to the clipboard by highlighting ALL of them and pressing CTRL + B (or, after highlighting, right-click and choose Copy):
Code: Select all
:Processes
Explorer.exe

:Reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[-HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard]

:Files
C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
C:\Windows\tasks\Uniblue SpeedUpMyPC.job
C:\Windows\tasks\Uniblue SpyEraser Nag.job
C:\Windows\tasks\Uniblue SpyEraser.job
C:\Program Files\AVG
C:\Program Files\Java
C:\ProgramData\SecTaskMan
C:\Windows\sed.exe
C:\Users\AJ\AppData\Roaming\SUPERAntiSpyware.com
C:\Program Files\SUPERAntiSpyware
C:\ProgramData\Kaspersky SDK

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]
  • Return to OTMoveIt3, right-click in the "Paste instructions for items to be moved" window (under the yellow bar) and choose Paste
  • Then click the red MoveIt! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of it and pressing CTRL + C (or, after highlighting, right-click and choose Copy), and paste it into your next response.
  • If OTMoveIt asks to reboot your computer, allow it to do so. The report should appear in Notepad after the reboot.
  • Close OTMoveIt3.

ESET Online Scanner:

Please go here to run an online scanner from ESET.

Note: You will need to use Internet explorer for this scan. To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked, and the option Scan unwanted applications is checked
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or further symptoms?
  • OTMoveIT3 Log.
  • ESET Log.
  • A new HijackThis Log. <-- Remember to right click on HiJackThis.exe and select Run as Administrator
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

Re: Sandbites's PC freezing

Unread postby alfa » May 4th, 2009, 8:39 pm

OTMoveIt3 May 5 2009 0812

========== PROCESSES ==========
Process Explorer.exe killed successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\\ deleted successfully.
Registry key HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HotSync Manager.lnk\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Driver\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AVG Anti-Spyware Guard\\ deleted successfully.
========== FILES ==========
C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job moved successfully.
C:\Windows\tasks\Uniblue SpeedUpMyPC.job moved successfully.
C:\Windows\tasks\Uniblue SpyEraser Nag.job moved successfully.
C:\Windows\tasks\Uniblue SpyEraser.job moved successfully.
C:\Program Files\AVG\AVG8 moved successfully.
C:\Program Files\AVG moved successfully.
C:\Program Files\Java\jre6\lib\zi\SystemV moved successfully.
C:\Program Files\Java\jre6\lib\zi\Pacific moved successfully.
C:\Program Files\Java\jre6\lib\zi\Indian moved successfully.
C:\Program Files\Java\jre6\lib\zi\Europe moved successfully.
C:\Program Files\Java\jre6\lib\zi\Etc moved successfully.
C:\Program Files\Java\jre6\lib\zi\Australia moved successfully.
C:\Program Files\Java\jre6\lib\zi\Atlantic moved successfully.
C:\Program Files\Java\jre6\lib\zi\Asia moved successfully.
C:\Program Files\Java\jre6\lib\zi\Antarctica moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\North_Dakota moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Kentucky moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Indiana moved successfully.
C:\Program Files\Java\jre6\lib\zi\America\Argentina moved successfully.
C:\Program Files\Java\jre6\lib\zi\America moved successfully.
C:\Program Files\Java\jre6\lib\zi\Africa moved successfully.
C:\Program Files\Java\jre6\lib\zi moved successfully.
C:\Program Files\Java\jre6\lib\servicetag moved successfully.
C:\Program Files\Java\jre6\lib\security moved successfully.
C:\Program Files\Java\jre6\lib\management moved successfully.
C:\Program Files\Java\jre6\lib\images\cursors moved successfully.
C:\Program Files\Java\jre6\lib\images moved successfully.
C:\Program Files\Java\jre6\lib\im moved successfully.
C:\Program Files\Java\jre6\lib\i386 moved successfully.
C:\Program Files\Java\jre6\lib\fonts moved successfully.
C:\Program Files\Java\jre6\lib\ext moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ie moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome\content moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff\chrome moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs\ff moved successfully.
C:\Program Files\Java\jre6\lib\deploy\jqs moved successfully.
C:\Program Files\Java\jre6\lib\deploy moved successfully.
C:\Program Files\Java\jre6\lib\cmm moved successfully.
C:\Program Files\Java\jre6\lib\audio moved successfully.
C:\Program Files\Java\jre6\lib\applet moved successfully.
C:\Program Files\Java\jre6\lib moved successfully.
C:\Program Files\Java\jre6\bin\new_plugin moved successfully.
C:\Program Files\Java\jre6\bin\client moved successfully.
C:\Program Files\Java\jre6\bin moved successfully.
C:\Program Files\Java\jre6 moved successfully.
C:\Program Files\Java moved successfully.
C:\ProgramData\SecTaskMan moved successfully.
C:\Windows\sed.exe moved successfully.
C:\Users\AJ\AppData\Roaming\SUPERAntiSpyware.com moved successfully.
C:\Program Files\SUPERAntiSpyware moved successfully.
C:\ProgramData\Kaspersky SDK moved successfully.
========== COMMANDS ==========
File delete failed. C:\Users\AJ\AppData\Local\Temp\etilqs_zHI1GndFLsVs3SLFb4nR scheduled to be deleted on reboot.
File delete failed. C:\Users\AJ\AppData\Local\Temp\~DF98B0.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Windows\temp\ZLT06e9a.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
File delete failed. C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 05052009_080458

Files moved on Reboot...
File C:\Users\AJ\AppData\Local\Temp\etilqs_zHI1GndFLsVs3SLFb4nR not found!
C:\Users\AJ\AppData\Local\Temp\~DF98B0.tmp moved successfully.
C:\Windows\temp\ZLT06e9a.TMP moved successfully.
C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\Cache\_CACHE_001_ moved successfully.
C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\Cache\_CACHE_002_ moved successfully.
C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\Cache\_CACHE_003_ moved successfully.
C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\Cache\_CACHE_MAP_ moved successfully.
C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\urlclassifier3.sqlite moved successfully.
C:\Users\AJ\AppData\Local\Mozilla\Firefox\Profiles\ovdobw4c.default\XUL.mfl moved successfully.
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby alfa » May 5th, 2009, 9:50 am

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:49:29 PM, on 5/5/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll
O4 - HKLM\..\Run: [BtTray] "D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7306 bytes
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby alfa » May 5th, 2009, 9:52 am

HI,

i ran eset online scan twice and it stops progressing at 18% so i cant get a log. Also the PC all of a sudden slowed a little, didnt do anything and i dont know what happened.
eset does say that it has found a threat;
win32/PRC View application

alfa
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby Dakeyras » May 5th, 2009, 12:36 pm

Hi :)

i ran eset online scan twice and it stops progressing at 18% so i cant get a log. Also the PC all of a sudden slowed a little, didnt do anything and i dont know what happened.
OK not a problem, we will try a alternative online scanner.

eset does say that it has found a threat;
win32/PRC View application
Not a major concern though at this stage knowing the full path of any infection flagged would be required so I could determine if either a actual infection and or a false positive and advise the appropriate course of action.

However I would like to see if a log was created/saved by ESET.

Please navigate to the following location using Using Windows Explorer(to get there right-click your Start/Vista(bottom left hand side)button and go to Explore:

C:\Program Files\EsetOnlineScanner\Log.Txt <-- If this is present please post the contents of the notepad file in your next reply.

ATF Cleaner:

Please download ATF Cleaner to your desktop.

  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
If you use Firefox browser
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

New Java Installation:

Note: If you do not want a new Java installation, inform myself straight away as the online scan below uses the Java Engine and we will use another online scan instead.

  • Click here to visit Java's website.
  • Scroll down to Java SE Runtime Environment (JRE) 6 Update 13. Click on Download.
  • Select Windows from the drop-down list for Platform.
  • Select Multi-language from the drop-down list for Language.
  • Check (tick) I agree to the Java SE Runtime Environment 6 License Agreement box and click on Continue.
  • Click on jre-6u13-windows-i586-p.exe link to download it and save this to a convenient location.
  • Double click on jre-6u13-windows-i586-p.exe to install Java.

Run Kaspersky Online AV Scanner:

Right click on your favorite web browser (Internet Explorer, Firefox, etc) and select Run As Administrator to run it.

Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases
  • Click on My Computer under Scan and then put the kettle on!
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.

This online tuturial will help explain how to use the aforementioned online scan.

When completed the above, please post back the following:

  • How is you computer performing now? Any problems encountered and or any further symptoms?
  • ESET Log.(If available)
  • Kaspersky results.
  • A new HijackThis Log. <-- Remember to right click on HiJackThis.exe and select Run as Administrator
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sandbites's PC freezing

Unread postby alfa » May 5th, 2009, 2:51 pm

Hi,

Just when i thought the PC was doing okay it seeems that there is still some virus in it,
1. After booting and without doing anything the CPU level keeps on spiking to 24 to 50%
2. The hard drive is busy
3. The menu is not that fast again
4. After our first RSIT run the menu became fast now its a little slow again
5. After booting the computer hang again 2x because i tried to open a file a few seconds after the windows screen opened after bootup

here's the eset log.txt
===============

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=6
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.5821
# api_version=3.0.2
# EOSSerial=bfaf2ee01c64b346ac67a6dfe12954bf
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2009-05-05 02:54:56
# local_time=2009-05-05 10:54:56 (+0800, Malay Peninsula Standard Time)
# country="United States"
# lang=9
# osver=6.0.6001 NT Service Pack 1
# compatibility_mode=5889 61 66 100 408645764054443
# scanned=53527
# found=1
# cleaned=0
# scan_time=8529
C:\MGtools\Process.exe Win32/PrcView application 00000000000000000000000000000000
esets_scanner_update returned -1 esets_gle=53251
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby Dakeyras » May 5th, 2009, 2:58 pm

Hi :)

Thats fine re the ESET log, it is a FP(False Positive) concerning the MGTools you downloaded in a attempt to fix the problems you had with the computer. If however it is not the legitimate MGTools we will remove it later.

OK carry out my prior instructions from ATF Cleaner down-wards and we will go form there :thumbup:
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sandbites's PC freezing

Unread postby Dakeyras » May 7th, 2009, 4:50 am

Hi :)

Do you still need help with your machine?

If the instructions are unclear or something isn't working, please let me know before proceeding.
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sandbites's PC freezing

Unread postby alfa » May 8th, 2009, 12:49 pm

Hi

Yes i fell that is still have problems. I've tried to do the Kaspersky online scan several times but it hangs. The last one i did i left it running for 15 hours straight then it hanged at 83%. That's the only step i can't finish.

alfa
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby Dakeyras » May 8th, 2009, 1:58 pm

Hi :)

OK not a problem we will try another scan that does not require a browser to be used.

Re-Run ATF Cleaner:

Right click on ATF Cleaner.exe and select Run as Administrator.

Dr.Web CureIt:

Download to the desktop: Dr.Web CureIt

  • Right click on drweb-cureit.exe and select Run as Administrator then Allow to run the Express Scan.
  • This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
  • Once the short scan has finished, Click Options > Change settings
  • Choose the "Scan"-tab, remove the mark at "Heuristic analysis".
  • Back at the main window, mark the drives that you want to scan.
  • Select all drives. A red dot shows which drives have been chosen.
  • Click the green arrow at the right, and the scan will start.
  • Click 'Yes to all' if it asks if you want to cure/move the file.
  • When the scan has finished, look if you can click next icon next to the files found:
    Image
    If so, click it and then click the next icon right below and select Move incurable as you'll see in next image:
    Image
    This will move it to the %userprofile%\DoctorWeb\quarantaine-folder if it can't be cured. (this in case if we need samples)
  • After selecting, in the Dr.Web CureIt menu on top, click file and choose save report list
  • Save the report to your desktop. The report will be called DrWeb.csv
  • Close Dr.Web Cureit.
  • Reboot your computer!! Because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web you saved previously in your next reply.

When completed the above, please post back the following:

  • Inform myself how your computer is performing now? Any problems encountered and or further symptoms at all?
  • DrWeb Log.
  • A new HijackThis Log. <-- Remember to right click on HiJackThis.exe and select Run as Administrator
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sandbites's PC freezing

Unread postby alfa » May 9th, 2009, 3:32 am

Inform myself how your computer is performing now? Any problems encountered and or further symptoms at all? Computer seems to be okay. Not as much trashing on the hard drive.. DO i delete this MGTools thing since i dont use it?
==========================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:27:19 PM, on 5/9/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\AASP\1.00.32\aaCenter.exe
C:\Windows\System32\mobsync.exe
D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
D:\Program Files\Microsoft Office\Office12\EXCEL.EXE
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\rundll32.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Copernic Desktop Search - Home Toolbar - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000048.dll
O4 - HKLM\..\Run: [BtTray] "D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search - Home\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Convert link target to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://D:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Acronis OS Selector Reinstall Service (AcronisOSSReinstallSvc) - Unknown owner - C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BlueSoleilCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BsHelpCS - Unknown owner - D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - D:\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 7402 bytes
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby alfa » May 9th, 2009, 3:32 am

Dr. Web Log

psexec.cfexe;C:\ComboFix;Program.PsExec.171;Deleted.;
externezenders.html\Script.0;C:\Documents and Settings\AJ\AppData\Local\Application Data\Microsoft\Windows Sidebar\Gadgets\MiniTV.gadget\externezenders.html;Modification of VBS.Generic.45;;
externezenders.html;C:\Documents and Settings\AJ\AppData\Local\Application Data\Microsoft\Windows Sidebar\Gadgets\MiniTV.gadget;Container contains infected objects;Deleted.;
CFF college fest 30.wmv;O:\Video\Smut\Smut;Trojan.DownLoader.1730;Deleted.;
passwordsplus1004_palm_demo-en.exe/Data1.cab\AuthenticationMgr.prc;E:\Palm program\Password Plus\passwordsplus1004_palm_demo-en.exe/Data1.cab;Modification of BAT.XPEH.144;;
\Data1.cab;E:\Palm program\Password Plus;Archive contains infected objects;;
passwordsplus1004_palm_demo-en.exe;E:\Palm program\Password Plus;Archive contains infected objects;;
Patch1.exe;E:\Palm program\Repligo 2.0 (Patch) By Psi\RepliGo_2.0_(patch)_by_PSi;Tool.ASEye.2;;
Patch2.exe;E:\Palm program\Repligo 2.0 (Patch) By Psi\RepliGo_2.0_(patch)_by_PSi;Tool.ASEye.2;;
Patch1.exe;E:\Palm program\Repligo Newcrack By Psi;Tool.ASEye.2;;
Patch2.exe;E:\Palm program\Repligo Newcrack By Psi;Tool.ASEye.2;;
externezenders.html\Script.0;C:\Documents and Settings\AJ\DoctorWeb\Quarantine\externezenders.html;Modification of VBS.Generic.45;;
externezenders.html;C:\Documents and Settings\AJ\DoctorWeb\Quarantine;Container contains infected objects;;
passwordsplus1004_palm_demo-en.exe/Data1.cab\AuthenticationMgr.prc;C:\Documents and Settings\AJ\DoctorWeb\Quarantine\passwordsplus1004_palm_demo-en.exe/Data1.cab;Modification of BAT.XPEH.144;;
\Data1.cab;C:\Documents and Settings\AJ\DoctorWeb\Quarantine;Archive contains infected objects;;
passwordsplus1004_palm_demo-en.exe;C:\Documents and Settings\AJ\DoctorWeb\Quarantine;Archive contains infected objects;;
Process.exe;C:\MGtools;Tool.Prockill;;
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby Dakeyras » May 9th, 2009, 7:41 am

Hi :)

Computer seems to be okay. Not as much trashing on the hard drive.. DO i delete this MGTools thing since i dont use it?
Good to know. No need to delete MGTools it appears Dr Web has, this is what is known as a false positive as there is a malware related MGTools I will contact Dr Web myself about this and the other FP's I have identified.

Optional Removal:

The Copernic application you have presently installed is not a particularly good in my humble opinion and is known to cause Hard-Drive errors in the form of fragmented files. It is your choice however to leave this installed or not OK.

Next:

Congratulations your computer now appears to be malware free!

Now I have some tasks for your good self to carry out as part of a clean up process and some advice about online safety.

Importance of Regular System Maintenance:

I advice you read both of the below listed topics as this will go a long way to keeping your Computer performing well.

Help! My computer is slow!

Also so is this:

What to do if your Computer is running slowly

Uninstall ComboFix:

  • Click on Start >> Run...
  • Now type in Combofix /u in the and click OK.
  • Note the space between the X and the U, it needs to be there.
  • Image

Note: Dr Web removed a portion of ComboFix, if any problems uninstalling inform myself straight away.

Clean up with OTMoveIt3:

  • Double-click OTMoveIt3.exe to start the program.
  • Close all other programs apart from OTMoveIt3 as this step will require a reboot
  • On the OTMoveIt main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.

Remove Dr Web Cure-IT as not worth keeping this, as it is updated frequently, also delete the log created and then empty the recycle bin.

Now some advice for on-line safety:

Malwarebyte's Anti-Malware:

This is a excellent application and I advise you keep this installed. Check for updates and run a scan once a week.

Other installed security software:

Your presently installed security application, ZoneAlarm Security Suite automatically checks for updates and downloads/installs them with every system reboot and or periodically if the machine is left running providing a internet connection is active.

I advise you also run a complete scan with this also once per week.

Erunt:

Emergency Recovery Utility NT, I advice you keep this installed as a means to keep a complete backup of your registry and restore it when needed.

Myself I would actually create a new back up once per week as this along with System Restore may prove to be invaluable if something unforeseen occurs!

Keep your system updated:

Microsoft releases patches for Windows and other products regularly:


Be careful when opening attachments and downloading files:

  • Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  • Never open emails from unknown senders.
  • Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  • Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware.

Stop malicious scripts:

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Make your Internet Explorer safer:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

Note: At present you are using Internet Explorer v8, if you encounter any degration with overall system performance my advice would be to uninstall this and a automatic roll back to IE7 should occur. Wait a few months as no doubt Microsoft will be releasing updates as IE8 is not long out of its beta testing program.

Avoid Peer to Peer software:

P2P may be a great way to get lots of seemingly freeware, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. My advice avoid these types of software applications.

Hosts File:

A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your computer will look up the website's IP address before you can view the website.

Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

Here are some Hosts files:


Only use one of the above.

Finally a educational source:

To learn more about how to protect yourself while on the internet read this article by Tony Klein:

So how did I get infected in the first place?

Some consider this article outdated, personally I still think it bares relevance and the author is well respected in the Anti-Malware community and by myself also!

Any questions? feel free to ask, if not stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra

Re: Sandbites's PC freezing

Unread postby alfa » May 10th, 2009, 1:22 pm

Hi!

The PC is now okay.

Many thanks for the time that you spent with me fixing my PC. I hope that you will continually enjoy helping others in their computer woes. I also hope that you become more successful in your endeavors so that you will always have the time to work for others. thank you friend.

alfa
alfa
Regular Member
 
Posts: 21
Joined: April 24th, 2009, 9:37 pm

Re: Sandbites's PC freezing

Unread postby Dakeyras » May 10th, 2009, 2:22 pm

Hi :)

Thanks for the update :thumbup:

You are very welcome and a pleasure to be of assistance! A few kind words like you have posted always make my day and I appreciate them highly, stay safe!
User avatar
Dakeyras
MRU Honors Graduate
MRU Honors Graduate
 
Posts: 8732
Joined: November 21st, 2007, 5:30 am
Location: The Tundra
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 38 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware