Free Malware Removal Forum

[vietgirl801]

Sorry for the delay again. I thought I ahd posted a response but it doesn't seem to be the case. Below are your requested information.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, July 6, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, July 05, 2010 10:29:17
Records in database: 4242618
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 281270
Threats found: 2
Infected objects found: 7
Suspicious objects found: 0
Scan duration: 05:50:55


File name / Threat / Threats count
C:\Documents and Settings\Default User.WINDOWS\Start Menu\Programs\Startup\ohulv.exe Infected: Trojan-Spy.Win32.Zbot.akpk 1
C:\Program Files\software\programs\Ahead Nero 9.0.9.4b\Nero 9.0.9.4b Patchfix\nero9patch.exe Infected: Trojan.Win32.Rettesser.ak 1
C:\Qoobox\Quarantine\C\Documents and Settings\Administrator.HOANG\Application Data\Kylar\suam.exe.vir Infected: Trojan-Spy.Win32.Zbot.akpk 1
C:\Qoobox\Quarantine\C\Documents and Settings\anh\Application Data\Vaaht\yrsy.exe.vir Infected: Trojan-Spy.Win32.Zbot.akpk 1
C:\System Volume Information\_restore{DB15D18D-D384-4710-87CE-7E121B24D339}\RP1441\A0053206.exe Infected: Trojan-Spy.Win32.Zbot.akpk 1
C:\System Volume Information\_restore{DB15D18D-D384-4710-87CE-7E121B24D339}\RP1470\A0055203.exe Infected: Trojan-Spy.Win32.Zbot.akpk 1
C:\System Volume Information\_restore{DB15D18D-D384-4710-87CE-7E121B24D339}\RP1470\A0055204.exe Infected: Trojan-Spy.Win32.Zbot.akpk 1

Selected area has been scanned.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4273

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/3/2010 11:10:47 PM
mbam-log-2010-07-03 (23-10-47).txt

Scan type: Full scan (C:\|)
Objects scanned: 453923
Time elapsed: 2 hour(s), 51 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

[vietgirl801]

ComboFix 10-07-04.04 - anh 07/06/2010 17:10:39.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3070.2552 [GMT -5:00]
Running from: c:\documents and settings\anh\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\anh\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning disabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.

((((((((((((((((((((((((( Files Created from 2010-06-07 to 2010-07-07 )))))))))))))))))))))))))))))))
.

2010-07-05 13:28 . 2010-07-05 13:28 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-29 03:19 . 2010-06-29 03:19 -------- d-----w- c:\windows\system32\vmm32
2010-06-29 03:07 . 2005-05-25 22:34 158464 ----a-w- c:\windows\system32\drivers\ctusfsyn.sys
2010-06-29 03:07 . 2005-01-10 23:15 20992 ----a-w- c:\windows\system32\sfman32.dll
2010-06-29 03:07 . 2005-01-10 23:15 138752 ----a-w- c:\windows\system32\drivers\ctsfm2k.sys
2010-06-29 03:07 . 2005-01-10 23:15 115200 ----a-w- c:\windows\system32\sfms32.dll
2010-06-29 03:07 . 2005-01-10 23:15 106496 ----a-w- c:\windows\system32\drivers\ctoss2k.sys
2010-06-29 03:07 . 2005-12-07 16:34 40448 ----a-w- c:\windows\system32\CiEcho.dll
2010-06-29 03:07 . 2005-10-30 00:42 11776 ----a-w- c:\windows\inres.dll
2010-06-29 03:07 . 2006-01-19 03:07 160768 ----a-w- c:\windows\system32\cifilter.dll
2010-06-29 03:07 . 2006-01-04 20:41 1389056 ----a-w- c:\windows\system32\drivers\monfilt.sys
2010-06-29 03:07 . 2010-06-29 03:07 -------- d-----w- c:\program files\Creative
2010-06-29 02:54 . 2010-06-29 02:57 -------- d-----w- c:\documents and settings\anh\Local Settings\Application Data\Deployment
2010-06-25 01:58 . 2010-06-25 01:58 -------- d-----w- c:\program files\Trend Micro
2010-06-25 01:50 . 2010-06-25 02:22 -------- d-----w- c:\program files\Snood 4
2010-06-21 17:29 . 2010-06-21 17:29 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\anwljwgfj
2010-06-21 00:40 . 2010-06-21 00:40 -------- d-----w- c:\documents and settings\anh\Application Data\SUPERAntiSpyware.com
2010-06-21 00:40 . 2010-06-21 00:40 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2010-06-21 00:39 . 2010-06-21 00:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-20 14:48 . 2010-06-20 14:48 -------- d-----w- c:\documents and settings\anh\Application Data\Malwarebytes
2010-06-20 14:02 . 2010-06-20 14:02 -------- d-----w- c:\documents and settings\Administrator.HOANG\Application Data\Malwarebytes
2010-06-20 14:02 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-20 14:02 . 2010-06-20 14:02 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-20 14:02 . 2010-06-20 14:02 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2010-06-20 14:02 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-20 13:20 . 2010-06-20 13:20 -------- d-----w- c:\program files\CCleaner
2010-06-20 06:59 . 2010-06-20 14:44 -------- d-----w- c:\documents and settings\Administrator.HOANG\Application Data\Uwmyf
2010-06-20 06:58 . 2010-06-20 06:58 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Adobe
2010-06-20 06:58 . 2010-06-26 14:38 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-19 13:20 . 2010-06-19 13:20 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY\IETldCache
2010-06-19 13:08 . 2010-06-19 13:08 -------- d-----w- c:\documents and settings\anh\Local Settings\Application Data\itnackthn
2010-06-13 23:30 . 2010-06-13 23:30 -------- d-----w- c:\program files\pdfsam
2010-06-13 22:41 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 01:40 . 2010-06-09 01:40 -------- d-----w- c:\documents and settings\anh\Application Data\NewSoft
2010-06-09 01:39 . 2010-06-09 01:39 -------- d-----w- c:\documents and settings\anh\Local Settings\Application Data\NewSoft

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-06 13:11 . 2009-03-28 00:17 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Google Updater
2010-07-05 13:28 . 2006-09-08 15:45 -------- d-----w- c:\program files\Common Files\Java
2010-07-05 13:28 . 2006-09-08 15:45 -------- d-----w- c:\program files\Java
2010-07-05 12:18 . 2006-09-08 15:58 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-29 03:07 . 2006-09-08 15:48 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-29 02:56 . 2006-09-08 15:49 -------- d-----w- c:\program files\Dell
2010-06-21 00:47 . 2009-05-07 11:41 -------- d-----w- c:\documents and settings\anh\Application Data\Skype
2010-06-20 14:49 . 2009-09-05 22:12 -------- d-----w- c:\documents and settings\anh\Application Data\Otoxi
2010-06-20 13:42 . 2007-03-04 18:50 -------- d-----w- c:\program files\Canon
2010-06-16 02:58 . 2009-06-18 03:23 -------- d-----w- c:\documents and settings\anh\Application Data\Canon
2010-06-15 01:23 . 2010-03-25 02:17 -------- d-----w- c:\documents and settings\anh\Application Data\PrimoPDF
2010-06-09 01:40 . 2009-06-18 02:39 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ScanSoft
2010-06-09 01:40 . 2007-03-04 18:54 -------- d-----w- c:\program files\Common Files\ScanSoft Shared
2010-06-09 01:40 . 2009-06-18 03:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SSScanWizard
2010-06-09 01:40 . 2009-06-18 03:01 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SSScanAppDataDir
2010-05-18 02:04 . 2006-09-08 15:54 -------- d-----w- c:\program files\Google
2010-05-14 16:25 . 2010-05-14 16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-05-14 16:25 . 2010-05-14 16:25 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2010-05-10 00:55 . 2007-01-22 15:25 -------- d-----w- c:\program files\PeerGuardian2
2010-05-06 10:41 . 2006-03-04 03:33 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-10 11:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-20 05:30 . 2004-08-10 11:00 285696 ----a-w- c:\windows\system32\atmfd.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Administrator.HOANG\Application Data\Uwmyf ----


---- Directory of c:\documents and settings\anh\Application Data\Otoxi ----


---- Directory of c:\documents and settings\anh\Local Settings\Application Data\itnackthn ----


---- Directory of c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\anwljwgfj ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-11 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-21 282624]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-16 7323648]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2009-01-28 111952]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 136512]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-03-11 19:52 342312 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-02-20 22:22 4363504 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
2003-05-08 16:00 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE2.0\opwareSE2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2008-11-04 16:30 413696 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-06-07 17:13 2403568 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-07-11 02:46 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Nero BackItUp Scheduler 4.0"=2 (0x2)
"iPod Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"gusvc"=2 (0x2)
"gupdate1c9ba4e5b101f64"=2 (0x2)
"JavaQuickStarterService"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
S4 gupdate1c9ba4e5b101f64;Google Update Service (gupdate1c9ba4e5b101f64);c:\program files\Google\Update\GoogleUpdate.exe [4/10/2009 9:36 PM 133104]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [3/12/2009 5:45 PM 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-07-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-05 00:17]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 02:36]

2010-07-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-11 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} - hxxp://picasaweb.google.com/s/v/61.12/uploader2.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-06 21:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2480)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\program files\McAfee\VirusScan Enterprise\mcshield.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\program files\McAfee\VirusScan Enterprise\vstskmgr.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Intel\IntelDH\Intel(R) Quick Resume Technology Drivers\Elservice.exe
c:\windows\system32\dllhost.exe
c:\program files\Google\Update\1.2.183.23\GoogleCrashHandler.exe
c:\windows\eHome\ehmsas.exe
c:\program files\McAfee\Common Framework\McTray.exe
.
**************************************************************************
.
Completion time: 2010-07-06 21:52:19 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-07 02:52
ComboFix2.txt 2010-07-05 13:14
ComboFix3.txt 2010-07-02 01:08

Pre-Run: 106,823,331,840 bytes free
Post-Run: 106,962,722,816 bytes free

- - End Of File - - 825E1CFE3C87E9CB87C701177E6A5195

[vict0r]

Illegal Software Detected !

While researching your logs it has come to my attention that the file:
nero9patch.exe
- is a crack for Nero 9 and it appears that you are actively using this software.

Please review the Malware Removal forum policy on Use of Cracked Software
If you use software to circumvent validation or authentication of software (i.e. Windows product Key, WGA, etc.) this is also considered illegal or "cracked" software.
In order for me to continue to assist you, please make the following changes:

1. Remove the illegal software from your computer immediately...
2. If you still want to use it, then purchase a legal copy of the software and install it from a legitimate/trusted source.

NOTE: If you state that the software has been removed...and it has not been removed... (the tools we use can and will detect it)
I will have, under forum policy, no choice but to discontinue any assistance and have this thread closed. Please let me know your decision.
Thank you, in advance, for your cooperation.


Trojan/Backdoor

The Kaspersky scan log shows that your computer was infected with Win32/ZBOT.

You can see from the MS description - unfortunately it's not good:

Win32/Zbot is a family of password stealing trojans. Win32/Zbot also contains backdoor functionality that allows unauthorized access and control of an affected machine.

Due to the functionality of this type of malware, it's impossible to tell what may have been done when the system was compromised. The only way you can be sure that your computer is secure once infected with this type of infection, is to reformat and reinstall Windows. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

• If you have used this computer for shopping, banking, or other transactions, it would be wise to :
  Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
• From a known clean computer, change ALL your online passwords -- ISP login password, your email address(es) passwords, banks, financial accounts, PayPal, eBay, Amazon, online groups and forums and any other online activities you carry out which require a username and password.

The source of the infection is most likely the use of pirated software.

You can use the factory restore function of your Dell to reformat and reinstall Windows.
Note that you will loose all programs and data on the C:\ drive (you need a backup of everything you don't want to loose).

[vietgirl801]

My apologies for the late response. I was out of town. The software has been removed. I am not very computer savvy and a fifteen year old kid uses this computer most of the time. I did not realized that he had installed several programs until you informed me. I will go ahead and restore windows, which is ashame after having done all this. I appreciate your help.

[vict0r]

My apologies for the late response. I was out of town.

Ok, no problem.

I will post some recommendations for you as soon as possible.

[vict0r]

I will go ahead and restore windows, which is ashame after having done all this. I appreciate your help.

I'm always happy to help regardless the outcome.

It is indeed a wise decision to restore your computer to the state it was delivered from the factory. Please make sure you have made appropriate backups of the files you don't want to loose before you perform the restore.

I'd be grateful if you could reply to this post so that I know you have read it and, if you have no further malware related questions, the thread can then be closed.

Here are some recommendations for you after you restore your computer to factory defaults in order to dramatically lower the chances of reinfection.


Make sure that your antivirus is updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

NOTE: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

Here are a few FREE alternatives if you have not paid for a product:

• Avira AntiVir Personal- Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
• avast! Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
• AVG Anti-Virus Free Edition - Free edition of the AVG anti-virus program for Windows.

Security Updates for Windows, Internet Explorer & Microsoft Office

Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. You need to visit the Microsoft Update site repeatedly and perform the update until no further important updates are offered. This will make sure all the updates released since your computer was delivered is installed.

Note: The update process uses ActiveX, so you will need to use Internet Explorer for it and allow the ActiveX control to install.

Keep your system updated by enabling automatic updates for Windows XP to get the latest patches from Microsoft to fix bugs and security holes.

• Go to Start > Control Panel > Automatic Updates and select one of these options:
  
  1. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  2. Select Download updates for me, but let me choose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  3. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Upgrade the Adobe and Java installation

Uninstall any Adobe Reader*, Java* and J2SE* entries in Control panel -> Add/Remove programs.
Download and install Java Runtime Environment (JRE) 6 Update 20
Download and install Adobe Reader, make sure that you uncheck Free McAfee® Security Scan Plus before you download. Uncheck to install any toolbars during the install.


Keep Non-Microsoft Programs Updated

Microsoft isn't the only company whose products can contain security vulnerabilities. To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.


Secure your computer further:

Consider using the following programs to secure your computer further:

• SpywareBlaster
  SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all. Make sure to update and re-enable protection regularly.
  
  You can download SpywareBlaster from Javacool and learn how to use it in the tutorial at Bleeping Computer..
  
  
• Spybot Search & Destroy
  Instructions are located here. Make sure to update, reimmunize & scan regularly.
  
  
• Enable Teatimer option in Spybot Search & Destroy
  
  • Open Spybot S&D.
  • Click Mode, choose Advanced Mode.
  • Go To the bottom of the Vertical Panel on the Left, Click Tools.
  • then, also in left panel, click Resident (shows a red/white shield).
  • If your firewall raises a question, say OK.
  • In the Resident protection status frame, check the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active.
  • OK any prompts.
  • Click Mode, choose Default Mode.
  • Use File, Exit to terminate Spybot.
  • Reboot your machine for the changes to take effect.
  
  
• Make use of the HOSTS file included with Spybot Search & Destroy
  Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy.
  
  • Run Spybot Search & Destroy.
  • Click on Mode, and then place a tick next to Advanced mode.
  • Click Yes.
  • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File.
  • Click on Add Spybot-S&D hosts list.
  
  Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue:
  
  • Click Start > Run
  • Type services.msc & click OK
  • In the list, find the service called DNS Client & double click on it.
  • On the dropdown box, change the setting from automatic to manual.
  • Click OK & then close the Services window.
  
  
• Hosts File
  If you don't use Spybot S&D's hosts file, then you can use the following for the added protection: MVPS Hosts, you will find more information regarding hosts files there. A simple explanation of what a Hosts file does is here.
  
  
• Malwarebytes Anti-Malware
  Download from here. Update and perform a quick scan 1-2 times a week.
  
  
• Use an alternative Internet Browser
  Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead:Firefox or Opera
  
  
• NoScript
  Use the NoScript addon for Firefox (if installed) to avoid malicious scripting attacks.

Firewall

The Windows firewall only monitors incoming traffic, NOT outgoing. Using a software firewall in its default configuration to replace the Windows firewall greatly reduces the risk of your computer being hacked. Make sure your firewall is always enabled while your computer is connected to the internet.
NOTE: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.

Here are a few FREE alternatives if you have not paid for a product:

• Online-Armor Free
• Agnitum
• Zonealarm

It is absolutely essential that you keep Java, Adobe and all of your security programs up to date.


Read these articles to learn more about how to protect yourself while on the internet:

• So how did I get infected in the first place? by Tony Klein.
• Miekies' prevention suggestions
• How Can I Reduce my risk to malware?
• Is it real or is it Scareware?

Safe surfing!

[Dakeyras]

As it appears this issue has been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.