Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

StartNow Virus on Home Computer

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 4th, 2012, 1:06 pm

Here's the log:

SystemLook 30.07.11 by jpshortstuff
Log created at 12:00 on 04/01/2012 by Elena
Administrator - Elevation successful

========== filefind ==========

Searching for "*XFireXO*"
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome\xfirexo.jar --a---- 723440 bytes [15:12 23/07/2011] [18:14 22/06/2011] C62AE16FFF68E38446E1636763C38288

Searching for "*search-results*"
C:\Autodesk\Maya2011_32-bit\en-US\Docs\scripts\search-results-provider.js --a--c- 5348 bytes [03:02 20/12/2011] [21:35 14/01/2010] 0FF8CFCEE6AF56CED2ED530E181CF530
C:\Autodesk\Maya2011_32-bit\ja-JP\Docs\scripts\search-results-provider.js --a--c- 5348 bytes [03:02 20/12/2011] [21:35 14/01/2010] 0FF8CFCEE6AF56CED2ED530E181CF530
C:\Program Files\Autodesk\Backburner\help\scripts\search-results-provider.js --a---- 6712 bytes [16:02 03/03/2010] [16:02 03/03/2010] C4255E54FF9404AEE0901C8FE20D8B63
C:\Program Files\Autodesk\Composite 2011\documentation\help\scripts\search-results-provider.js --a---- 6712 bytes [10:54 02/03/2010] [10:54 02/03/2010] C4255E54FF9404AEE0901C8FE20D8B63
C:\Program Files\Autodesk\MatchMover2011\Help\scripts\search-results-provider.js --a---- 6712 bytes [19:49 16/02/2010] [19:49 16/02/2010] C4255E54FF9404AEE0901C8FE20D8B63
C:\Program Files\Autodesk\Maya2011\docs\Maya2011\en_US\scripts\search-results-provider.js --a---- 6712 bytes [03:11 20/12/2011] [03:11 20/12/2011] C4255E54FF9404AEE0901C8FE20D8B63

========== folderfind ==========

Searching for "*XFireXO*"
C:\Users\Parker\AppData\LocalLow\XfireXO d------ [15:12 23/07/2011]

Searching for "*search-results*"
No folders found.

========== Regfind ==========

Searching for "XFireXO"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\XfireXO]
[HKEY_CURRENT_USER\Software\AppDataLow\Software\XfireXO\toolbar]
"WebServerUrl"="http://XfireXO.OurToolbar.com/"
[HKEY_CURRENT_USER\Software\AppDataLow\Software\XfireXO\toolbar]
"DisplayName"="XfireXO"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]
"DisplayName"="XfireXO Customized Web Search"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\AppDataLow\Software\XfireXO]
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\AppDataLow\Software\XfireXO\toolbar]
"WebServerUrl"="http://XfireXO.OurToolbar.com/"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\AppDataLow\Software\XfireXO\toolbar]
"DisplayName"="XfireXO"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1003\Software\AppDataLow\Software\XfireXO]
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1003\Software\AppDataLow\Software\XfireXO\toolbar]
"WebServerUrl"="http://XfireXO.OurToolbar.com/"
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1003\Software\AppDataLow\Software\XfireXO\toolbar]
"DisplayName"="XfireXO"

Searching for "search-results"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\021956BA807569D4B8A93B7FC72EDA70]
"AE3E604677797B540A0C9847E1263925"="C:\Program Files\Autodesk\Composite 2011\documentation\help\scripts\search-results-provider.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5F7F59F4291D34D4D811A8AC80E110D5]
"D6E743D330A524345BABA67781583F97"="C:\Program Files\Autodesk\Backburner\help\scripts\search-results-provider.js"

-= EOF =-
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am
Advertisement
Register to Remove

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 4th, 2012, 3:35 pm

Hi ARecentStudy,

Autodesk Maya looks like it may be the cause of search-results.

Where did you obtain it from?
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 4th, 2012, 8:39 pm

I really don't think so, I know the search-results.com thing was a problem before I installed that. In either event, it's the student version that I got from the Autodesk site itself.

EDIT: Looking at the results though I'm really surprised... Is there any way to remove the files without removing the program? I could try reinstalling but I don't know how many licenses the student version is allowed per Autodesk account. This program is really important for my school.

EDIT2: Also here's the registration/activation email for Maya.

Thank you for registering your Autodesk product. The information you provide helps us serve you better in the future and helps you stay informed about Autodesk products and services.

Serial Number: *************
Product: Autodesk Maya 2011

If you have requested an activation code through the Autodesk website, you may need to follow these additional instructions to complete your activation:

On your computer, copy the below activation code to your clipboard or save the Activation File (if attached).
Start the product for which you requested an activation code.
Follow the prompts to activate the product.
When requested, paste the activation code from your clipboard or browse to the Activation File you saved in Step 1 to complete the activation.
Activation Code:
******************

Sincerely
Autodesk Global Business Services
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 5th, 2012, 4:37 am

Hi ARecentStudy,

I know the search-results.com thing was a problem before I installed that. In either event, it's the student version that I got from the Autodesk site itself.


OK, I just wanted to check, it could well be a false positive where Autodesk have used the phrase search-results.

I would not plan on making any changes to Maya.

Please log into the computer using the Parker account.

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :reg
    [-HKEY_CURRENT_USER\Software\AppDataLow\Software\XfireXO]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}]
    "DisplayName"=-
    [-HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\AppDataLow\Software\XfireXO]
    [-HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1003\Software\AppDataLow\Software\XfireXO]
    :files
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome\xfirexo.jar
    C:\Users\Parker\AppData\LocalLow\XfireXO
    :commands
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

SUPERAntiSpyware

Please download SUPERAntiSpyware portable from here and save it on your desktop.

Double click to run

  • Click Check for Updates
  • Click Scan your Computer
  • Select drive C:
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • click Next
  • After the scan is complete, a Scan Summary box will appear with... any items detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
    A notification will appear that "Quarantine and Removal is Complete"
  • Click "OK" and then click the "Finish" button to return to the main menu.
  • Reply "Yes" to the reboot prompt
  • Launch SUPERAntispyware again....
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
      Save the log file to your desktop...name it: saslog.txt
  • Click Close to exit the program.

Please copy/paste entire contents of saslog.txt... in your next reply.


Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 5th, 2012, 5:04 pm

I thought I had saved the OTL log after running but it looks like I didn't. I'm very sorry. Is there any way to retrieve it?

Also the SuperAntiSpyware Scanner left no log for some reason. Here's a screencap.

Image

Right before rebooting it said there were 260 adware tracking cookies detected and they were all removed.

I know this isn't much help. On the bright side, XFireXO no longer appears as a search provider. Parker's Firefox still redirects to search-results.com. This is a complete guess but would it help by trying to change it to Google? I don't know how to switch the search provider in the ask box, there doesn't seem to be an option for it. Again, I have no idea if this would help.
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 5th, 2012, 5:13 pm

Hi ARecentStudy,

I thought I had saved the OTL log after running but it looks like I didn't. I'm very sorry. Is there any way to retrieve it?


Please navigate to the folder C:\_OTL\MovedFiles

In that folder there should be a log file for each fix, the format of the file is mmddyyyy_hhmmss.log where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.

Please post the log in your next reply.

Parker's Firefox still redirects to search-results.com


If that is the only remaining issue and is limited to only that 1 account, then a possible solution would be to create a new user for Parker, maybe Parker2 then copy all documants, favourites etc. to the new user profile.

Once everything is working for the new user then the Parker profile could be removed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 7th, 2012, 10:59 am

OTL:

========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\AppDataLow\Software\XfireXO\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}\\DisplayName deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1002\Software\AppDataLow\Software\XfireXO\ not found.
Registry key HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1003\Software\AppDataLow\Software\XfireXO\ not found.
========== FILES ==========
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome\xfirexo.jar moved successfully.
C:\Users\Parker\AppData\LocalLow\XfireXO\Logs folder moved successfully.
C:\Users\Parker\AppData\LocalLow\XfireXO folder moved successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.31.0 log created on 01052012_143950

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...




I'll try creating a second account then!
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 7th, 2012, 2:18 pm

I'll try creating a second account then!


OK, please do so and let me know if that cures the problem.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 8th, 2012, 5:44 pm

Alright. Creating the new account got rid of the redirect issue, but when I went to check the program files I noticed that the StartNow toolbar was still on the list. This seems to be the case for all the accounts. Now it says it was installed on 1/3/2012.
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 8th, 2012, 5:48 pm

Hi ARecentStudy,

but when I went to check the program files I noticed that the StartNow toolbar was still on the list.


Is that in "add / remove programs"? If so can you remove?

Please run SystemLook again using the previous instructions and pste the following into the main textfield

Code: Select all
:filefind
*StartNow*

:folderfind
*StartNow*

:Regfind
StartNow 


Then click Look and post the log in your next reply.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 8th, 2012, 9:48 pm

I remember before I posted this topic I had tried uninstalling the StartNow Toolbar and my anti-virus program told me that the uninstaller was a trojan. When I go to the "uninstall" option now it doesn't tell me that anymore, instead it asks me if I will allow this program to make changes to the computer, to which I said no, so I'm assuming avast! (the anti-virus I uninstalled as per request) was what was catching that. "Dave" says he tried uninstalling the "StartNow Toolbar" a few days ago without me knowing, which might've actually reinstalled it? I'm not sure. In either event, here's the SystemLook log:

SystemLook 30.07.11 by jpshortstuff
Log created at 20:39 on 08/01/2012 by Elena
Administrator - Elevation successful

========== filefind ==========

Searching for "*StartNow*"
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png --a---- 2674 bytes [09:29 29/06/2011] [09:29 29/06/2011] 1C644B5EE41ED387E22C62CDD4292FFC
C:\_OTL\MovedFiles\01032012_122042\C_Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe --a---- 183394 bytes [10:36 27/07/2011] [10:36 27/07/2011] 8331C34021298C7DE257E6EFC53E59A7
C:\_OTL\MovedFiles\01032012_122042\C_Program Files\StartNow Toolbar\Resources\images\startnow_logo.png --a---- 2674 bytes [12:28 09/06/2011] [12:28 09/06/2011] 1C644B5EE41ED387E22C62CDD4292FFC

========== folderfind ==========

Searching for "*StartNow*"
C:\_OTL\MovedFiles\01032012_122042\C_Program Files\StartNow Toolbar d----c- [10:56 18/08/2011]

========== Regfind ==========

Searching for "StartNow "
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1973003820-525972890-3920212309-1003\Software\StartNow Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}\1.0\0\win32]
@="C:\Program Files\StartNow Toolbar\Toolbar32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}\1.0\HELPDIR]
@="C:\Program Files\StartNow Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar]
"DisplayName"="StartNow Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar]
"UninstallString"="C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar]
"DisplayIcon"="C:\Program Files\StartNow Toolbar\StartNowToolbarUninstall.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\StartNow Toolbar]
[HKEY_LOCAL_MACHINE\SOFTWARE\StartNow Toolbar]
"Path"="C:\Program Files\StartNow Toolbar"
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
[HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1003\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1973003820-525972890-3920212309-1003\Software\StartNow Toolbar]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]

-= EOF =-
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 9th, 2012, 2:20 pm

Hi ARecentStudy,

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :processes
    killallprocesses
    :reg
    [-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1973003820-525972890-3920212309-1003\Software\StartNow Toolbar]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}\1.0\0\win32]
    @=-
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}\1.0\HELPDIR]
    @=-
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\StartNow Toolbar]
    [-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
    [-HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1003\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1973003820-525972890-3920212309-1003\Software\StartNow Toolbar]
    [-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar]
    :files
    C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png
    :commands
    [CREATERESTOREPOINT]
    [REBOOT]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.


Please let me know how the computer is running now.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: StartNow Virus on Home Computer

Unread postby ARecentStudy » January 9th, 2012, 4:23 pm

It's gone from the list of programs!! I can't find any other trace of it at the moment and the computer is running fine.

Thank you so much for all of your hard work and dedication. This forum is really inspiring. I'm glad there are people out here fighting against malware!


OTL:


========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1973003820-525972890-3920212309-1003\Software\StartNow Toolbar\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}\1.0\0\win32\\@ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6857AC4A-95B4-4E2C-B2D2-8A235FCCEF4A}\1.0\HELPDIR\\@ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\StartNow Toolbar\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\StartNow Toolbar\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-1973003820-525972890-3920212309-1003\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1973003820-525972890-3920212309-1003\Software\StartNow Toolbar\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\StartNow Toolbar\ not found.
========== FILES ==========
C:\Users\Dave\AppData\Roaming\Mozilla\Firefox\Profiles\jblybi2k.default\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}\chrome\content\resources\images\startnow_logo.png moved successfully.
========== COMMANDS ==========


OTL by OldTimer - Version 3.2.31.0 log created on 01092012_151654

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
ARecentStudy
Active Member
 
Posts: 14
Joined: December 29th, 2011, 1:11 am

Re: StartNow Virus on Home Computer

Unread postby deltalima » January 9th, 2012, 4:31 pm

Hi ARecentStudy,

It's gone from the list of programs!! I can't find any other trace of it at the moment and the computer is running fine.


Great news! This particular one can be tricky to fully remove, it digs in deep.

Now that you are clean, please follow these steps in order to keep your computer clean and secure.

Clean up with OTL

  • Double-click OTL.exe to start the program. This will remove all the tools we used to clean your pc.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CleanUp! button
  • Say Yes to the prompt and then allow the program to reboot your computer.


Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 58 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware