Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Hijackthis

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby amateur » May 10th, 2006, 7:16 pm

Thanks Carl. :)

Using Windows Explorer (right click on Start, click on Explore), navigate to the following folders:

C:\Documents and Settings\All Users\Desktop\WinAntiVirus Pro 2006.lnk <======delete the entire folder. You can also simply delete it from your desktop. As long as you have this link on your desktop, you have the risk of someone clicking on it, and WinAntiVirusPro will download again. So, please delete the url.

C:\Documents and Settings\Bobby Gibson\Cookies\<===== delete the contents of the folder, but not the folder itself. Open the folder and go to Edit>Select All, then Edit>Delete.

=======================

Reboot. Scan with Panda again and post the results please.
Last edited by amateur on May 10th, 2006, 9:56 pm, edited 1 time in total.
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA
Advertisement
Register to Remove

Unread postby carl » May 10th, 2006, 7:22 pm

i forgot to delete th URL before the last scan, heres the latest...


Incident Status Location

Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\Documents and Settings\All Users\Desktop\WinAntiVirus Pro 2006.lnk
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bobby Gibson\Cookies\bobby gibson@ath.belnk[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bobby Gibson\Cookies\bobby gibson@belnk[2].txt
Spyware:Cookie/Ccbill Not disinfected C:\Documents and Settings\Bobby Gibson\Cookies\bobby gibson@ccbill[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Bobby Gibson\Cookies\bobby gibson@dist.belnk[1].txt
Spyware:Cookie/ErrorSafe Not disinfected C:\Documents and Settings\Bobby Gibson\Cookies\bobby gibson@errorsafe[2].txt
Spyware:Cookie/Mp3search Not disinfected C:\Documents and Settings\Bobby Gibson\Cookies\bobby gibson@mp3search[2].txt
Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\Bobby Gibson\Cookies\bobby gibson@searchportal.information[1].txt
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Bobby Gibson\Cookies\bobby gibson@toplist[1].txt
Spyware:Cookie/Tucows Not disinfected C:\Documents and Settings\Bobby Gibson\Cookies\bobby gibson@tucows[1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Bobby Gibson\Cookies\bobby gibson@winfixer[2].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Bobby Gibson\Cookies\bobby gibson@xiti[1].txt
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm

Unread postby amateur » May 10th, 2006, 7:26 pm

Hi Carl,

The link is still there.

Potentially unwanted tool:application/winantivirus2006 Not disinfected C:\Documents and Settings\All Users\Desktop\WinAntiVirus Pro 2006.lnk

Cookies are there too.

C:\Documents and Settings\Bobby Gibson\Cookies\<=== you need to delete everything inside this folder
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby carl » May 10th, 2006, 7:31 pm

Hi, The panda scan is now saying no viruses or other malicious software have been found!!!
theres no option to save a report!
is this correct?
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm

Unread postby amateur » May 10th, 2006, 7:37 pm

If you deleted the link and cookies inside the cookie folder, that's exactly what it would say. :D

Your log is clean too. :D Well done. :D :D We need to do a few more things to secure your system and you are all set to go.

Remember to re-enable your Norton Script blocking and Windows Defender.

Disable and Enable System Restore If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. Because Windows regularly sets restorepoints, it's very possible that the malware, you have removed, is still present in the System Restore. If you put Windows back to such a restorepoint, this malware will be put back, as well.

This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.) Please do this ONLY ONCE, not on a regular basis.

1. Right-click My Computer, and then click Properties.
2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.
3. Click OK, and then click Yes.

4. Restart the computer.
5. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore', click 'OK'.

Reboot normally.

You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

And that's all. But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items)

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.
If you haven't got an antivirus, you can download and install one of the following free ones: Make sure that you have only ONE antivirus running on your computer as more than one would cause conflict and render the computer vulnerable.

AVG Free here
AntiVir here
Avast here

It is essential to keep the anti-virus program fully updated.
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site <http://windowsupdate.microsoft.com/> to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site <http://office.microsoft.com/officeupdate/maincatalog.aspx?lc=en-us> and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Keep your pestware-scanners up-to-date and do regular scans with them.

To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them already):
AdAware here
Spybot here Remember to "immunize" after each update
Windows Defender here

Install realtime pestware-scanners and keep them up-to-date.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster here Remember to "enable all protection" after each update.
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet.
If there is no firewall installed on your computer, you can download and install one of the following free firewalls:
ZoneAlarm here
Sygate here
Kerio Personal Firewall here
Outpost here
Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!

Test your firewall here to make sure that it's working properly

Install these programs, to make surfing with Internet Explorer safer:

A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing.

IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer.

SiteHound by Firetrust
here:

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer.
SiteHound will alert you when you enter a site which is known to contain:
• Fraudulent claims or scams
• Offensive material
• Security vulnerabilities
• Spyware or Adware
• Spam related material
• or other content deemed to be unsafe
Specifically, SiteHound blocks these categories:

• Adult • Spyware • Spam Advertising • Phishing • Possible scam or fraud • Misleading or False Advertising
• Pharming • Rogue or Suspect Product • Adware • Malware or Virus

Install and use an alternative browser to surf on the internet.

Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite here
Mozilla Firefox here
Opera here
Netscape here
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, e.g. most of the Online Malware-scanners.

But above all, keep all your software UP-TO-DATE at all time!!

Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place

Happy and safe surfing. B)

Please take the time to visit Malware Complaints and register your complaint.
The infection you had was Smitfraud
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby carl » May 10th, 2006, 7:54 pm

i'm too tired to express my gratitude in full!! thank you so much and take care. :)
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm

Unread postby amateur » May 10th, 2006, 7:56 pm

You're very welcome. Glad we could help. Stay safe! :D :D
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby carl » May 10th, 2006, 8:03 pm

Goodnight and Godbless! :angel7:
carl
Regular Member
 
Posts: 40
Joined: May 9th, 2006, 2:51 pm

Unread postby amateur » May 10th, 2006, 8:05 pm

You too... Good Night :D :D
User avatar
amateur
MRU Master
MRU Master
 
Posts: 2545
Joined: September 25th, 2005, 1:13 pm
Location: RI, USA

Unread postby Nellie2 » May 21st, 2006, 4:45 pm

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you do not have to be registered to post.. just find your country room and register your complaint.

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

The help you receive here is free but you can help support this site from this link if you wish:
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted
User avatar
Nellie2
Administrator Emeritus
 
Posts: 8737
Joined: December 16th, 2004, 5:01 pm
Location: UK
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 42 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware