Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

mswin32.exe

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

mswin32.exe

Unread postby reurinkj » June 21st, 2005, 5:34 pm

HI,
I have a virus which stops task management and regedit. I also have all kinds of system errors, e.g. mswin32.exe.

Please take a look at my logfile:
Logfile of HijackThis v1.99.1
Scan saved at 23:29:55, on 21-6-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\hijackthis\HijackThi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [internet service] ssyhost.exe
O4 - HKLM\..\Run: [file laoder configuration] rnd32.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [CmiRemoveDir] C:\WINDOWS\CMIRMR~1.EXE
O4 - HKLM\..\RunServices: [internet service] ssyhost.exe
O4 - HKLM\..\RunServices: [file laoder configuration] rnd32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [file laoder configuration] rnd32.exe
O4 - HKCU\..\RunServices: [file laoder configuration] rnd32.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

Thanks!!!
reurinkj
Active Member
 
Posts: 6
Joined: June 21st, 2005, 5:14 pm
Top
Advertisement
Register to Remove

Unread postby NonSuch » June 22nd, 2005, 2:57 pm

Hello, and welcome to the forums. :)

Please download CCleaner from here to clean temp files from your computer.
  • Double click on the file to start the installation of the program.
  • Select your language and click OK, then next.
  • Read the license agreement and click I Agree.
  • Click next to use the default install location. Click Install then finish to complete installation.
  • Double click the CCleaner shortcut on the desktop to start the program.
  • On the Windows tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
  • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
  • Click Run Cleaner to run the program.
  • Caution : It is not recommended to use the "Issues" tab unless you are very familiar with the registry as it has been known to find legitimate items.
  • After it has completed its process, click Exit.

Please download, install, update and scan your system with the free version of Ewido trojan scanner:
  1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  2. When you run ewido for the first time, you will get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  3. From the main ewido screen, click on update in the left menu, then click the Start update button.
  4. After the update finishes (the status bar at the bottom will display "Update successful") DO NOTHING MORE! Exit the program.
  5. Boot into Safe Mode by continuously tapping the F8 key as your system restarts. Select Safe Mode from the list of options offered.
  6. Restart Ewido and click on the Scanner button in the left menu, then click on the Start button. This scan can take quite a while to run, so time to go get a drink and a snack....
  7. If ewido finds anything, it will pop up a notification. You can select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.
  8. When the scan finishes, click on "Save Report". This will create a text file. Please paste the contents of the text file to this thread when you post your next HijackThis log.

Reboot into normal mode when finished with Ewido.

Download Ad-aware Second Edition Build 1.06 here and install it. If you already have Ad-aware Second Edition Build 1.06, skip to the next step.

Open adaware and Click the "Check for updates now" line on the main screen. CLick the "Connect" button on the webupdate screen.

If an update is available download it and install it. Click the "Finish" button to go back to the main screen.

Click on the "Settings" button (gear symbol in the upper right corner of the main status screen) in the quick launch toolbar to open the General settings screen. Make sure the "Automatically quarantine objects prior to removal" setting is checked green and then click "Proceed" to save your changes.

Click the "Scan now" button in the main menu on the left side of the main status screen or use the "Start" button in lower right corner. This will open the Preparing System Scan screen. Please deselect "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat. Leave the option for low-risk threats unchecked also. Then select "Use custom scanning options" and click "CUstomize". This will open the "Scan Settings Page. Make sure all of the following are On with a green checkmark:
  • Scan within archives
Then click on the "Tweak" Button to open up the tweak settings.

Open up the Scanning Engine section and make sure all of the following are On with a green checkmark:
  • Scan registry for all users instead of current user only
Make sure the following is unchecked with a red X:
  • Unload recognized processes & modules during scan.
Open up the Cleaning Engine section and make sure all of the following are On with a green checkmark:
  • Always try to unload modules before deletion
  • During Removal, unload Explorer and IE if necessary
  • Let Windows remove files in use at next reboot.

Click the "Proceed" button to save settings. Click next to begin the scan. When the scan is completed, the Performing System Scan screen will change name to "Scan Complete".

Click the "Next" button to get to the Scanning Results screens where more information about the objects detected during the scan is available. Click the Critical Objects Tab. In general all of the items listed will be bad. To fix all the bad critical objects, right click on one of them to open up the selection screen. Click the "Select All" button to select all entries. Then all are selected Click "Next" and then "OK" in the pop-up window to confirm the removal.

Reboot your computer, scan with HijackThis, then post your fresh HijackThis log and the Ewido log into this same thread and we will see what needs to be done next.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top

Unread postby reurinkj » June 22nd, 2005, 6:49 pm

Thanks!
I followed your instruction but still I have some serious problems.
Below my new HJT logfile and the Ewido report:

Logfile of HijackThis v1.99.1
Scan saved at 0:50:03, on 23-6-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Dit.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\ssyhost.exe
C:\WINDOWS\System32\rnd32.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\hijackthis\HijackThi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [internet service] ssyhost.exe
O4 - HKLM\..\Run: [file laoder configuration] rnd32.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\RunServices: [internet service] ssyhost.exe
O4 - HKLM\..\RunServices: [file laoder configuration] rnd32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [file laoder configuration] rnd32.exe
O4 - HKCU\..\RunServices: [file laoder configuration] rnd32.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe


The Ewido report:
Logfile of HijackThis v1.99.1
Scan saved at 0:50:03, on 23-6-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Dit.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\System32\ssyhost.exe
C:\WINDOWS\System32\rnd32.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\hijackthis\HijackThi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [internet service] ssyhost.exe
O4 - HKLM\..\Run: [file laoder configuration] rnd32.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\RunServices: [internet service] ssyhost.exe
O4 - HKLM\..\RunServices: [file laoder configuration] rnd32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [file laoder configuration] rnd32.exe
O4 - HKCU\..\RunServices: [file laoder configuration] rnd32.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
reurinkj
Active Member
 
Posts: 6
Joined: June 21st, 2005, 5:14 pm
Top

Unread postby NonSuch » June 22nd, 2005, 7:36 pm

Hello,

Unfortunately, you posted two HijackThis logs but no Ewido log. If you have the Ewido log, please post it. :)
  • Please set your system to show
    all files/folders; please see here if you're unsure how to do this.
  • Press Control-Alt-Del to enter the Task Manager.

    Click on the Processes tab and end the following processes:

    C:\WINDOWS\System32\ssyhost.exe
    C:\WINDOWS\System32\rnd32.exe

    Exit the Task Manager when finished.
  • Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:

    O4 - HKLM\..\Run: [internet service] ssyhost.exe

    O4 - HKLM\..\Run: [file laoder configuration] rnd32.exe

    O4 - HKLM\..\RunServices: [internet service] ssyhost.exe

    O4 - HKLM\..\RunServices: [file laoder configuration] rnd32.exe

    O4 - HKCU\..\Run: [file laoder configuration] rnd32.exe

    O4 - HKCU\..\RunServices: [file laoder configuration] rnd32.exe

    Click on Fix Checked when finished and exit HijackThis.
  • Reboot into Safe Mode: please see here if you are not sure how to do this.
  • Using Windows Explorer, locate the following files, and delete them:

    C:\WINDOWS\System32\rnd32.exe << This file
    C:\WINDOWS\System32\ssyhost.exe << This file

    Exit Explorer, and reboot into normal mode.
  • If you were unable to find any of the files then please follow these additional instructions:

    Download Pocket Killbox and unzip it; save it to your Desktop.

    Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

    The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

    Let the system reboot.
  • Please click here to perform an online virus scan with Panda ActiveScan. Allow the program to remove all that it may find. Save a log of the scan.

    Reboot when finished.
  • Post back a fresh HijackThis log, the Panda log, along with the Ewido log, and we will take another look.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top

Unread postby reurinkj » June 23rd, 2005, 8:41 am

Hi!
Below my HJT, Panda ande Ewido logs:

Logfile of HijackThis v1.99.1
Scan saved at 14:02:57, on 23-6-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\DitExp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\hijackthis\HijackThi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe



Incident Status Location

Adware:Adware/SaveNow No disinfected Windows Registry
Adware:Adware/WUpd No disinfected C:\Program Files\Media Access
Spyware:Spyware/Petro-Line No disinfected C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\backups\backup-20050601-234950-741.inf
Virus:Trj/Multidropper.ALY Disinfected C:\WINDOWS\system32\kimo.exe
Virus:Trj/Multidropper.ALY Disinfected C:\WINDOWS\system32\mpsetup.exe
Virus:Trj/Agent.VY Disinfected C:\WINDOWS\system32\vmware.exe
---------------------------------------------------------
ewido security suite - Scan rapport
---------------------------------------------------------

+ Gemaakt op: 0:36:30, 23-6-2005
+ Rapport samenvatting: 729C656D

+ Datum van de database: 22-6-2005
+ Versienummer van de scanner: v3.0

+ Duur: 21 min
+ Gescande bestanden: 24290
+ Snelheid: 19.12 Bestanden/Seconde
+ Geinfecteerde bestanden: 21
+ Verwijderde bestanden: 21
+ Bestanden in quarantaine gezet: 21
+ Bestanden die niet konden worden geopend: 0
+ Bestanden die niet konden worden schoongemaakt: 0

+ Binder: Ja
+ Crypter: Ja
+ Archieven: Ja

+ Gescande items:
C:\
D:\
E:\

+ Scan resultaten:
C:\Documents and Settings\johan\Cookies\johan@burstnet[2].txt -> Spyware.Tracking-Cookie -> Schoongemaakt met een backup
C:\Documents and Settings\johan\Cookies\johan@com[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt met een backup
C:\Documents and Settings\johan\Cookies\johan@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt met een backup
C:\Documents and Settings\johan\Cookies\johan@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Schoongemaakt met een backup
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\backups\backup-20050601-234949-504.dll -> TrojanDownloader.Agent.bc -> Schoongemaakt met een backup
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\backups\backup-20050601-234950-741.dll -> Spyware.Hijacker.Generic -> Schoongemaakt met een backup
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\backups\backup-20050603-184351-794.dll -> Spyware.SearchIt -> Schoongemaakt met een backup
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\backups\backup-20050603-212626-819.dll -> Spyware.SearchIt -> Schoongemaakt met een backup
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\backups\backup-20050603-233817-295.dll -> Spyware.Adpower.q -> Schoongemaakt met een backup
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\backups\backup-20050620-164346-686.dll -> Spyware.HotSearchBar -> Schoongemaakt met een backup
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\hijackthis\backups\backup-20050621-194805-604.dll -> TrojanDownloader.IstBar -> Schoongemaakt met een backup
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\hijackthis\backups\backup-20050621-215529-876.dll -> TrojanDownloader.IstBar -> Schoongemaakt met een backup
C:\Documents and Settings\johan\msdirectx.sys -> Trojan.Rootkit.h -> Schoongemaakt met een backup
C:\Program Files\Media Access\MediaAccC.dll -> Spyware.WinAD -> Schoongemaakt met een backup
C:\wht1.exe -> Trojan.LowZones.d -> Schoongemaakt met een backup
C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> TrojanDownloader.IstBar -> Schoongemaakt met een backup
C:\WINDOWS\kimochi.exe -> Backdoor.Rbot.azy -> Schoongemaakt met een backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\8VAZO1FB\bro[1].p -> TrojanDownloader.Dyfuca.ej -> Schoongemaakt met een backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\TIHTLFGR\wit1[1].exe -> Trojan.LowZones.d -> Schoongemaakt met een backup
C:\WINDOWS\system32\msdirectx.sys -> Trojan.Rootkit.h -> Schoongemaakt met een backup
C:\wsit1.exe -> Trojan.LowZones.d -> Schoongemaakt met een backup


::Einde rapport
reurinkj
Active Member
 
Posts: 6
Joined: June 21st, 2005, 5:14 pm
Top

Unread postby NonSuch » June 23rd, 2005, 5:07 pm

Hello,

That looks much better. :)

Please note that as long as you're using any form of peer-to-peer networking and downloading files from non-documented sources, the cleanliness of which has not been verified, you can expect infestations of malware to occur. This has not always been the case, and once upon a time was fairly safe. This can no longer be said for peer-to-peer filesharing. You may continue to do so at your own risk; however, please keep in mind that this practice is in all probability the source of your current malware infestation.

Go to your Control Panel's Add/Remove Programs. Scan through the list; then find and remove these if any still remain. (They may no longer be there).


How is your system running now?
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top

Unread postby reurinkj » June 24th, 2005, 4:57 am

Thanks for your help so far!

However, I still have a.o. the following problems :cry: :
- starting up the computer takes about 5 minutes
- the computer shuts down from itself at any moment
- Generic host process for win32 services
- The system dims my sound ater a while, and I can't controll the volume anymore

This makes it impossible to use my computer in a normal way. Could the problem be other than a malware infection? I'm thinking of doing a complete reboot :cry:
What do you think?
reurinkj
Active Member
 
Posts: 6
Joined: June 21st, 2005, 5:14 pm
Top

Unread postby NonSuch » June 24th, 2005, 7:40 am

Hello,

You're very welcome. :) Let's try something more....

Please print out these instructions so you will have them available at hand.

  • Reconfigure Windows XP to show hidden files:
    Click Start. Open My Computer.
    Select the Tools menu and click Folder Options. Select the View Tab.

    Under the Hidden files and folders heading select "Show hidden files and folders".
    Uncheck the "Hide protected operating system files (recommended)" option.
    Uncheck the "Hide file extensions for known file types" option.
    Click "Yes" to confirm. Click "OK."
  • Press Control-Alt-Del to enter the Task Manager.

    Click on the Processes tab and end any and all instances of the following processes if found:


    msdirectx.sys

    xpjava.exe


    Exit the Task Manager when finished.

  • Scan with HijackThis and with all other programs closed, place a check mark next to the following item, then click "Fix checked."

    F2 - REG:system.ini: UserInit=userinit.exe,xpjava.exe

    Exit HijackThis. DO NOT REBOOT YET!!!

    After exiting HijackThis but BEFORE REBOOTING Check your system32 folder (C:\Windows\System32) to see that userinit.exe still exists!!

    If necessary, you can copy and paste (copy NOT CUT!) that file from:

    C:\windows\ServicePackFiles\i386\userinit.exe

    to:

    C:\windows\system32\userinit.exe

    If userinit.exe is missing from the System32 folder and you reboot without the file being replaced...you cannot log back on!!


    Reboot in Safe Mode.

  • Next, use Windows Explorer to navigate to and then delete the following files...


    C:\WINDOWS\System32\xpjava.exe

    C:\WINDOWS\System32\msdirectx.sys

    C:\Documents and Settings\johan\msdirectx.sys


    Do a thorough search of your system's files for any other copies of msdirectx.sys and/or xpjava.exe. If found, delete them.


    Also, delete all files in the following folder...

    C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\backups\


    Reboot into normal mode.

  • If you were unable to find any of the files then please follow these additional instructions:

    Download Pocket Killbox and unzip it; save it to your Desktop.

    Run it, and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.

    The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes.

    Let the system reboot, but this time reboot into Safe Mode...
  • Run CCleaner, making sure you clear out all temp files, temporary internet files, the Recycle Bin, and the prefetch folder as well.
  • Perform a full scan once again with Ewido in Safe Mode.
  • Next, while still in Safe Mode, perform a full scan with Ad-aware. Remove anything it may find.

    Reboot in normal mode when finished.
  • Download a free trial of TrojanHunter here: http://www.misec.net/

    Install TrojanHunter and then download and manually install the latest ruleset.

    Perform a full system scan with TrojanHunter and allow it to remove anything it may find.

    Reboot when finished.

  • Go here to perform an online scan with Kaspersky Online and allow it to remove all that it may find.

    Reboot when finished.
  • Post a fresh HijackThis log and let me know how the system is running.


NOTE: Shut downs are a primary symptom of an overheating CPU. If, after performing all of the above instructions, you are still having shut downs and want to see if your PC is overheating, do the following... Open up the case and check to make sure the CPU fan is spinning and that the fan and interior of the case are free of dust. Also, take a household fan and run it so it's blowing right into your PC case (with the case cover off). Run the PC as you normally do and see if it still shuts itself down.

Caution! Do not attempt to use a vacuum to remove dust or debris as you would very likely cause serious damage to your computer.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top

Unread postby reurinkj » June 25th, 2005, 5:53 am

Hello,
Most of the problems are solved :lol:
But still my computer is slower than it used to be and it gets jammed too many times.
Can you please check my HJT log again?

Logfile of HijackThis v1.99.1
Scan saved at 11:51:23, on 25-6-2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dfrgfat16.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
C:\Program Files\CA\eTrust Antivirus\InoRT.exe
C:\Program Files\CA\eTrust Antivirus\InoTask.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe
C:\PROGRA~1\CA\ETRUST~1\realmon.exe
C:\WINDOWS\System32\RunDll32.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\WINDOWS\DitExp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\johan\Mijn documenten\Downloads bittorrent\hijackthis\HijackThi.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe irprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Medion Home Cinema XL II\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Gelijkwaardige pagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Koppelingspagina's - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Opgeslagen momentopname van de pagina - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/ ... nicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O23 - Service: Managing FAT and NTFS partitions (Defragmentation Manager) - Unknown owner - C:\WINDOWS\System32\dfrgfat16.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
reurinkj
Active Member
 
Posts: 6
Joined: June 21st, 2005, 5:14 pm
Top

Unread postby NonSuch » June 25th, 2005, 4:15 pm

Hello,

Your log looks good. :) But I do have some questions for you.

This line was not in your previous HijackThis logs, and I can find no information on this program or file. Is this "Defragmentation Manager" something you've recently installed?

O23 - Service: Managing FAT and NTFS partitions (Defragmentation Manager) - Unknown owner - C:\WINDOWS\System32\dfrgfat16.exe

It's also showing in the running processes:

C:\WINDOWS\System32\dfrgfat16.exe

If you have a lot of programs running at start up, instead of just when they're really needed, it can bog down a system. I suggest you use a small free program like CodeStuff Starter. It will allow you to view and manage all the programs that are starting automatically whenever Windows boots.

Also, you can download and run a script called Silent Runners. Running this script will produce a text file of what's running on your system. You can then paste a copy of the text file into your next reply and we can see if it reveals anything further.

You wrote...
But still my computer is slower than it used to be and it gets jammed too many times.


Can you elaborate on this? I'm not certain what you mean by "jammed." :) Is the system failing to respond, giving you an error message, shutting down? Please explain further.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top

Unread postby reurinkj » July 10th, 2005, 4:33 pm

Hi there!
Thanks a lot for your help, my computer is clean now 8)
I hope it stays that way!

Grtz
reurinkj
Active Member
 
Posts: 6
Joined: June 21st, 2005, 5:14 pm
Top

Unread postby NonSuch » July 10th, 2005, 5:28 pm

Hello,

You're welcome. I'm glad to hear that everything is running smoothly now. :)

The following is our normal post after a system is cleaned-up. Please pay special attention to the part about updating your system as you've not yet updated XP to Service Pack 2. It is highly recommended that you install SP2 as eventually all security patches and updates will require that SP2 has been installed on your system...

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  1. Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to enable and re enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above
  2. Make your Internet Explorer more secure - This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.

      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialise and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
  3. Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  4. Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  5. Use a Firewall - I cannot stress how important it is that you use a firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. For an article on firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  6. Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer always has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  7. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  8. Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  9. Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  10. Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top

Unread postby NonSuch » July 17th, 2005, 3:39 pm

Glad we could be of assistance.

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 127 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index