Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Just checking

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Just checking

Unread postby JustinW » October 3rd, 2008, 5:22 pm

ComboFix 08-09-28.05 - Justin W 2008-10-03 16:55:54.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.598 [GMT -4:00]
Running from: C:\Documents and Settings\Justin W\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Justin W\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\Documents and Settings\Justin W\Application Data\internaldb41.dat
C:\WINDOWS\Forbidden Siren.scr
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Justin W\Application Data\internaldb41.dat
C:\Program Files\Viewpoint
C:\Program Files\Viewpoint\Viewpoint Experience Technology\AxMetaStream.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ClassIDs.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\ComponentMgr.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLArt.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\AOLUserShell.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Cursors.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\DataTracking.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\GifReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\JpegReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\LensFlares.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\Mts3Reader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ObjectMovie.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SceneComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ServiceComponent.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SreeDMMX.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\SWFView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VectorView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPAudio.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPExtras.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPSpeech.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\VMPVideo.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\WaveletReader.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\Components\ZoomView.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MetaStreamID.ini
C:\Program Files\Viewpoint\Viewpoint Experience Technology\MtsAxInstaller.exe
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.xpt
C:\WINDOWS\Forbidden Siren.scr

.
((((((((((((((((((((((((( Files Created from 2008-09-03 to 2008-10-03 )))))))))))))))))))))))))))))))
.

2008-09-30 01:41 . 2008-09-30 01:41 <DIR> d-------- C:\WINDOWS\ERUNT
2008-09-30 01:31 . 2008-09-30 03:06 <DIR> d-------- C:\SDFix
2008-09-29 14:36 . 2008-09-29 14:36 <DIR> d-------- C:\Program Files\Avira
2008-09-29 14:36 . 2008-09-29 14:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-09-29 03:59 . 2008-09-29 03:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-26 05:34 . 2008-09-26 05:34 <DIR> d-------- C:\Documents and Settings\Justin W\Application Data\Malwarebytes
2008-09-26 04:06 . 2008-10-01 02:19 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-26 04:06 . 2008-09-26 04:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-26 04:06 . 2008-09-26 04:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-26 04:06 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-26 04:06 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-26 03:46 . 2008-09-26 03:46 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-09-26 03:01 . 2008-09-26 03:01 <DIR> d-------- C:\WINDOWS\system32\config\systemprofile\Application Data\Yahoo!
2008-09-22 16:30 . 2008-09-22 16:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-09-22 16:05 . 2008-09-22 16:05 <DIR> d-------- C:\Program Files\WiFiConnector
2008-09-16 14:59 . 2008-09-16 14:59 <DIR> d-------- C:\Documents and Settings\Justin W\Application Data\DAEMON Tools
2008-09-05 08:07 . 2008-09-05 08:51 <DIR> d-------- C:\WINDOWS\system32\CatRoot_bak

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-03 02:51 --------- d-----w C:\Program Files\Java
2008-09-30 05:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-09-29 19:18 --------- d-----w C:\Program Files\SuperScan Wizard
2008-09-29 19:13 --------- d-----w C:\Program Files\K.R.A.C
2008-09-21 02:48 8,516 ----a-w C:\Documents and Settings\Justin W\Application Data\wklnhst.dat
2008-09-16 19:00 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-09-10 22:17 --------- d-----w C:\Program Files\Microsoft Works
2008-09-05 12:56 --------- d-----w C:\Program Files\Spyware Doctor
2008-09-05 12:04 --------- d-----w C:\Program Files\Steam
2008-08-23 20:20 --------- d-----w C:\Program Files\DOSBox-0.72
2008-08-16 22:16 --------- d-----w C:\Program Files\Diablo II
2008-06-07 22:00 102,656 ----a-w C:\Documents and Settings\Justin W\Application Data\GDIPFONTCACHEV1.DAT
2007-12-12 21:08 13,195 ----a-w C:\Documents and Settings\Justin W\zguicfgw.dat
2003-06-04 03:49 448,256 ----a-w C:\WINDOWS\inf\EL2K_N64.sys
2003-06-04 03:48 147,328 ----a-w C:\WINDOWS\inf\EL2K_XP.sys
2003-06-04 03:47 147,328 ----a-w C:\WINDOWS\inf\EL2K_2K.sys
2002-06-07 15:09 1,578,029 ----a-w C:\Documents and Settings\Justin W\Fretboard Warrior.exe
.

((((((((((((((((((((((((((((( snapshot@2008-09-30_14.56.02.31 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-03-14 04:31:24 135,168 ----a-w C:\WINDOWS\system32\java.exe
+ 2008-06-10 05:21:01 135,168 ----a-w C:\WINDOWS\system32\java.exe
- 2007-03-14 04:31:28 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
+ 2008-06-10 05:21:04 135,168 ----a-w C:\WINDOWS\system32\javaw.exe
- 2007-03-14 06:04:46 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
+ 2008-06-10 06:32:34 139,264 ----a-w C:\WINDOWS\system32\javaws.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2008-03-25 50528]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 4670704]
"AOL Fast Start"="C:\Program Files\America Online 9.0a\AOL.EXE" [2005-07-12 50776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PivotSoftware"="C:\Program Files\WinPortrait\wpctrl.exe" [2004-10-04 694008]
"ZPOINT32"="C:\WINDOWS\system32\ZPOINT32.exe" [2002-07-04 20480]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SoundMAXPnP"="C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe" [2003-05-29 790528]
"PHIME2002ASync"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"PHIME2002A"="C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-29 455168]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-12-05 8523776]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 155648]
"MSPY2002"="C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe" [2002-08-29 59392]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"HPDJ Taskbar Utility"="C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe" [2004-03-04 172032]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2004-02-18 49152]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2003-12-22 241664]
"HostManager"="C:\Program Files\Common Files\AOL\1128451242\ee\AOLSoftware.exe" [2006-09-25 50736]
"AOLDialer"="C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" [2006-10-23 71216]
"Acecad.Wtxpload"="C:\WINDOWS\Acecad\Wtxpload.exe" [2005-05-01 57344]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-12-05 81920]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 267048]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"ezShieldProtector for Px"="C:\WINDOWS\system32\ezSP_Px.exe" [2002-08-20 40960]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"nwiz"="nwiz.exe" [2007-12-05 C:\WINDOWS\system32\nwiz.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
3Com Connection Assistant.lnk - C:\Program Files\3com\Connection Assistant\bin\matcli.exe [2006-07-11 208896]
Adobe Gamma Loader.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2004-01-30 110592]
Run Nintendo Wi-Fi USB Connector Registration Tool.lnk - C:\Program Files\WiFiConnector\NintendoWFCReg.exe [2008-09-22 1073152]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"vidc.XVID"= xvid.dll
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^forteManager.lnk]
backup=C:\WINDOWS\pss\forteManager.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Privoxy.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Privoxy.lnk
backup=C:\WINDOWS\pss\Privoxy.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Justin W^Start Menu^Programs^Startup^SpywareGuard.lnk]
path=C:\Documents and Settings\Justin W\Start Menu\Programs\Startup\SpywareGuard.lnk
backup=C:\WINDOWS\pss\SpywareGuard.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AIM]
--a------ 2005-08-05 15:08 67160 C:\Program Files\AIM\aim.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ezShieldProtector for Px]
--------- 2002-08-20 10:29 40960 C:\WINDOWS\system32\ezSP_Px.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-03-30 10:36 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pure Networks Port Magic]
--a------ 2004-04-05 17:33 99480 C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-05-27 10:50 413696 C:\Program Files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a------ 2004-01-24 05:27 26112 C:\Program Files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-03-28 15:36 1271032 C:\Program Files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
--a------ 2007-07-28 18:49 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vEmotion]
--a------ 2007-07-13 10:01 477696 C:\Program Files\freebird\vEmotion\VEmotion.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Vidalia]
--a------ 2007-08-26 02:02 11852288 C:\Program Files\Vidalia Bundle\Vidalia\vidalia.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
--a------ 2007-12-20 11:16 37376 C:\Program Files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\CyberLink\\PowerDirector\\PDR.exe"=
"C:\\Program Files\\America Online 9.0a\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1128451242\\EE\\aolsoftware.exe"=
"C:\\Program Files\\AIM6\\aim6.exe"=
"C:\\Program Files\\mIRC\\mirc.exe"=
"C:\\Program Files\\WiFiConnector\\NintendoWFCReg.exe"=

R1 bbcap;bbcap;C:\WINDOWS\system32\DRIVERS\bbcap.sys [2007-08-16 2944]
R1 pivot;pivot;C:\WINDOWS\system32\drivers\pivot.sys [2004-10-04 15913]
R2 MLPTDR_C;MLPTDR_C;C:\WINDOWS\System32\MLPTDR_C.sys [2002-09-03 19296]
R2 PDIHWCTL;PDIHWCTL;C:\WINDOWS\system32\drivers\PDIHWCTL.sys [2003-01-29 14416]
R3 LVBulk;LVBulk Service;C:\WINDOWS\system32\DRIVERS\LVBulk.sys [2002-02-01 10261]
R3 PID_0900_V;Logitech ClickSmart 310(PID_0900_V);C:\WINDOWS\system32\DRIVERS\LV551AV.sys [2002-02-01 220055]
R3 pivotmou;Pivot Mouse/Pointers Filter Driver;C:\WINDOWS\system32\drivers\pivotmou.sys [2004-10-04 9260]
S1 sp_rsdrv2;Spyware Terminator Driver 2;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\sp_rsdrv2.sys [ ]
S2 UMAXPCLS;UMAXPCLS;C:\WINDOWS\system32\drivers\UMAXPCLS.sys [2001-08-17 22912]
S3 W2acehid;Acecad HID;C:\WINDOWS\system32\DRIVERS\W2acehid.sys [2005-05-02 23552]
S3 Wtcls2k;Wtcls2k;C:\WINDOWS\system32\DRIVERS\Wtcls2k.sys [2005-05-01 12800]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

Notify-= - (no file)



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-03 17:10:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\explorer.exe
-> C:\Program Files\WinPortrait\WinpHook.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\wintab32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Portrait Displays\forteManager\dtsrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\WinPortrait\floater.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\3com\Connection Assistant\bin\mpbtn.exe
C:\Program Files\AIM6\aolsoftware.exe
C:\Program Files\Common Files\AOL\1128451242\EE\services\antiSpywareApp\ver2_0_32_1\AOLSP Scheduler.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\America Online 9.0a\shellmon.exe
.
**************************************************************************
.
Completion time: 2008-10-03 17:20:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-10-03 21:19:40
ComboFix2.txt 2008-10-03 02:44:10
ComboFix3.txt 2008-10-01 06:16:26
ComboFix4.txt 2008-09-30 18:57:16

Pre-Run: 19,666,661,376 bytes free
Post-Run: 19,691,241,472 bytes free

256 --- E O F --- 2008-09-10 22:19:12
JustinW
Regular Member
 
Posts: 35
Joined: January 23rd, 2007, 5:16 pm
Advertisement
Register to Remove

Re: Just checking

Unread postby chryssi2001 » October 4th, 2008, 1:03 am

Hello JustinW,

We are done now! :)
Everything looks good.
----------------------------------------------
I can't see any firewall in your HijackThis log, so i assume you use windows firewall.

FIREWALL
Without a firewall your computer is susceptible to being hacked and taken over. If you use the Windows Firewall you might think that's sufficient but it only controls one way of the traffic (inbound). Simply using a Firewall in its default configuration can lower your risk greatly. It's preferable to install one of the suggested firewalls.
Vista users, must check compatibility with Vista before installation.

FREE FIREWALLS
Tutorial about Firewalls can be found here
----------------------------------------------
Remove JavaRa and the report it created.
Do the same for SDFix.
----------------------------------------------
Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
  • Image
The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
----------------------------------------------
Congratulations you are clean! :)

Here are some free programs I recommend that could help you improve your computer's security.

Spybot Search and Destroy 1.6
Download it from here. Just choose a mirror and off you go.
Find here the tutorial on how to use Spybot properly here

Install SpyWare Blaster 4.0
Download it from here
Find here the tutorial on how to use Spyware Blaster here

Install WinPatrol
Download it from here
Here you can find information about how WinPatrol works here

Install FireTrust SiteHound
You can find information and download it from here

Install MVPS Hosts File from here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
Find Tutorial here : http://www.mvps.org/winhelp2002/hosts.htm

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer.
http://www.update.microsoft.com
Note 1: If you are running Windows XP SP2, you should upgrade to SP3.
Note 2: Users of Norton Internet Security 2008 and newer versions should uninstall the software before they install Service Pack 3.
The security suite can then be reinstalled afterwards.

Please check out Tony Klein's article "How did I get infected in the first place?"

Read some information here how to prevent Malware.

Happy safe surfing!
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Just checking

Unread postby JustinW » October 4th, 2008, 3:48 am

Thanks for all your help. One last question: would you recommend that I go out and purchase virus protection such as norton or mcafee, or is the free avira just as good?
JustinW
Regular Member
 
Posts: 35
Joined: January 23rd, 2007, 5:16 pm

Re: Just checking

Unread postby chryssi2001 » October 4th, 2008, 5:29 am

Hello JustinW,

No reason to buy an Anti-Virus.
Avira is a good and free anti-virus.

Check my suggested programs, which are for spyware removal, like Spybot S&D and WinPatrol.
(Visit my links and see how these programs work)

Spybot S&D is a very good Spyware program, install it, update it often and scan your pc at least once a week.

WinPatrol, will notify you for any changes in your registry in case a infection tries to install.

Spyware Blaster and MVPS Hosts files, will protect your pc from visiting bad sites also.

In case you download Spybot S&D and Spyware Blaster, and MVPS Hosts files, do not user Spybot's S&D and Spyware Blaster immunise protection for your Hosts. Use only MVPS Hosts file for that.

If you have good Anti-Virus and Spyware protection, and stay away from using P2P programs, clicking on suspicious links or emails, the chances you'll get infected are minimised.
User avatar
chryssi2001
MRU Teacher Emeritus
 
Posts: 14395
Joined: September 24th, 2006, 2:11 am
Location: far away

Re: Just checking

Unread postby Gary R » October 5th, 2008, 5:06 am

This topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 357 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware