Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HiJackThis log included - Unwanted popups - Please helllllp!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby Cypher » July 6th, 2010, 5:53 am

Hi bigalo.
I reset my router by pressing the reset button, but ultimately re-installed it via the installation CD. I've posted the two logs.

Yes but did you apply the admin password again?
There is still nothing in you're logs to explain these popups.
Note this time i would like you to run a Full scan with Malwarebytes Anti-Malware.

Run OTL Script

We need to run an OTL Fix

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Image textbox. Do not include the word Code
    Code: Select all
    :OTL
    IE - HKCU\..\URLSearchHook: ~CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
    O9 - Extra 'Tools' menuitem : Enable/Disable PDF Download for this site - {96538116-AB8C-4879-9F21-BD2BFE22A414} - Reg Error: Key error. File not found
    O9 - Extra 'Tools' menuitem : PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - Reg Error: Key error. File not found
    O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([*.update] https in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([*.windowsupdate] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([update] http in Trusted sites)
    O15 - HKCU\..Trusted Domains: microsoft.com ([update] https in Trusted sites)
    O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab  (Reg Error: Key error.)
    O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab (Reg Error: Key error.)
    O16 - DPF: {CAFECAFE-0013-0001-0022-ABCDEFABCDEF} http://www.fultoncourtrecords.com:7778/ ... /jinit.exe (JInitiator 1.3.1.22)
    O16 - DPF: {D4003189-95B1-4A2F-9A87-F2B03665960D} http://www.vexcast.com/download/vexcast.cab  (VodClient Control Class)
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab  (Reg Error: Key error.)
    [2009/09/27 19:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2010/02/02 01:05:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
    @Alternate Data Stream - 561 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
    @Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
    @Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
    
    :Reg
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    [-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    
    :Commands
    [EmptyTemp]
    [Reboot]
    
  • Then click the Run Fix button at the top.
  • Click Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Nerxt.

Malwarebytes Anti-Malware:

  • Launch the application, Check for Updates >> Perform Full Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
    Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt


Logs/Information to Post in your Next Reply

  • OTL log.
  • Malwarebytes log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby bigalo » July 6th, 2010, 8:36 am

When I performed the router task, it didn't give me an option to enter the password. I tried to go into my program files to find the dlink folder, but can't find it. I've run the OTL, but the full malware bytes scan is going to take a while. I will seek to enter my password on the router and post the logs once completed.
bigalo
Regular Member
 
Posts: 62
Joined: February 15th, 2007, 6:55 pm

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby Cypher » July 6th, 2010, 11:37 am

Hi bigalo.
No problem post the logs when ready and give me an update on the popups.
We need to make sure you're router was reset properly.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby bigalo » July 6th, 2010, 8:10 pm

I've reset my computer with a password. I haven't received a popup during this session. The logs are as follows:


All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\~CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{96538116-AB8C-4879-9F21-BD2BFE22A414}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96538116-AB8C-4879-9F21-BD2BFE22A414}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{AD9E6088-E00B-42f9-9F0C-8480525D234E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD9E6088-E00B-42f9-9F0C-8480525D234E}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.update\ deleted successfully.
Invalid CLSID key: *.update
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.update\ not found.
Invalid CLSID key: *.update
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\*.windowsupdate\ deleted successfully.
Invalid CLSID key: *.windowsupdate
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\update\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\microsoft.com\update\ not found.
Starting removal of ActiveX control {7530BFB8-7293-4D34-9923-61A11451AFC5}
C:\WINDOWS\Downloaded Program Files\OnlineScanner.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7530BFB8-7293-4D34-9923-61A11451AFC5}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFECAFE-0013-0001-0022-ABCDEFABCDEF}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0022-ABCDEFABCDEF}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFECAFE-0013-0001-0022-ABCDEFABCDEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0022-ABCDEFABCDEF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFECAFE-0013-0001-0022-ABCDEFABCDEF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFECAFE-0013-0001-0022-ABCDEFABCDEF}\ not found.
Starting removal of ActiveX control {D4003189-95B1-4A2F-9A87-F2B03665960D}
C:\WINDOWS\Downloaded Program Files\vjocx.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4003189-95B1-4A2F-9A87-F2B03665960D}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\WINDOWS\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
C:\Documents and Settings\All Users\Application Data\Azureus folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\updates folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\torrents folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\tmp folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\subs folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\shares folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\rss folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\plugins\azupnpav folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\plugins\azump\mplayer folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\plugins\azump folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\plugins folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\net folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\logs\save folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\logs folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\dht folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus\active folder moved successfully.
C:\Documents and Settings\Owner\Application Data\Azureus folder moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List\ deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.RABIGGS
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.RABIGGS.000
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Gayle
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 8610958 bytes
->Temporary Internet Files folder emptied: 53625712 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1394 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 32427 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 60.00 mb


OTL by OldTimer - Version 3.2.7.1 log created on 07062010_080918

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFFC16.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFFC40.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFFCDE.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFFD53.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFFE4D.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DFFED1.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\OYPUC410\viewtopic[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\26Q7QA0J\blank[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\26Q7QA0J\msg[1].htm moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

Registry entries deleted on Reboot...

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4260

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

7/6/2010 10:58:01 AM
mbam-log-2010-07-06 (10-58-01).txt

Scan type: Full scan (C:\|F:\|)
Objects scanned: 324506
Time elapsed: 2 hour(s), 36 minute(s), 54 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
bigalo
Regular Member
 
Posts: 62
Joined: February 15th, 2007, 6:55 pm

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby Cypher » July 7th, 2010, 5:10 am

Hi bigalo.
I've reset my computer with a password. I haven't received a popup during this session. The logs are as follows:

Good keep an eye out for a day or so and let me know if you get any more popups.
There is something i need to make you aware of that showed up in you're logs.
C:\WINDOWS\system32\wexe.exe (Trojan.Insain) -> Quarantined and deleted successfully.

You computer was infected with malware known as a keylogger!

http://www.prevx.com/filenames/16424128 ... E.EXE.html
http://www.microsoft.com/security/porta ... Witkinat.A


It is dangerous and incorrect to assume that because the keylogger has been removed the computer is now secure.
Keyloggers are very dangerous because they sit stealthily on your system, monitor all the keys you press
and can steal sensitive information to include your logins, passwords and private (financial) data.

Please take a minute to consider these guidelines:
  • If your computer was used for online banking, has credit card information or other sensitive data on it,
    you should immediately disconnect from the Internet until your system is cleaned.
  • All passwords should be changed immediately to include those used for banking, email, eBay, PayPal and online forums.
    You should consider them to be compromised.
  • Change passwords ... using a different computer and not the infected one.
    If not, an attacker may get the new passwords and transaction information.
  • Banking and credit card institutions should be notified of the possible security breach.
Because your computer was compromised...
Please read "How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?"
Although the keylogger file has been identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again.
In some instances, such an infection may download/install other malicious files to your system.
The malware may leave so many remnants behind that security tools cannot find them.

Many experts in the security community believe that once infected with this type of malware,
the best course of action is to wipe the drive clean, reformat and reinstall the OS.
This is a decision that only you can make.

Here are some articles you can read, that may be beneficial:
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby Cypher » July 9th, 2010, 4:42 am

Hi bigalo.
Have you read my last post? any more popups?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby bigalo » July 10th, 2010, 12:11 pm

I'm sorry for the delay. I've been away from my computer a few days and will respond later today when I get to my computer.
bigalo
Regular Member
 
Posts: 62
Joined: February 15th, 2007, 6:55 pm

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby bigalo » July 10th, 2010, 4:01 pm

I've read your last post and I've changed all of my passwords, but prior to re-imaging my system, I need to copy a lot of information and research how to go about re-formatting the drive. Once I get to that point, I'll go about the task of cleaning up my system.
bigalo
Regular Member
 
Posts: 62
Joined: February 15th, 2007, 6:55 pm

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby Cypher » July 11th, 2010, 6:19 am

Hi bigalo.
I need to copy a lot of information and research how to go about re-formatting the drive.

I think you're making the right decision in reformatting, not only for you're online security but it will also insure you have a clean system.
Have a look at this link How to reformat and re-install Windows for advice on how to do so.

Any other questions?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby bigalo » July 11th, 2010, 1:36 pm

I've read the link "How to reformat and re-install Windows." Am I reading it correctly that the the folders requested to create on my desktop, and filled with documents on my system will be available to me once I re-format the drive? If so, I don't know how that is true, as I will be reformatting the drive. Is the desktop separate from the C: drive? Will I need to reformat the F: drive, as it was once my c:drive prior to purchasing a new hard drive?
bigalo
Regular Member
 
Posts: 62
Joined: February 15th, 2007, 6:55 pm

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby Cypher » July 11th, 2010, 1:48 pm

Hi bigalo.
All you need is the discs that came with you're PC, Scroll down to FORMATING PARTITIONING AND INSTALLING.
What comes before that explains how to back up you're date which you can save to a disk.

Any other questions?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby bigalo » July 11th, 2010, 2:15 pm

I think you answered my questions. I probably wont be able to start the process until I have a couple days time to stay on it, as I can't piece-meal a little at a time. I need to go straight to ensure that I do it correctly. Thanks!
bigalo
Regular Member
 
Posts: 62
Joined: February 15th, 2007, 6:55 pm

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby Cypher » July 11th, 2010, 2:25 pm

Hi bigalo.
Here is some advice on how to better secure you're PC once you have reformatted.


Anti-virus

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors.


Note: You should run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and results in program conflicts and false virus alerts.


Firewall

As the term conveys a firewall is an extra layer of security installed onto computers which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders.

If you are using the built-in Windows XP firewall it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to phone home for more instructions. Simply put Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

I would recommend you install a free firewall for personal use from one of these excellent vendors. Choice is yours:




Here are some free programs I recommend that could help you improve your computer's security.


Install Malwarebytes Anti-malware
These are anti-malware applications that can thoroughly remove even the most advanced malware. They include a number of features, including a built in protection monitor that blocks malicious processes before they even start.
You can find information and Download it from HERE

Install SiteAdvisor
SiteAdvisor is a toolbar for Microsoft Internet Explorer and Mozilla Firefox which alerts you if you're about to enter a potentially dangerous website.
You can find more information and download it from Here

Install WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
For more information, please visit HERE

MVPS Hosts

Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Visit Microsoft often to get the latest updates for your computer
You can do that HERE

Read some information HERE On how to prevent Malware

Is your pc running slow?
Read What to do if your Computer is running slowly

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby bigalo » July 11th, 2010, 2:32 pm

I have Mcafee antivirus software. Are you recommending either one of the others, Avira Personal FREE Antivirus,
avast! 5 Home Edition, or Microsoft Security Essentials, instead of Mcafee? Or, in addition too. I understand that you shouldn't run more than one at a time.
bigalo
Regular Member
 
Posts: 62
Joined: February 15th, 2007, 6:55 pm

Re: HiJackThis log included - Unwanted popups - Please helll

Unread postby Cypher » July 11th, 2010, 2:43 pm

Hi.
No if you want to keep Mcafee antivirus thats fine, i was just giving you a few other options :)

Any other questions before i have this topic closed?
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 15148
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 331 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware