Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

HJT to help with problem

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby Bod » May 26th, 2006, 6:40 pm

Hi again,

I've got some more instructions for you to follow to try to get to the bottom of this.

Again, before you start, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.

Step 1

Download Killbox from http://www.downloads.subratam.org/KillBox.zip. Once it is downloaded extract it to c:\killbox. Do not use it yet

Step 2
Copy the red lines below into a new Notepad file.

Name the file as fix.reg

Change the "Save as Type" to "All Files" and save it on the desktop

REGEDIT4

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\durptfviqn]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mwsoemon]

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\MyWebSearch Email Plugin]


Then double-click on the fix.reg file, when it prompts to merge click "Yes".

Reboot back to normal mode

Step 3
Open KillBox

a) Type the full name and path "c:\windows\system32\durptfviqn.exe" (without the quotes) into the box "Full Path of File to Delete"
b) Choose "Delete on Reboot"
c) Click the "Delete File" button (red circle with white cross).
d) Click "Yes" in the "Delete next Reboot" message box.

If you get a "PendingFileRenameOperations Registry Data has been Removed by External Process!" message then just restart manually.

Reboot back as normal.

Step 4
Run Hijack This, "Scan" and post the log as a reply to this thread. I'll check it through, and get back to you. Also, let me know what problems you still appear to be having with your pc.

Thanks,

Bod
User avatar
Bod
Retired Graduate
 
Posts: 366
Joined: February 15th, 2006, 4:48 pm
Location: Near Nottingham, in one of the fuzzy bits on Google Earth
Advertisement
Register to Remove

Unread postby gudda96 » June 1st, 2006, 5:01 am

Hi Bod

Sorry for delay, I had not spotted that the post had gone on to page 2 so was not aware of your latest post.

I have printed out your latest instructions but have 2 comments to make first.

1) If you remember, my problem was adware I believe as I had pop unders for gambling appearing a lot in IE. I have been told this this only seems to happen in IE but surprisingly enough, they have stopped.

2) As I also have Firefox installed, I am using that more as my default browser.

With this in mind, should I go to the trouble of this last stage?? I await your reply
gudda96
Regular Member
 
Posts: 23
Joined: March 20th, 2006, 1:48 pm

Unread postby Bod » June 1st, 2006, 5:32 am

Hi,

Yes, even though IE seems to work OK now and you're using Firefox mostly, I recommend that you go through these last steps to clear out the files and clean up the registry.

You don't want the leave anything that might come back and bite you!

If your next Hijack This log is clean, then I'll have some suggestions for helping to keep your pc that way, and that will be it.

Thanks,

Bod
User avatar
Bod
Retired Graduate
 
Posts: 366
Joined: February 15th, 2006, 4:48 pm
Location: Near Nottingham, in one of the fuzzy bits on Google Earth

Unread postby gudda96 » June 1st, 2006, 12:45 pm

Bod

Started doing what you said but a bit lost at this
Then double-click on the fix.reg file, when it prompts to merge click "Yes".

Also when you said extract files, I assumes that means to open the zip download?
gudda96
Regular Member
 
Posts: 23
Joined: March 20th, 2006, 1:48 pm

Unread postby gudda96 » June 1st, 2006, 12:48 pm

Bod

Ignore last post about fix.reg, have done that but here is another>>>

Reboot back to normal mode

You did not tell me to be in safe mode
gudda96
Regular Member
 
Posts: 23
Joined: March 20th, 2006, 1:48 pm

Unread postby gudda96 » June 1st, 2006, 1:03 pm

Hi Bod

Finally did it, see log>>>>

Logfile of HijackThis v1.99.1
Scan saved at 18:02:32, on 01/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\DOCUME~1\home\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3838599562
O17 - HKLM\System\CCS\Services\Tcpip\..\{89C91FE8-09EE-4811-B52F-5A1AB735AEB8}: NameServer = 62.6.40.178 194.72.9.38
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: XSQRQ - Unknown owner - C:\DOCUME~1\home\LOCALS~1\Temp\XSQRQ.exe (file missing)
gudda96
Regular Member
 
Posts: 23
Joined: March 20th, 2006, 1:48 pm

Unread postby Bod » June 1st, 2006, 5:20 pm

Hi again,

Thank for the new log.

Everything looks clean, apart from the last line, so I got a few more steps for you to follow to deal with that.

As always, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.

Step 1
Click Start > Run and type "Services.msc" (without quotes), click "Ok".

Scroll down and find the service called XSQRQ. When you find it, double-click on it. In the next window that opens, click the "Stop" button, then click Properties > General Tab, change the Startup Type to "Disabled". Click Apply > Ok and close any open windows.

Step 2
Run Hijack This, don't have any other programs open, and click "Scan".
In the scan results, click on the check box for all of the following lines that are present.
O23 - Service: XSQRQ - Unknown owner - C:\DOCUME~1\home\LOCALS~1\Temp\XSQRQ.exe (file missing)
Click on "Fix checked".

Step 3
Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.

The next part of this fix will be carried out in Safe Mode.

Step 4
Run ATF Cleaner (you downloaded it as part of the first set of instructions). Click on the check box to select the following options:
Windows Temp
All Users Temp
Temporary Internet Files

Click "Empty Selected". Exit when finished.
Reboot as normal.

Step 6
Run Hijack This, "Scan" and post the log as a reply to this thread. I'll check it through, and get back to you.

Thanks,

Bod
User avatar
Bod
Retired Graduate
 
Posts: 366
Joined: February 15th, 2006, 4:48 pm
Location: Near Nottingham, in one of the fuzzy bits on Google Earth

Unread postby gudda96 » June 2nd, 2006, 10:27 am

Bod


Scroll down and find the service called XSQRQ. When you find it, double-click on it. In the next window that opens, click the "Stop" button, then click Properties > General Tab, change the Startup Type to "Disabled". Click Apply > Ok and close any open windows.

The stop button is greyed out??????????????
gudda96
Regular Member
 
Posts: 23
Joined: March 20th, 2006, 1:48 pm

Unread postby Bod » June 2nd, 2006, 12:27 pm

Hi again,

Thank for the new log.

Everything looks clean, apart from the last line, so I got a few more steps for you to follow to deal with that.

As always, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.

Step 1
Click Start > Run and type "Services.msc" (without quotes), click "Ok".

Scroll down and find the service called XSQRQ. When you find it, double-click on it. In the next window that opens, click the "Stop" button, then click Properties > General Tab, change the Startup Type to "Disabled". Click Apply > Ok and close any open windows.

Step 2
Run Hijack This, don't have any other programs open, and click "Scan".
In the scan results, click on the check box for all of the following lines that are present.
O23 - Service: XSQRQ - Unknown owner - C:\DOCUME~1\home\LOCALS~1\Temp\XSQRQ.exe (file missing)
Click on "Fix checked".

Step 3
Close any open browser windows
Run ATF Cleaner (you downloaded it as part of the first set of instructions). Click on the check box to select the following options:
Windows Temp
All Users Temp
Temporary Internet Files

Click "Empty Selected". Exit when finished.
Reboot.

Step 4
Run Hijack This, "Scan" and post the log as a reply to this thread. I'll check it through, and get back to you.

Thanks,

Bod
User avatar
Bod
Retired Graduate
 
Posts: 366
Joined: February 15th, 2006, 4:48 pm
Location: Near Nottingham, in one of the fuzzy bits on Google Earth

Unread postby gudda96 » June 3rd, 2006, 3:55 am

Bod

You seemed to have missed my last post, I could not carry out one instruction as STOP was greyed out.
gudda96
Regular Member
 
Posts: 23
Joined: March 20th, 2006, 1:48 pm

Unread postby Bod » June 3rd, 2006, 4:00 am

Hi again,

No, I hadn't missed your post, I just copy/pasted the old message rather than the one I meant to send! :oops: Sorry about that.

OK, we'll try an alternative method. Keep going all the way through, and let me know about any problems you had with the new Hijack This log.

As always, before you start, please read through these instructions and make sure that you understand them.
If you are not sure about anything, post a reply in this thread with your questions.
You will be booting into Safe Mode at some point in these instructions, so you should print out these instructions for reference. You will not have internet access in Safe Mode.

Step 1
Run Hijack This, don't have any other programs open, and click "Scan".
In the scan results, click on the check box for all of the following lines that are present.
O23 - Service: XSQRQ - Unknown owner - C:\DOCUME~1\home\LOCALS~1\Temp\XSQRQ.exe (file missing)
Click on "Fix checked".

Step 2
Still in Hijack This, Click Config > Misc Tools > Delete an NT Service
Type "XSQRQ" (without the quotes) in the box and click "OK"
You will be asked REBOOT, Accept

Step 3
Re-boot in Safe Mode by pressing F8 during Boot-up and choosing Safe Mode from the boot options list.

The next part of this fix will be carried out in Safe Mode.

Step 4
Run ATF Cleaner (you downloaded it as part of the first set of instructions). Click on the check box to select the following options:
Windows Temp
All Users Temp
Temporary Internet Files

Click "Empty Selected". Exit when finished.
Reboot as normal.

Step 6
Run Hijack This, "Scan" and post the log as a reply to this thread. I'll check it through, and get back to you.

Thanks,

Bod
User avatar
Bod
Retired Graduate
 
Posts: 366
Joined: February 15th, 2006, 4:48 pm
Location: Near Nottingham, in one of the fuzzy bits on Google Earth

Unread postby gudda96 » June 3rd, 2006, 7:56 am

Hi Bod

Here we go...

Logfile of HijackThis v1.99.1
Scan saved at 12:52:50, on 03/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\System32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MailWasher\MailWasher.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Documents and Settings\home\Desktop\Clean\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - Startup: MailWasherPro.lnk = C:\Program Files\MailWasher\MailWasher.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\Shdocvw.dll
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 3838599562
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
gudda96
Regular Member
 
Posts: 23
Joined: March 20th, 2006, 1:48 pm

Unread postby Bod » June 3rd, 2006, 11:37 am

Link > http://www.malwareremoval.com/forum/viewtopic.php?t=9715

===========


Hi,

Your new log is clean. please post a reply to this thread on any problems you may still have with your pc.

Please also follow these instructions to keep your computer clean.

Step 1 - Microsoft Windows Update
Keep Windows up to date
Click Start > All Programs > Windows Update. This will take you to the Windows Update site. Follow the instructions to download and install all of the latest critical updates. Repeat this as many times as necessary, until there are no more updates available. Reboot whenever instructed.
Click Start > Control Panel > Security Centre and make sure that Automatic Updates are On.

Step 2 - Hide System Files
Click Start > My Computer > Tools > Folder Options > View Tab. Un-check "Show hidden files and folders" in the Hidden files and folders section, and Select "Hide protected operating system files (recommended)" option. Click Yes > OK.

Step 3 – Create a clean system restore point
Click Start > Control Panel > System > System Restore Tab and click to put a tick in the "Turn off System Restore" check box, then click "Apply".

Reboot, then click Start > Control Panel > System > System Restore Tab and click to remove the tick in the "Turn off System Restore" check box, and then click Apply > OK to create a new restore point and then close Control Panel.

Step 4 - Make your Internet Explorer more secure
Open Internet Explorer click Tools > Options > Security tab > Internet icon to highlight > Custom Level, then select the following options:-
Change "Download signed ActiveX controls" to "Prompt"
Change "Download unsigned ActiveX controls" to "Disable"
Change "Initialise and script ActiveX controls not marked as safe" to "Disable"
Change "Installation of desktop items" to "Prompt"
Change "Launching programs and files in an IFRAME" to "Prompt"
Change "Navigate sub-frames across different domains" to "Prompt"
Click "OK", then Apply > OK to exit the Internet Properties page.

Step 5 - Anti Virus Software
It is very important that your computer has an anti-virus software running on your machine and that it is kept up to date.

You have Grisoft AVG so make sure it is updated at least weekly, preferably daily.

For more information on anti-virus programs see http://www.malwareremoval.com/forum/viewtopic.php?p=53#53

Step 6 - Windows Defender
Download and install Windows Defender from http://www.microsoft.com/athome/security/spyware/software/default.mspx

Step 7 - Spybot Search & Destroy
Download and install Spybot Search & Destroy from http://www.safer-networking.org/en/download/index.html
Enable the TeaTimer and SD Helper options during the installation process. Update this and scan your PC on a weekly basis.

Step 8 - AdAware
Download and install Lavasoft Adaware SE Personal from http://www.lavasoftusa.com/software/adaware/
Update this and scan your PC on a weekly basis.

Step 9 - SpywareBlaster
Download and install Javacools SpywareBlaster from http://www.javacoolsoftware.com/spywareblaster.html When installed, run SpywareBlaster, click "Enable All Protection", then "Download Latest Protection Updates" and follow the instructions to download and enable the latest update.
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Step 10 - Java Update
Go to http://java.sun.com/j2se/1.5.0/download.jsp and download and install JRE 5.0 Update 7.
Click the link "Download JRE 5.0 Update 7". You will then need to select "Accept License Agreement" and click "Continue". Then click the link "Windows Offline Installation, Multi-language", and save it to your Desktop.
Then go back to your Desktop and double click "jre-1_5_0_07-windows-i586-p.exe" to start the install.
Once you have it installed, click Start > Run, type in "appwiz.cpl" (without the quotes), and click "Enter".
From the list, uninstall "J2SE Runtime Environment 5.0 Update 6".

Hopefully these will help keep your computer clean, glad I could be of assistance,

Bod
User avatar
Bod
Retired Graduate
 
Posts: 366
Joined: February 15th, 2006, 4:48 pm
Location: Near Nottingham, in one of the fuzzy bits on Google Earth

Unread postby gudda96 » June 3rd, 2006, 12:43 pm

Bod

I am going to carry out your last instructions but once again, before i do, some questions.

Step 1 - Microsoft Windows Update>>>you say to go to update site and download but later you say make sure the automatic updates is turned on, surely a contadiction??
But on same subject, I do use auto updates although I have a query,when I visit Windows updates and view my history, i am up to date and the latest critical was 31 may but when I go to add/remove, the update and no others since 10 may are there. I tested this by downloading an Unimportant one yesterday but its not in add/remove and yes! Box is ticked to show updates????

Step 3 – Create a clean system restore point
Am I better doing this step after you have totally finished with these last queries???

You have Grisoft AVG so make sure it is updated at least weekly, preferably daily.
Its set to automatic updates and works fine

Step 6 - Windows Defender
I will download, you like it??

Step 7 - Spybot Search & Destroy
I have this and check updates regulary but dont know how to find/do owt with Tea Time??

Step 8 - AdAware
Ditto

Step 9 - SpywareBlaster
Ditto
gudda96
Regular Member
 
Posts: 23
Joined: March 20th, 2006, 1:48 pm

Unread postby Bod » June 3rd, 2006, 5:19 pm

Hi,

In answer to your questions:-

Microsoft Windows Update>>>you say to go to update site and download but later you say make sure the automatic updates is turned on, surely a contadiction??

No, not really. You'd be suprised how many do not have Automatic Updates turned on, so it's a case of getting a pc fully up to date, then hopefully keeping it that way.

I do use auto updates although I have a query,when I visit Windows updates and view my history, i am up to date and the latest critical was 31 may but when I go to add/remove, the update and no others since 10 may are there. I tested this by downloading an Unimportant one yesterday but its not in add/remove and yes! Box is ticked to show updates????

With some updates, you cannot remove them once installed, therefore they do not appear in the Add/Remove programs list.

Step 3 – Create a clean system restore point
Am I better doing this step after you have totally finished with these last queries???

Yes.

You have Grisoft AVG so make sure it is updated at least weekly, preferably daily.
Its set to automatic updates and works fine

Very good.

Step 6 - Windows Defender
I will download, you like it??

It's OK. It runs in the background, keeps itself up to date and automatically scans regularly.

Step 7 - Spybot Search & Destroy
I have this and check updates regulary but dont know how to find/do owt with Tea Time??

Click Start > All Programs > Spybot - Search & Destroy > Spybot - Search & Destroy (advanced). When the program has started, click Tools > Resident, and click on the 'Resident "Tea Timer" (Protection of over-all system settings) active' checkbox.
With this active, if any changes are made to your system settings, a box will pop-up asking you to either accept or deny the change.
If you find that the buttons on the pop-up box don't look right, see http://forums.spybot.info/showthread.php?t=122 to fix it.

Step 8 - AdAware
Ditto

Step 9 - SpywareBlaster
Ditto

Vey good.

Trust this is of some assistance.

Bod
User avatar
Bod
Retired Graduate
 
Posts: 366
Joined: February 15th, 2006, 4:48 pm
Location: Near Nottingham, in one of the fuzzy bits on Google Earth
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 467 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware