Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Infected even after pc is reformatted

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby lei-zzz » October 16th, 2006, 11:34 am

Hi Elrond.
I did a scan with hijack this and saved a logfile just in case.
Thanks for ur time.

Logfile of HijackThis v1.99.1
Scan saved at 11:38:25 PM, on 10/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0B1A16-46A0-46B1-97C4-72AD30454999}: NameServer = 165.21.100.88 165.21.83.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
lei-zzz
Regular Member
 
Posts: 23
Joined: August 25th, 2006, 12:33 am
Advertisement
Register to Remove

Unread postby Elrond » October 17th, 2006, 2:22 pm

How did you do the reformat? Some of what you see in the Kaspersky log are in a restore point.

When you reformat a computer you should download the antivirus and the firewall to a CD if possible. You should not connect to the internet until you have installed them because you are risking being infected while downloading those two programs.
Are you using a thumbdrive at all? I am asking because there has been cases of an infection that specifically spreads through thumbdrives and that infection has been seen mostly in the far east and many cases have been found in Singapore.

Now let us try to get rid of what you have on your computer at the moment.


Your copy of HijackThis needs to be in a permanent folder of it's own. When HJT fixes anything, it makes backups of the original files in the folder it is in. For this reason it cannot be run from a Zip file or from Temporary folders because the backups will be deleted. Having the backups could be VITAL to restoring your system if something went wrong in the FIX process!
1. Please go to you're 'My Documents' folder, right-click and select 'New > Folder' then name the folder 'HJT'.
2. Copy and paste HijackThis.exe to the new folder.

DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL WE INSTRUCT YOU TO DO SO, AS SOME OF THE FILES ARE LEGIT AND VITAL TO YOUR COMPUTER'S HEALTH


Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

Clean out your Temporary Internet files. Proceed like this:
  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.


Show Hidden Files in Windows XP
Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
Under "Hidden files and folders" select Show hidden files and folders.
Uncheck Hide file extensions for known file types.
Click OK


Next use Windows Explorer to delete this file:
C:\WINDOWS\system32\i <----This file ( it really is named i)
Let me know if there is a problem with deleting it.


This is IMPORTANT: You need to update your Windows. It is out of date. We will never keep that computer clean with the version you are running now. The version you should have at this time is Windows XP with SP2.

Go to”Start”> "Tools" menu > "Windows Update" or go to Microsoft Windows and Internet Explorer Updates to get the critical updates including SP2.

Please inform me if you had any problems with the upgrade.


Now run a new Kasperski scan and a HJT scan and post them in this topic.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby lei-zzz » October 18th, 2006, 2:23 am

Hi Elrond,
I d/l the anti virus and firewall from a CD that i burned.. Its weird that there are still viruses... Anyway i will post the logfile soon

Thanks
lei-zzz
Regular Member
 
Posts: 23
Joined: August 25th, 2006, 12:33 am

Unread postby lei-zzz » October 20th, 2006, 11:21 am

Hi Elrond,
i cant find the file u wanted me to delete: C:\WINDOWS\system32\i
lei-zzz
Regular Member
 
Posts: 23
Joined: August 25th, 2006, 12:33 am

Unread postby Elrond » October 20th, 2006, 12:05 pm

Download Pocket Killbox http://www.bleepingcomputer.com/files/killbox.php and unzip it; save it to your Desktop.

Run it, and click the radio button that says "Standard File Kill". Then paste C:\WINDOWS\system32\i into the full path of file to delete box and click the red circle with a white cross in it. The program will ask you if you want to backup and delete the file. You should answer Yes.

Run a new AVG Spyware and a new Kaspersky scan and post the results in the next post.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby lei-zzz » October 23rd, 2006, 12:14 pm

Hi Elrond,

The file C:\WINDOWS\system32\i cant be detected by killbox. Here are the logfiles from hijackthis, AVG spyware and Kaspersky.


Logfile of HijackThis v1.99.1
Scan saved at 12:19:11 AM, on 10/24/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ftp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\New Folder\HijackThis.exe

O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [PrevxOne] "C:\Program Files\Prevx1\PXConsole.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partne ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupda ... 1412376296
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1412985561
O17 - HKLM\System\CCS\Services\Tcpip\..\{3B0B1A16-46A0-46B1-97C4-72AD30454999}: NameServer = 165.21.100.88 165.21.83.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 12:14:00 AM 10/24/2006

+ Scan result:



C:\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.


::Report end



-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 24, 2006 12:02:07 AM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 23/10/2006
Kaspersky Anti-Virus database records: 234158
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 13272
Number of viruses found: 0
Number of infected objects: 0 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:06:43

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nzg4ownh.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nzg4ownh.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nzg4ownh.default\googlesafebrowsing.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nzg4ownh.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nzg4ownh.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\nzg4ownh.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\bush_shit@hotmail.com\SharingMetadata\infected.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\bush_shit@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\bush_shit@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\bush_shit@hotmail.com\SharingMetadata\Working\database_7A3C_70D3_3C70_8BBF\dfsr.db Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\bush_shit@hotmail.com\SharingMetadata\Working\database_7A3C_70D3_3C70_8BBF\fsr.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\bush_shit@hotmail.com\SharingMetadata\Working\database_7A3C_70D3_3C70_8BBF\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Messenger\bush_shit@hotmail.com\SharingMetadata\Working\database_7A3C_70D3_3C70_8BBF\tmp.edb Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\bush_shit@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows Live Contacts\bush_shit@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nzg4ownh.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nzg4ownh.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nzg4ownh.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\nzg4ownh.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\Perflib_Perfdata_778.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD917.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD930.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD98E.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFD99B.tmp Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\_restore{74F65193-6EC2-4BC1-8F18-67581D034739}\RP13\change.log Object is locked skipped
C:\System Volume Information\_restore{74F65193-6EC2-4BC1-8F18-67581D034739}\RP5\A0000119.exe Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hqghumea.dll Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

Scan process completed.
lei-zzz
Regular Member
 
Posts: 23
Joined: August 25th, 2006, 12:33 am

Unread postby Elrond » October 23rd, 2006, 2:15 pm

Nothing shows as odd exept bush_shit@hotmail.com that seems to be an account under Administrator's Windows Messenger. Do you know anything about it.

The logs look completely clean except for that. Everything else is gone.


It is critical that you use a firewall to protect your computer from hackers. We don't recommend the firewall that comes built in to Windows. It doesn't block everything that may try to get in, and the entire firewall is written to the registry. As various kinds of malware hack the Registry in order to disable the Windows firewall, it's far preferable to install one of the excellent third party solutions. Three good ones that are freeware to boot are ZoneAlarm, Kerioand



Now I want you to clean up some loose ends and take some precautions to avoid being re-infected

  1. If you reconfigured Windows to show hidden files you should reset this to its original state using the instructions from here except that
    1. Under the "Hidden files and folders" heading put a mark for "Do not show hidden files and folders".
    2. Uncheck "Display content of system folders"
    3. Check the "Hide protected operating system files (recommended)" option.
  2. Clean out Temporary Files etc. Download System Security Suite from http://www.igorshpak.net/software/3ssetup104.zip. Extract it from the zip file into a folder and double click on sss.exe. Check the boxes under the 'Items to Clear' tab and click 'Clear Selected Items'. Reboot when prompted. It is a good idea to do this every few weeks as a lot of junk collects there over time.

  3. . Disable and Enable System Restore.
    You are running Windows XP and you should disable and re-enable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to disableable and re-enable system restore here:
  4. Make your Internet Explorer more secure - This can be done by following these simple instructions:
    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      1. Change the Download signed ActiveX controls to Prompt
      2. Change the Download unsigned ActiveX controls to Disable
      3. Change the Initialize and script ActiveX controls not marked as safe to Disable
      4. Change the Installation of desktop items to Prompt
      5. Change the Launching programs and files in an IFRAME to Prompt
      6. Change the Navigate sub-frames across different domains to Prompt
      7. When all these settings have been made, click on the OK button.
      8. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    5. Next press the Apply button and then the OK to exit the Internet Properties page.
    Also see the following:
    Many exploits are directed at Internet Explorer, you don't have to use it.
    Try a different browser like Firefox.
    It is also worth trying Thunderbird for controlling spam in your e-mail.

  5. Always use a anti-virus program and KEEP IT UPDATED
    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
    This alone can save you a lot of trouble with malware in the future.

  6. Always use a firewall.
    I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen to often with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    Be restrictive with granting access to the internet. If you are unsure if the program really needs the access, test it by denying the access and see if this has any negative effects. If not, make the block permanent.

  7. Never run two Antivirus programs or two Firewalls at the same time. They can interfere with each other and cause problems.

  8. MOST IMPORTANT : You Need to keep “Windows” and "Internet Explorer” updated. Open ‘Internet Explorer” and go to”Start”> "Tools" menu > "Windows Update" or go to Microsoft Windows and Internet Explorer Updates to get the critical updates.

  9. If you are running Microsoft Office, or any portion thereof you must keep it updated as well. Go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed. Update MS Office here.

  10. You will find more about how to protect yourself as well as suggested programs for this purpose at HERE and at "So how did I get infected in the first place? for some good advice..

    PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.


  11. Update all these programs regularly - Make sure you update all the the protection programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.



Follow this list and your potential for being infected again will reduce dramatically.


I am glad if I have been able to help you.


E :)
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby lei-zzz » October 24th, 2006, 1:02 pm

Hi Elrond,
I still get prompts from AVG about virus being detected and unable to heal. Anyway, everything seems fine now and i shld be able to deal with the little virus problem.

Thank u so much for all the help. Really appreciate it.

Cheers
Jeremy
lei-zzz
Regular Member
 
Posts: 23
Joined: August 25th, 2006, 12:33 am

Unread postby Elrond » October 25th, 2006, 5:28 pm

Can you post a log from AVG showing what it is telling you. Nothing shows in the logs that you posted before but you should not get a warning from AVG. :(
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby lei-zzz » October 29th, 2006, 12:51 pm

Hi Elrond,
U know wat? My pc is back to normal, i managed to get rid of the virus and did all the necessary precautions according to ur last post. Right now its virus free!

Thanks for all ur help and sorry for all the trouble.

Jeremy
lei-zzz
Regular Member
 
Posts: 23
Joined: August 25th, 2006, 12:33 am

Unread postby Elrond » October 29th, 2006, 2:39 pm

Glad if I could help.

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you do not have to be registered to post.. just find your country room and register your complaint.
The infection you had was a SDBot among others.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem

Unread postby Elrond » October 29th, 2006, 2:44 pm

Glad we could be of assistance.

This topic is now closed. If you wish it
reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.


You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.

Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. See Nellie2's blog here or post in our dedicated forum here
The infection you had was a SDbot and others.
User avatar
Elrond
Admin/Teacher Emeritus
 
Posts: 8818
Joined: February 17th, 2005, 9:14 pm
Location: Jerusalem
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 271 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware