Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

help me with malware please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Error in posting

Unread postby neildush » April 14th, 2007, 5:50 am

hi vino

i can't post my log - i keep keeping this note:


Error in posting

DEBUG MODE

SQL Error : 2006 MySQL server has gone away

Will try post in a pm

Neil
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London
Advertisement
Register to Remove

Unread postby Vino Rosso » April 14th, 2007, 8:09 am

Hi Neil

I couldn't open your first PM (1/2) :scratch:

The a-squared log looks OK.

Did the Kaspersky scan finish?
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby Vino Rosso » April 14th, 2007, 3:28 pm

Hi Neil

Just received your PM about the Kaspersky scan but can't open it.

Can you post it here?
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

kapersky scan

Unread postby neildush » April 14th, 2007, 3:29 pm

hi vino

for some reason i can't send you the kapersky scan?

it didn't look good: here is a summary:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, April 14, 2007 10:20:05 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 13/04/2007
Kaspersky Anti-Virus database records: 297190
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
I:\

Scan Statistics:
Total number of scanned objects: 366201
Number of viruses found: 37
Number of infected objects: 103
Number of suspicious objects: 0
Duration of the scan process: 07:40:56

The A-Squared scan had 3 nasty bits:


C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP14\A0001490.exe detected: Adware.Win32.SurfSide.av
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP23\A0008063.exe detected: Riskware.RiskTool.Win32.NetSchedScan.a
C:\System Volume Information\_restore{A750E427-8BD5-422D-9FC7-E4CCEA371408}\RP23\A0008064.exe/Process.exe detected: Riskware.RiskTool.Win32.NetSchedScan.a

Is there a way i can send you the Kapersky scan in a word doc as an attachment? Do you think it is worth buying the software? I have AVG free on my computer.

Cheers,

Neil
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

kapersky scan problems

Unread postby neildush » April 14th, 2007, 3:34 pm

hi vino,

the kapersky scan fills 250 pages - lots of infected items. My computer has a few pop ups still. the scan did complete. took over 7 hours.

is there a max number of words/characters these posts can handle?

2 options:

can break scan up into a few posts.

can send doc as an attachment somehow?

Cheers,

Neil
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

Unread postby Vino Rosso » April 14th, 2007, 4:23 pm

Hi Neil

Can you upload the file here: http://www.badongo.com/

Then PM me the link.

Thanks
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

done

Unread postby neildush » April 14th, 2007, 4:55 pm

file upload and pm sent.
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

Unread postby Vino Rosso » April 14th, 2007, 6:28 pm

Received. Thanks.

Will take me a little(!) while to work through.
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby Vino Rosso » April 15th, 2007, 6:06 am

Hi Neil

OK, I've gone through the Kaspersky scan and there's good news and bad news.

The good news is that your computer's hard drive (C:\) appears clean though note that we have some tidying up to do which I'll cover in my next post.

The bad news is that the external hard drive (I:\) has several infected programs. As previously advised, you will be compromising the security of your computer by connecting the external hard drive as it currently stands.

I recommend you delete the following from the external hard drive:

I:\Software\Antivirus\ParetoLogic Anti-Spyware 5.0.219 + PATCH <=== This folder only
I:\Software\Applications software\fdvdcodecs.exe <=== This file only
I:\Software\Applications software\RosoftAudioRecorderFree.exe <=== This file only
I:\Software\CAD software\VectorWorks_v11[1].0 (http://www.crack.cd).zip <=== This file only
I:\Software\General software\Audio and Video\2findmp3free.exe <=== This file only
I:\Software\General software\Audio and Video\BOOMBox_Setup.exe <=== This file only
I:\Software\General software\Audio and Video\CliprexLite.exe <=== This file only
I:\Software\General software\Audio and Video\digital.zip <=== This file only
I:\Software\General software\Audio and Video\lmsetup.exe <=== This file only
I:\Software\General software\Audio and Video\los.exe <=== This file only
I:\Software\General software\Audio and Video\ossmcp40.exe <=== This file only
I:\Software\General software\Audio and Video\RosoftAudioToolsFree.exe <=== This file only
I:\Software\General software\Audio and Video\RosoftCDExtractorFree.exe <=== This file only
I:\Software\General software\Audio and Video\RosoftMediaPlayerFree.exe <=== This file only
I:\Software\General software\Audio and Video\setupmp3towav.exe <=== This file only
I:\Software\Unknown\dvdsmovies1330.exe <=== This file only
I:\Software\Zip software\VectorWorks_v11[1].0 (http://www.crack.cd).zip <=== This file only

Smitfraudfix is a tool that is regularly updated and should not be retained. Please also delete:

I:\Software\Antivirus\SmitfraudFix <=== This folder only
I:\Software\Unknown\SmitfraudFix.exe <=== This file only

Check on status
After you have completed the above, please reboot and provide:
  1. a new HijackThis log
  2. and a description of how your PC is behaving - any more problems?
Thanks
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

New Log

Unread postby neildush » April 15th, 2007, 6:23 pm

Hi Vino

Here is my HTL:

Logfile of HijackThis v1.99.1
Scan saved at 23:18:16, on 15/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Microsoft LifeCam\MSCamSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {EAB009A4-744E-409A-A60D-A6AD0B713F34} - C:\Program Files\Online Services\nipybalo.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.6\THGuard.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 6156297066
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 6156286962
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2service.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


The computer is working properly now! No pop-ups.

I have a few questions:

A. In my botton right hand tray I have the following prgrams running:

1. a-squared (free anti virus trial version)
2. AVG anti virus
3. AVG anti-spyware
4. Zone alarm
5. Trojan Hunter

I also have a large arsenal of anti-virus software from Xoftspy to Spybot.
Maybe I have too much stuff running? Can I get rid of some of this?

B. When I start up my computer my screen goes black for a few seconds and then pops back again. The same happens when I delete files occasionally. Not sure what this is.

C. I seem to have a lot of software with 'crack' etc saved on my external drive. Most of this is not needed by myself. Should I remove this by burning onto DVD or just delete it?

D. On my C drive I have a few folders that I think are suspect but my belong to antivirus software programs:

They are:

QooBox has another folder in there called 'quarantine'
Swetup has a folder called 'monitors'
VundoFix Backups

Not sure what to do with them?

I also wouldn't mind deleting a few folders called: 'my old disk structure' which were formed when i did a system restore. Do i need them?

My computer has no annoying pop-ups and is running smoothly.

Thank you so much for your help. It is much appreciated!

Regards,

Neil
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

Unread postby Vino Rosso » April 16th, 2007, 12:11 pm

Hi Neil

Neil wrote:The computer is working properly now! No pop-ups.

Great!

Neil wrote:I have a few questions:

A. In my botton right hand tray I have the following prgrams running:

1. a-squared (free anti virus trial version)
2. AVG anti virus
3. AVG anti-spyware
4. Zone alarm
5. Trojan Hunter

I also have a large arsenal of anti-virus software from Xoftspy to Spybot.
Maybe I have too much stuff running? Can I get rid of some of this?

You should run only one anti-virus program and only one firewall. Running more than one of these programs will cause conflicts, slow up the speed of your computer, and likely result in your computer being more vulnerable.

a-squared and AVG-AS do very similar things. If you've paid for one then keep it and remove the other. Trojan Hunter should work OK with the other programs. The other on-demand programs such as SpyBot are OK as they will only take up your computer's resources when you ask them to scan.

It is believed that no one program will catch all malware but that doesn't mean you should have as many programs as possible. Stick with one anti-virus, one firewall, a couple of real-time scanners that are doing slightly different things e.g. AVG-AS and Trojan Guard, then use other on-demand scanners on a regular basis.

Neil wrote:B. When I start up my computer my screen goes black for a few seconds and then pops back again. The same happens when I delete files occasionally. Not sure what this is.

My screen does something similar when the computer first starts but not when I delete files. I would suggest a process of elimination. Start with borrowing another monitor - does the problem still happen? You could then try re-installing the graphics driver or re-placing the PSU. (I've seen PSUs cut out when displaying bright screens as these draw extra current.) If you continue to experience hardware problems, I'd encourage you to run the Full Tests at PCPitstop. http://www.pcpitstop.com/pcpitstop/default.asp
This is an excellent diagnostics scan that can help in determining problems not related to malware.

Neil wrote:C. I seem to have a lot of software with 'crack' etc saved on my external drive. Most of this is not needed by myself. Should I remove this by burning onto DVD or just delete it?

As previously recommended, you should delete all suspicious and cracked software. Not only is the use of it probably illegal, it will increase the likelihood of your computer becoming re-infected.

Neil wrote:D. On my C drive I have a few folders that I think are suspect but my belong to antivirus software programs:

They are:

QooBox has another folder in there called 'quarantine'
Swetup has a folder called 'monitors'
VundoFix Backups

Not sure what to do with them?

I don't recognise swetup but QooBox and Vundo are specific tools that have been used to clean your computer. These folders can be deleted and I will cover this as part of my 'All Clean' post - which follows.

Neil wrote:I also wouldn't mind deleting a few folders called: 'my old disk structure' which were formed when i did a system restore. Do i need them?

If you are happy that your computer is operating without any problems then it is OK to delete the folders.

Neil wrote:My computer has no annoying pop-ups and is running smoothly.

Thank you so much for your help. It is much appreciated!

You're welcome.
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Unread postby Vino Rosso » April 16th, 2007, 12:14 pm

Great News! Your log appears clean of malware and here's some valuable information that will help to keep it that way.

1 - Delete Tools
The following files and folders were downloaded to help get rid of the malware on your PC. These can now be deleted as they are no longer required.
  • VundoFix.exe and associated backups
  • C:\QooBox
2 - Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

3 - All Clean
This is adapted from my general post for the 'All Clean' status however please advise on any problems you may still have before proceding with the following:-

a - Hide your System Files
These files are hidden to avoid accidental deletion so please follow these steps:

Click Start
Open My Computer
Select Tools > Folder Options > Select the View Tab
Uncheck Show hidden files and folders in the Hidden files and folders section
Select Hide protected operating system files (recommended) option
Click OK, OK

b - Reset your system restore points
This will remove any infected files that may have been backed up by Windows. Should you have problems, a tutorial is available >here<.
Please note that you need Administrator privileges to do the following:

Turn off System Restore
Start > right-click My Computer and select Properties
Click the System Restore tab
Tick Turn off System Restore
Click Apply, and then click OK.

Restart your computer

Turn ON System Restore
Start > Right-click on My Computer and select Properties
Click on the System Restore tab
Click on C: drive then Settings
Untick Turn off System Restore on this drive
OK, OK

c - Make Internet Explorer more secure
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Note: If you are using IE, you may want to consider changing Mozilla FireFox which is subjected to fewer malware attacks than IE however remember that you still need to use IE for certain sites like Microsoft Updates.

d - Windows Updates
Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

e - Anti-Virus
It is important that your computer has anti-virus software installed and it is updated at least on a weekly basis. Further information and programs can be found >here<

f - Firewall
Using a Firewall in its default configuration greatly reduces the risk of your computer being hacked. Further information and programs can be found >here<

g - Hosts File
For added protection you may also like to add a host file, for more information regarding host files read >here<

h - WinPatrol
As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. For more information, please visit >here<

i - Anti-Malware Programs (all free)
Next, if they're not already present, I would recommend the download and installation of some or all of the following programs, and the updating of them on a regular basis:
  • Ad-Aware SE - This is a program that scans for and removes known spyware from your machine. >Tutorial<
  • Spybot Search & Destroy - Spybot is a tool like Ad-Aware SE whereas it seeks out and removes known spyware from your machine. >Tutorial<
    These two tools (Ad-Aware & Spybot) are perfect complements to each other as one will most always find something the other missed.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machine.
    >Tutorial<
  • IE_Spyad - Works by placing known "bad" sites into your Internet Explorer "Restricted Zones" prohibiting them from doing potentially problematic things to your computer. >Tutorial<
I'd be grateful if you could reply to this post so that I know you have read it and, if you have no more questions, the thread can be closed.

Safe Computing
Vino
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Thank you Vino

Unread postby neildush » April 16th, 2007, 5:42 pm

Hi Vino

Thank you for that. Much appreciated.

I have done most of the instructions as per your second post except for:

g: HOSTS FILE and

h: configured winpatrol (it is installed) not sure how it works?!?

Both programs seem a bit complicated at the moment and I will need some time to get my head around them

I have Firefox working, no pop-ups. IE7 is not working: it says it cannot display the webpage. Not sure why since Firefox is ok.

Re: your suggestion on your previous email about removing suspicious software... is there a way I can back them up on DVD/CD and somehow keep a record of
what I have archived? I used to use: 'Offline CD Browser' but found it a bit too complicated. Could you suggest an alternative? I did a search here but now am very worried about downloading anything of the net that is free!

See: http://3d2f.com/tags/cd/browser/

Re: pcpitstop: it asked me “Please enter the maximum speed your connection is rated to provide, in kilobits per second.â€
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London

Re: Thank you Vino

Unread postby Vino Rosso » April 16th, 2007, 6:54 pm

Hi Neil
Neil wrote:I have done most of the instructions as per your second post except for:

g: HOSTS FILE and

h: configured winpatrol (it is installed) not sure how it works?!?

Both programs seem a bit complicated at the moment and I will need some time to get my head around them

The web page linked in the Hosts section in my post has an explanation on what the Hosts file does. The Hosts file can be used to block suspect web sites and adverts. It can also be used by malware to stop you reaching web sites for help. WinPatrol is one program that monitors your Hosts file... and many other parts of your computer. It will warn you when something is trying to change things.

Neil wrote:I have Firefox working, no pop-ups. IE7 is not working: it says it cannot display the webpage. Not sure why since Firefox is ok.

Check that Zone Alarm has not blocked IE from accessing the web. Double-click on the icon in the notification tray. Select Program Control down the left, and Programs along the top. Scroll down to Internet Explorer. There should be green ticks under Access (Trusted and Internet).

Neil wrote:Re: your suggestion on your previous email about removing suspicious software... is there a way I can back them up on DVD/CD and somehow keep a record of what I have archived? I used to use: 'Offline CD Browser' but found it a bit too complicated. Could you suggest an alternative? I did a search here but now am very worried about downloading anything of the net that is free!

Sorry, that's not something I use. I burn programs to a DVD or CD and simply write on the case sleeve what's on the disk.

[quote="Neil"]Re: pcpitstop: it asked me “Please enter the maximum speed your connection is rated to provide, in kilobits per second.â€
User avatar
Vino Rosso
Admin/Teacher Emeritus
 
Posts: 9024
Joined: April 24th, 2006, 8:36 am
Location: Gloria Jean's in Murray St. Mall (I wish!)

Thanks again

Unread postby neildush » April 16th, 2007, 7:02 pm

Hi Vino,

Final question: Are there any setting you would recommend me putting under 'delayed start' on win patrol?'

Other than that I think that is all. I want to thank you for all your patience and help. My computer is running smoothly now.

I will be posting a new log so that my lap top computer can be scanned towards the end of the week.

Keep well and many thanks.

Regards,

Neil
neildush
Regular Member
 
Posts: 34
Joined: April 9th, 2007, 7:46 pm
Location: London
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 324 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware