Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Several problems - help obviously needed

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Unread postby ndmmxiaomayi » June 6th, 2007, 1:47 am

So I did just that - it opened the DOS window and then it said "cannot find look.txt do you want to make a new file?" I clicked no and there was just an empty notepad document there, and the DOS window stayed open.

When I retried, it prompted me with the same question and this time I pressed "cancel". It then proceeded to say the same about look1.txt, did the same, when I pressed cancel again it just closed itself.

Did I copy and paste wrong?


No, you did nothing wrong. As these files are not your in your computer yet, Windows will prompt you to create it.

Click Yes when prompted.

In safe mode?


Yup.

As far as I know, no. Just AVG when it does a full system scan every night (the antivirus). Rignt now f.e. IE is fluctuating between 40 and 70 (running Housecall) , and the non-active system processes are going from 0 to 30 and back. If that means anything LOL . CPU goes from 30 to 70 in just seconds too.


What are those non-active processes?

Would just changing passwords help? The reason I'm asking is because that way I can keep the stored information in the accounts if that makes sense!


It would depend. For forums, a change of passwords would be enough. For credit card info, Paypal, etc, this would require you to call up the banks and tell them that you suspect that these information could have been stolen and you would want to change your credit card number and password.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am
Advertisement
Register to Remove

Unread postby wordofwyrd » June 6th, 2007, 5:53 am

ndmmxiaomayi wrote:
No, you did nothing wrong. As these files are not your in your computer yet, Windows will prompt you to create it.

Click Yes when prompted.


Files are empty

In safe mode?

Yup.


Will do that now

What are those non-active processes?


How can I find out? I tried clicking on it to have more info but all it says is non-active processes, that are in SYSTEM. They're only 16 kb most of the time, but take up a lot.


It would depend. For forums, a change of passwords would be enough. For credit card info, Paypal, etc, this would require you to call up the banks and tell them that you suspect that these information could have been stolen and you would want to change your credit card number and password.


*nods* makes sense. Good thing it's just my credit card and not my debit card.

Via some googling I've found that RAP_generic is actually installed with RealPlayer. So I'm guessing it is that netzip classic thing that is sending information and so on.

I'd better not take my chances that it's just that and not do anything I guess.
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm

Unread postby ndmmxiaomayi » June 6th, 2007, 6:27 am

Files are empty


Great. It's just a leftover in the registry.

How can I find out? I tried clicking on it to have more info but all it says is non-active processes, that are in SYSTEM. They're only 16 kb most of the time, but take up a lot.


As in the processes name? For example svchost.exe.

Also, it might be the System Idle process. It can take up a lot of resources, but in fact the reverse is true.
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby wordofwyrd » June 6th, 2007, 6:39 am

So that was the Activescan results that were just a leftover? Good!





Here's a screenshot, makes it easier to see what I mean lol ... right now CPU usage is only up to 10% but it sometimes goes up to 100% with about just as much as this.

Image


Off to scan with AVG now!
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm

Unread postby ndmmxiaomayi » June 6th, 2007, 8:12 am

Hi wordofwyrd. :)

Looking at your screenshot, it's indeed the System Idle process. It usually takes up the bulk of system resources and doesn't have an effect on the system unless its usage goes down to a low number, for example 20.

Other than that, do you have any other problems?

If no, this will be my closing speech to you. It will help you to prevent against most malware infections.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update
Office Updates

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Java is another program that updates regularly to fix bug issues and loopholes in it. Here's the instructions for updating Java:

  • Click here to visit Java's website.
  • Scroll down to Java Runtime Environment (JRE). Click on Download.
  • Select Accept License Agreement. The page will refresh.
  • Click on Windows Offline Installation, Multi-language and save it to a convenient location.
  • Run this installation to update your Java.
Remember to remove all previous versions of Java when you update it to a new version to prevent exploitation of the older versions left on your system.

Besides Windows and Java that need regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files

  1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  2. Never open emails from unknown senders.
  3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware

Stop malicious scripts

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

For Internet Explorer 7

Please read the article to configure Internet Explorer 7 properly.

Prevent a re-infection

  1. SpywareBlaster
    SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

    You can download SpywareBlaster from here.

    If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.
  2. SpywareGuard
    Just as an antivirus program scans a file for viruses before opening it, SpywareGuard does the same thing, except that it scans it for spywares.

    You can download SpywareGuard from Javacool.

    If you need help in using SpywareGuard, you can SpywareGuard's tutorial at Bleeping Computer.
  3. IE-SPYAD
    IE-SPYAD adds over 5000 sites to your Internet Explorer restricted zone so that you will be protected if the website turns out to be a bad one. Sites that are in the restricted zone of Internet Explorer can't have any scripts ran, no downloads and cookies. However, you can still connect to these sites.

    You can download IE-SPYAD from Spyware Warrior. Be sure to read the whole website carefully for instructions on usage of IE-SPYAD.

    A tutorial for IE-SPYAD can be found at Bleeping Computer.
  4. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Castlecops.
  5. Lavasoft Ad-Aware
    Ad-Aware is an anti-spyware program. Like your antivirus program, please run an Ad-Aware scan at least once per week.

    Ad-Aware can be downloaded from here.

    If you need help in using Ad-Aware, you can read Ad-Aware's tutorial at Bleeping Computer.
  6. Spybot Search & Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.
  7. a-squared Free
    a-squared Free is also another program for scanning spywares and adwares. It doesn't have preventive features like Spybot Search & Destroy though.

    You can download a-squared Free from here.
  8. SUPERAntiSpyware
    Another anti-spyware program. There's a free version and professional (paid) version. SUPERAntiSpyware's home page
  9. CounterSpy
    CounterSpy is pretty much like Spybot Search & Destroy, but it isn't free. You can try CounterSpy for 15 days.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs. This will save you from a lot of trouble. If in doubt, don't ever download it.
  10. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.
  11. SiteHound
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer only.

    You can download SiteHound from here.


Use an alternative Internet Browser

Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead.

Firefox 2.0
Opera 9.1

Use an alternative email client

If you are using Outlook Express as your default email client, try using Thunderbird or Pegasus Mail instead.

Here are some more things to read about:

List of clean and infected download managers
Configuring Skype
Greater email safety
Phishing - what is it?
Configuring Outlook Express
Configuring Firefox
The Unofficial Cookie FAQ
Securing your home wireless network
80 Super Security Tips
The different classes of security softwares
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby wordofwyrd » June 6th, 2007, 8:38 am

ndmmxiaomayi wrote:Hi wordofwyrd. :)

Looking at your screenshot, it's indeed the System Idle process. It usually takes up the bulk of system resources and doesn't have an effect on the system unless its usage goes down to a low number, for example 20.


Well it does go down to 0 sometimes, but I guess that is normal? It has always done that.

Other than that, do you have any other problems?


The AVG spyware scan found the Worm.AimVen in system restore, not in the folder it was in yesterday, I take it it's gone now?


If no, this will be my closing speech to you. It will help you to prevent against most malware infections.

Keep your system updated

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Please ensure that you visit the following websites regularly or do update your system regularly.

Install the updates immediately if they are found. Reboot your computer if necessary, revisit Windows Update and Office update sites until there are no more updates to be installed.

To update Windows

Go to Start > All Programs > Windows Update

To update Office

Open up any Office program.

Go to Help > Check for Updates

Alternatively, you can visit the links below to update Windows and Office products.

Windows Update
Office Updates

If you are forgetful, you can change some settings so that you will be informed of updates. Here's how:

  1. Go to Start > Control Panel > Automatic Updates
  2. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  3. Select Download updates for me, but let me chose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  4. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Java is another program that updates regularly to fix bug issues and loopholes in it. Here's the instructions for updating Java:

  • Click here to visit Java's website.
  • Scroll down to Java Runtime Environment (JRE). Click on Download.
  • Select Accept License Agreement. The page will refresh.
  • Click on Windows Offline Installation, Multi-language and save it to a convenient location.
  • Run this installation to update your Java.
Remember to remove all previous versions of Java when you update it to a new version to prevent exploitation of the older versions left on your system.

Besides Windows and Java that need regular updating, antivirus, anti-spyware and firewall programs update regularly too.

Please make sure that you update your antivirus, firewall and anti-spyware programs at least once a week.

Be careful when opening attachments and downloading files

  1. Never open email attachments, not even if they are from someone you know. If you need to open them, scan them with your antivirus program before opening.
  2. Never open emails from unknown senders.
  3. Beware of emails that warn about viruses that are spreading, especially those from antivirus vendors. These email addresses can be easily spoofed. Check the antivirus vendor websites to be sure.
  4. Be careful of what you download. Only download files from known sources. Also, avoid cracked programs. If you need a particular program that costs too much for you, try finding free alternatives on Sourceforge or Pricelessware

Stop malicious scripts

Windows by default allow scripts (which is VBScript and JavaScript) to run and some of these scripts are malicious. Use Noscript by Symantec or Script Defender by AnalogX to handle these scripts.

Backup regularly

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

Avoid P2P

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

For Internet Explorer 7

Please read the article to configure Internet Explorer 7 properly.

Prevent a re-infection

  1. SpywareBlaster
    SpywareBlaster is a program that is used to secure Internet Explorer by making it harder for ActiveX programs to run on your computer. It does this by disabling known offending ActiveX programs from running at all.

    You can download SpywareBlaster from here.

    If you need help in using SpywareBlaster, you can read SpywareBlaster's tutorial at Bleeping Computer.
  2. SpywareGuard
    Just as an antivirus program scans a file for viruses before opening it, SpywareGuard does the same thing, except that it scans it for spywares.

    You can download SpywareGuard from Javacool.

    If you need help in using SpywareGuard, you can SpywareGuard's tutorial at Bleeping Computer.
  3. IE-SPYAD
    IE-SPYAD adds over 5000 sites to your Internet Explorer restricted zone so that you will be protected if the website turns out to be a bad one. Sites that are in the restricted zone of Internet Explorer can't have any scripts ran, no downloads and cookies. However, you can still connect to these sites.

    You can download IE-SPYAD from Spyware Warrior. Be sure to read the whole website carefully for instructions on usage of IE-SPYAD.

    A tutorial for IE-SPYAD can be found at Bleeping Computer.
  4. Hosts File
    A Hosts file is like a phone book. You look up someone's name in the phone book before calling him/her. Similarly, your PC will look up the website's IP address before you can view the website.

    Hosts file will replace your current Hosts file with another one containing well-known advertisement sites, spyware sites and other bad sites. This new Hosts file will protect you by re-directing these bad sites to 127.0.0.1.

    Here are some Hosts files:

    MVPS Hosts File
    Bluetack's Hosts File
    Bluetack's Host Manager
    hpHosts

    A tutorial about Hosts File can be found at Castlecops.
  5. Lavasoft Ad-Aware
    Ad-Aware is an anti-spyware program. Like your antivirus program, please run an Ad-Aware scan at least once per week.

    Ad-Aware can be downloaded from here.

    If you need help in using Ad-Aware, you can read Ad-Aware's tutorial at Bleeping Computer.
  6. Spybot Search & Destroy
    Spybot Search & Destroy is another program for scanning spywares and adwares. Not only so, it has other preventive options as well. You are strongly encouraged to run a scan at least once per week.

    Spybot Search & Destroy can be downloaded from here.

    If you need help in using Spybot Search & Destroy, you can read Spybot Search and Destroy tutorial at Bleeping Computer.
  7. a-squared Free
    a-squared Free is also another program for scanning spywares and adwares. It doesn't have preventive features like Spybot Search & Destroy though.

    You can download a-squared Free from here.
  8. SUPERAntiSpyware
    Another anti-spyware program. There's a free version and professional (paid) version. SUPERAntiSpyware's home page
  9. CounterSpy
    CounterSpy is pretty much like Spybot Search & Destroy, but it isn't free. You can try CounterSpy for 15 days.

    Before downloading any anti-spyware programs, always check the Rogue/Suspect list of anti-spyware programs. This will save you from a lot of trouble. If in doubt, don't ever download it.
  10. Winpatrol
    Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

    You can get a free copy of Winpatrol or use the Plus version for more features.

    You can read Winpatrol's FAQ if you run into problems.
  11. SiteHound
    SiteHound is a toolbar that warns you if you go to a site that is known to scam people, that has potentially lots of viruses or spywares or has questionable contents. If you know the site, you can enter it; if you don't, it will bring you back to the previous page. Currently, SiteHound works for Internet Explorer only.

    You can download SiteHound from here.

Use an alternative Internet Browser

Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead.

Firefox 2.0
Opera 9.1

Use an alternative email client

If you are using Outlook Express as your default email client, try using Thunderbird or Pegasus Mail instead.

Here are some more things to read about:

List of clean and infected download managers
Configuring Skype
Greater email safety
Phishing - what is it?
Configuring Outlook Express
Configuring Firefox
The Unofficial Cookie FAQ
Securing your home wireless network
80 Super Security Tips
The different classes of security softwares


Wow, there is a LOT of extra information there since the last time I came here.

When you say uninstall all java to avoid it being exploited, does that mean I go into configuration/software and uninstall all java components before downloading any new ones?

I have windows automatic updates on but it doesn't seem to work too brilliantly, I also hardly ever install any non-critical updates because I never understand what they are actually meant for and if I need them or not :S

Other than that, thank you VERY much for your patience and help, it is much appreciated, and I hope to stay away as long as possible this time ;)
wordofwyrd
Regular Member
 
Posts: 24
Joined: August 5th, 2006, 12:22 pm

Unread postby ndmmxiaomayi » June 6th, 2007, 9:31 am

Well it does go down to 0 sometimes, but I guess that is normal? It has always done that.


Yup. But when it goes down to 0, your computer will be crawling.

The AVG spyware scan found the Worm.AimVen in system restore, not in the folder it was in yesterday, I take it it's gone now?


Yup. You will need to turn off and on your system restore to reset it.

When you say uninstall all java to avoid it being exploited, does that mean I go into configuration/software and uninstall all java components before downloading any new ones?


Yup.

I have windows automatic updates on but it doesn't seem to work too brilliantly, I also hardly ever install any non-critical updates because I never understand what they are actually meant for and if I need them or not :S


If Windows prompts you about it, it means you have the program installed. They are usually bug fixes (which is when people reported having problems with it.)

Other than that, thank you VERY much for your patience and help, it is much appreciated, and I hope to stay away as long as possible this time


You are welcome. :)

Happy surfing and stay safe! :)
ndmmxiaomayi
MRU Emeritus
MRU Emeritus
 
Posts: 9708
Joined: July 17th, 2006, 9:22 am

Unread postby NonSuch » June 9th, 2007, 3:26 am

This topic is now closed. If you wish it reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 28747
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 136 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware