To help avoid serious infection again, please look carefully at this post for some excellent preventative measures. Prevention must be made the first line of defense to improve upon.
As a final cleanup step, it is often advisable to
Reset and Re-enable your System Restore to
remove any bad files that may have been backed up by Windows . The files in System Restore are protected to prevent any programs changing them. And, this is the only complete way to clean these files: (You will lose all previous restore points which could likely be infected, anyway.)
PLEASE NOTE: you will need to log into your computer with an account that has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(Windows XP)
To Turn OFF System Restore.
- Click the Start button.
- Right-click My Computer, and then click Properties.
- On the System Restore tab, check Turn off System Restore or Turn off System Restore on all drives.
- Click Apply.
To Turn ON System Restore. - Follow the steps in the previous section, but in step 3, uncheck Turn off System Restore or Turn off System Restore on all drives. Then click OK.
- Create new System Restore points.
(Windows ME)See the following link for instructions:
http://service1.symantec.com/SUPPORT/ts ... ec_doc_namTo reduce the re-infection potential for malware and protect your PC against spyware, here are a few helpful suggestions:
- Keep Windows and Internet Explorer current with the latest critical security updates from Microsoft . This will patch many of the security holes through which attackers can gain access to your computer . You CANNOT complete this update using an alternate browser – you must use Internet Explorer.
http://v5.windowsupdate.microsoft.com/v5co...t.aspx?ln=en-us
http://www.microsoft.com/windows/ie/default.asp
- Run your antivirus software regularly, and to keep its definitions up-to-date. If you are thinking about switching, there are a some good free Antivirus programs that are decent, including AVG and Avast!.
AVG: http://free.grisoft.com/doc/1
Avast: http://www.avast.com/eng/avast_4_home.html
- In addition to using Ad-aware consider using another free malware scanning/removal program :
Adaware SE: http://www.download.com/Ad-Aware-SE-Person...ubj=dl&tag=top5
Spybot S&D: http://www.download.com/Spybot-Search-Dest...tml?tag=lst-0-1
MS Antispyware beta: http://www.microsoft.com/athome/security/s...re/default.mspx
- Consider using a free firewall if you are not already using one. Some good free ones are:
Sygate: http://smb.sygate.com/products/spf_standard.htm
Zone Alarm: http://www.zonelabs.com/store/content/comp...n.jsp?lid=ho_za
It is not a bad idea to also consider using a router/Hardware firewall device. A software firewall may occasionally need to be disabled or it gets/remains disabled by someone or something. Such an added layer of security consistency has a lot of merit to it.
- Consider using an alternate free browser for general web surfing but you must use IE for windows updates.
Mozilla Firefox: http://www.mozilla.org/products/firefox/
- Consider increasing your browser security by using these programs:
SpywareGuard will help protect your homepage from being hijacked: http://www.javacoolsoftware.com/spywareguard.html
SpywareBlaster will increase browser protection by blocking access to thousands of known malware sites by adding them to IE's restricted sites zone. It essentially blocks known- bad ActiveX program items from being installed or running on your computer. Download it here: http://www.javacoolsoftware.com/spywareblaster.html
- A HOSTS file can block Internet access to thousands of known-bad sites by not allowing you any easy browser access to such sites knowingly or unknowingly. Use HJT to determine if a current HOSTS file exists and any contents therein:
- Run the HiJackThis tool and select ‘Open the Misc Tools section’.
- Next select ‘Open host file manager’ button.
- Use the ‘Open in Notepad’ button in XP/W2K or use WORDPAD if necessary [type wordpad.exe in the RUN box (Start>Run)] and load the FILE PATH identified in HJT.
- Go to http://www.mvps.org/winhelp2002/hosts.txt . # Read the initial instructions #. Copy and paste the RELEVANT contents of that file into Notepad or Wordpad and save the updated file contents.
*Remember just like your primary anti-virus software, it is important to:
- Keep all of these programs up-to-date, and
- Use them on a regular basis.
I have just ran Panda and it found nothing. Does this mean that my PC is OK?
Re-run all your latest scan tools if you haven't already done so or run a new tool as suggested below. Doesn't hurt to check:
Please try an online scan with
Kaspersky WebScannerClick on
Kaspersky Online ScannerYou will be prompted to install an ActiveX component from Kaspersky, Click
Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make sure that the following are selected:
- Scan using the following Anti-Virus database:
- Extended (if available otherwise Standard) - Scan Options:
- Scan Archives
- Scan Mail Bases
- Click OK
- Now under select a target to scan:
- This program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
Do you think that I can download Win SP 1 &2 now?
Suggest that you update everything except SP2 and see how that goes.
Do you think that I have any files that must be submitted to JOTTI?
Once you get familiar with the contents of your HJT log, then you may be in a better position to spot something new that needs investigating. JOTTI is normally a good tool when a Google search is not able to clearly identify the nature of any item under review.
Where you able to get a satisfactory second opinion on the
unlodctr.exe file.