Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
I need help with Virus/Trojan removal badly please help
Options
-
09-03-2009 2:25pm#1im doing Crt III Info Tech,, but im not the brightest spark so please bare with me,, i really need some help.
i dont know how i got it,, but i have a trojan of sorts which has something to do wit the recycler thingy on my usb (thats where it shows up the most)..
if i goto mycomputer & double click my usb or hard drives it says windows cannot find "RECYCLER-S-2-3-20-100032244-100013959-100022051-1685.com" make sure you type the file correctly etc.. but by clicking folders tab you can still browse the drive..
i have been using SuperantiSpyware Free for sometime now & usually it worked wonders for me but now it wont update,, i went to the site & downloaded the latest SASDEFINITIONS.EXE, ran it,, yet when it starts back up it says an update is available but it wont start downloading it. it shows what updates are available,, opens the download window but wont download updates.
a friend of mine used Kaspersy Internet security to remove it successfully however when i install Kaspersky it wont run kaspersky, it installs,, but it wont run, (my friend already had kasperky installed, he also gave me the latest updates downloaded a few hours before the time of this post, but the program wont open so I cant apply them)
i uninstalled kaspersky & installed bitdefender, it runs but it wont get the latest updates.. it found a lot of trojans after scanning but it didnt sort the recycler problem & it still wont update.. ive since tried reinstalling kasperky again
i then found this forum & followed instructions in "I think I have a virus" - Please Read & Try BEFORE Posting (Updated 03/02/09)
i went through all steps.. installed malwarebytes but it will not let me get the latest updates.. it tells me to change firewall settings, i did, but it still wouldnt update
it wont let me get the latest windows updates,, i think the trojan is blocking its ability to connect to automatic updates... i try to goto various antivirus websites to try other products but im pretty sure the trojan is blocking them.. i had a setup file for XPservice pack 3.. but it failed halfway through & wouldnt add all the updates & said your computer may not run correctly
below are the log files pasted into this post...
Malwarebytes' Anti-Malware 1.34
Database version: 1749
Windows 5.1.2600 Service Pack 3
9/03/2009 9:53:56 PM
mbam-log-2009-03-09 (21-53-55).txt
Scan type: Full Scan (C:\|G:\|)
Objects scanned: 134992
Time elapsed: 1 hour(s), 16 minute(s), 58 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 38
Registry Values Infected: 13
Registry Data Items Infected: 12
Folders Infected: 3
Files Infected: 24
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.
Registry Keys Infected:
HKEY_CLASSES_ROOT\xml.xml (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\xml.xml.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{5d2631e5-8696-7543-50b2-f674cd4308eb} (Trojan.Fakealert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7d5dd829-6c90-42c5-b54c-2afa82f988ba} (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6d794cb4-c7cd-4c6f-bfdc-9b77afbdc02c} (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7c109800-a5d5-438f-9640-18d17e168b88} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07b18eab-a523-4961-b6bb-170de4475cca} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8a0dcbdb-6e20-489c-9041-c1e8a0352e75} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{6fd31ed6-7c94-4bbc-8e95-f927f4d3a949} (Adware.180Solutions) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{daed9266-8c28-4c1c-8b58-5c66eff1d302} (Search.Hijack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{500bca15-57a7-4eaf-8143-8c619470b13d} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{90b5a95a-afd5-4d11-b9bd-a69d53d22226} (Adware.Hotbar) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\xpreapp (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\MediaHoldings (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Mirar (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\PlayMP3 (Adware.PlayMP3Z) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\FBrowsingAdvisor (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Web Application (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\instkey (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explsbsm.exelper Objects (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\freshplay (Trojan.DNSChanger) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{9a9c9b68-f908-4aab-8d0c-10ea8997f37e} (Adware.Mirar) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{51d81dd5-55b7-497f-95db-d356429bb54e} (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\searchassistant (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\searchmigrateddefaulturl (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Trojan.Zlob) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\searchurl (Trojan.Zlob) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securewebinfo.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.safetyincludes.com (Trojan.Zlob) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow\*.securemanaging.com (Trojan.Zlob) -> Quarantined and deleted successfully.
Registry Data Items Infected:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchUrl\w\ (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q=%s) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchURL (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant (Hijack.Search) -> Bad: (http://internetsearchservice.com) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\SearchMigratedDefaultURL (Hijack.Search) -> Bad: (http://internetsearchservice.com/search?q={searchTerms}) Good: (http://www.google.com/) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.112.39,85.255.112.40 -> Quarantined and deleted successfully.
Folders Infected:
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007 (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\527631 (Trojan.BHO) -> Quarantined and deleted successfully.
Files Infected:
C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{710F2722-40B9-470F-8D92-E6DCF4D1002A}\RP625\A0139482.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{710F2722-40B9-470F-8D92-E6DCF4D1002A}\RP625\A0139483.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{710F2722-40B9-470F-8D92-E6DCF4D1002A}\RP625\A0139485.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{710F2722-40B9-470F-8D92-E6DCF4D1002A}\RP625\A0139486.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{710F2722-40B9-470F-8D92-E6DCF4D1002A}\RP626\A0139562.dll (Adware.PlayMp3z) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{710F2722-40B9-470F-8D92-E6DCF4D1002A}\RP628\A0141147.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Resource Worker\Local Settings\Temp\xpre.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\Abbr (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ActivationCode (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\WinAntiVirus Pro 2007\Data\ProductCode (Rogue.WinAntivirus) -> Quarantined and deleted successfully.
C:\autorun.inf (Trojan.Agent) -> Quarantined and deleted successfully.
C:\RECYCLER\S-2-3-20-100032244-100013959-100022051-1685.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\i7v501gc.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mCym70iY.exe.a_a (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\senekawxvasnbu.sys (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Program Files\Mozilla Firefox\components\iamfamous.dll (Trojan.Agent) -> Delete on reboot.
C:\WINDOWS\system32\MSGMAN32.DLL (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxkdibcepu.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\gaopdxruboivxb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekadqyouppa.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekamcipqute.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekauwkioylt.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\senekawwbyqxyl.dat (Trojan.Agent) -> Quarantined and deleted successfully.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:45:22 PM, on 9/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G132\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {21816447-6E97-4B5D-80D9-125323131347} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: (no name) - {EA60B7BE-C6EF-4176-8DD8-BBFC045C75F6} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O4 - HKLM\..\Run: [ABBYY Community Agent] C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SetIcon] C:\Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [D-Link AirPlus XtremeG DWL-G132] C:\Program Files\D-Link\AirPlus XtremeG DWL-G132\AirPlusCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [InternodeUsage] C:\PROGRA~1\INTERN~2\mum.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /H
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-57989841-573735546-682003330-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Administrator')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - AppInit_DLLs: cjzmxj.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O20 - Winlogon Notify: hgGvuRig - hgGvuRig.dll (file missing)
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
--
End of file - 6734 bytes
Rooter Log..
Microsoft Windows XP Professional (5.1.2600) Service Pack 3
A:\ [Removable] (Total:0 Mo/Free:0 Mo)
C:\ [Fixed] - NTFS - (Total:38162 Mo/Free:2973 Mo)
\ [Removable] (Total:0 Mo/Free:0 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:1903 Mo/Free:224 Mo)
Mon 09/03/2009|22:48
\\ Processes..
--Locked-- [System Process]
System
\SystemRoot\System32\smss.exe
\??\C:\WINDOWS\system32\csrss.exe
\??\C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\SPRINT~1.0OF\Sprint\CAgent.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\D-Link\AirPlus XtremeG DWL-G132\AirPlusCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\INTERN~2\mum.exe
C:\Program Files\Registry Mechanic\RegMech.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cmd.exe
C:\Rooter$\RK.exe
\\ Search..
==> VUNDO <==
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\mCym70iY.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
Trojan ! .. C:\WINDOWS\system32\i7v501gc.exe
\\ Tasks
C:\WINDOWS\tasks\At1.job
C:\WINDOWS\tasks\At11.job
C:\WINDOWS\tasks\At12.job
C:\WINDOWS\tasks\At13.job
C:\WINDOWS\tasks\At14.job
C:\WINDOWS\tasks\At15.job
C:\WINDOWS\tasks\At16.job
C:\WINDOWS\tasks\At17.job
C:\WINDOWS\tasks\At18.job
C:\WINDOWS\tasks\At19.job
C:\WINDOWS\tasks\At2.job
C:\WINDOWS\tasks\At21.job
C:\WINDOWS\tasks\At22.job
C:\WINDOWS\tasks\At23.job
C:\WINDOWS\tasks\At24.job
C:\WINDOWS\tasks\At25.job
C:\WINDOWS\tasks\At26.job
C:\WINDOWS\tasks\At27.job
C:\WINDOWS\tasks\At28.job
C:\WINDOWS\tasks\At29.job
C:\WINDOWS\tasks\At3.job
C:\WINDOWS\tasks\At31.job
C:\WINDOWS\tasks\At32.job
C:\WINDOWS\tasks\At33.job
C:\WINDOWS\tasks\At34.job
C:\WINDOWS\tasks\At35.job
C:\WINDOWS\tasks\At36.job
C:\WINDOWS\tasks\At37.job
C:\WINDOWS\tasks\At38.job
C:\WINDOWS\tasks\At39.job
C:\WINDOWS\tasks\At4.job
C:\WINDOWS\tasks\At41.job
C:\WINDOWS\tasks\At42.job
C:\WINDOWS\tasks\At43.job
C:\WINDOWS\tasks\At44.job
C:\WINDOWS\tasks\At45.job
C:\WINDOWS\tasks\At46.job
C:\WINDOWS\tasks\At47.job
C:\WINDOWS\tasks\At48.job
C:\WINDOWS\tasks\At5.job
C:\WINDOWS\tasks\At6.job
C:\WINDOWS\tasks\At7.job
C:\WINDOWS\tasks\At8.job
C:\WINDOWS\tasks\At9.job
\\ ROOTKIT !!
1 - "C:\Rooter$\Rooter_1.txt" - Mon 09/03/2009|22:49
\\ Scan completed at 22:49
i dont know what to do now. can anyone help please?0
Comments
-
-
-
-
-
-
Advertisement
-
none of those suggestions will help so don't waste your time
Please download OTMoveIt3 by OldTimer- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes explorer.exe :Services :Reg :Files C:\WINDOWS\system32\i7v501gc.exe C:\WINDOWS\system32\mCym70iY.exe C:\WINDOWS\tasks\At*.job :Commands [purity] [emptytemp] [start explorer] [Reboot]
- Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Download ComboFix from one of these locations:
Link 1
Link 2
* IMPORTANT !!! Save ComboFix.exe to your Desktop- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
- As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
- Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.0 -
-
-
-
hello
Please download OTMoveIt3 by OldTimer- Save it to your desktop.
- Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
- Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
:Processes explorer.exe :Services :Reg :Files c:\windows\system32\drivers\quadraserv.sys :Commands [purity] [emptytemp] [start explorer] [Reboot]
- Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
- Click the red Moveit! button.
- Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
- Close OTMoveIt3
Download RootRepeal.zip and unzip it to your Desktop.- Double click RootRepeal.exe to start the program
- Click on the Report tab at the bottom of the program window
- Click the Scan button
- In the Select Scan dialog, check:
- Drivers
- Files
- Processes
- SSDT
- Stealth Objects
- Hidden Services
[*]In the next dialog, select all drives showing
[*]Click OK to start the scanNote: The scan can take some time. DO NOT run any other programs while the scan is running[*]When the scan is complete, the Save Report button will become available
[*]Click this and save the report to your Desktop as RootRepeal.txt
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.
To attach a file, do the following:- Click Add Reply
- Under the reply panel is the Attachments Panel
- Browse for the attachment file you want to upload, then click the green Upload button
- Once it has uploaded, click the Manage Current Attachments drop down box
- Click on
to insert the attachment into your post
0 -
Advertisement
-
-
-
-
-
-
-
dang that took forever...
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, March 10, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 09, 2009 20:56:02
Records in database: 1883538
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\\
E:\
F:\
G:\
Scan statistics:
Files scanned: 61498
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 07:03:37
File name / Threat name / Threats count
C:\mango4\old data\wendy to work on\DIR106763\Outlook.pst Infected: EICAR-Test-File 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\gaopdxkdibcepu.dll.vir Infected: Rootkit.Win32.TDSS.gxu 1
The selected area was scanned.
also,, avg updated again in the background, but it keeps trying to get me to restart.. but i was waiting to hear back to see what to do next cuz kaspersky only scanned it hasnt removed anything yet...0 -
-
-
-
Advertisement
-
your logs are clean
Follow these steps to uninstall Combofix and tools used in the removal of malware- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )- Click the Pt. Restauration button and press OK to the prompts.
- Click the Corbeille button and press OK to the prompt.
- Click the Fichiers temp button and press OK to the prompt.
- Click the Recherche button and let it run ( it may look like it freezes but let it continue )
- Once it is done click the Suppression button and let it remove anything it finds.
- Close the program
Please download JavaRa to your desktop and unzip it to its own folder- Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
- Accept any prompts.
- Open JavaRa.exe again and select Search For Updates.
- Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.
Below I have included a number of recommendations for how to protect your computer against malware infections.- Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer. - SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
- SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
- Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
- ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
- MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
- Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
- Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
- ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
- Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
- Please read my guide on how to prevent malware and about safe computing here
0 -
-
-
Advertisement