[Crustyoldbloke]

I guess you were unlucky then Don.

Just thinking about the search for *.cpl, this might be a bit easier to do.

Copy this text into NOTEPAD and save (all files) it to your DESKTOP as find.bat

dir C:\windows\system32\*.cpl>>log.txt

Double click find.bat and a few seconds later a text file will appear. Please post the text file.

Edited by Crustyoldbloke, 23 August 2006 - 01:44 PM.

[Advertisements]

 log.txt   3.11KB   163 downloads

Phil,

After running http://securityrespo...er/FxNetOpt.exe I got this message:
Adware.net optimizar has not been found on your computer......guess this is good?

Good thing you gave me another way to display the *cpl file as in my attempt to copy it from seach I somehow wiped out all 42 files that the seach found, otherwise, when I run it now I get no results!

[Don Stewart]

 log.txt   3.11KB   163 downloads

Phil,

After running http://securityrespo...er/FxNetOpt.exe I got this message:
Adware.net optimizar has not been found on your computer......guess this is good?

Good thing you gave me another way to display the *cpl file as in my attempt to copy it from seach I somehow wiped out all 42 files that the seach found, otherwise, when I run it now I get no results!

[Crustyoldbloke]

Hello Don

I thought NetOptimizer was benign and that proves it.

Now for the deletion:

Please install Killbox by Option^Explicit.

• Please double-click Killbox.exe to run it.
• Select Delete on Reboot
• then Click on the All Files button.
• Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\windows\system32\av.cpl

• Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  
• Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Reboot normally

Is everything now OK?

[Don Stewart]

What if anything do I put in the empty Killbox window: Full path of file to delete? I tried C:\windows\system32\av.cpl that you had noted, but Killbox does not run with that or blank??? help!

[Crustyoldbloke]

OK Don, let's do it manually then.

Reboot to safe mode, then using Windows Explorer, navigate to this file and delete it:

C:\windows\system32\av.cpl

Reboot normally.

[Don Stewart]

Will do tonight and I'm at home tomorrow, Friday......although I do have some Dr. appointments, 1st @ 9 AM.
I wil be on early 7 AM PST. So I will delete that file manually, in the Safe mode. What about all these other instructions, do they apply in the Safe mode also?

Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

C:\windows\system32\av.cpl
Return to Killbox, go to the File menu, and choose Paste from Clipboard.

Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

[Crustyoldbloke]

Don, you said that Killbox wouldn't accept the file path, so I've abandoned that method in favour of the manual deletion.

[Don Stewart]

Phil,

Will do tonight and do you want one last? HiJack log when deleted and if so do I run it in the Normal mode?

What about all the virus? software programs that I have downloaded, what do I do with them?

[Crustyoldbloke]

Don

I won't need to see a further HJT log, just your confirmation that all is as it should be will suffice. I will then give you final instructions and some advice.

As for everything you have downloaded, keep what you have use for and discard the rest, however I would strongly recommend that you keep Ccleaner and get into the habit of using it daily.

[Don Stewart]

Phil,

All is WELL, as even WinAntiVirus Pro2006 is now gone from the Control Panel option window and I got rid of the dial-up connection pop-up at log-in! NICE JOB!

[Crustyoldbloke]

Congratulations! your system is clean. Just a little bit more to do to prevent further infection.

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
I recommend going to the following link and update as recommended by Microsoft. This adds more security and extra features including a pop-up blocker for Internet Explorer. Microsoft Update

MVPS Hosts file This replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.

SiteAdvisor download this plug-in for your browser and it will alert you of a known bad site for FREE.

Now that everything is fixed, I suggest that you consider getting these programmes to help keep the computer clean:

SPYWARE BLASTER - Blocks bad ActiveX items from installing on your computer.
WINDOWS DEFENDER - With daily updates and scans, this programme offers good security against malware.
AD-AWARE PERSONAL – A fine free malware detector and removal programme
SPYBOT S&D – Excellent free spyware detector and removal programme
GOOGLE TOOLBAR - Blocks many unwanted pop-ups in Internet Explorer.
FIREFOX - Safer alternative to the Internet Explorer web browser.
AVG ANTIVIRUS FREE EDITION - Free antivirus programme if you currently are not using one.
ZONEALARM - Free firewall programme if you currently are not using one (Windows XP has a built-in firewall).

Remember to update these frequently.

Please note that whilst there is nothing wrong in having more than one antispyware programme for “on demand” scanning, having two or more antivirus systems is not recommended as they may well cause conflicts and slowness.

You may also want to read "How did I get infected in the first place" to learn how to better secure your computer.

Be sure to keep your Windows, antispyware and antivirus updated.

It just remains for me to wish you happy safe surfing; I hope you found my advice helpful.

[Don Stewart]

Phil,
So when I click on Microslft Update and all it give me is this:
Thank you for your interest in Windows Update

Windows Update is the online extension of Windows that helps you get the most out of your computer.

The latest version of Windows Update is available on computers that are running Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium Edition, Windows 2000 (except Windows 2000 Datacenter Server), Windows XP, and the Windows Server 2003 family.

Does this mean I'm already up to date?

Also, will SiteAdvisor interfer with existing EarthLink protection?

[Crustyoldbloke]

From what I can tell, you appear to be uptodate with Windows. I recommend that you enable automatic updates in the Security Centre in the Control Panel, if you haven't already done so.

Site Advisor is OK with other programmes.

[Don Stewart]

Phil,
Looks like it is going to take awhile to download all these software protection programs. I'm saving them to a special folder, not my desk top. So I should run these every so often or when I get in trouble? I do have the Earthlink Protection Center that I run weekly and I requested that CCleaner run at start-up, but didn't seem to work the 1st re-boot.....but since it is on my desktop, I will remember to run it OFTEN.

Note: I do not log on daily, maybe 4 times a week.

Anything else, now that you have cleaned my system? Do you have a recomment donation?

[Crustyoldbloke]

Don,

That all sounds very prudent. You should do OK with the extra security steps you are now taking.

Donations are left to individuals to contemplate, there is no set amount. You have to view this in terms of what was the advice worth in the context of what can I afford. Everyone is different.

Take care my friend and I wish you happy, safe surfing!