Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Popups and something to do with Winlogon Notify [RESOLVED]


  • This topic is locked This topic is locked

#1
unfoix

unfoix

    Member

  • Member
  • PipPip
  • 19 posts
Hello all.
Here is my Hijack This log.

--------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 10:57:40 AM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\3d Studio Max\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Alcohol 52\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
D:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.pas...uth.srf?lc=1033
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsSys USB2 Driver] notpad.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\d8j00i1me8.dll
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\3d Studio Max\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol 52\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
------------------------------------------------------------------------------------------------------------

I guess the problem lies in O20 - Winlogon Notify: App Paths - C:\WINDOWS\system32\d8j00i1me8.dll, however when I remove this entry it only shows up again on the next scan. Also, if I remove the .dll in question in safe mode, it only resurfaces again with a different random name.

I also had issues with a bogus command.exe being placed in a random hidden directory in windows\system32\ , but have deleted that.

If anyone could help here it would be hugely appreciated!


-Unfoix
  • 0

Advertisements


#2
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Hello and welcome unfoix

Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive...ib/MSWINSCK.OCX
  • 0

#3
unfoix

unfoix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Thankyou very much! It seems to be all OK now.

Here are the logs:

------------------------------------------------------------------
Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 9/24/2006 11:21:04 AM

Infected! C:\WINDOWS\system32\d8j00i1me8.dll
Infected! C:\WINDOWS\system32\rXrv1032.dll
Infected! C:\WINDOWS\system32\fvusd.dll
Infected! C:\WINDOWS\system32\d8j00i1me8.dll
Infected! C:\WINDOWS\system32\s4rs0e97eh.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071759.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071752.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071765.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071771.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071772.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071774.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071780.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071783.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071789.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071792.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071793.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071802.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071810.dll
Infected! C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071811.dll
Infected! C:\WINDOWS\system32\guard.tmp

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\d8j00i1me8.dll
C:\WINDOWS\system32\d8j00i1me8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\rXrv1032.dll
C:\WINDOWS\system32\rXrv1032.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\fvusd.dll
C:\WINDOWS\system32\fvusd.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\d8j00i1me8.dll
C:\WINDOWS\system32\d8j00i1me8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\s4rs0e97eh.dll
C:\WINDOWS\system32\s4rs0e97eh.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071759.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071759.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071752.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071752.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071765.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071765.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071771.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071771.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071772.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071772.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071774.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071774.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071780.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071780.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071783.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071783.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071789.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071789.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071792.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071792.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071793.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071793.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071802.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071802.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071810.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071810.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071811.dll
C:\System Volume Information\_restore{CA019322-6CDD-4237-A708-9D7473CE3A9F}\RP237\A0071811.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\guard.tmp
C:\WINDOWS\system32\guard.tmp Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\App Paths

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{AA4A9FF3-6A21-420F-A318-18C7EE4F6008}"
HKCR\Clsid\{AA4A9FF3-6A21-420F-A318-18C7EE4F6008}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded
-----------------------------------------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:25:52 AM, on 9/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
D:\3d Studio Max\mentalray\satellite\raysat_3dsmax8server.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Alcohol 52\Alcohol 52\StarWind\StarWindService.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://loginnet.pas...uth.srf?lc=1033
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [WindowsSys USB2 Driver] notpad.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - D:\3d Studio Max\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Alcohol 52\Alcohol 52\StarWind\StarWindService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe
  • 0

#4
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Please restart HJT put a check next to the following, close all open windows and click “Fix Checked”

O4 - HKCU\..\Run: [WindowsSys USB2 Driver] notpad.exe

Next Reboot into SAFE MODE
Search for and delete the Files highlighted in BOLD

notpad.exe <-- You will need to use the search function to find the file

Restart your computer,

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


Post back a fresh HJT log as well please
  • 0

#5
unfoix

unfoix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
Alright.
Notpad.exe was physically removed some time ago, seems I've just forgotten to remove it here. Doing a search for it yields no results.

I'm also hesitant to install ActiveX or use IE, if you think it's really recommended to do the online scan I'll do it, I've just updated my mcafee dats and am running a full scan now though.
  • 0

#6
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts

Notpad.exe was physically removed some time ago, seems I've just forgotten to remove it here. Doing a search for it yields no results.


Thats fine if you know you removed it

I've just updated my mcafee dats and am running a full scan now though.


Thats fine let me now if it comes back with anything
  • 0

#7
unfoix

unfoix

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
All clear - thankyou sire.
  • 0

#8
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Your very welcome :whistling:

Please use the following suggestion to help prevent reinfection


Download the following program, For keeping crap off your system to begin with
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests. Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restrict the actions of potentially dangerous sites in Internet Explorer.
Download Spyware Blaster

Keep AD-Aware. and Spybot 1.4 handy, Check them for updates prior to running and run them weekly
Same with your Anti Virus,

For an added check run an online virus scan, you can use one of the 2 below,
TrendMicro's HouseCall
ActiveScan

Be sure and give the Temp folders a cleaning out now and then as well, A handy tool to do this
Please download ATF Cleaner by Atribune.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Remeber to Check Windows for updates

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?
  • 0

#9
don77

don77

    Malware Expert

  • Retired Staff
  • 18,526 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP