win32.trojandownler.zlob- downloader.agent.hvx [RESOLVED]
Started by
Raider 1
, Feb 05 2008 05:57 AM
-
This topic is locked
#16
Posted 06 February 2008 - 05:18 PM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
#17
Posted 06 February 2008 - 06:11 PM
Raider 1
- Topic Starter
-
- Member
-
- 24 posts
Member
I havn't done anything except talk with you but it did seem better after I ran the combofix and the avp anti-spyware the first time. I'll try a few things and update you. I still have 16 infected files in the AVP anti-spyware quarantine. Should I delete them?
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/06/2008 at 01:38 PM
Application Version : 3.9.1008
Core Rules Database Version : 3396
Trace Rules Database Version: 1388
Scan type : Complete Scan
Total Scan Time : 01:54:55
Memory items scanned : 400
Memory threats detected : 0
Registry items scanned : 5636
Registry threats detected : 0
File items scanned : 58151
File threats detected : 24
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 02/06/2008 at 01:38 PM
Application Version : 3.9.1008
Core Rules Database Version : 3396
Trace Rules Database Version: 1388
Scan type : Complete Scan
Total Scan Time : 01:54:55
Memory items scanned : 400
Memory threats detected : 0
Registry items scanned : 5636
Registry threats detected : 0
File items scanned : 58151
File threats detected : 24
#18
Posted 06 February 2008 - 06:13 PM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
Your logs look good ! We need to do a few things
Now lets uninstall Combofix:
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here
* SpywareGuard offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here
Thank you for your patience, and performing all of the procedures requested.
Now lets uninstall Combofix:
- Click START then RUN
- Now type Combofix /u in the runbox and click OK
- Delete ComboFix and its associated files and folders.
- Delete VundoFix backups, if present
- Delete the C:\Deckard folder, if present
- Delete the C:_OtMoveIt folder, if present
- Reset the clock settings.
- Hide file extensions, if required.
- Hide System/Hidden files, if required.
- Reset System Restore.
- Make sure you have an Internet Connection.
- Double-click OTMoveIt2.exe to run it.
- Click on the CleanUp! button
- A list of tool components used in the Cleanup of malware will be downloaded.
- If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
- Click Yes to beging the Cleanup process and remove these components, including this application.
- You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.
You now need to update your Java and remove your older versions.
Please follow these steps to remove older version Java components.
* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.
Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here
Below I have included a number of recommendations for how to protect your computer against malware infections.
* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here
* SpywareGuard offers realtime protection from spyware installation attempts.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here
* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here
Thank you for your patience, and performing all of the procedures requested.
#19
Posted 07 February 2008 - 06:26 PM
Raider 1
- Topic Starter
-
- Member
-
- 24 posts
Member
THANX Rorschach112 ! She's runnin like a champ! I'm certainly glad there's guys like you and the geeks staff out there helping people who otherwise might not have any other options. Thanx again!. I'll be leaving a donation under the name Rangely Gear. NORT
#20
Posted 07 February 2008 - 06:30 PM
Rorschach112
-
- Retired Staff
-
- 47,710 posts
Ralphie
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. 
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
