Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

help remove please (gebyx.dll virtumondo) [RESOLVED]

Started by bbeatz , Mar 24 2008 06:03 AM

This topic is locked

#1
bbeatz

Posted 24 March 2008 - 06:03 AM

New Member

Member
9 posts

[03/24/2008, 3:35:09] - VirtumundoBeGone v1.5 ( "E:\Documents and Settings\Crisp Beatz\Desktop\VirtumundoBeGone.exe" )
[03/24/2008, 3:35:25] - Detected System Information:
[03/24/2008, 3:35:25] - Windows Version: 5.1.2600, Service Pack 2
[03/24/2008, 3:35:25] - Current Username: Crisp Beatz (Admin)
[03/24/2008, 3:35:25] - Windows is in NORMAL mode.
[03/24/2008, 3:35:25] - Searching for Browser Helper Objects:
[03/24/2008, 3:35:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/24/2008, 3:35:25] - BHO 2: {45C2A50F-8F4A-496E-AF02-D0207525BF5A} ()
[03/24/2008, 3:35:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 3:35:25] - Checking for HKLM\...\Winlogon\Notify\awttrst
[03/24/2008, 3:35:25] - Found: HKLM\...\Winlogon\Notify\awttrst - This is probably Virtumundo.
[03/24/2008, 3:35:25] - Assigning {45C2A50F-8F4A-496E-AF02-D0207525BF5A} MSEvents Object
[03/24/2008, 3:35:25] - BHO list has been changed! Starting over...
[03/24/2008, 3:35:25] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/24/2008, 3:35:25] - BHO 2: {45C2A50F-8F4A-496E-AF02-D0207525BF5A} (MSEvents Object)
[03/24/2008, 3:35:25] - ALERT: Found MSEvents Object!
[03/24/2008, 3:35:25] - BHO 3: {4BA1C8DC-D025-41E5-9F3F-BB085E8E3654} ()
[03/24/2008, 3:35:25] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 3:35:25] - Checking for HKLM\...\Winlogon\Notify\gebyx
[03/24/2008, 3:35:25] - Key not found: HKLM\...\Winlogon\Notify\gebyx, continuing.
[03/24/2008, 3:35:25] - Finished Searching Browser Helper Objects
[03/24/2008, 3:35:25] - *** Detected MSEvents Object
[03/24/2008, 3:35:25] - Trying to remove MSEvents Object...
[03/24/2008, 3:35:26] - Terminating Process: IEXPLORE.EXE
[03/24/2008, 3:35:27] - Terminating Process: RUNDLL32.EXE
[03/24/2008, 3:35:27] - Disabling Automatic Shell Restart
[03/24/2008, 3:35:27] - Terminating Process: EXPLORER.EXE
[03/24/2008, 3:35:27] - Suspending the NT Session Manager System Service
[03/24/2008, 3:35:27] - Terminating Windows NT Logon/Logoff Manager
[03/24/2008, 3:35:27] - Re-enabling Automatic Shell Restart
[03/24/2008, 3:35:27] - File to disable: E:\WINDOWS\system32\awttrst.dll
[03/24/2008, 3:35:27] - Renaming E:\WINDOWS\system32\awttrst.dll -> E:\WINDOWS\system32\awttrst.dll.vir
[03/24/2008, 3:35:28] - File successfully renamed!
[03/24/2008, 3:35:28] - Removing HKLM\...\Browser Helper Objects\{45C2A50F-8F4A-496E-AF02-D0207525BF5A}
[03/24/2008, 3:35:28] - Removing HKCR\CLSID\{45C2A50F-8F4A-496E-AF02-D0207525BF5A}
[03/24/2008, 3:35:28] - Adding Kill Bit for ActiveX for GUID: {45C2A50F-8F4A-496E-AF02-D0207525BF5A}
[03/24/2008, 3:35:28] - Deleting ATLEvents/MSEvents Registry entries
[03/24/2008, 3:35:28] - Removing HKLM\...\Winlogon\Notify\awttrst
[03/24/2008, 3:35:28] - Searching for Browser Helper Objects:
[03/24/2008, 3:35:28] - BHO 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} (Adobe PDF Reader Link Helper)
[03/24/2008, 3:35:28] - BHO 2: {4BA1C8DC-D025-41E5-9F3F-BB085E8E3654} ()
[03/24/2008, 3:35:28] - WARNING: BHO has no default name. Checking for Winlogon reference.
[03/24/2008, 3:35:28] - Checking for HKLM\...\Winlogon\Notify\gebyx
[03/24/2008, 3:35:28] - Key not found: HKLM\...\Winlogon\Notify\gebyx, continuing.
[03/24/2008, 3:35:28] - Finished Searching Browser Helper Objects
[03/24/2008, 3:35:28] - Finishing up...
[03/24/2008, 3:35:28] - A restart is needed.
[03/24/2008, 3:35:55] - Attempting to Restart via STOP error (Blue Screen!)

thank you for any help u offer in advance

#2
JSntgRvr

Posted 28 March 2008 - 06:12 AM

Global Moderator

Global Moderator
11,579 posts

Hi, bbeatz.

Welcome

Click here to download HJTInstall.exe

Save HJTInstall.exe to your desktop.
Doubleclick on the HJTInstall.exe icon on your desktop.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

#3
bbeatz

Posted 30 March 2008 - 08:15 AM

New Member

Topic Starter
Member
9 posts

First thanx for gettin back to me

now then here it is...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:10:20 AM, on 3/30/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Comodo\Firewall\cmdagent.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
E:\Program Files\Eset\nod32krn.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\MsPMSPSv.exe
E:\WINDOWS\system32\wscntfy.exe
E:\WINDOWS\system32\RUNDLL32.EXE
E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE
E:\WINDOWS\system32\CTHELPER.EXE
E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
E:\Program Files\Eset\nod32kui.exe
E:\Program Files\Comodo\Firewall\CPF.exe
E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPZSTC07.EXE
E:\Program Files\BitTorrent\bittorrent.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [NvMediaCenter] "RUNDLL32.EXE" E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTSysVol] "E:\Program Files\Creative\SBAudigy2\Surround Mixer\CTSysVol.exe"
O4 - HKLM\..\Run: [CTDVDDet] "E:\Program Files\Creative\SBAudigy2\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [CTStartup] "E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /run
O4 - HKLM\..\Run: [H2O] "E:\Program Files\SyncroSoft\Pos\H2O\cledx.exe"
O4 - HKLM\..\Run: [nod32kui] "E:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [COMODO Firewall Pro] "E:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [SB Audigy 2 Startup Menu] "E:\Program Files\Creative\SBAudigy2\Program\Startup Menu\Audigy.EXE" /L:ENG
O4 - HKCU\..\Run: [BitTorrent DNA] "E:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "E:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "E:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\RunOnce: [CTStartup] "E:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE" /play
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: MagicDisc.lnk = E:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: hp psc 2000 Series.lnk = E:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - E:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - E:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NMIndexingService - Unknown owner - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe (file missing)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - E:\Program Files\Eset\nod32krn.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - E:\WINDOWS\system32\HPZipm12.exe

--
End of file - 4739 bytes

#4
JSntgRvr

Posted 30 March 2008 - 09:18 AM

Global Moderator

Global Moderator
11,579 posts

Hi, bbeatz

The is no malware visible in that log. Lets take a deeper look:

Posted Image

Download Deckard's System Scanner (DSS) from here or here to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of both, the main.txt and the extra.txt in your next reply.

If the files are too long, attach them to a reply:

Scroll down to the [Manage Attachments] section
Browse to the following folder:
- C:\Deckard\System Scanner
Click Upload to upload these files one by one
Submit your reply

#5
bbeatz

Posted 31 March 2008 - 05:22 AM

New Member

Topic Starter
Member
9 posts

This scan found it!

u r appreciated friend

Attached Files

main.txt 37.99KB 184 downloads
extra.txt 18.2KB 135 downloads

#6
JSntgRvr

Posted 31 March 2008 - 06:51 AM

Global Moderator

Global Moderator
11,579 posts

Hi, bbeatz.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 5.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java version.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on the download to install the newest version.

Alternate download:

http://filehippo.com...d_java_runtime/

Please download VundoFix.exe to your desktop.

Note: In the event you already have Vundofix, this is a new version that I need you to download.

Double-click VundoFix.exe to run it.
You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
When VundoFix re-opens, click the Scan for Vundo button.
Once it's done scanning, click the FixVundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will shutdown your computer, click OK.
Turn your computer back on.
Please post the contents of C:\vundofix.txt in your next reply.

Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears at reboot.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

#7
bbeatz

Posted 02 April 2008 - 07:19 AM

New Member

Topic Starter
Member
9 posts

thanx so much for taking time out to help me

Attached Files

VundoFix.txt 480bytes 111 downloads
ComboFix.txt 16.51KB 131 downloads

#8
JSntgRvr

Posted 02 April 2008 - 10:42 AM

Global Moderator

Global Moderator
11,579 posts

Hi, bbeatz

Copy the entire contents of the Quote Box below to Notepad.
Name the file as CFScript.txt
Change the Save as Type to All Files
and Save it on the desktop

File::
E:\WINDOWS\system32\cpnprt2.cid
E:\WINDOWS\system32\gebyx.Vdll
E:\WINDOWS\unvise32qt.exe
E:\WINDOWS\system32\tmp610F4.FOT
E:\WINDOWS\system32\tmp530F4.FOT
E:\WINDOWS\system32\tmpBCCB4.FOT
E:\WINDOWS\system32\tmpAECB4.FOT
E:\WINDOWS\system32\tmpA71C5.FOT
E:\WINDOWS\system32\tmp991C5.FOT
E:\WINDOWS\system32\awttrst.dll.vir

Folder::
E:\Program Files\Coupons
E:\Documents and Settings\All Users\Application Data\Trymedia

DirLook::
E:\WINDOWS\system32\TmpA11162781

Once saved, referring to the picture above, drag CFScript.txt into ComboFix.exe, and post back the resulting report along with a Hijackthis log..

#9
bbeatz

Posted 02 April 2008 - 06:19 PM

New Member

Topic Starter
Member
9 posts

here ya go

Attached Files

hijackthis.log2.txt 5.58KB 102 downloads
log.txt2.txt 18.99KB 131 downloads

#10
JSntgRvr

Posted 02 April 2008 - 06:31 PM

Global Moderator

Global Moderator
11,579 posts

Hi, bbeatz

Lets chck for remnants:

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

#11
bbeatz

Posted 02 April 2008 - 10:11 PM

New Member

Topic Starter
Member
9 posts

Malwarebytes' Anti-Malware 1.10
Database version: 586

Scan type: Quick Scan
Objects scanned: 27868
Time elapsed: 3 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\cpbrkpie.coupon6ctrl.1 (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{9522b3fb-7a2b-4646-8af6-36e7f593073c} (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{a85a5e6a-de2c-4f4e-99dc-f469df5a0eec} (Adware.CouponBar) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{50ccd00a-66b6-4d95-aaef-8ee959498f92} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\stfngdvw.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
E:\WINDOWS\CouponPrinter.ocx (Adware.CouponBar) -> Quarantined and deleted successfully.

#12
JSntgRvr

Posted 03 April 2008 - 10:26 AM

Global Moderator

Global Moderator
11,579 posts

Hi, bbeatz

How is the computer doing?

#13
bbeatz

Posted 04 April 2008 - 06:13 AM

New Member

Topic Starter
Member
9 posts

its running fine thank you again
you got rid of the vundo

#14
JSntgRvr

Posted 04 April 2008 - 10:36 AM

Global Moderator

Global Moderator
11,579 posts

Hi, bbeatz.

Congratulations. Posted Image

Reset and Re-enable your System Restore to remove bad files that have been backed up by Windows. The files in System Restore are protected to prevent any programmes changing them. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.)

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK..

Since the tools we used to scan the computer, as well as tools to delete files and folders, are no longer needed, they should be removed, as well as the folders created by these tools.

Follow these steps to uninstall Combofix and tools used in the removal of malware

Click START then RUN
Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Create a Restore point (If the above process fails):

Click Start, point to All Programs, point to Accessories, point to System Tools, and then click System Restore.
In the System Restore dialog box, click Create a restore point, and then click Next.
Type a description for your restore point, such as "After Cleanup", then click Create.

The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.

Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
ZonedOut + IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
CleanUP! - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
Read and follow the suggestions given at this web site by Miekiemoes http://users.telenet...prevention.html .

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

Best wishes! Posted Image