Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

System auto shuts down while scanning for virus [RESOLVED]


  • This topic is locked This topic is locked

#31
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Kaspersky finishing its scan is good news. Now to work on Antivir... :)

Let reinstall Antivir...

First, click here to download Antivir Personal Free Antivirus.


Once done, disconnect Internet connection...

Next,

Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

Avira AntiVir Personal – Free Antivirus

Please note any other programs that you dont recognize in that list in your next response

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

C:\Program Files\Avira

Reboot computer.

Then,

  • Install Antivir
  • Re-connect Internet then Update definitions
  • Perform a complete scan and see if it'll complete its run this time.

Next,

click on Start, click on Run
copy and paste the following in bold in the open window and then click OK
"%userprofile%\desktop\dss.exe" /config
This will open up DSS configuration
click on Check All then Uncheck All
Place a check on "File Associations" and "Event Logs"
click Scan
DSS will now run again when finished
Please post back logs that open in notepad.

Let me know how it turns out.
  • 0

Advertisements


#32
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
yes i already run the second "search.bat", (by saving on the desktop), but the file "longit.txt" was still empty after the scan. :)
  • 0

#33
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
sorry, i was confused... didn't see ur last post...
ok i'm reinstalling antivir...

Thank you
  • 0

#34
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello... after reinstalling avira, the system still auto shut down during the complet scan. :) :)

Here are the logs after scanning with DSS:

Thank you...

Main:

Deckard's System Scanner v20071014.68
Run by Public on 2008-06-12 09:00:45
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Percentage of Memory in Use: 78% (more than 75%).
Total Physical Memory: 511 MiB (512 MiB recommended).


-- File Associations -----------------------------------------------------------

All associations okay.


-- End of Deckard's System Scanner: finished at 2008-06-12 09:00:46 ------------


Extra

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- Application Event Log -------------------------------------------------------

Event Record #/Type686 / Error
Event Submitted/Written: 06/09/2008 11:50:23 AM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application mplayerc.exe, version 6.4.9.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type677 / Warning
Event Submitted/Written: 06/08/2008 08:25:19 PM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
TR/PSW.OnlineGames.aleuF:\jdwx.exe

Event Record #/Type628 / Error
Event Submitted/Written: 06/06/2008 11:37:44 AM
Event ID/Source: 1000 / Application Error
Event Description:
Faulting application iexplore.exe, version 7.0.6000.16640, faulting module kavwebscan.dll, version 5.0.98.0, fault address 0x0000540a.
Processing media-specific event for [iexplore.exe!ws!]

Event Record #/Type586 / Warning
Event Submitted/Written: 06/05/2008 08:00:50 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W95/Blumblebee.1738C:\System Volume Information\_restore{BF80532B-0258-4063-9A49-EE9E0AD2B7BA}\RP36\A0004276.dll

Event Record #/Type575 / Warning
Event Submitted/Written: 06/04/2008 06:39:53 AM
Event ID/Source: 4113 / Avira AntiVir
Event Description:
W95/Blumblebee.1738C:\Program Files\Panda Security\ActiveScan 2.0\pskavs.dll



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type2867 / Error
Event Submitted/Written: 06/12/2008 08:56:55 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type2866 / Error
Event Submitted/Written: 06/12/2008 08:56:55 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.

Event Record #/Type2865 / Error
Event Submitted/Written: 06/12/2008 08:56:55 AM
Event ID/Source: 32 / SideBySide
Event Description:
Dependent Assembly Microsoft.VC80.MFCLOC could not be found and Last Error was The referenced assembly is not installed on your system.

Event Record #/Type2819 / Error
Event Submitted/Written: 06/12/2008 08:19:13 AM
Event ID/Source: 59 / SideBySide
Event Description:
Generate Activation Context failed for C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80U.DLL.
Reference error message: The operation completed successfully.
.

Event Record #/Type2818 / Error
Event Submitted/Written: 06/12/2008 08:19:13 AM
Event ID/Source: 59 / SideBySide
Event Description:
Resolve Partial Assembly failed for Microsoft.VC80.MFCLOC.
Reference error message: The referenced assembly is not installed on your system.
.



-- End of Deckard's System Scanner: finished at 2008-06-12 09:00:46 ------------
  • 0

#35
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey samsungR50,

I didn't find anything wrong with logs you posted. Usually, doing a reinstall would have resolved program issues like this. It didn't work this time which leads me to the conclusion that the problem itself is related to Antivir. Possible conflict with how your system is set up, other installed programs perhaps or a programming bug maybe the culprit. Unfortunately, I can no longer help you any further with regards to this.

To save time. If you are not that hooked on using Antivir. Consider switching Antivirus software. You can choose from one of these good antivirus which are also free for personal use.

.

Note: We advise users to uninstall existing Antivirus softwares first before installing a new one. Having two AV running at the same time not only takes up system resources but also causes system conflicts providing the end user with less protection, not more.

If yes, Install chosen AV software, update then perform a complete scan.

Let me know what you decide on so we can proceed with some minor housekeeping and recommendations.

Edited by koko_crunch, 24 June 2008 - 08:14 PM.
removed link

  • 0

#36
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello koko_crunch,

thank you a lot for yor time so far.
hmm... i think decide to uninstall avira and use avast instead. please give some recommendations if any.

1 more thing, i have a compatible RAM module of 1gb, and could i install it back to my machine? it was first there, and i thought the problem come from it, since it may cause instlability using different module (512 Mb + 1054 Mb) that is why i removed it. Please give advice...

Thank you
  • 0

#37
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey samsungR50,

Unfortunately, I can't help you with that since my area is Malware Removal. You should post in our System Building and Upgrading Section . One of our experts will surely be glad to help you.

You can start a topic right now while I prepare instructions for system optimization. Could you post a new HijackThis log for me.

By the way, have you installed Avast already? No problems during a complete scan?

koko

Also, Could you do one final Online scan for me just to be sure.

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Logs required.

- New HijackThis log
- KAV online log

Edited by koko_crunch, 13 June 2008 - 08:33 AM.

  • 0

#38
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Hello!!!

Yes i have installed avast already. and the complete scan has been successfully performed during the reboot, but there was no detection.

By the way, i have run Kasperky online scan as per your request. The scan has also been successfully completed and below is the report:

Please see also the log file of HJT below the KAV report.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Friday, June 13, 2008
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, June 13, 2008 15:00:21
Records in database: 860033
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 42550
Threat name: 1
Infected objects: 1
Suspicious objects: 0
Duration of the scan: 01:21:02


File name / Threat name / Threats count
D:\Les Logiciels\Dictionaires\COED11_oxford\install.exe Infected: not-a-virus:AdWare.Win32.EShoper.p 1

The selected area was scanned.


Hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:29, on 2008-06-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [Le Petit Robert Hyperappel] C:\Program Files\Le Robert\Le Petit Robert\prhyper.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" /NoDialog (User 'Default user')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} - http://downloads.ewi...oOnlineScan.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{CCB9F5A8-DACC-4E71-8ADD-5716DD651582}: NameServer = 202.56.215.6,202.56.230.6
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: WLANKEEPER - Intel® Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 8691 bytes
  • 0

#39
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
It's good to hear that computers is working fine. :)

With that said...

Congratulations, your log is clean! :)
We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Then, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Restart your computer.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]
System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.

If you don't have one yet, you should install a good firewall. Here are 3 free ones available for personal use:
and a good antivirus (these are also free for personal use):
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit
monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Goodluck! :)
  • 0

#40
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Ok, now to work on system performance and do some maintenance work. :)

The following suggestions are purely optional.

Disclaimer: Following these instructions will increase system performance. Consequently, certain programs may not open as quickly as they once did due to the fact that they need time loading into memory.


Let's begin...

Step1.

  • Double click on Yahoo! Messenger on System tray
  • You need to log in to your account to complete next step
  • Once logged in, click on Messenger menu then select Preferences
  • Under the General tab, uncheck "automatically start Yahoo! Messenger"
  • Click Ok then exit.

============================

Disable SuperAntispyware?!?!?!

SuperAntispyware Professional has Realtime protection that is required to run on start up.
If you are using SuperAntispyware Free Edition, this feature is disabled, so might as well remove it from Windows Start-up.

  • Double-click on SuperAntispyware on your system stary.
  • SuperAntispyware Control window will now open.
  • Locate "Preferences" button then click on it.
  • Under "Start-up Options", uncheck "Start SuperAntispyware when Windows starts" then close.
  • Exit program.
Step2.

Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Nokia.PCSync] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSync2.exe" /NoDialog
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Now close all windows other than HiJackThis, then click Fix Checked.
Exit HiJackThis.

Notes:
Listed above are programs that are not required to load during startup.
The following programs are not deleted/uninstalled from the system but are merely removed from start-up.
If you want to access programs you usually find on your system tray, just go to Start >> Programs then navigate to program needed.

Step3.

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step4.

Please download TuneUp Utilities then install.
This is a commercial software with a 30-day trial version.

After installation,

Click on Start >> Programs >> TuneUp Utilities >> Utilities >> TuneUp System Optimizer
A Trial Version reminder window will open, Select Continue Testing.
Once inside System Optimizer, navigate to the left-side of screen click on;


1-Click Maintenance
Click on Start Scan button to begin.
Once scan completes, Select Correct Problems
then Finish.

============================================

System Advisor
A list of recommendations and suggestions will appear.
These are not required but are considered as optionals.

============================================

Internet Optimization
Select Connection type then Next.
Once optimization is complete, you will be prompted to reboot.

============================================

System Optimization
Under Visual effects, select desired option.
Under Use of the Computer, select appropriate option.
Once optimization is complete, you may be prompted to reboot.

Step5.

Defragment you Hard drive

  • On your desktop, please double-click on My Computer
  • Right-click on Local Disk then select Properties.
  • On the Tools tab, click on Defragment Now. The Disk Defragmenter will open with a list of hard disk drives present on your system.
  • Select primary hard disk and then click Analyze. This will determine if your harddisk needs Disk Defragmentation.
  • If required, click on Defragment.
  • Please be patient as Disk Defragmenter may take sometime to finish. This may take several hours depending on the amount of data that needs to be moved.
  • Once complete, you can continue and select remaining drives you wish to defrag.

Step6.

Download PageDefrag then save to your Desktop.

  • Right-click on PageDefrag.zip then select "Extract All"
  • Extraction wizard will open, just lick on "Next", extract to C:\.
  • Next, click Start >> Run >> Copy and Paste contents of codebox below.

    c:\pagedefrag -o
  • Press Enter then Reboot Computer.
  • During system boot it will attempt to defrag your paging files and Registry hives.

Hope this helps... Have nice day! :)
  • 0

Advertisements


#41
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Thank you again for your help... i will perform the clean up as per your instructions... by the way, i would like to ask you about the virus that was discovered by the Kasperky online scan. will we need to delete this virus or not?

"File name / Threat name / Threats count
D:\Les Logiciels\Dictionaires\COED11_oxford\install.exe Infected: not-a-virus:AdWare.Win32.EShoper.p 1"
  • 0

#42
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
This could be a file related to Concise Oxford English Dictionary or it is not. Unfortunately, there are many files named install.exe. So I can't be too sure. You can delete it and if it doesn't affect Oxford in anyway, then I wouldn't worry about it.

File located at: D:\Les Logiciels\Dictionaires\COED11_oxford\install.exe

Edited by koko_crunch, 13 June 2008 - 12:33 PM.

  • 0

#43
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Ok thank you so much koko_crunch for your helps...

i have another computer which i think also has been infected by viruses/malwares... It destroys all printers in the computer, and i cannot install any printer back... also the mouse has double click problem...

should i start a new post or could i continue with this post?

Thank you...
  • 0

#44
koko_crunch

koko_crunch

    Trusted Helper

  • Retired Staff
  • 1,751 posts
Hey samsungR50,

Please go through instructions here first.

One you finish then you can start a new topic. :)

koko

Edited by koko_crunch, 13 June 2008 - 12:53 PM.

  • 0

#45
samsungR50

samsungR50

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Ok thank you... i will post a new topic :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP