Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Sophos anti-root kit found 53 unknown hidden files HELP [RESOLVED]


  • This topic is locked This topic is locked

#16
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
The scan is still going at 61%, and it has found virus/infections.
99% now.

Edited by kelkay, 05 June 2008 - 12:16 PM.

  • 0

Advertisements


#17
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
It takes a while but it is worth it
  • 0

#18
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, June 05, 2008 1:58:32 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 5/06/2008
Kaspersky Anti-Virus database records: 831358
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\

Scan Statistics:
Total number of scanned objects: 188454
Number of viruses found: 9
Number of infected objects: 37
Number of suspicious objects: 4
Duration of the scan process: 02:41:52

Infected Object Name / Virus Name / Last Action
C:\ATT_SST_Installer.exe/WISE0107.BIN/WISE0008.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\ATT_SST_Installer.exe/WISE0107.BIN/WISE0009.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\ATT_SST_Installer.exe/WISE0107.BIN Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\ATT_SST_Installer.exe WiseSFX: infected - 3 skipped
C:\ATT_SST_Installer.exe WiseSFXDropper: infected - 3 skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstderr.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aolstdout.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\aoltsmon.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\cache.db Object is locked skipped
C:\Documents and Settings\All Users\Application Data\AOL\TopSpeed\2.0\server.lock Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Kontiki\error.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Kelly\Application Data\$_hpcst$.hpc Object is locked skipped
C:\Documents and Settings\Kelly\Application Data\Mozilla\Profiles\default\gmhewwtn.slt\abook.mab Object is locked skipped
C:\Documents and Settings\Kelly\Application Data\Mozilla\Profiles\default\gmhewwtn.slt\cert8.db Object is locked skipped
C:\Documents and Settings\Kelly\Application Data\Mozilla\Profiles\default\gmhewwtn.slt\history.dat Object is locked skipped
C:\Documents and Settings\Kelly\Application Data\Mozilla\Profiles\default\gmhewwtn.slt\key3.db Object is locked skipped
C:\Documents and Settings\Kelly\Application Data\Mozilla\Profiles\default\gmhewwtn.slt\Mail\pop.att.yahoo-1.com\Inbox.msf Object is locked skipped
C:\Documents and Settings\Kelly\Application Data\Mozilla\Profiles\default\gmhewwtn.slt\Mail\pop.att.yahoo-1.com\Trash.msf Object is locked skipped
C:\Documents and Settings\Kelly\Application Data\Mozilla\Profiles\default\gmhewwtn.slt\panacea.dat Object is locked skipped
C:\Documents and Settings\Kelly\Application Data\Mozilla\Profiles\default\gmhewwtn.slt\parent.lock Object is locked skipped
C:\Documents and Settings\Kelly\Application Data\Mozilla\registry.dat Object is locked skipped
C:\Documents and Settings\Kelly\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kelly\Desktop\Navilog1.exe/file11 Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Kelly\Desktop\Navilog1.exe Inno: infected - 1 skipped
C:\Documents and Settings\Kelly\DoctorWeb\spiderml.log Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Application Data\Mozilla\Profiles\default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Application Data\Mozilla\Profiles\default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Application Data\Mozilla\Profiles\default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Application Data\Mozilla\Profiles\default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Temp\WCESLog.log Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Temp\~DF56D5.tmp Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Temp\~DF62AE.tmp Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Temp\~DF79C.tmp Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Kelly\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kelly\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kelly\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\omn.msi/omnF01.cab/omn_Kernel.js0 Suspicious: Trojan-Downloader.JS.gen skipped
C:\omn.msi/omnF01.cab Suspicious: Trojan-Downloader.JS.gen skipped
C:\omn.msi Embedded: suspicious - 2 skipped
C:\Program Files\DrWeb\infected.!!!\A0182045.#xe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\Program Files\DrWeb\infected.!!!\A0182045.#xe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\Program Files\DrWeb\infected.!!!\A0182045.#xe WiseSFX: infected - 2 skipped
C:\Program Files\DrWeb\infected.!!!\A0182045.#xe WiseSFXDropper: infected - 2 skipped
C:\Program Files\DrWeb\infected.!!!\A0182046.#xe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\Program Files\DrWeb\infected.!!!\A0182046.#xe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\Program Files\DrWeb\infected.!!!\A0182046.#xe WiseSFX: infected - 2 skipped
C:\Program Files\DrWeb\infected.!!!\A0182046.#xe WiseSFXDropper: infected - 2 skipped
C:\Program Files\DrWeb\infected.!!!\A0182117.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\DrWeb\infected.!!!\A0182117.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\DrWeb\infected.!!!\A0182117.exe NSIS: infected - 2 skipped
C:\Program Files\DrWeb\infected.!!!\CompaqPresario_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\Program Files\DrWeb\infected.!!!\CompaqPresario_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\Program Files\DrWeb\infected.!!!\CompaqPresario_Spring06.exe WiseSFX: infected - 2 skipped
C:\Program Files\DrWeb\infected.!!!\CompaqPresario_Spring06.exe WiseSFXDropper: infected - 2 skipped
C:\Program Files\DrWeb\infected.!!!\HPPavillion_Spring06.exe/WISE0015.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\Program Files\DrWeb\infected.!!!\HPPavillion_Spring06.exe/WISE0016.BIN Infected: not-a-virus:AdWare.Win32.WeatherBug.a skipped
C:\Program Files\DrWeb\infected.!!!\HPPavillion_Spring06.exe WiseSFX: infected - 2 skipped
C:\Program Files\DrWeb\infected.!!!\HPPavillion_Spring06.exe WiseSFXDropper: infected - 2 skipped
C:\Program Files\DrWeb\infected.!!!\mirc621.#xe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\DrWeb\infected.!!!\mirc621.#xe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\Program Files\DrWeb\infected.!!!\mirc621.#xe NSIS: infected - 2 skipped
C:\Program Files\DrWeb\infected.!!!\sealighthouses.#xe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\Program Files\DrWeb\spiderml_install.log Object is locked skipped
C:\Program Files\kontiki\omn-h\cache\omn_Kernel.js Suspicious: Trojan-Downloader.JS.gen skipped
C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe/data0004 Infected: not-a-virus:AdWare.Win32.Agent.aeh skipped
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe NSIS: infected - 1 skipped
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32 Infected: Backdoor.Win32.RAdmin.ag skipped
C:\Program Files\SBC Self Support Tool\log\mpbtn.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\AlertFilter.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\log\httpclient.log Object is locked skipped
C:\Program Files\SBC Self Support Tool\SmartBridge\SmartBridge.log Object is locked skipped
C:\Program Files\WinUpdatesList\wul.exe Infected: not-a-virus:PSWTool.Win32.MailPassView.p skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP528\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\Internet Logs\YOUR-4DACD0EA75.ldb Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{ACE3118A-0578-4711-B8C4-255D0D9258B5}.crmlog Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{BD4BB22A-4E89-46AF-9826-E941E24C2B24}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_22c.dat Object is locked skipped
C:\WINDOWS\Temp\ZLT0667e.TMP Object is locked skipped
C:\WINDOWS\Temp\ZLT06682.TMP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\wul_setup.exe/wul.exe Infected: not-a-virus:PSWTool.Win32.MailPassView.p skipped
C:\wul_setup.exe ZIP: infected - 1 skipped

Scan process completed.
  • 0

#19
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Please download the OTMoveIt2 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt2.exe to run it.
  • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    [kill explorer]
    C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe
    C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32
    C:\Program Files\WinUpdatesList\wul.exe 
    C:\wul_setup.exe
    purity 
    [start explorer]
  • Return to OTMoveIt2, right click in the "Paste List of Files/Folders to Move" window (under the light Yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  • Close OTMoveIt2
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.



Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Also tell me how the PC is running
  • 0

#20
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I have to leave now, and I appreciate you helping me. I will be back later, and then I can do the next steps. It will be a few hours before I can do this. Thanks again!!!
  • 0

#21
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Ok let me know how it goes
  • 0

#22
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Explorer killed successfully
C:\Program Files\Online Services\PeoplePC\ISP5900\Branding\ppal3ppc.exe moved successfully.
C:\Program Files\Online Services\Vonage\Xtras\regxtra121.x32 moved successfully.
C:\Program Files\WinUpdatesList\wul.exe moved successfully.
C:\wul_setup.exe moved successfully.
< purity >
Explorer started successfully

OTMoveIt2 by OldTimer - Version 1.0.4.2 log created on 06052008_232801
  • 0

#23
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I downloaded the Malware Immunizer. It updated. There was no quick scan to click on. When I opened the program after it updated, it showed 1600 items that it said needed to be immunized. I clicked immunize. They are now immunized. If you see a box that says infected items, it will allow you to scan via an external software program. They also have a box for CLEAN SELECTED...for the file that is infected. I do not see any box to do a quick scan, or a regular scan. (with the exception of what I previously stated) After I hit immunize it still shows the 1600 items, but they are all in an immunized item folder. You can only click on one item at a time. I tried to copy the whole thing, but was not able to. I will now restart my computer and see how it runs, then do another scan with anti-viral software.... THANK YOU. I do not know how this stuff entered my system. I have paid for what I thought were good programs for protection.
  • 0

#24
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I checked Sophos anti-root kit...did a scan....same hidden files, same place. (53 hidden files showing up again.) I will do a anti-virus scan now with Dr. Web and see if anything is showing up. It takes a long time to do a complete scan. This will show if it is still showing a clean system. Tomorrow I will run the Kapersky checker again.
  • 0

#25
Rorschach112

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Your logs are clean

  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt2.exe to run it.
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to rech the Internet, please allow the application to do so.
  • Click Yes to beging the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html




Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

Advertisements


#26
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I ran the Dr. Web anti-virus again. (last night) It showed this time one virus, and it was in the area I had told them about, but never got a reply about it. I am impressed with you ease in helping me with this problem. I will get the programs you've recommended! I cannot thank you enough.

Edited by kelkay, 06 June 2008 - 07:26 AM.

  • 0

#27
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Ok I am down to needing to download the latest version of Java. I am not sure which one off of that page I need. Can you tell me which one?
  • 0

#28
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
Area: Local hard drives
Description: Unknown hidden file
Location: C:\WINDOWS\Installer\4ca7d.msi
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

Area: Local hard drives
Description: Unknown hidden file
Location: C:\WINDOWS\Installer\{3248F0A8-6813-11D6-A77B-00B0D0150060}\1033.MST
Removable: Yes (but clean up not recommended for this file)
Notes: (no more detail available)

After I did the Dr. Web scan, I did another scan on Sophos...besides the ones before, these two new files have been added.
  • 0

#29
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
My Computer shows Java 6 Update 5 in the toolbar bottom right screen, as a viable update. I will go with that until I hear from you.
  • 0

#30
kelkay

kelkay

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 423 posts
I did a scan with Zone Alarm Pro today, it showed a trojan. Win32.trojan.yspy It shows ys...and I believe the name was yspy before it was put into quarantine. It recommends deletion.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP