[RatHat]

OK,

First thing, when you are in normal windows, hit Ctrl, Alt and Del at the same time, to bring up Task Manager.

Under Applications, choose New Task...

Type in: Explorer then click OK

See if that brings up your desktop icons.

Now, download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.

• Close ALL OTHER PROGRAMS.
• Open the OTScanIt folder and double-click on OTScanIt.exe to start the program.
• Check the box that says Scan All User Accounts
• Check the box that says Include MD5
• Check the Radio buttons for Files/Folders Created Within 30 Days and Files/Folders Modified Within 30 Days
• Check the Radio button under Drivers for Non Microsoft
• Check the radio button under Rootkit Search for Yes
• Under Additional Scans check the following:
  • Reg - Desktop Components
  • Reg - Disabled MS Config Items
  • Reg - File Associations
  • Reg - MountPoints2
  • Reg - NeverShowExt Settings
  • Reg - Safeboot Options
  • Reg - Security Settings
  • Reg - Session Manager Settings
  • File - Additional Folder Scans
• Now click the Run Scan button on the toolbar.
• Let it run unhindered until it finishes.
• When the scan is complete Notepad will open with the report file loaded in it.
• Click the Format menu and make sure that Wordwrap is not checked. If it is then click on it to uncheck it.

Please zip the log and attach the zipped file in your next post.

To attach a file, do the following:

• Click Add Reply
• Under the reply panel is the Attachments Panel
• Browse for the attachment file you want to upload, then click the green Upload button
• Once it has uploaded, click the Manage Current Attachments drop down box
• Click on to insert the attachment into your post

Regards,
RatHat

[Advertisements]

Typing Explorer give me: "Windows cannot find 'explorer' - Make sure you typed the name correctly...."

I did the OT Scan It and here's the zip file.

Thanks for staying with this.  OTScanIt.ZIP   35.26KB   157 downloads

[moxiesmom]

Typing Explorer give me: "Windows cannot find 'explorer' - Make sure you typed the name correctly...."

I did the OT Scan It and here's the zip file.

Thanks for staying with this.  OTScanIt.ZIP   35.26KB   157 downloads

[RatHat]

OK, I see you have both SmitFraudfix and the Avenger in your computer. Have you run these recently, and could you point me to the page where you were instructed to use them?

Next, please visit Windows VBScript Tools to download Find File Information

• Scroll down the page until you locate Find File Information
• Click on the small arrow to the left of the word File
• On the right hand side, you will see a small arrow pointing down onto a hard drive (under a magnifying glass icon)
• Click on the Arrow to Download the script
• Save the script to your Desktop
• Once the script has completed download, unzip it to your Desktop

Next, locate FileInfo.vbs and double click it to run the program

• In the first dialog box, type * and click OK
• In the next dialog box, type Explorer and click OK
• The program will disappear for a minute, Do Not do anything while it is running
• When the scan is complete, it will open a Text file named searched.txt which it will save to you root drive (typically C:\searched.txt)
• Copy and paste the results of the search in your next reply

Regards,
RatHat

[moxiesmom]

Thank you for your help with this. I have reformatted the computer. I've spent far too much time on this to be worthwhile. I appreciate your efforts, and I'm sorry they weren't fruitful.

[RatHat]

Hi there,

I'm sorry to hear that, as I think the replacement of Explorer.exe might have got it. Never mind.

Anyway, heres a few tips to help keep you from getting infected again:

An essential is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.

Automatic Updates for Windows

• Click Start.
• Select Settings and then Control Panel.
• Select Automatic Updates.
• Click Automatic (recommended)
• Choose a day and a time when you know the computer will be on and connected to the internet.
• Click Apply then OK.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


In addition to Windows updates, you also need to ensure that your version of Java is the latest.Click here to download the latest version (Java Runtime Environment (JRE) 6 Update 7). Once downloaded, install it and then Reboot your computer.

It is most important that you also uninstall older versions of Java.

• Click Start, Control Panel, Add/Remove Programs.
• Delete all Java updates except Java ™ 6 Update 7

This will only apply for future Java Updates.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


OK, now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware

• SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
• SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
• IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here.
• Spybot Search & Destroy a powerful tool which can "search and destroy" nasties that make it onto your system. Now with an Immunize section that will help prevent future infections. A tutorial can be found here.
• AdAware another very powerful tool which searches and kills nasties that infect your system. A tutorial can be found here. AdAware and Spybot Search & Destroy compliment each other very well.

Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Next lets look at Firewalls. These help to prevent unauthorised access both to and from the internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls

• Comodo is a free fully functional firewall
• Online Armor (Free edition) personal firewall

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


On to personal Anti Virus programs. One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

Anti Virus Programs

• avast! 4 Home Edition an excellent free AV.
• AVG AntiVirus version 7.5 is free for personal use.
• Avira AntiVir PersonalEdition, yet another good free AV.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers

• Trillian or,
• Miranda-IM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Lastly, it is a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

Temp File Cleaners

• ATF Cleaner A very powerful cleaning program.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

OK, all the best, and stay safe!

Best regards,

RatHat

[RatHat]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.