Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

about:blank(resolved)


  • This topic is locked This topic is locked

#1
ryoung81

ryoung81

    New Member

  • Member
  • Pip
  • 4 posts
I am currently getting about:blank homepage resets in IE. I followed the steps here and am still having problems. about:blank is still showing up, but no longer redirects to a site. I also cannot seem to fix the hjt log entries as they continue to come back.

Anyway, here is my log.

Logfile of HijackThis v1.99.1
Scan saved at 2:58:03 AM, on 5/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.quicknavi...earch.php?qq=%1
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.qfind.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.qfind.net/search.php?qq=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.qfind.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.quicknavi...earch.php?qq=%1
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.quicknavi...earch.php?qq=%1
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.qfind.net/search.php?qq=%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.qfind.net/search.php?qq=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.quicknavigate.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://www.qfind.net/
F2 - REG:system.ini: Shell=Explorer.exe, msmsgs.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Plus\Ad-Watch.exe"
O4 - HKLM\..\Run: [MSN Messenger] C:\WINDOWS\System32\msmsgs.exe
O4 - HKLM\..\Run: [Security iGuard] C:\Program Files\Security iGuard\Security iGuard.exe
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Thanks in advance for the help.
  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Ryoung,

You have the nasty smitfraud infection.

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid


Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

I need you to copy all of the Killbox file paths below and paste them into Notepad.

* Please download the Killbox by Option^Explicit. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\System32\wldr.dll
C:\Windows\System32\helper.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe


* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

While still in Safe Mode, do the following:

Press ctrl/alt/delete then processes, if any of the following are running end task them

ukdemg.exe
GDNPDLL.EXE
shagntfs.exe
tgjvd1u6.exe
sesogcfg.exe
CCAPP.EXE
istsvc.exe


Make sure all programs and windows are closed. Run HiJackThis and place a check next to the following items, if found.

R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {92ED122B-A0C6-884F-987A-A8C81C892C91} - blank (file missing)
O2 - BHO: ohb - {999A06FF-10EF-4A29-8640-69E99882C26B} - blank (file missing)
O4 - HKLM\..\Run: [GDNPDLL] C:\WINDOWS\GDNPDLL.EXE
O4 - HKLM\..\Run: [23sU35l] shagntfs.exe
O4 - HKLM\..\Run: [5DbOneC] C:\WINDOWS\ufyydn.exe
O4 - HKLM\..\Run: [tgjvd1u6] C:\WINDOWS\System32\tgjvd1u6.exe
O4 - HKLM\..\Run: [qadikni] c:\windows\system32\ukdemg.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [J038RRJnW] sesogcfg.exe
O4 - Startup: CCAPP.EXE
O4 - Global Startup: rraa.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - C:\WINDOWS\System32\shdocvw.dll (HKCU)
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup.../bridge-c17.cab
O16 - DPF: {4418DD4D-7265-4C32-BC0A-3FDB3C2DA938} (Protecter Class) - http://www.slotchbar...ect_regular.cab
O16 - DPF: {AB29A544-D6B4-4E36-A1F8-D3E34FC7B00A} - http://install.wildt...eed/install.cab
O16 - DPF: {B4831DED-3A57-4CC6-9E4B-0E7C5B08DBF4} - http://www.alwaysupd...ll/aun_0018.exe
O16 - DPF: {C0B285F6-DB2B-4908-9C58-F6D95397D747} - http://www.pacimedia...ll/pcs_0002.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe


Ensure no windows open except HJT then click FIX CHECKED. Close HiJackThis.

Reboot into normal mode.

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
  • 0

#3
ryoung81

ryoung81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Looks like it got rid of the smitfraud. Here is the HJT log.

Logfile of HijackThis v1.99.1
Scan saved at 12:32:20 PM, on 5/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


The Activescan found some files it couldn't fix. here is the log.


Incident Status Location

Adware:Adware/Popuper No disinfected C:\Documents and Settings\All Users\Start Menu\Online Casino.url
Adware:Adware/MyWay No disinfected C:\Documents and Settings\Owner\Application Data\Tenebril\GhostSurf\3.0\Spyware history\Restore\25c1517ca697d882e9cb130243ea4b4d
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\Owner\Desktop\backups\backup-20050510-011311-146.dll
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Owner\Favorites\Anti Spam.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Owner\Favorites\Black Jack Online.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Owner\Favorites\Home Loan.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Owner\Favorites\Network Security.url
Adware:Adware/SuperSpider No disinfected C:\Documents and Settings\Owner\Favorites\Online Dating.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\Owner\Favorites\Online Gambling\Online Gambling.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Owner\Favorites\Online Gambling.url
Adware:Adware/Startpage.LH No disinfected C:\Documents and Settings\Owner\Favorites\Online Pharmacy\Hydrocodone.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\Owner\Favorites\Online Pharmacy\Lortab.url
Adware:Adware/Startpage.LH No disinfected C:\Documents and Settings\Owner\Favorites\Online Pharmacy\Online Pharmacy.url
Adware:Adware/Startpage.LH No disinfected C:\Documents and Settings\Owner\Favorites\Online Pharmacy\Prozac.url
Adware:Adware/Startpage.LH No disinfected C:\Documents and Settings\Owner\Favorites\Online Pharmacy\Valium.url
Adware:Adware/CWS No disinfected C:\Documents and Settings\Owner\Favorites\Online Pharmacy\Vicodin.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Owner\Favorites\Online Pharmacy.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Owner\Favorites\Spyware Removal.url
Adware:Adware/Popuper No disinfected C:\Documents and Settings\Owner\My Documents\Your Scanner.url
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\system32\cd_clint.dll
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\asmfiles.cab
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\asmfiles.cab[asm.exe]
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\asmfiles.cab[asmps.dll]
Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\remove.exe
Adware:Adware/KeenValue No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\UpdatedUpdaterInstall.exe
Spyware:Spyware/Altnet No disinfected C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\__unin__.exe
Virus:Bck/Haxdoor.A Renamed C:\WINDOWS\system32\klogini.dll
Virus:Bck/Haxdoor.A Renamed C:\WINDOWS\system32\p2.ini
Adware:Adware/Virmaid No disinfected C:\WINDOWS\system32\perfcii.ini
Thanks for the help!
  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi ryoung,

We just about got it all.

You need to create a new folder on your c drive (for example c\hjt) install HJT into that folder and run it from there. that way it can create backups if required.

Next download a free 14 day trial of ewido.

ewido

Install and run it by double clicking on the big yellow E. Upgrade it then close it down.

Set up PC to show hidden files

Next run killbox again.

Select "Delete on Reboot".

Enter the path below

c:\bsw.exe

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt. If your PC does not automatically reboot, please do it manually.

AS soon as it starts to reboot tap the F8 key to boot into safe mode

Using windows explorer locate the file c:\bsw.exe and if found delete it.

Rescan with HJT and check the following if present

O4 - HKCU\..\Run: [WindowsFY] c:\bsw.exe

Ensure no windows open other than HJT and fix checked.

Now Run Ewido and scan. It will prompt you when it finds anything, Once the first problem is detected ensure you tick the box for all (bottom left) and allow it to continue.

At the end of the scan, it may ask if you would like to delete anything found in archive or zipped files, OK that request, then click on save report. SAVE to the default location, it will then generate a text file. Copy that to post in this thread.

Resacn with HJT and post the log back together with the ewido log
  • 0

#5
ryoung81

ryoung81

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
I think that took care of all of it! Thanks again for your help.

HJT log

Logfile of HijackThis v1.99.1
Scan saved at 7:29:53 AM, on 5/11/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\VERITAS Software\Update Manager\sgtray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\interMute\SpySubtract\SpySub.exe
C:\hjt\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\Coloreal\coloreal.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "c:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\interMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - c:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


Ewido Scan

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:24:48 AM, 5/11/2005
+ Report-Checksum: E2023FF6

+ Date of database: 5/11/2005
+ Version of scan engine: v3.0

+ Duration: 113 min
+ Scanned Files: 131827
+ Speed: 19.41 Files/Second
+ Infected files: 79
+ Removed files: 79
+ Files put in quarantine: 79
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\

+ Scan result:
C:\!Submit\shnlog.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Owner\Desktop\backups\backup-20050510-011311-146.dll -> Trojan.Puper.g -> Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MY2NS.EXE -> Spyware.MyWay.b -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@31987614[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@5[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@66693905[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@69320086[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@6[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@79430329[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@82076311[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@8683723[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@a.as-us.falkag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adnetintads.valuead[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.guardian.co[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.monster[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads.x10[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ads20.bpath[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adult.foxcounter[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@adultrevenueservice[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@al[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@bluestreak[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@c2.gostats[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@c3.gostats[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cgi.sexswap[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@citi.bridgetrack[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@com[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cookie.monster[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@cz3.clickzs[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@desktop.kazaa[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@exitexchange[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@exitfuel[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@guide.real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@hit.namimedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@image.masterstats[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@infostart[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@listen.real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@mallcom[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@mediamgr.ugo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@media[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@mercury.bravenet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@myway[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@network[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@overture[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@player[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@popups.infostart[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@pubs.mgn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@realguide.real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@real[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@S005-01-8-15-233860-97119[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@S113245[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@S119674[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@S127803[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@S130343[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@S130376[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@S147909[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@S147947[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@server.iad.liveperson[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@ssa.kazaa[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@tribalfusion[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@us[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.clickxchange[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@www.real[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Cookies\owner@zedo[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\remove.exe -> TrojanDownloader.Keenval.f -> Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\__unin__.exe -> Spyware.Altnet.b -> Cleaned with backup


::Report End
  • 0

#6
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi ryoung81,

You have 1 optional fix in HJT.

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE [COLOR]<<<-----This is a known resource hog. All componants of Office are accessable via start/programs and by fixing this you are saving an unnecessary drain on resources.[/color]

If you decide on the above, you know the drill by now ;)

Rescan with HJT, check the above. Ensure no windows open except HJT and click Fix checked. Exit HJT.

After that.......


From your log, I see nothing in the ways of trojans, nor any evil entities attempting to possess your computer, except for Windows but it's too late for that one. :tazz:

Congratulations your log now appears to be clean. ;)

Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware [color=red]<=[/color] [color=blue]If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.[/color]
  • How to use Spybot to remove Spyware [color=red]<=[/color] [color=blue]If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.[/color]
Prevention Programs:
  • Spywareblaster [color=red]<=[/color] [color=blue]SpywareBlaster will prevent spyware from being installed.[/color]
  • Spywareguard [color=red]<=[/color] [color=blue]SpywareGuard offers realtime protection from spyware installation attempts.[/color]
  • IE/Spyad [color=red]<=[/color] [color=blue]IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.[/color]
  • MVPS Hosts file [color=red]<=[/color] [color=blue]The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer[/color]
  • Google Toolbar [color=red]<=[/color] [color=blue]Get the free google toolbar to help stop pop up windows.[/color]
Other necessary Programs:
  • [color=black]AntiVirus Program[/color][color=red]<=[/color] [color=blue]An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.[/color]
  • [color=black]Firewall[/color][color=red]<=[/color] [color=blue]A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.[/color]
  • [color=black]More Secure Browser[/color][color=red]<=[/color] [color=blue]Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera and SlimBrowsers are good as well.[/color]
And also see TonyKlein's good advice
[color=blue]So how did I get infected in the first place?[/color] and AntiSpyware Net's spyware article: [color=blue]Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.[/color]

Edited by usetobe, 11 May 2005 - 05:56 AM.

  • 0

#7
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Topic resolved and closed
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP