Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Browser Hijack & Redirect....Please Help [Solved]

Started by sowsworld , Jan 18 2010 08:05 PM

  • This topic is locked This topic is locked

#31
sowsworld
Posted 19 January 2010 - 08:54 PM

sowsworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here is the combofix log.
I updated Malwarebytes and running it now again....i will send sortly when complete.


ComboFix 10-01-19.03 - Carol Arthur 01/19/2010 21:39:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.531 [GMT -5:00]
Running from: c:\documents and settings\Carol Arthur\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1314201555-3785290187-2462946864-1006

.
((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.

2010-01-20 02:34 . 2010-01-20 02:37 -------- d-----w- c:\windows\LastGood
2010-01-20 01:46 . 2010-01-20 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-20 01:32 . 2010-01-20 01:32 -------- d-----w- c:\documents and settings\Carol Arthur\Application Data\Malwarebytes
2010-01-20 01:32 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 01:32 . 2010-01-20 02:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 01:32 . 2010-01-20 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-20 01:32 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 01:18 . 2010-01-20 01:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-20 01:18 . 2010-01-20 01:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-18 23:22 . 2010-01-20 02:06 -------- d-----w- c:\documents and settings\Carol Arthur\Local Settings\Application Data\gdpatt
2010-01-17 00:31 . 2010-01-17 00:31 -------- d-----w- c:\documents and settings\Carol Arthur\Local Settings\Application Data\Yahoo!
2010-01-01 17:15 . 2010-01-01 17:15 -------- d-----w- c:\documents and settings\Carol Arthur\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 02:37 . 2008-11-18 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-01-20 02:37 . 2008-11-18 02:18 -------- d-----w- c:\program files\Trend Micro
2010-01-19 23:25 . 2009-02-22 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-17 14:38 . 2009-11-11 16:08 79488 ----a-w- c:\documents and settings\Carol Arthur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-01 17:42 . 2008-08-22 22:12 -------- d-----w- c:\program files\Google
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"nwiz"="nwiz.exe" [2008-02-25 1626112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

S2 gupdate1c99539eeef22f6;Google Update Service (gupdate1c99539eeef22f6);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 5:07 PM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - tmactmon
*Deregistered* - tmcomm
*Deregistered* - tmevtmgr
*Deregistered* - tmpreflt
*Deregistered* - tmxpflt
*Deregistered* - vsapint
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 01:23]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 22:07]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-LaunchApp - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 21:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2008)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-01-19 21:43:14
ComboFix-quarantined-files.txt 2010-01-20 02:43

Pre-Run: 61,807,767,552 bytes free
Post-Run: 61,897,961,472 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - E9ACE68FE4174F5BDBEE950D05E9FA97
  • 0

Advertisements

#32
sowsworld
Posted 19 January 2010 - 08:55 PM

sowsworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here the updated malware log.....


Malwarebytes' Anti-Malware 1.44
Database version: 3601
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/19/2010 9:55:06 PM
mbam-log-2010-01-19 (21-55-06).txt

Scan type: Quick Scan
Objects scanned: 114719
Time elapsed: 2 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#33
CatByte
Posted 19 January 2010 - 08:57 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Hi,

Please do the following:


  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

DDS::
uInternet Settings,ProxyServer = http=127.0.0.1:5555

Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

Posted Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.



NEXT


Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan.
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.

    Posted Image
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply

  • 0

#34
sowsworld
Posted 19 January 2010 - 10:19 PM

sowsworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi Catbyte,
Hopefully you didnt go to bed yet.....I am 90% complete on Kapersky...it found 2 threats so far. I will post my logs of combofix and Kapersky very soon, so we can get this wrapped up and i can go home.
thanks again.
  • 0

#35
sowsworld
Posted 19 January 2010 - 10:46 PM

sowsworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Here is the latest combofix and Kaspersky logs (2 threats found).....


ComboFix 10-01-19.03 - Carol Arthur 01/19/2010 22:03:09.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.894.522 [GMT -5:00]
Running from: c:\documents and settings\Carol Arthur\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Carol Arthur\Desktop\CFScript.txt
.

((((((((((((((((((((((((( Files Created from 2009-12-20 to 2010-01-20 )))))))))))))))))))))))))))))))
.

2010-01-20 02:34 . 2010-01-20 02:37 -------- d-----w- c:\windows\LastGood
2010-01-20 01:46 . 2010-01-20 01:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-01-20 01:32 . 2010-01-20 01:32 -------- d-----w- c:\documents and settings\Carol Arthur\Application Data\Malwarebytes
2010-01-20 01:32 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-20 01:32 . 2010-01-20 02:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-01-20 01:32 . 2010-01-20 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-20 01:32 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-20 01:18 . 2010-01-20 01:18 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-01-20 01:18 . 2010-01-20 01:18 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-01-18 23:22 . 2010-01-20 02:06 -------- d-----w- c:\documents and settings\Carol Arthur\Local Settings\Application Data\gdpatt
2010-01-17 00:31 . 2010-01-17 00:31 -------- d-----w- c:\documents and settings\Carol Arthur\Local Settings\Application Data\Yahoo!
2010-01-01 17:15 . 2010-01-01 17:15 -------- d-----w- c:\documents and settings\Carol Arthur\Local Settings\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-20 02:37 . 2008-11-18 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Trend Micro
2010-01-20 02:37 . 2008-11-18 02:18 -------- d-----w- c:\program files\Trend Micro
2010-01-19 23:25 . 2009-02-22 22:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-17 14:38 . 2009-11-11 16:08 79488 ----a-w- c:\documents and settings\Carol Arthur\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-01-01 17:42 . 2008-08-22 22:12 -------- d-----w- c:\program files\Google
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-02-25 8491008]
"nwiz"="nwiz.exe" [2008-02-25 1626112]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-15 71216]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2007-01-09 52256]
"RTHDCPL"="RTHDCPL.EXE" [2008-05-16 16862720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-02-25 81920]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\eRAgent.exe" [2008-07-10 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=

S2 gupdate1c99539eeef22f6;Google Update Service (gupdate1c99539eeef22f6);c:\program files\Google\Update\GoogleUpdate.exe [2/22/2009 5:07 PM 133104]

--- Other Services/Drivers In Memory ---

*Deregistered* - tmactmon
*Deregistered* - tmcomm
*Deregistered* - tmevtmgr
*Deregistered* - tmpreflt
*Deregistered* - tmxpflt
*Deregistered* - vsapint
.
Contents of the 'Scheduled Tasks' folder

2010-01-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-22 01:23]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 22:07]

2010-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-22 22:07]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-19 22:05
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3508)
c:\windows\system32\ieframe.dll
c:\windows\system32\OneX.DLL
c:\windows\system32\eappprxy.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2010-01-19 22:06:35
ComboFix-quarantined-files.txt 2010-01-20 03:06
ComboFix2.txt 2010-01-20 02:43

Pre-Run: 61,907,386,368 bytes free
Post-Run: 61,904,904,192 bytes free

- - End Of File - - 65AD22D96291180C5F07F5E740312F14


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, January 19, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, January 20, 2010 02:55:25
Records in database: 3335690
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\

Scan statistics:
Objects scanned: 61898
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 01:19:49


File name / Threat / Threats count
C:\Documents and Settings\Carol Arthur\Application Data\Sun\Java\Deployment\cache\6.0\61\18364cfd-30a572d3 Infected: Trojan-Downloader.Java.OpenStream.af 1
C:\System Volume Information\_restore{B2BEF10C-4F4E-4552-940A-EC029469FE22}\RP194\A0012917.exe Infected: Trojan.Win32.FraudPack.akem 1

Selected area has been scanned.
  • 0

#36
CatByte
Posted 20 January 2010 - 04:21 AM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Sorry,

I had to go to bed, have to get up at 5:00 am for work :)

Clear Java cache for the one file, the other will clean up when we do our final tool cleanup"

Please do the following:



Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT



Follow these steps to uninstall Combofix

  • Click START then RUN
  • Now copy/paste Combofix /uninstall into the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.

Posted Image




NEXT

Now to remove the rest of the tools that we have used in fixing your machine:
  • Make sure you have an Internet Connection.
  • Download OTC to your desktop and run it
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OTC to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


If any tools / logs remain > right click and delete them.

NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.

  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.


    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox, IE and chrome.

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
  • 0

#37
sowsworld
Posted 20 January 2010 - 07:42 PM

sowsworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi catbyte,
Thanks for all your help.....I can't get to my mom's computer until tomorrow,..so I will get back to you tomorrow regarding the status. Thanks for all your continued support.
Thanks.
  • 0

#38
sowsworld
Posted 21 January 2010 - 08:31 PM

sowsworld

    Member

  • Topic Starter
  • Member
  • PipPip
  • 24 posts
Hi catbtye,
I think we are all set. I really appreciate all your help.
Thanks Again...you are great.
  • 0

#39
CatByte
Posted 21 January 2010 - 08:38 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
you are more than welcome

stay safe :)

~CB
  • 0

#40
CatByte
Posted 21 January 2010 - 08:38 PM

CatByte

    GeekU Teacher

  • GeekU Moderator
  • 2,705 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP