Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Hijack.WindowsUpdates


  • This topic is locked This topic is locked

#16
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Was that the only file that was found?
  • 0

Advertisements


#17
Expat54

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x000003dc

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02f10c00 (NTFS)

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Dell MBR code detected
SHA1: 84B95CE8A54B7C5C3AAF149934FC46FB70FF8365


Done!
Press ENTER to exit...
  • 0

#18
Expat54

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Was that the only file that was found?

Yup
  • 0

#19
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

Infected Outlook Express
The ESET log indicates that there are infected emails in the Posteingang folder in Outlook Express.

Please delete the emails in your Inbox folder - keep only the emails that are of extreme importance. After you finish deleting the emails, please right click on the Deleted Items folder and click Empty 'Deleted Items' Folder.

Having removed all your unwanted Emails completely it is now wise to Compact all your remaining Emails. Compacting makes the size of the folders smaller by compacting the files contained within them. All the Emails are still readable and still intact just smaller.

To do this click from the top toolbar File / Folder / Compact All Folders



NEXT:



Security Check
Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#20
Expat54

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Gutentag SweetTech

Tried running Kaspersky again overnight. It froze at 18 percent 2 hours into the scan. Found nothing.

Tried running Kaspersky on only the identities folder containing the email file ... it doesn`t seem to be able to open it so I wonder if a full scan would have found it.


Cleaned up Outlook Express inbox. I had a good idea what the culprits were. I am very careful of opening attachments because I know AVIRA personal does not work on email.

I was able to do a custom scan using ESET online scanner. Had it check only the Anwendungsdatei directory where the identities for Outlookexpress are stored. I now finds nothing.

The Security Check log is below. I brings to mind the same question I asked before.
You sent me over to the geekstogo security software review page which I was aware of. It is very old.


Let me be more specific.

It seems that you folks rate AVIRA Personal pretty well for freeware. But it has no firewall or email protection. To upgrade for email protection is around 20 euro for firewall about 40.

Then there is the Comodo freeware firewall. Is it better than the one way Windows Defender?

If I upgraded the AVIRA for email protection and changed to the Comodo firewall would that be a significant security improvement?


Is it now time to attempt the Windows Updates and can you give me some clues on how to do that most effectively?



Results of screen317's Security Check version 0.99.5
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Avira AntiVir Personal - Free Antivirus
ESET Online Scanner v3
Avira successfully updated!
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
CCleaner (remove only)
Java DB 10.5.3.0
Java™ 6 Update 21
Java™ SE Development Kit 6 Update 21
Adobe Flash Player 10.1.53.64
Adobe Reader 9.3.3
Mozilla Firefox (3.6.8)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Windows Defender MsMpEng.exe
````````````````````````````````
DNS Vulnerability Check:

Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?)

``````````End of Log````````````

Edited by Expat54, 04 August 2010 - 01:23 AM.

  • 0

#21
Expat54

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
SweetTech

I`ve been reading up a bit on doing the SP3 update and I`m reminded of why I was a bit leary back when it came out.

Seems like there`s is a good chance of losing my internet connection after the changes are installed. I am vaguely familiar with these variables but since I don`t setup an internet connection very often it`s all kind of hazy. So I want to have my ducks all in a row before I do the upgrade.

I hope you can give me a good procedure or references on how to deal with restarting/resetting services if I am confronted with no internet connection.

Such as

Windows Zero Configuration Service
DHCP client
DNS
TCP/IP

How can I document all these current settings so I know how to reset them???
  • 0

#22
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

You sent me over to the geekstogo security software review page which I was aware of. It is very old.

The topic itself is very old, but it was last updated on the 19th of July of this year.


Then there is the Comodo freeware firewall. Is it better than the one way Windows Defender?

I'd recommend Comodo freeware firewall to use. I'd say that it is better than Windows Defender.


If I upgraded the AVIRA for email protection and changed to the Comodo firewall would that be a significant security improvement?

Yes. I should point out that their isn't one program out their that will detect everything. The best way to avoid becoming infected is safe browsing.


Is it now time to attempt the Windows Updates and can you give me some clues on how to do that most effectively?

I need to do some additional research on this, to ensure that we can get you back on the internet.
  • 0

#23
Expat54

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
Good Evening ... well here in Germany anyway.

Thanks for the straight-ahead answers on the security options. That`s really what I was asking.

I generally surf relatively trustworthy blogs and news sites but now and then I will venture down the dark alleys of the intertubes searching for exotic information or that rare eclectic website gem. If you can`t do this the web becomes kind of like a crime ridden city. Not much fun. I do try to stay away from the bad neigborhoods though. Nice that there are good guys out there helping to kill maleware before it breeds.

Seems like updating without issues isn`t as simple as one is led to believe. Probably especially true when a machine is way behind on updates. Thanks for your attention to the details.
  • 0

#24
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Do you have access to another computer?

The reason that I ask is because if you do then we can go ahead and proceed with installing the latest SP for XP, and if your internet should stop working I can give you instructions for getting back on the net.

I've had users update to SP3 with no issues whatsoever with the internet connection, but I do actually have another user right now that is unable to connect to the net after updating to the latest service pack for XP.
  • 0

#25
Expat54

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
SweetTech

Do you have access to another computer?


Well I would but it´s the summer "vacation hole" here in Germany so the friends I have with laptops are not around.

I do have access to other desktops but they are all 10-20 km away which would make things kind of difficult.

I`m tempted to say let`s just try it but my family too is headed out on a trip in a week so I`d hate to lose my internet right now.

Would it be possible to get back in touch with you in three weeks or so? Until then I just run SP2.

Fact is the lifting of the HijackWindowsUpdates was the major geek challege and you nailed that puppy. If in fact they do work I think with some fumbling around I could indeed get back on line. I just don`t have the time to fumble around right now.
  • 0

Advertisements


#26
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Hello,

I'm going to clean my tools up and provide you with my usual all clean speech. I'm going to suggest that you post back in the Windows XP forum when you have the time to get assistance with installing the latest service pack. They'll be able to assist you with getting that up and running, when time permits. :)

Your logs appear to be clean, so if you have no further issues with your computer, then please proceed with the following housekeeping procedures outlined below.



NEXT:



OTL Clean-Up

We Need to Clean Up our Mess
Our work on your machine has left considerable leftovers on your box. Let's clean those up real quick:
  • Reopen Posted Image on your desktop.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.



NEXT:



Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.



NEXT:



All Clean Speech

===> Make sure you've re-enabled any Security Programs that we may have disabled during the malware removal process. <===

Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them
    then consider a password keeper, to keep all your passwords safe.
  • Keep Windows updated by regularly checking their website at: http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.
  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE
  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from Here
    • If you choose to use Firefox, I highly recommend this add-on to keep your PC even more secure.
      • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.
**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.

Cheers,
SweetTech.
  • 0

#27
Expat54

Expat54

    Member

  • Topic Starter
  • Member
  • PipPip
  • 27 posts
SweetTech

vielen Dank!

Expat54
  • 0

#28
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
gern geschehen!

I'm glad I was able to be of assistance.

Cheers,
SweetTech.
  • 0

#29
SweetTech

SweetTech

    Sir SpamAlot

  • Retired Staff
  • 7,671 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP