Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Module Rootkit starts multiple "Ping.exe" processes

Started by Wassertor , Apr 08 2012 06:07 PM

Please log in to reply

#16
Wassertor

Posted 17 April 2012 - 08:25 PM

Member

Topic Starter
Member
11 posts

Hello Nedklaw

As you can see by the reports, I am not running a screamingly fast system. I have found that startup is a little bit more prompt with less time for the auto load programs to establish themselves.

One thing though. When I respond to the Geekstogo link that I get via e-mail when you send a response, IE starts up and pops up two sessions of itself. One blank, the other, the Geekstogo web page. A box appears stating that it is a secure connection and then the page won't respond. After about a half a minute or so, another box appears with the message: "A script on the page is causing Internet Explorer to run slowly. If it continues to run, Internet Explorer may stop functioning" An option to terminate the script is given. When you terminate the script, the page runs fine. Is this normal?

On the topic of IE Version 8, I normally run Firefox and have not really cared to update IE for that reason. I did as you requested and once the update completed, IE 8 merrily started invoking other pages that I did not ask for and started to try to take over priority as prime browser. I don't like that from a program at the best of times. I would rather the machine respond with "Yes Master" and shut up until told.

That said, here are the logs:

MBAM

Malwarebytes Anti-Malware 1.61.0.1400
www.malwarebytes.org

Database version: v2012.04.17.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Jerri :: PAUL-QX8Y126H2L [administrator]

4/16/2012 7:18:12 PM
mbam-log-2012-04-16 (19-18-12).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 349531
Time elapsed: 1 hour(s), 46 minute(s), 58 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESET:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=7d0de9dfccae24489f178904e2ce4f7f
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-04-17 06:38:14
# local_time=2012-04-16 11:38:14 (-0800, Pacific Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 0 0 0 0
# compatibility_mode=768 16777215 100 0 84361523 84361523 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=139446
# found=51
# cleaned=51
# scan_time=6260
C:\Qoobox\Quarantine\C\WINDOWS\system32\fsRamDsk.dll.vir Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2006\A0558745.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2007\A0558827.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2007\A0558861.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2007\A0558882.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2007\A0559861.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2008\A0559868.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2008\A0560861.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2009\A0560890.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2009\A0560922.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2009\A0560930.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2009\A0560957.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2010\A0560963.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2010\A0560978.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2010\A0560987.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2010\A0560998.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2010\A0561026.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2010\A0561043.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2010\A0561070.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2010\A0561090.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2010\A0561092.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2010\A0561110.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2011\A0561170.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2011\A0561173.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2011\A0561199.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2012\A0562201.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2012\A0562208.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2012\A0562209.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562238.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562260.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562281.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562289.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562297.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562313.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562320.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562335.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562363.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562384.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562410.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562413.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562430.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562443.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562464.sys a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2013\A0562492.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2014\A0562747.dll Win32/Sirefef.ER trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2014\A0562842.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2014\A0562885.com Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{D7D38839-E886-439D-8490-EC3F8E88B707}\RP2017\A0563315.rbf a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\10.04.2012_22.52.36\rtkt0000\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\TDSSKiller_Quarantine\10.04.2012_22.52.36\rtkt0001\svc0000\tsk0000.dta a variant of Win32/Rootkit.Kryptik.KM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\_OTL\MovedFiles\04152012_205154\C_WINDOWS\system32\FXUxT232.com_ Win32/TrojanClicker.Agent.NEB trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

How are we doing so far?

Wasertor

#17
Nedklaw

Posted 20 April 2012 - 12:10 PM

Trusted Helper

Malware Removal
1,652 posts

Hi.

The items ESET found were either in quarantine which means they are no longer a threat or in your system restore points which we would be cleaning soon anyway.

One thing though. When I respond to the Geekstogo link that I get via e-mail when you send a response, IE starts up and pops up two sessions of itself. One blank, the other, the Geekstogo web page. A box appears stating that it is a secure connection and then the page won't respond. After about a half a minute or so, another box appears with the message: "A script on the page is causing Internet Explorer to run slowly. If it continues to run, Internet Explorer may stop functioning" An option to terminate the script is given. When you terminate the script, the page runs fine. Is this normal?

This is a knwon problem with the forum and even I get the script warning sometimes.

On the topic of IE Version 8, I normally run Firefox and have not really cared to update IE for that reason.

Even though you don't use Internet Explorer it's still important to update it because malware can still get through the security holes and infect your system.

Step 1

You can follow the instructions here to make Mozilla Firefox your default browser.

Step 2

Download and run Puran Disc Defragmenter.
For the first run I would recommend selecting Boot Time Defrag and Disk Check.
If asked to install Babylon, say No.

#18
Wassertor

Posted 22 April 2012 - 08:55 PM

Member

Topic Starter
Member
11 posts

Hello Nedklaw

I have done as suggested and found that there is a significant reduction in time loading and starting programs. I did a defrag a month or so ago with the Windows System Tools Defragger and did not notice this much of a difference in load speed. Does defragging the "Boot Time" area make that much of a difference?

On a related topic, I have been using Registry Mechanic to check the health of my registry. Is this a useful tool in your opinion, or just something to make me feel like I am doing something.

Tussen Tuk,

Wassertor

#19
Nedklaw

Posted 23 April 2012 - 02:29 PM

Trusted Helper

Malware Removal
1,652 posts

Hello!

I have done as suggested and found that there is a significant reduction in time loading and starting programs. I did a defrag a month or so ago with the Windows System Tools Defragger and did not notice this much of a difference in load speed. Does defragging the "Boot Time" area make that much of a difference?

A boot time defrag allows you to defrag files that are normally locked by the operating system before the operating system is fully loaded. It basically comes down to some programs doing a better job than others.

I have been using Registry Mechanic to check the health of my registry. Is this a useful tool in your opinion, or just something to make me feel like I am doing something.

I don't condone the use of registry cleaners because they can be extremly dangerous in the hands of a novice user. Deleting the wrong entries can render a PC unusable and we don't want to be in a position of helping a user recover from that. There is also no evidence that cleaning out the registry has any effect on the overall speed of a PC.

Congratultions your logs look clean! :thumbsup:

Please follow the steps below to make your computer more secure.

First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!

Combofix Uninstall

Click START then RUN.
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Posted Image

Installing an Antivirus Program

It is very important your computer has an antivirus program on it. Antivirus programs help prevent, detect and remove malware such as viruses, trojans, worms etc. Files and emails will be scanned as you use them, download them or open them. If a virus is found in one of them, the antivirus program will stop you running the file, email, program etc and therefore stops you from infecting yourself.
It is very important you update your antivirus program so it knows about new viruses, trojans, worms etc. If your computer is infected with a new infection your antivirus (not updated) won't think it's bad, it won't alert you when you run it and therefore, you get infected!

Here are some links to some free antivirus programs:

Note: Only run one antivirus program on your computer at any one time!

Installing a Firewall

You have no firewall installed on your computer.

A firewall is necessary on your computer because it can stop attackers from compromising your system and taking over it. It acts as a barrier between the internet and your computer. Hackers discover new security holes in a software or operating system long before the software company does and therefore many people get hacked before a security patch is released. By using a firewall, the majority of these security holes will not be accessible as the firewall will block the attempt.

Here are some links to some free firewalls:

Note: A firewall does not completely protect you against viruses so it is recommended you also have an antivirus program running on your computer as well. Do not run more than 1 firewall on your computer at one time.

Cleanup

Run OTL.

Under the Custom Scans/Fixes box at the bottom, paste in the following:
```
:Commands
[emptytemp]
[CLEARALLRESTOREPOINTS] 
[Reboot]
```
Then click the Run Fix button at the top.
Let the program run unhindered, reboot the PC when it is done.

Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
Close all other programs apart from OTL as this step will require a reboot.
On the OTL main screen, press the CLEANUP button.
Say Yes to the prompt and then allow the program to reboot your computer.

Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

Click on Start.
Right-click My Computer.
Select Properties.
Click on the Automatic Updates Tab.
Place a checkmark in the circle next to Automatic (recommended) near the green shield.
Click Apply > OK.

Adobe Reader - Your version of Adobe Reader is outdated. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

Open Adobe Reader.
On the menu bar click on Help then Check For Updates.
The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.2.202.228) and Adobe Shockwave Player (11.6.4.634) so you can view all of the latest content on websites.

Make Internet Explorer more secure

Click Start > Run.
Type Inetcpl.cpl & click OK.
Click on the Security tab.
Click Reset all zones to default level.
Make sure the Internet Zone is selected & Click Custom level.
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:

Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.

Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera

Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.

ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.

MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

Google Toolbar - Get the free google toolbar to help stop pop ups.

Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:

#20
Wassertor

Posted 01 May 2012 - 12:06 AM

Member

Topic Starter
Member
11 posts

Hello Nedklaw

Sorry about the delay in responding. Life 1.0 has been occupying me a lot lately. I am in the process of doing as recommended. I am sussing out the firewall and antivirus options. The other directions you mentioned re utilities and protections are being implemented as fast as I can.

Never a dull moment with these silicon based life forms, is there.

Again, many thanks for the help and education.

Wassertor