Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan.Ransom.Gen and Trojan.PWS [Solved]


  • This topic is locked This topic is locked

#16
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
:lol: That got it.

The logs look good. The last thing we need to do before cleaning up our tools is see if any programs prone to security breaches need updating. I can see the light at the end of the tunnel...and this time it's not a train! :woot:

Run Security Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Things For Your Next Post:
1. the Checkup.txt
  • 0

Advertisements


#17
adam80

adam80

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Results of screen317's Security Check version 0.99.49
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
WinPatrol
MVPS Hosts File
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 7 Update 5
Java version out of Date!
Adobe Flash Player 11.2.202.95
Adobe Reader X (10.1.4)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
WinPatrol winpatrol.exe
BillP Studios WinPatrol winpatrol.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 7%
````````````````````End of Log``````````````````````
  • 0

#18
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi adam80,

I apologize but I got a little ahead of myself. :blush: Our cleaning process includes a scan with MalwareBytes and an on-line scanner. These two scans look for any malware remnants. I know you ran a MalwareBytes scan before you posted, but this will give it a chance to find anything that our tools missed. The on-line scan uses more engines and definitions so it does a deeper scan for any leftovers. If I don't do these scans the big guns here will beat me about the head and body with a wet noodle and take my bathroom key away. :o Let's update Java then we'll do the scans. If everything is good after that I promise we'll clean this puppy up. :thumbsup:


Step-1.

Clear the Java Cache and Update Java

Go to the Java page here and follow the directions to clear the Jaca cache.

  • Click Start, click Control Panel. You will need to be in Classic View. If you are in Catagoty View:
    • Look in the left column and click Switch to Classic View
  • Double click the Java icon (It looks like a coffee cup)
    Now follow the directions on the Java page to clear the cache.
  • Next, click the Update tab.
  • Click Update Now
    NOTE: It may take a minute or two for the Java Download window to appear, and after the download finishes the window will go away and it may take another minute or two for the Java Setup window to appear.
  • On the Java Setup window click the box beside Install Ask Toolbar to remove the check mark.
  • Click Install.
  • When you get the Java Installed successfully screen, click OK or Close
Once the installation window closes, if the Control Panel is still open, switch the Classic View back to the Category View if you wish and close the Control Panel


Step-2.

Posted ImageMalwarebytes' Anti-Malware

  • Open MalwareBytes. You will be at the main program as shown below.

    Posted Image
  • Click the Update tab and update the program .
  • Click the Scanner tab, make sure the the Perform full scan option is selected and then click on the Scan button to start scanning your computer.
  • MBAM will now start scanning your computer for malware. This process can take quite a while, so I suggest you go and do something else and periodically check on the status of the scan. When MBAM is scanning it will look like the image below.

    Posted Image
  • When the scan is finished a message box will appear as shown in the image below.

    Posted Image
    You should click on the OK button to close the message box and continue with the removal process.
  • You will now be back at the main Scanner screen. At this point you should click on the Show Results button.
  • A screen displaying all the malware that the program found will be shown as seen in the image below. Please note that the infections found may be different than what is shown in the image.

    Posted Image
  • Make sure that everything is checked, and click Remove Selected.<---Very Important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step-2.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.
  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Uncheck the box beside Remove Found Threats
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
  • When completed Do Not select Uninstall application on close, but make sure you copy the logfile
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!


Step-3.

Things For Your Next Post:Things For Your Next Post:
1. The MalwareBytes log
2. The ESET scan log
  • 0

#19
adam80

adam80

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.09.02.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Jerry Adamson :: ADAMSONFAMILY [administrator]

9/1/2012 8:22:31 PM
mbam-log-2012-09-01 (20-22-31).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239733
Time elapsed: 52 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8afa3629ea6e434f9861f5e171eb79c7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-08-31 05:39:16
# local_time=2012-08-31 12:39:16 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=41044
# found=26
# cleaned=0
# scan_time=2166
C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\flstudio_10.0.8_online.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\Complete Extras\deckadance_1.93.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\1\5bbc3881-2b5b22f6 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\221acdd3-7493c2f5 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\5a50c413-3f04dc6e Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\23\560dfd7-26854df0 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\26\44758b9a-3af0fd1c Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\27\1d773cdb-670a1a9e multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\27\69dc2db-331e3666 Java/Exploit.Agent.NAX trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\27\69dc2db-5d318722 Java/Exploit.Agent.NAT trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\28\7ea3c55c-1eaa5468 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\3\25201b83-26570980 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\31\4adff31f-56cdf231 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\39\2c518ee7-115721b9 Java/Exploit.Agent.AG trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41\483df029-243ed4ff Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\46\41fe522e-27556661 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\48\44558070-12b6f43a Java/Exploit.CVE-2012-1723.BE trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\51\1691b033-1c687fdd multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\51\588fe573-2d813c9e Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52\3f40bb4-7e60a375 a variant of Java/Exploit.CVE-2012-4681.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\54\2072f536-44a14013 probably a variant of Java/Exploit.CVE-2012-0507.BJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\54\3ebb08b6-6c2a06b3 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\56\4a5acc38-5239b356 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\6\7460f06-28a182c3 multiple threats (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\8\20a8d188-31af72b6 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\9\587e77c9-1aa804ba Java/Exploit.CVE-2012-0507.K trojan (unable to clean) 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=8afa3629ea6e434f9861f5e171eb79c7
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-02 03:03:10
# local_time=2012-09-01 10:03:10 (-0600, Central Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=5891 16776869 42 93 0 13666946 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=41743
# found=17
# cleaned=0
# scan_time=2380
C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\flstudio_10.0.8_online.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\Complete Extras\deckadance_1.93.exe Win32/OpenCandy application (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\1\5bbc3881-2b5b22f6 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\221acdd3-7493c2f5 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\19\5a50c413-3f04dc6e Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\24\34eddcd8-62c88028 a variant of Java/Exploit.Agent.AI.Gen trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\26\44758b9a-3af0fd1c Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\28\7ea3c55c-1eaa5468 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\3\25201b83-26570980 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\31\4adff31f-56cdf231 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\41\483df029-243ed4ff Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\46\41fe522e-27556661 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\51\588fe573-2d813c9e Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\52\3f40bb4-7e60a375 a variant of Java/Exploit.CVE-2012-4681.B trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\54\3ebb08b6-6c2a06b3 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\56\4a5acc38-5239b356 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
C:\_OTL\MovedFiles\08312012_130750\C_Documents and Settings\Jerry Adamson\Local Settings\Application Data\Sun\Java\Deployment\cache\6.0\8\20a8d188-31af72b6 Java/Exploit.Agent.NBS trojan (unable to clean) 00000000000000000000000000000000 I
  • 0

#20
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Hi,

They didn't find anything they had not already found. The last OTL fix could not find the

C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\flstudio_10.0.8_online.exe Win32
C:\A5\Music Software\FL Studio XXL Signature Bundle Complete v10.0.8\Complete Extras\deckadance_1.93.exe

folders and the other folders/files ESET found are already in the _OTL\MovedFiles folder.


OK! Well done. :thumbsup: Here is the best part of the process! The mullygrubs are gone! That's a technical term for your log(s) appear to be clean! If you have no further issues with your computer, please proceed with the housekeeping procedures outlined below.
The first thing we need to do is to remove all the tools that we have used. This is so that should you ever be re-infected, you will download updated versions.


Step-1.

Uninstall ESET

1. Please click Start > Control Panel > Add/Remove Programs
2. In the list of programs installed, locate the following program(s):

ESET online scanner

3. Click on each program to highlight it and click Change/Remove.
4. After the programs have been uninstalled, close the Installed Programs window and the Control Panel.
5. Reboot the computer.



Step-2.

OTL Cleanup
1. Please copy all of the text in the code box below. To do this, highlight everything inside the code box , right click and click Copy.
  • :FILES
    ipconfig /flushdns /c
    C:\Program Files\ESET
    
    :COMMANDS
    [EMPTYTEMP]
    
  • Please re-open Posted Image on your desktop.
  • Place the mouse pointer inside the Posted Image textbox, right click and click Paste. This will put the above script inside the textbox.
  • Click the Posted Image button.
  • Let the program run unhindered. When finished click the OK button and close the log that appears.
  • NOTE: I do not need to review the log produced.
  • OTL may ask to reboot the machine. Please do so if asked.
2. Please re-open Posted Image on your desktop.
  • Be sure all other programs are closed as this step will require a reboot.
  • Click on Posted Image
  • You will be prompted to reboot your system. Please do so.
The above process will flush the DNS and remove OTL and the logs it created during the cleanup process. After it is finished, OTL will remove itself. This is so that if you are ever infected again you will download the most current copy of the tool.


Step-3.

Delete the following from the Desktop

AdwCleaner.exe
AdwCleaner[R1].txt
AdwCleaner[S1].txt
FSS.exe
Fss.txt
SecurityCheck.exe
Checkup.txt


Delete any other .bat, .log, .reg, .txt, and any other files created during this process, and left on the desktop and empty the Recycle Bin.


Step-4.

Make a Fresh Restore Point, Clear the Old Restore Points, and Re-enable System Restore

The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected, but that's good news).

Note: Do not clear infected/old System Restore points before creating a new System Restore point first!

Windows XP
  • Click Start > All Programs > Accessories > System tools > System Restore. The System Restore Wizard opens.
  • Note: If the System Restore Wizard does not open, the System Restore feature may be turned off. To turn System Restore on, follow these steps:
  • Click Start, click Control Panel, and then double-click System.
  • Click the System Restore tab.
  • Make sure that the Turn off System Restore check box is not selected. Or, make sure that the Turn off System Restore on all drives check box is not selected.
  • Click OK.
[*] On the dialogue box that appears select Create a Restore Point
[*] Click NEXT
[*] Enter a name e.g. Clean
[*] Click CREATE
[*] Close System Restore[/list]Now we can purge the old system Restore Points

Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
    Restart your computer.
Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.
    System Restore will now be active again.


Step-5.

Reset Hidden Files and Folders

1. Click Start.
2. Open My Computer.
4. Select the Tools menu and click Folder Options.
5. Select the View tab.
6. Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
7. Click the Hide protected operating system files (recommended) option. Click Yes to confirm. Click OK.



Preventing Re-Infection


Below, I have included a number of recommendations for how to protect your computer against future malware infections.

:Keep Windows Updated:-Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

XP Users: You must use Internet Explorer to Update Windows.
1. Click Start> All Programs, in the programs window that comes up, look for Windows Update toward the top of the list and click it.

:Turn On Automatic Updates:

XP Users:
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them


: Keep Java Updated :
  • Click the Start button
  • Click Control Panel
  • Double Click Java - Looks like a coffee cup. You may have to switch to Classical View on the upper left of the Control Panel to see it.
  • Click the Update tab
  • Click Update Now
  • Allow any updates to be downloaded and installed
: Keep Adobe Reader Updated :
  • Open Adobe Reader
  • Click Help on the menu at the top
  • Click Check for Updates
  • Allow any updates to be downloaded and installed
NOTE: Whether you use Adobe Reader, Acrobat or Foxit Reader to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Click Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. Click OK Close program. It's the same for Foxit Reader except Preferences is under the Tools menu, and you uncheck Enable Javascript Actions.

:Web Browsers:

:Make your Internet Explorer more secure:
1. From within Internet Explorer click on the Tools menu and then click on Options.
2. Click once on the Security tab
3. Click once on the Internet icon so it becomes highlighted.
4. Click once on the Custom Level button.
5. Change the Download signed ActiveX controls to "Prompt"
6. Change the Download unsigned ActiveX controls to "Disable"
7. Change the Initialise and script ActiveX controls not marked as safe to "Disable"
8. Change the Installation of desktop items to "Prompt"
9. Change the Launching programs and files in an IFRAME to "Prompt"
10. When all these settings have been made, click on the OK button.
11. If it prompts you as to whether or not you want to save the settings, click the Yes button.
12. Next press the Apply button and then the OK to exit the Internet Properties page.

:Alternate Browsers:

If you use Firefox, I highly recommend these add-ons to keep your PC even more secure.
  • NoScript - for blocking ads and other potential website attacks
  • WebOfTrust - a safe surfing tool for your browser. Traffic-light rating symbols show which websites you can trust when you search, shop and surf on the Web.
  • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
:Install the MVPs Hosts File:
  • MVPS Hosts file-replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.You only need this if you use Firefox.

Preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running a full scan at least once a month. Run Quick Scans at least once a week. Download the Free versions. And update the definitions before running scans.

========Anti Spyware========
  • Malwarebytes-Free Version- a powerful tool to search for and eliminate malware found on your computer.
  • SUPERAntiSpyware Free Edition-another scanning tool to find and eliminate malware.
  • SpywareBlaster-to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard-to catch and block spyware before it can execute. A tutorial can be found here.
  • WinPatrol - will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found here.


It's a good idea to clear out all your temp files every now and again. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.

========TEMP File Cleaners========
  • TFC by OldTimer-A very powerful cleaning program for 32 and 64 bit OS. Note: You may have this already as part of the fixes you have run.
  • CleanUP-Click the Download CleanUP! link. There is also a Learn how to use CleanUP! link on this page.
:BACKUPS:
  • Keep a backup of your important files.-Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT-(Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

:Keep Installed Programs Up to Date:

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
A couple of programs that will do this are listed below. Only download and install one of the programs and run it monthly:
Secunia Software Inspector
Filehippo Update Checker

Finally, please read How did I Get Infected in the First Place(by Mr. Tony Klein and dvk01)


I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For 24 hours or so. If Anything Comes Up - Just Come Back And Let Me Know

Stay Safe :wave:
godawgs
  • 0

#21
adam80

adam80

    Member

  • Topic Starter
  • Member
  • PipPip
  • 54 posts
Removed everything. Things are running smoothly. Thanks again for all of your help. :)

Adam
  • 0

#22
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
You're welcome Adam. It was our pleasure. If you ever need us again give us a shout, or if any of your friends ever need help you know where to send them. ;)

godawgs
  • 0

#23
godawgs

godawgs

    Teacher

  • Retired Staff
  • 8,228 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP