Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My username has win 7 2013 fake antivirus program [Solved]


  • This topic is locked This topic is locked

#31
lavondaljt

lavondaljt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
OK, I opened the MBAM software, but my trial went out and I dont have the money to upgrade, so I could not update. It showed the last run it did the lasttime it updated, and i'm including it below. I was able to run a quick scan and it's also included below.

Last run using update:

-->mbam log 2013-01-27--<

Malwarebytes Anti-Malware (Trial) 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.27.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lavonda :: BRIAN-PC [limited]

Protection: Enabled

1/27/2013 1:10:57 AM
mbam-log-2013-01-27 (01-10-57).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 189910
Time elapsed: 8 minute(s), 56 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKCR\.exe\shell\open\command| (Hijack.ExeFile) -> Data: "C:\Users\Lavonda\AppData\Local\dsn.exe" -a "%1" %* -> Quarantined and deleted successfully.

Registry Data Items Detected: 1
HKCR\.exe| (Hijacked.exeFile) -> Bad: (R4U) Good: (exefile) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


-->protection-log-2013-01-27--<


2013/01/27 00:53:32 -0600 BRIAN-PC Brian MESSAGE Executing scheduled update: Daily
2013/01/27 00:57:04 -0600 BRIAN-PC Lavonda MESSAGE Scheduled update executed successfully: database updated from version v2013.01.26.04 to version v2013.01.27.02
2013/01/27 00:57:04 -0600 BRIAN-PC Lavonda MESSAGE Starting database refresh
2013/01/27 00:57:04 -0600 BRIAN-PC Lavonda MESSAGE Stopping IP protection
2013/01/27 00:57:06 -0600 BRIAN-PC Lavonda MESSAGE IP Protection stopped successfully
2013/01/27 00:57:32 -0600 BRIAN-PC Lavonda MESSAGE Database refreshed successfully
2013/01/27 00:57:32 -0600 BRIAN-PC Lavonda MESSAGE Starting IP protection
2013/01/27 00:57:36 -0600 BRIAN-PC Lavonda MESSAGE IP Protection started successfully
2013/01/27 01:24:04 -0600 BRIAN-PC Lavonda IP-BLOCK 178.90.89.168 (Type: outgoing, Port: 8522, Process: skype.exe)
2013/01/27 01:24:13 -0600 BRIAN-PC Lavonda IP-BLOCK 178.90.89.168 (Type: outgoing, Port: 8522, Process: skype.exe)
2013/01/27 01:24:13 -0600 BRIAN-PC Lavonda IP-BLOCK 178.90.89.168 (Type: outgoing, Port: 8522, Process: skype.exe)
2013/01/27 01:24:21 -0600 BRIAN-PC Lavonda IP-BLOCK 178.90.89.168 (Type: outgoing, Port: 8522, Process: skype.exe)
2013/01/27 01:24:21 -0600 BRIAN-PC Lavonda IP-BLOCK 178.90.89.168 (Type: outgoing, Port: 8522, Process: skype.exe)
2013/01/27 04:57:26 -0600 BRIAN-PC Lavonda MESSAGE Starting protection
2013/01/27 04:57:26 -0600 BRIAN-PC Lavonda MESSAGE Protection started successfully
2013/01/27 04:57:26 -0600 BRIAN-PC Lavonda MESSAGE Starting IP protection
2013/01/27 04:57:28 -0600 BRIAN-PC Lavonda MESSAGE IP Protection started successfully
2013/01/27 05:49:39 -0600 BRIAN-PC (null) MESSAGE Starting protection
2013/01/27 05:49:39 -0600 BRIAN-PC (null) MESSAGE Protection started successfully
2013/01/27 05:49:39 -0600 BRIAN-PC (null) MESSAGE Starting IP protection
2013/01/27 05:49:42 -0600 BRIAN-PC (null) MESSAGE IP Protection started successfully
2013/01/27 09:12:54 -0600 BRIAN-PC (null) MESSAGE Starting protection
2013/01/27 09:12:54 -0600 BRIAN-PC (null) MESSAGE Protection started successfully
2013/01/27 09:12:54 -0600 BRIAN-PC (null) MESSAGE Starting IP protection
2013/01/27 09:12:57 -0600 BRIAN-PC (null) MESSAGE IP Protection started successfully
2013/01/27 11:12:58 -0600 BRIAN-PC Brian MESSAGE Stopping protection
2013/01/27 11:12:58 -0600 BRIAN-PC Brian MESSAGE Protection stopped successfully
2013/01/27 11:12:58 -0600 BRIAN-PC Brian MESSAGE Stopping IP protection
2013/01/27 11:12:58 -0600 BRIAN-PC Brian MESSAGE IP Protection stopped successfully
2013/01/27 11:20:12 -0600 BRIAN-PC Brian MESSAGE Protection stopped

=========================================================================================


Quick Scan Run today without being able to update:



Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.27.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Lavonda :: BRIAN-PC [limited]

1/31/2013 12:56:03 PM
mbam-log-2013-01-31 (12-56-03).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190145
Time elapsed: 4 minute(s), 21 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


=========================================================================

Ok, here's the last log. Not much to look at though. I opened the txt file
and that was it. I hope nothing went wrong and this was what it was suppose
to look like?

[email protected] as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK


If there is anything else you need me to do, just let me know. I answered your
questions in the first paragraph, but to recap, everything is running fine. No
popups on anything.

Thanks for your help with all this, I know it's been a mess to work on.

Have a blessed day
Lavonda
  • 0

Advertisements


#32
lavondaljt

lavondaljt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
ESET Online Scanner showed this list after the scan was complete

C:\$Recycle.Bin\S-1-5-21-4252486922-632008616-1957039968-1003\$RFJ340O.exe a variant of Win32/Soft32Downloader.B application cleaned by deleting - quarantined
C:\$Recycle.Bin\S-1-5-21-4252486922-632008616-1957039968-1003\$RTLGE9F.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
C:\Users\Brian\Desktop\Desktop Programs\IncredibarMixi.exe Win32/OutBrowse.C application cleaned by deleting - quarantined
C:\Users\Lavonda\Desktop\My Desktop Folders\My Newest Downloads\Unused Programs\cbsidlm-cbsi5_2_0_83-RealPlayer-ORG2-10073040.exe a variant of Win32/CNETInstaller.A application cleaned by deleting - quarantined
C:\Users\Lavonda\Desktop\iLividSetup_1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined


But the log you told me to get from program files/eset/log.txt only showed the 3 lines that I
told you about in my last post.

Maybe this will help.
Thanks
Lavonda
  • 0

#33
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hi. :)
Sometimes the ESET log looks like that so there is nothing to worry about.
The e-mail might have been caused by us uninstalling Sendori. I don't know for certain as I can't read the contents of the e-mail.


Step 1

To allow MBAM to update again:

  • Click on the Start Posted Image button and select Control Panel.
  • Click on Uninstall a program.
  • Uninstall Malwarebytes' Anti-Malware.
  • Restart your computer (very important).
  • Download and run mbam-clean.exe from here.
  • NOTE: If you get SHGetValue failed with error code 0, that only means that the tool has nothing to perform, continue on with the next step....
  • It will ask to restart your computer, please allow it to do so as it is very important.

Then:

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.

  • 0

#34
lavondaljt

lavondaljt

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
ok, that's done.....here is the log of what it came up with.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.05.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Brian :: BRIAN-PC [administrator]

2/5/2013 4:19:26 PM
mbam-log-2013-02-05 (16-19-26).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 254494
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



is that it? are we finished? If so, I want to thank you so much for helping me out....you have been great. I'm not going to be able to type long, i just had surgery yesterday and it's hard to sit up. but again if there is anything else that needs to be done just post it here and i'll see it in the next day or so.....thanks again......

Lavonda

-------------------------------------

You mentioned that you couldn't read the email on the SENDORI thing, so I've copied a couple of them here for you to look at.

I could not understand the message. It was full of code, but I found copied one of it's links and pasted it into GOOGLE and t had something to do with "Sendori". I've attached a copy of two of the mailer deamon emails below.


===============================================================================
Sorry, we were unable to deliver your message to the following address.

<[email protected]>:
Message expired for domain mybigplanet.com. Remote host said: 451 Can't connect to mybigplanet.com - psmtp [RCPT_TO]

--- Below this line is a copy of the message.

Received: from [98.139.215.142] by nm12.bullet.mail.bf1.yahoo.com with NNFMP; 18 Jan 2013 10:44:33 -0000
Received: from [98.139.215.230] by tm13.bullet.mail.bf1.yahoo.com with NNFMP; 18 Jan 2013 10:44:33 -0000
Received: from [127.0.0.1] by omp1070.mail.bf1.yahoo.com with NNFMP; 18 Jan 2013 10:44:33 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 22343 invoked by uid 60001); 18 Jan 2013 10:44:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1358505873; bh=8+Aah/wNHhMIQN/s4JyUnC6MowSKvojXwnX12Wf1b3g=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type; b=axmsMqH5gtVDdyac+wn/p6Mtee/CLdzVhuBmCIULOJVdDhySFadtrF4+u74f37AvM0UaFtoMNxB94LP4T4xdK+oDf3q5f8EPnmoWfv1M609m+32xSV0MH+sWqJY8DW1FIn8g5jIOtAyuHDWY3O8AZ0Ns7UK5GO2z5fk+6blIIyU=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type;
b=bIcwo/cdPJfBA4ZvkrPN+2BKR6KqEFXVcwrKjo031QKa9YB3zFjASAP3PP8xzeGv571RWYJZeMYXi+WRpzyQTbc00CG4bDq/iv6Rw2Ep0DZwzSgbjOFvewVCosUMZPdl7tFR6ZzHUeWI1daT6jESDotevERCWTlK0ujmchbzAmQ=;
X-YMail-OSG: tcdxPloVM1m68SRpTElwJ5RfOXLiGCbNeFsFy7LuOVcTvIb
HC3ycy6W5yxgl9sjxn4ryYWrGoSgw63_sQYE_3fjNS3kB7ck0EZJblYeeHoM
Lp_nmE5eN7zooIV17BSrUs9vv4kv6d5a9Y53qG5Sfyi1GRoORhP8Ny.FCh0t
NUOh4MoHtd0z7aKiEOYYUH0ak3xHr.VwqU04JKmq91p2HuVvkXi9TLMBZihx
XdDX3eB32ZCXSpinkmTzuom4SSnkcHdbZhvvW9nnBODei9p2rhHDs9Y2qVXc
STFBE7iEmzYIqKXEJYLqasQ7kWEhgsvQfA049TjYXE8M3RZIcARMKjqlVDAe
AJJ7vVu3SUEMdm5qVf1wQN69IfsNPlBKbeaSk3p_KFelDfS8QN5BDRE1JGS3
rmkdesz9YJX729cTZ4bypmpYYZCRF6SpI5mZrhKaR58LlyM3KS1.rSx5LXoi
iqhssrUxJDSvvmI.yk2n2_MZQAqq4LPU89Jo3StiVvseT6as99u8sfe3364B
5lwk1bAwL0T._R3bY18cYGDCknak6Lpi.BI6gCyxRUftk9JGi_B5oZYAAvL1
_
Received: from [5.173.100.187] by web162906.mail.bf1.yahoo.com via HTTP; Fri, 18 Jan 2013 02:44:33 PST
X-Rocket-MIMEInfo: 001.001,aHR0cDovL215ZXJvbXVzaWMucnUveWlUVWRzby5odG1sATABAQEB
X-Mailer: YahooMailWebService/0.8.130.494
Message-ID: <[email protected]>
Date: Fri, 18 Jan 2013 02:44:33 -0800 (PST)
From: Vonda Jean <[email protected]>
Reply-To: Vonda Jean <[email protected]>
To: [email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected], [email protected]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1372000244-92876330-1358505873=:22282"

---1372000244-92876330-1358505873=:22282
Content-Type: text/plain; charset=us-ascii

http://myeromusic.ru/yiTUdso.html
---1372000244-92876330-1358505873=:22282
Content-Type: text/html; charset=us-ascii

<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><a name="tsbetiukui" title="armlh" href="http://myeromusic.ru...></body></html>
---1372000244-92876330-1358505873=:22282--

=======================================================================
=======================================================================
=======================================================================



Sorry, we were unable to deliver your message to the following address.

<[email protected]>:
No MX or A records for christian-web-masters.com

--- Below this line is a copy of the message.

Received: from [98.139.212.152] by nm9.bullet.mail.bf1.yahoo.com with NNFMP; 18 Jan 2013 10:44:33 -0000
Received: from [98.139.212.218] by tm9.bullet.mail.bf1.yahoo.com with NNFMP; 18 Jan 2013 10:44:33 -0000
Received: from [127.0.0.1] by omp1027.mail.bf1.yahoo.com with NNFMP; 18 Jan 2013 10:44:33 -0000
X-Yahoo-Newman-Property: ymail-3
X-Yahoo-Newman-Id: [email protected]
Received: (qmail 22343 invoked by uid 60001); 18 Jan 2013 10:44:33 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.com; s=s1024; t=1358505873; bh=8+Aah/wNHhMIQN/s4JyUnC6MowSKvojXwnX12Wf1b3g=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type; b=axmsMqH5gtVDdyac+wn/p6Mtee/CLdzVhuBmCIULOJVdDhySFadtrF4+u74f37AvM0UaFtoMNxB94LP4T4xdK+oDf3q5f8EPnmoWfv1M609m+32xSV0MH+sWqJY8DW1FIn8g5jIOtAyuHDWY3O8AZ0Ns7UK5GO2z5fk+6blIIyU=
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
s=s1024; d=yahoo.com;
h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type;
b=bIcwo/cdPJfBA4ZvkrPN+2BKR6KqEFXVcwrKjo031QKa9YB3zFjASAP3PP8xzeGv571RWYJZeMYXi+WRpzyQTbc00CG4bDq/iv6Rw2Ep0DZwzSgbjOFvewVCosUMZPdl7tFR6ZzHUeWI1daT6jESDotevERCWTlK0ujmchbzAmQ=;
X-YMail-OSG: tcdxPloVM1m68SRpTElwJ5RfOXLiGCbNeFsFy7LuOVcTvIb
HC3ycy6W5yxgl9sjxn4ryYWrGoSgw63_sQYE_3fjNS3kB7ck0EZJblYeeHoM
Lp_nmE5eN7zooIV17BSrUs9vv4kv6d5a9Y53qG5Sfyi1GRoORhP8Ny.FCh0t
NUOh4MoHtd0z7aKiEOYYUH0ak3xHr.VwqU04JKmq91p2HuVvkXi9TLMBZihx
XdDX3eB32ZCXSpinkmTzuom4SSnkcHdbZhvvW9nnBODei9p2rhHDs9Y2qVXc
STFBE7iEmzYIqKXEJYLqasQ7kWEhgsvQfA049TjYXE8M3RZIcARMKjqlVDAe
AJJ7vVu3SUEMdm5qVf1wQN69IfsNPlBKbeaSk3p_KFelDfS8QN5BDRE1JGS3
rmkdesz9YJX729cTZ4bypmpYYZCRF6SpI5mZrhKaR58LlyM3KS1.rSx5LXoi
iqhssrUxJDSvvmI.yk2n2_MZQAqq4LPU89Jo3StiVvseT6as99u8sfe3364B
5lwk1bAwL0T._R3bY18cYGDCknak6Lpi.BI6gCyxRUftk9JGi_B5oZYAAvL1
_
Received: from [5.173.100.187] by web162906.mail.bf1.yahoo.com via HTTP; Fri, 18 Jan 2013 02:44:33 PST
X-Rocket-MIMEInfo: 001.001,aHR0cDovL215ZXJvbXVzaWMucnUveWlUVWRzby5odG1sATABAQEB
X-Mailer: YahooMailWebService/0.8.130.494
Message-ID: <[email protected]>
Date: Fri, 18 Jan 2013 02:44:33 -0800 (PST)
From: Vonda Jean <[email protected]>
Reply-To: Vonda Jean <[email protected]>
To: [email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected],
[email protected], [email protected], [email protected]
MIME-Version: 1.0
Content-Type: multipart/alternative; boundary="-1372000244-92876330-1358505873=:22282"

---1372000244-92876330-1358505873=:22282
Content-Type: text/plain; charset=us-ascii

http://myeromusic.ru/yiTUdso.html
---1372000244-92876330-1358505873=:22282
Content-Type: text/html; charset=us-ascii

<html><body><div style="color:#000; background-color:#fff; font-family:times new roman, new york, times, serif;font-size:12pt"><div><a name="tsbetiukui" title="armlh" href="http://myeromusic.ru...></body></html>
---1372000244-92876330-1358505873=:22282--


==============================================================================

Edited by lavondaljt, 05 February 2013 - 05:18 PM.

  • 0

#35
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Hello! :wave:
I hope you have a speedy recovery.
I meant that I can't read the e-mails properly because they are code. If nothing has happened since then, I am happy to let you go.

====================================================================================

Congratulations your logs look clean! :thumbsup: :yeah: :woot:
Please follow the steps below to make your computer more secure.


First, re-enable any anti-virus/anti-malware programs we have disabled during the removal process!


Cleanup

Run OTL.
  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

    :Commands
    [emptytemp]
    [CLEARALLRESTOREPOINTS] 
    [Reboot]
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, reboot the PC when it is done.

  • Open OTL to run it. (Vista users, right click on OTL and "Run as administrator").
  • Close all other programs apart from OTL as this step will require a reboot.
  • On the OTL main screen, press the CLEANUP button.
  • Say Yes to the prompt and then allow the program to reboot your computer.
Note: If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.


Updates

Windows Update - This site is a Microsoft site that will scan your computer for any patches or updates that are missing from your computer. You should check this website regularly to keep windows up to date. This will ensure your computer has all of the latest security updates installed on your computer and is secure from any known security holes. Windows Updates are constantly being revised to combat the newest hacks and threats.
It is best if you have these set to download automatically.

How to turn on Automatic Updates:

  • Open Windows Update.
  • In the left pane, click Change settings.
  • Under Important updates, select Install updates automatically.

Posted Image
Adobe Reader - Make sure you have the latest version of Adobe Reader. It's important to keep Adobe Reader updated because many security problems are fixed with updates.

How to check for Adobe Reader updates:

  • Open Adobe Reader.
  • On the menu bar click on Help then Check For Updates.
  • The program will then tell you if updates are available.

Make sure you have the latest Adobe Flash Player (11.5.502.146) and Adobe Shockwave Player (11.6.8.638) so you can view all of the latest content on websites.


Make Internet Explorer more secure

  • Click Start.
  • Type Inetcpl.cpl into the Search box & click OK.
  • Click on the Security tab.
  • Click Reset all zones to default level.
  • Make sure the Internet Zone is selected & Click Custom level.
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

Recommended Programs

Make sure you update your security programs regularly so they know about new infections so they can protect your computer against them.
Here are a list of programs/tools that I like to recommend to users to reduce the risk of infection in the future:



Anti-Spyware Programs

MBAM - MalwareBytes Anti Malware is an excellent tool program to detect and get rid of malware. This program should be updated and run often.

SpywareBlaster - Prevents spyware from installing on your system and stops you from getting infected. It protects against bad ActiveX and immunizes your PC against them.

SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place. It offers realtime protection from spyware installation attempts.
Note: Make sure you are only running one real-time anti-spyware protection program (eg: TeaTimer, Windows Defender) or there will be a conflict.


Alternate Browsers

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up blocker (as an added benefit!) that I have ever seen. Hijackers like to attack Internet Explorer more than FireFox. If you are interested, Firefox may be downloaded from here.

Add-ons

NoScript - Blocks ads and other potential website attacks.

AdBlockPlus - Adblock Plus gets rid of ads and banners on the internet.

DrWeb Anti-Virus Link Checker - Allows you to check any file you are about to download, any page you are about to visit with online version of Dr.Web anti-virus.

Other browsers include:

Google Chrome
Safari
Opera


Other Programs

WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
Green to go.
Yellow for caution.
Red to stop.
WOT has an addon available for both Firefox and IE.


ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.


IE-SpyAd - Puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It prevents Cookies etc from downloading, from these websites, onto your computer.


MVPS Hosts File replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.


FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.


Google Toolbar - Get the free google toolbar to help stop pop ups.


Finally...

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Please respond one last time so we can consider the thread resolved and close it, thank-you.
Good luck and stay safe!!! :thumbsup:
  • 0

#36
Nedklaw

Nedklaw

    Trusted Helper

  • Malware Removal
  • 1,652 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP