Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

cascading new windows opening virus? [Solved]


  • This topic is locked This topic is locked

#31
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Posted Image
  • 0

Advertisements


#32
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
ok. i had FRST and fixlist on my desktop and ran 'fix'. not sure if it ran. if it did it was very fast.. the results it gave me are below.



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 03-10-2013
Ran by Gary at 2013-10-11 17:40:33 Run:1
Running from C:\Documents and Settings\Gary\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S2 nywuko; C:\Windows\system32\svchost.exe [14336 2008-08-21] (Microsoft Corporation)
NETSVC: nywuko -> No Registry Path.
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\webmakerplus => ""="service"
*****************

nywuko => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs nywuko => Value deleted successfully.
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\webmakerplus => Key deleted successfully.

==== End of Fixlog ====
  • 0

#33
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Yep, we got it. Posted Image

How is the computer running now? Let's sweep for remnants.


Step 1: Run SecurityCheck

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Step 2: Run MBAM.

Please download Malwarebytes' Anti-Malware
  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 3: Run online scan.

Run ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is Not checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Things I need in your next reply:
  • SecurityCheck log
  • MBAM log
  • ESET log
  • Any outstanding problems?

  • 0

#34
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Security check:

Results of screen317's Security Check version 0.99.74
Windows XP Service Pack 3 x86
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
JavaFX 2.1.0
Java™ 6 Update 29
Java™ 7 Update 4
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader 10.1.8 Adobe Reader out of Date!
Mozilla Firefox 11.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 6%
````````````````````End of Log``````````````````````


MBAM:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.11.09

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
Gary :: GARY-0587134ADE [administrator]

10/11/2013 8:18:32 PM
mbam-log-2013-10-11 (20-18-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 267917
Time elapsed: 7 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Documents and Settings\Gary\Local Settings\Temp\294823_.exe (PUP.Optional.PreLoader.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Temp\00294823\7izM6yfVd.exe (PUP.Optional.MultiPlug.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Gary\Local Settings\Temp\nsb133.tmp\shoppingchip_installer.exe (PUP.Optional.ShoppingChip) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nick\Local Settings\Temp\{2635D9E4-D0D3-49F9-AB12-98F1FDD6FB12}\Addons\wsconduit__166.exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\Nick\Local Settings\Temporary Internet Files\Content.IE5\G1IZO9IF\wsconduit__166[1].exe (PUP.Optional.Amonetize.A) -> Quarantined and deleted successfully.

(end)
I STILL HAVE ONE MORE LOG TO GET YOU.......THE ESET.LOG
  • 0

#35
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
[email protected] as downloader log:
all ok
[email protected] as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=fe9ba79f4f71bb45b5d4dc64417f85e8
# engine=15455
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-10-12 01:49:50
# local_time=2013-10-11 09:49:50 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# scanned=91785
# found=25
# cleaned=0
# scan_time=3888
sh=C711D94CB35410AB549595B90983D7E1C9E010BD ft=1 fh=bb9302cb8f0425bf vn="probably a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Documents and Settings\Gary\Local Settings\Temp\SearchProtectionSetup.exe"
sh=FA06CDE4B406666DCC5E8E75FA868F61B52A20FF ft=1 fh=c71c0011d10587aa vn="a variant of Win32/TrojanDownloader.Adload.NLN trojan" ac=I fn="C:\Documents and Settings\Gary\Local Settings\Temp\ShoppingChip.exe"
sh=CB281E4A5EB262F8A551350E250F9EC7E738C62E ft=1 fh=6a368a6acdee4a47 vn="probably a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Documents and Settings\Gary\Local Settings\Temp\utt3D.tmp.exe"
sh=9DC7728E8F74799B7C3B00CA62E9AB3CEE8FBB03 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Documents and Settings\Gary\Local Settings\Temp\00294823\[email protected]\content\bg.js"
sh=12349236DE02E1035B25B3512FDD02EBA70A7275 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Documents and Settings\Gary\Local Settings\Temp\00294823\ijlcnnfncnjdhcdommenhobnompdjpkb\2MmILjwsF.js"
sh=B00B61F670B2C4D41A32289AFF49464B93C9E499 ft=1 fh=a8c4bc8d4ee24ef1 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Documents and Settings\Gary\My Documents\Downloads\ARO2012_tbt.exe"
sh=8DE9683947E9B59370734353390BEDAE04EB1209 ft=1 fh=cdfd9ded08eefef8 vn="a variant of Win32/InstallCore.BF application" ac=I fn="C:\Documents and Settings\Gary\My Documents\Downloads\DownloadManagerSetup.exe"
sh=B896DEDCC410A84E9D794EB28ADB30E4CE0FC1C7 ft=1 fh=0d280081a7b58c5c vn="multiple threats" ac=I fn="C:\Documents and Settings\Matt\.frostwire5\updates\frostwire-5.6.2.windows.exe"
sh=F4AC0F1509A45FF69D233D9237873475E16EE397 ft=1 fh=82bf3c2ef2381a00 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Documents and Settings\Matt\Local Settings\Application Data\AskToolbar\setup.exe"
sh=F4AC0F1509A45FF69D233D9237873475E16EE397 ft=1 fh=82bf3c2ef2381a00 vn="a variant of Win32/Bundled.Toolbar.Ask application" ac=I fn="C:\Documents and Settings\Matt\Local Settings\Temp\setup.exe"
sh=FD32BCE411EA0A3FE06DEABB8971BA14BEB45FBD ft=1 fh=5c1c185d79a4b1a9 vn="a variant of Win32/Bunndle application" ac=I fn="C:\Documents and Settings\Nick\Local Settings\Temp\Bunndle\BunndleOfferManager.dll"
sh=3C04A2FE8C677EA701A53CB75962F8A57AC1C15A ft=1 fh=1ea57dcb2d0bd619 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files\Common Files\Spigot(2)\wtxpcom(2)\components(2)\WidgiToolbarFF.dll.10"
sh=766910570B57DE4887DA7FE8F5EA9162FEC682E9 ft=1 fh=55dac3ae9427899e vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files\Common Files\Spigot(2)\wtxpcom(2)\components(2)\WidgiToolbarFF.dll.11"
sh=CC6FD5850F9C6C419DF200651EBB49018F77179F ft=1 fh=62b7a8afa28b0aef vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files\Common Files\Spigot(2)\wtxpcom(2)\components(2)\WidgiToolbarFF.dll.12"
sh=EAD89D69BF3550E1E815FA36448BE48A7B14CF63 ft=1 fh=8876121bbe326f60 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files\Common Files\Spigot(2)\wtxpcom(2)\components(2)\WidgiToolbarFF.dll.13"
sh=28676EA4ED657AA64420620558AC3513E155A2DD ft=1 fh=a287d11b1b41f539 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files\Common Files\Spigot(2)\wtxpcom(2)\components(2)\WidgiToolbarFF.dll.14"
sh=8A95FE57145847610ADE36E39A45FD6B5B557E90 ft=1 fh=c4079b6115edee15 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files\Common Files\Spigot(2)\wtxpcom(2)\components(2)\WidgiToolbarFF.dll.5"
sh=DEBDA0EADF7BE7CF6AFBF0E7178C9DE63E13A075 ft=1 fh=743dc3152722ef43 vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files\Common Files\Spigot(2)\wtxpcom(2)\components(2)\WidgiToolbarFF.dll.6"
sh=76DD8010C854D57B2620770A5767A1EB421FC13E ft=1 fh=e1b52b5dda50b5ac vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files\Common Files\Spigot(2)\wtxpcom(2)\components(2)\WidgiToolbarFF.dll.7"
sh=007B8191A19D15B3B89DA1C92B30213B29091E86 ft=1 fh=07c21ced4f70aaac vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files\Common Files\Spigot(2)\wtxpcom(2)\components(2)\WidgiToolbarFF.dll.8"
sh=2ACC22EE87020FB78D512FB2C8F4D59F62E7654F ft=1 fh=089ce789e8df166a vn="a variant of Win32/Toolbar.Widgi application" ac=I fn="C:\Program Files\Common Files\Spigot(2)\wtxpcom(2)\components(2)\WidgiToolbarFF.dll.9"
sh=4E289A018FA334C22401DD7DC6538B43886D3821 ft=1 fh=d2a54123d5778a5c vn="multiple threats" ac=I fn="C:\Program Files\FrostWire 5\frostwire-installer.exe"
sh=533EBEE5E8DB5053E1F062B23F74DC1C72B153CE ft=1 fh=4a9334026ea419e3 vn="Win32/OpenCandy application" ac=I fn="C:\Program Files\FrostWire 5\OCSetupHlp.dll"
sh=CB5FAC84255B8E3C4F65ACEA5E7719D673D5646C ft=1 fh=f40bfa5333f09ee9 vn="a variant of Win32/Spy.Banker.YPK trojan" ac=I fn="C:\_OTL\MovedFiles\05162012_202621\C_WINDOWS\System32\11007\components\AcroFF007.dll"
sh=9DC7728E8F74799B7C3B00CA62E9AB3CEE8FBB03 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\_OTL\MovedFiles\10012013_171510\C_Documents and Settings\Gary\Application Data\Mozilla\Firefox\Profiles\v6bq9mwd.default\extensions\[email protected]\content\bg.js"
  • 0

#36
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I think that is all 3 scans and logs you needed. Let me know be fore I erase anything... Thx again.
Computer definietly no longer has cascading pop up pages! not sure about everything else. hard to tell . need to use it for awhile before i notice quickness. none the less i am truely appreciative of geeks to go...again! I feel like i should do this once a yr no matter what.
  • 0

#37
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Hi

Buddierdl I have noticed that there is a big delay for my Mozilla page to come up after I login. I click on Mozilla. Nothing happens. I click on it a few more time. then all of a sudden, about 4-5 Mozilla pages load at once. What do you think that might be?


  • 0

#38
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Okay, first let's get rid of what ESET found, then see what we can do about Firefox. Then we can clean up if you are satisfied.


Please be aware that this fix will delete your temporary files. If malware has "hidden" any of your files, please do not run the fix, but stop and let me know.

Start OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :Commands
    [createrestorepoint]
    
    :Files
    C:\Documents and Settings\Gary\Local Settings\Temp\SearchProtectionSetup.exe
    C:\Documents and Settings\Gary\Local Settings\Temp\ShoppingChip.exe
    C:\Documents and Settings\Gary\Local Settings\Temp\utt3D.tmp.exe
    C:\Documents and Settings\Gary\Local Settings\Temp\00294823
    C:\Documents and Settings\Gary\My Documents\Downloads\ARO2012_tbt.exe
    C:\Documents and Settings\Gary\My Documents\Downloads\DownloadManagerSetup.exe
    C:\Documents and Settings\Matt\.frostwire5\updates\frostwire-5.6.2.windows.exe
    C:\Documents and Settings\Matt\Local Settings\Application Data\AskToolbar\setup.exe
    C:\Documents and Settings\Matt\Local Settings\Temp\setup.exe
    C:\Documents and Settings\Nick\Local Settings\Temp\Bunndle\BunndleOfferManager.dll
    C:\Program Files\Common Files\Spigot(2)
    C:\Program Files\FrostWire 5\frostwire-installer.exe
    C:\Program Files\FrostWire 5\OCSetupHlp.dll
    C:\WINDOWS\system32\11007
    
    :Commands
    [emptytemp]
    
  • Then click the Run Fix button at the top
  • Let the program run unhindered.
  • Post the log it produces in your next reply. The log should be saved in C:\_OTL\MovedFiles and should be named with numbers describing the date and time it was run.

Now, let's see if a reset will help your firefox issues. Try following the instructions here.

  • 0

#39
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
ok, this should be it. BTW the problem I was having before w/ Firefox(Mozilla) hasn't been happening now.


All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== FILES ==========
C:\Documents and Settings\Gary\Local Settings\Temp\SearchProtectionSetup.exe moved successfully.
C:\Documents and Settings\Gary\Local Settings\Temp\ShoppingChip.exe moved successfully.
C:\Documents and Settings\Gary\Local Settings\Temp\utt3D.tmp.exe moved successfully.
C:\Documents and Settings\Gary\Local Settings\Temp\00294823\ijlcnnfncnjdhcdommenhobnompdjpkb folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Temp\00294823\[email protected]\content folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Temp\00294823\[email protected] folder moved successfully.
C:\Documents and Settings\Gary\Local Settings\Temp\00294823 folder moved successfully.
C:\Documents and Settings\Gary\My Documents\Downloads\ARO2012_tbt.exe moved successfully.
C:\Documents and Settings\Gary\My Documents\Downloads\DownloadManagerSetup.exe moved successfully.
C:\Documents and Settings\Matt\.frostwire5\updates\frostwire-5.6.2.windows.exe moved successfully.
C:\Documents and Settings\Matt\Local Settings\Application Data\AskToolbar\setup.exe moved successfully.
C:\Documents and Settings\Matt\Local Settings\Temp\setup.exe moved successfully.
C:\Documents and Settings\Nick\Local Settings\Temp\Bunndle\BunndleOfferManager.dll moved successfully.
C:\Program Files\Common Files\Spigot(2)\wtxpcom(2)\components(2) folder moved successfully.
C:\Program Files\Common Files\Spigot(2)\wtxpcom(2) folder moved successfully.
C:\Program Files\Common Files\Spigot(2)\Search Settings(2) folder moved successfully.
C:\Program Files\Common Files\Spigot(2) folder moved successfully.
C:\Program Files\FrostWire 5\frostwire-installer.exe moved successfully.
C:\Program Files\FrostWire 5\OCSetupHlp.dll moved successfully.
File\Folder C:\WINDOWS\system32\11007 not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Alice
->Temp folder emptied: 353427 bytes
->Temporary Internet Files folder emptied: 317043 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 112366088 bytes
->Flash cache emptied: 720 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Gary
->Temp folder emptied: 107135219 bytes
->Temporary Internet Files folder emptied: 679938 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 202220469 bytes
->Flash cache emptied: 52296 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Matt
->Temp folder emptied: 61174625 bytes
->Temporary Internet Files folder emptied: 81046830 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 2231819566 bytes
->Flash cache emptied: 124335 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 234337724 bytes

User: Nick
->Temp folder emptied: 26915949 bytes
->Temporary Internet Files folder emptied: 5390017 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 1125246578 bytes
->Flash cache emptied: 27152 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1933078 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 290257393 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 3265456 bytes

Total Files Cleaned = 4,277.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 10142013_220141

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#40
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Congratulations, Gmr. :) Your computer now appears to be clean. Please complete the followings steps to finalize the cleaning process. If you have any questions, don't hesitate to ask.

Please be sure to install an anti-virus on your computer as you don't have one running. This is very important to keep your computer secure. I recommend the free AVAST.

Please update these programs, as old versions pose a security risk.

  • Java

    WARNING: Java is the #1 exploited program at this time. The Department of Homeland Security recommends that computer users disable Java
    See this article and this article.
    I would recommend that you completely uninstall Java unless you need it to run an important software.
    In that instance I would recommend that you disable Java in your browsers until you need it for that software and then enable it. (See How to diasble Java in your web browser and How to unplug Java from the browser)

    If you do need java, then you should definitely update to the latest version:

    Please download JavaRa to your desktop and unzip it to its own folder
    • Run JavaRa.exe, then click Remove JRE.
    • Run the built-in uninstallers for all copies of java listed
    • Click the Next button
    • Click the Next button again
    • Click the Java Manual Download link
    • A browser window will open with the Java download page
    • Click the Windows Offline (32-bit) or Windows Offline (64-bit) link to download Java (based on your browser type)
    • Run the installer
    • Close JavaRa
    • Check in the Control Panel in the Add/Remove Programs to make sure JavaFX 2.1.0 was removed as well. If not, remove it using the Control Panel. You will get the latest version with the new install.
  • Adobe Reader -> You can get the latest version here.

    I would recommend securing Adobe Reader against the latest exploits as follows:
    • Launch Adobe Reader.
    • Click on Edit and select Preferences.
    • On the Left, click on the Javascript category and Uncheck Enable Acrobat Javascript.
    • Click on the Security (Enhanced) category and Uncheck Automatically trust sites from my Win OS security zones.
    • Click on the Trust Manager category and Uncheck Allow opening of non-PDF file attachments with external applications.
    • Click the OK button.
  • Adobe Flash -> Make sure to keep up with latest version here.
  • Firefox -> You can get the latest version here.
  • Internet Explorer -> Even if you don't use it, you need to keep it up to date to protect your computer. You can get IE8 here.

Clean up OTL:
  • Open OTL and select the "CleanUp" button.
  • Allow the computer to reboot.

Delete possibly infected restore points. Your computer may have saved a restore point while it was infected, so we need to delete the old restore points and create a new, clean one.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

  • Create a new, clean System Restore point which you can use in case of future system problems:
  • Press Start >> All Programs >> Accessories >>System Tools >> System Restore
  • Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
  • Now remove old, infected System Restore points:
  • Next click Start >> Run and type cleanmgr in the box and press OK
  • Ensure the boxes for Recycle Bin, Temporary Files and Temporary Internet Files are checked, you can choose to check other boxes if you wish but they are not required.
  • Select the More Options tab, under System Restore press Clean up... and say Yes to the prompt
  • Press OK and Yes to confirm

Reset SP3 Firewall: Make sure you don't have any open ports in your firewall.
Click on Start >> Run... and cut/paste in the following and click on OK
firewall.cpl
Click on the Advanced tab >> Restore Defaults >> At the prompt click on Yes >> OK
Now click on the General tab >> select On(recommended) >> OK.

Ensure that Windows is always updated. Keeping Windows updated is very important to prevent security vulnerabilities. I recommend turning on automatic updates following the instructions below:
  • First, click on Start and click on Control Panel.
  • Double-click on Automatic Updates to bring up the configuration dialog. If you're in Category view, you'll have to click on Security Center.
  • Select the Automatic (recommended) option and click on OK at the bottom of the window.

Empty temp files. I would recommend doing this every so often to free up some space on your computer.

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Always ensure that your firewall and anti-virus program are updated and running. These are your first line of defense against infection.

Make sure that you keep all of your programs updated. Out-of-date programs can make your computer more vulnerable to infection. Software manufacturers release updates to fix security problems as they are discovered. Secunia Personal Software Inspector, free to download here, is a good program that will scan your computer looking for programs that need to be updated.

This article has good information about how computers get infected. You can read it for good tips on staying clean and safe.
  • 0

Advertisements


#41
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Still have a problem. Firefox says it can't find server. Says in address box. Us.data.toolbar.yahoo.com.
  • 0

#42
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
I downloaded avast. It scanned n said OK. It gave me Google chrome. I never used it but I clicked on it. That is when I lost server. Is it a coinsidence? Pls advise. I work late tomorrow n won't b able to do anything at home till then. My Ubuntu doesn't even work. But my ooma internet phone does work! Thank you for helping. All was so good up till now!
  • 0

#43
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
holy crap. i reset my modem and router and now i'm connected! it must have been something along that line...??? so can google chrome screw up a internet connection? like mess with the internet address or name? or was this just a server issue, you think...? Thanks again...
  • 0

#44
Gmr

Gmr

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
i will get to the java, adobe firewall, etc by friday. BTW i did send you a little thank you via paypal...your help is really appreciated.
  • 0

#45
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Thank you for the donation. It is very much appreciated. Posted Image

I should have warned you about Chrome with AVAST. You can uncheck it when you install AVAST. However, it shouldn't break your internet. Probably a temporary blip in your connection. You can uninstall Google Chrome from the Control Panel.

Is everything okay now?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP