Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works

Poweliks, Trojans, Malicious Websites [Solved]

Poweliks Trojans

  • This topic is locked This topic is locked



    Trusted Helper

  • Malware Removal
  • 2,216 posts
I have finished processing your latest FRST scan logs and found a few minor issues that we should take care of now before moving on.

First, a FRST Fixlist run >>>>

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt

BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll (Google Inc.)

NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Second, Google Chrome Preferences file fix >>>>

Enter the keyboard shortcut (Windows key +E) to open Windows Explorer.

In the Windows Explorer window that appears enter the following in the address bar:
Windows Vista/ Windows 7/ Windows 8: %LOCALAPPDATA%\Google\Chrome\User Data\

Locate the folder called "Default" in the directory window that opens and rename it as "Backup default."

Try opening Google Chrome again. A new "Default" folder is automatically created as you start using the browser.

Third, Run AdwCleaner Clean routine >>>>

Re-run AdwCleaner

Close all open windows and browsers.
  • Double click the AdwCleaner icon to run AdwCleaner. (Vista and 7 users) Right click the AdwCleaner icon, click Run as administrator and accept the UAC prompt to run AdwCleaner.
  • Click the Scan button and wait for the scan to complete.
  • When the Scan has finished the Scan button will be grayed out and the Clean button will be activated.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it may ask to reboot, allow this

  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[S0].txt
Information to Reply with >>>>
  • The Fixlog.txt log text.
  • The AdwCleaner[S0].txt log text.
  • Again, any new concerns or questions? Is the system still running well?

  • 0





  • Topic Starter
  • Member
  • PipPip
  • 38 posts

For some reason FARBAR has been stuck for 10 or 15 minutes with the message "Fixing is in progress. Please wait..." but it did complete a new FIXLOG.TXT. Here is the log:


Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 19-11-2014
Ran by Owner at 2014-11-20 09:19:57 Run:2
Running from C:\Users\Owner\Desktop
Loaded Profile: Owner (Available profiles: Owner)
Boot Mode: Normal

Content of fixlist:
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll (Google Inc.)


"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}" => Key deleted successfully.
"HKCR\CLSID\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}" => Key deleted successfully.
"C:\ProgramData\Partner" => File/Directory not found.

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Still running. Should I terminate FARBAR?

  • 0



    Trusted Helper

  • Malware Removal
  • 2,216 posts

If the system is still locked in the FRST run, then yes, terminate FRST and move on to the other steps.  The log showed that the deletions were handles fine but FRST is hung in empting the Temporary files from your system.

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 38 posts

OK, did the Google Chrome Preferences file fix and re-ran AdwCleaner:


# AdwCleaner v4.101 - Report created 21/11/2014 at 10:56:39
# Updated 09/11/2014 by Xplode
# Database : 2014-11-16.1 [Live]
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - PAULSGATEWAY
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : Partner Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Owner\AppData\LocalLow\FreePriceAlerts
Folder Deleted : C:\Users\Owner\AppData\Roaming\FreePriceAlerts
Folder Deleted : C:\Users\Owner\AppData\Roaming\NCH Software

***** [ Scheduled Tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Deleted : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{D40C654D-7C51-4EB3-95B2-1E23905C2A2D}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420

-\\ Mozilla Firefox v5.0 (en-US)

-\\ Google Chrome v39.0.2171.65

[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}


AdwCleaner[R0].txt - [3285 octets] - [19/11/2014 16:20:17]
AdwCleaner[R1].txt - [2792 octets] - [21/11/2014 10:55:11]
AdwCleaner[S0].txt - [2586 octets] - [21/11/2014 10:56:39]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2646 octets] ##########

  • 0



    Trusted Helper

  • Malware Removal
  • 2,216 posts
We will use a different tool to clear the Temporary files. After that, let's see if Malwarebytes Anti-Malware finds any new information for us.
First, Temporary File Cleaning >>>>

Clear Cache/Temp Files
Download TFC by OldTimer to your desktop
  • Please double-click TFC.exe to run it. (Note: If you are running on Vista or later, right-click on the file and choose Run As Administrator).
  • It will close all programs when run, so make sure you have saved all your work before you begin.
  • Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  • Once it's finished it should reboot your machine. If it does not, please manually reboot the machine yourself to ensure a complete clean.
Second, a Malware scan by MBAM >>>>
Malwarebytes' Anti-Malware
Please Launch Malwarebytes' Anti-Malware from your desktop icon or the start menu item. Notice that I want this to scan your system but I will be reviewing the log to manually remove anything it finds.

When the main screen opens, if the database is out of date, you can click on the Fix Now banner or the Update Now link


Once the program has loaded and updated, select "Scan Now >>" to start the scan.

The scan may take some time to finish, so please be patient.

If any malware is found, you will be presented with a screen like the one below.

Please click on the Export Log button and select the As text file from the dropdown list. I would suggest you save the file on your desktop (as we need the report attached here for review and it is easy to find on the desktop).

After you have saved the report file, return to the Potential Threats Detected page and click on Cancel. You can close MBAM after that.

Please Copy and Paste the report file to a post here; I will review the file and script what needs to be removed.
  • 0




  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Hi dbreeze,


I downloaded TFC and ran it. It also appeared to hang at the following screen:



Pressing EXIT didn't work, so I again killed the app and proceeded to the next step.


(Note: I'm also noticing webpages in IE11 will randomly not respond, and will ask to reload page before contents load entirely.)

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Ran Malwarebyte's Anti-Malware and the scan found nothing. Here's the report:


Malwarebytes Anti-Malware

Scan Date: 11/22/2014
Scan Time: 5:19:21 PM
Logfile: antimalwarelog.txt
Administrator: Yes

Malware Database: v2014.11.22.15
Rootkit Database: v2014.11.22.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 343634
Time Elapsed: 10 min, 7 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


  • 0



    Trusted Helper

  • Malware Removal
  • 2,216 posts
Moving to plan C on the Temp files. After that, let's see what ESET Onliner Scanner shows about all the files on your system.

Windows7 Disk CleanUp >>>>

Flush Temp Files:
  • Click Start(Windows 7 Orb) >> Run..(or the Windows key and R together) to bring up the Run box.
  • Cut and paste in cleanmgr into the Run box and press OK >> OK
  • Ensure the boxes for Temporary Files, Temporary Internet Files and Recycle Bin are checked.
  • You can choose to check other boxes if you wish but they are not required.
  • Click on OK then Delete Files.
  • Now Reboot(restart) your computer.
Scan the Whole System

ESET Online Scanner:

Note: You will need to disable your current installed Anti-Virus for the duration of the online scan, how to do so can be read here. Also, please note that this scan can take a while to run.
  • Please go here to run the scan and click on Run ESET Online Scanner
  • abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps
  • The next screen will be the ESET Online Scanner installer
  • Getinstallerpopup_zps569f8772.png
  • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer and select Save File
  • downloadsave_zpsb758563f.png
  • Save the file to your desktop; you should see a file like this when the download is finished
  • desktopfile_zps98a1ee89.png Double click on this to start the installation of the ESET Online Scanner
  • In the new window that appears select the option YES, I accept the Terms of Use then click on Start
  • TOU_zps4ecd3406.png
  • Now in the Computer scan settings window that appears:-
  • Make sure that the option Enable detection of potentially unwanted applications is selected.
  • Now click on Advanced Settings and configure the options as follows:
    • Remove found threats is Not checked
    • Scan archives is checked
    • Scan for potentially unsafe applications is checked
    • Enable Anti-Stealth Technology is checked
  • Now click on: Start
  • Loadsettings_2014-08-23_zps3f2d0c88.png
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • Downloadingsignatures_zps36c38587.png
  • When completed the Online Scan will begin automatically.
  • Scanningdisplay_zpsec3aac14.png
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed, if any malware was detected, the summary screen will show a warning.
  • Threatsfound_zpsfe95fb4e.png
  • On the Scan results detail window, select to Export to text file, name the file ESET scan results.txt and save it to your desktop.
  • Exporttotextfile_zps16cb487f.png
  • Click <<Back once the file is saved, select 'Uninstall application on close' and click on Finish.
  • UninstallcheckedandFinish_zps6fb26ad8.pn
  • Use Notepad to open the logfile you save on your desktop.
  • Copy and paste that log as a reply to this topic.
Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Information to Reply with >>>>
  • How did the Disk CleanUp go?
  • The ESET Online Scanner result log.

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 38 posts
  • Success flushing the temp files
  • Rebooted successfully
  • suspended all of Norton Internet Security for duration of until reboot
  • went to eset.com to run the scan. When clicking on "Run ESET Online Scanner", I'm immediately taken to the EULA which I accept.
    I then get an error message: "An add-on for this website failed to load" and I can go no further

  • 0





  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Aha! I was using IE11. It appears to be more successful using Google Chrome. Please standby for results.

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Successfully completed ESET scan.

Here's the log:


C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debut.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Debut\debutsetup_v1.82.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\doxillion.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\doxillionsetup_v2.02.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Doxillion\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressZip\expresszip.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressZip\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\ExpressZip\zipsetup_v1.09.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prism.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\prismsetup_v1.82.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\Prism\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\uninst.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\videopad.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\NCH Software\VideoPad\vpsetup[1]_v2.41.exe.vir a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\Owner\AppData\Roaming\NCH Software\Components\NCHToolbars\conduit\ConduitInstaller.exe.vir Win32/Toolbar.Conduit.S potentially unwanted application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\ApnStub.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\debutsetup.exe.xBAD a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\doxillionsetup.exe.xBAD a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\IminentSetup{2.kKzKJAbP.1}.exe.xBAD a variant of Win32/Toolbar.Iminent.E potentially unwanted application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\prismsetup.exe.xBAD a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\setup.exe.xBAD a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application
C:\FRST\Quarantine\C\Users\Owner\AppData\Local\Temp\zipsetup.exe.xBAD a variant of Win32/Toolbar.Conduit.H potentially unwanted application


  • 0



    Trusted Helper

  • Malware Removal
  • 2,216 posts

Thank you for posting the logs.  I will review them and return with clean up steps.


I noticed earlier you mentioned that IE11 was "acting up" on you (asking for a reload of pages before a page was totally loaded).  Is it still doing this?  Does IE11 tell you why it wants the reloading (i.e. Shockwave or Flash extensions have crashed and the page needs reloading because of that???) ?

  • 0




  • Topic Starter
  • Member
  • PipPip
  • 38 posts

Yes, earlier I had noticed that IE11 would often hang with the message in the address bar after the URL: [Not Responding]. There is no other message saying what is causing it.

However, it hasn't been doing that in the last couple days

  • 0



    Trusted Helper

  • Malware Removal
  • 2,216 posts
Since the IE11 issue seems to be going well, I think we should remove our tools and let you go your way.

Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:

Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.
  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
You can delete any log files left on your desktop as these are no longer needed.

Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.
  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.
Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

I see that you do not have Java on your system, so I will leave this section on unpluging Java from your browsers just in case you need Java for something else later.

To disable / unplug Java in your browsers:Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that we recommend is Sumatra PDF.

To update Adobe Reader:
  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.04 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.
Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Update Checker from FileHippo.com (you can get the software from here and read more about it on the same page).

You are now done! :yeah:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Emsisoft Online Armor - installs as trialware which converts to freeware in 30 days
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

I noticed that in your case you have Norton Internet Security which has Anti-Virus and Firewall combined in one product. That is fine but your version of NIS is at least a couple of years old. While there may be personal issues as to why you stayed with this version, I would urge you to consider updating to the latest version available for you system to take advantage of the newest protection and detection capabilities. You can check for the latest version at the Norton Update Center; directions are available there also.

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider keeping MalwareBytes Antimalware in your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

Also, please visit this guide How to Harden Your Browser Against Malware and Privacy Concerns to find some great advice on hardening your browsers for better protection. With Poweliks being spread by drive-by downloads, this should be a must for everyone. It may not stop all malware but it will certainly help.

You may also find some information and tips at this thread:
How did I get infected in the first place?
COMPUTER SECURITY - a short quide to staying safer online

I'll leave this topic open for a few days so that if you have any questions you can come back here. Surf safe, my friend!!
  • 0

Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP