Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

rdriv.sys


  • This topic is locked This topic is locked

#16
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
I had a feeling that Service sucked Wind!

Did you run UnHackMe?

Download Pocket KillBox from here:
http://www.bleepingc...les/killbox.php
There is a Direct Download and a description of what the Program does inside this link.

Download and Unzip rdrivRem.zip


Lets kill that Service!

Click Start-> Click Run-> Type in Services.msc and Click OK!

Scroll that list and locate this entry

Ati Management

Right Click that entry and Select "Properties"-> Click "Stop"-> Go up and Change the "Startup Type" to "Disabled"

Exit the Services Page!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.syma...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders,this must be done after restarting in Safe Mode!!
Here is a link to help with that:
http://www.bleepingc...showtutorial=62

Open Pocket KillBox and Copy&Paste each entry below into the "Full Path of File to Delete"

C:\WINDOWS\encrypt.exe
C:\WINDOWS\system32\edojweyd.exe
C:\WINDOWS\system32\eraseme_01251.exe
C:\WINDOWS\system32\eraseme_76702.exe
C:\WINDOWS\system32\rdriv.sys
C:\WINDOWS\system32\TFTP3004
C:\WINDOWS\system32\TFTP3180
C:\WINDOWS\system32\TFTP3688
C:\WINDOWS\system32\TFTP4912


As you paste each into Killbox,place a tick by these selections

"Standard File Kill"
"End Explorer Shell while Killing File"


Click the Red Circle with the White X in the Middle to Delete!

Open HijackThis and place a tick by this entry

O23 - Service: Ati Management (Winconfig32) - Unknown owner - C:\WINDOWS\encrypt.exe

Make sure All Windows and Browsers are Closed and Click "Fix Checked"

Click Start-> Click Run-> Type in sc delete Winconfig32 and Click OK!

Now hopefully we dont have to worry about that Service producing another file!

From the rdrivRem folder-> double-click rdrivRem.bat to run the program-> follow the instructions on the screen. After it's complete, rdriv.txt will be created in the rdrivRem folder.

Make sure that MSconfig is configured to show us everything

Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!

Restart Normal!

If you have the original Report from Panda and UnHackme,please post those next!

After that-> Post a fresh HijackThis log and the text file from rdrivRem!
  • 0

Advertisements


#17
sigfrid

sigfrid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
allright pal, i'll do it, i did run unhack me, it just told me that there was nothing, and (u probably know and r prettysure that is not and might think that my worries r bad founded but i think that service (ati managment) might have something to do with the driver of my graphic card), and as i told u, i was not able to do the online scan (my bleepy internet)
  • 0

#18
sigfrid

sigfrid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
Logfile of HijackThis v1.99.1
Scan saved at 0:37:42, on 27/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
C:\WINDOWS\system32\crypserv.exe
C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\SYSTEM32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Archivos de programa\Winamp\winampa.exe
C:\Archivos de programa\Ahead\InCD\InCD.exe
C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
C:\Archivos de programa\D-Tools\daemon.exe
C:\Archivos de programa\Java\jre1.5.0\bin\jusched.exe
C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe
C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe
C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe
C:\Archivos de programa\Hijackthis\HijackThis.exe
c:\archiv~1\archiv~1\instal~1\update~1\isuspm.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.prodigy.net.mx/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Vínculos
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [WinampAgent] C:\Archivos de programa\Winamp\winampa.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\ARCHIV~1\ARCHIV~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [InCD] C:\Archivos de programa\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Archivos de programa\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [avast!] C:\ARCHIV~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Archivos de programa\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Archivos de programa\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [Nortons AV SYSTEM] scvchost.exe
O4 - HKLM\..\Run: [MS Internet Executor 32] MSIXEC32.exe
O4 - HKLM\..\Run: [MicroSoft Window Updater] winsupdater.exe
O4 - HKLM\..\Run: [Microsoft Update] wuamkop.exe
O4 - HKLM\..\Run: [Microsoft Media player 9] msmedia32.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Archivos de programa\Archivos comunes\InstallShield\UpdateService\issch.exe" -start
O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\ARCHIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Consola de Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Archivos de programa\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Referencia - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARCHIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {05317530-B882-449D-9421-18D94FA3ED34} (OSInfo Control) - http://www.sis.com/s...ocis/OSInfo.cab
O16 - DPF: {16095503-786F-4097-AED6-5D567A26D760} (SiS_OCX Control) - http://www.sis.com/s...utodetectNT.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1100834684415
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Archivos de programa\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\System32\DRIVERS\CDANTSRV.EXE
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Archivos de programa\Ahead\InCD\InCDsrv.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

and from the rdrivrem

~~~~~~~~~~~~~ Pre-run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!


~~~~~~~~~~~~~ Post run File Check ~~~~~~~~~~~~~

rdriv.sys NOT PRESENT!
ItunesMusic.exe NOT PRESENT!
wkssvc.exe NOT PRESENT!
i'm kind of worried about the new hijack this log, let me know if there is something awfully wrong there
  • 0

#19
Wizard

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
That service we removed was just 1 of what I think is a few backdoor trojans you have on this PC!

Since the Online Scans arent working,lets try another direction!

Create a folder on your desktop called Sysclean.
Go to http://www.trendmicr...ownload/dcs.asp and download sysclean package to the folder you made.

Go to http://www.trendmicr...oad/pattern.asp and download the Official Pattern Release for windows to your desktop.

This file will be called lptXXX.zip (XXX represents the version number)
Unzip lptXXX.zip and you'll get the file lpt$vpn.XXX.
Move the lpt$vpn.XXX to that Sysclean-folder you created on your desktop.

Turn off your antivirus which is installed on your system because it can interfere with the Sysclean-scan.

Open the sysclean-folder and doubleclick sysclean.com.
Check: Automatically clean or delete detected files.
Click scan.
When the scan is finished, select: 'view log'.
Copy and paste this log in your next reply.
  • 0

#20
sigfrid

sigfrid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
well, there is the result, i think something went wrong, should i do it again in safe mode?

/--------------------------------------------------------------\
| Trend Micro Sysclean Package |
| Copyright 2002, Trend Micro, Inc. |
| http://www.trendmicro.com |
\--------------------------------------------------------------/


2005-07-28, 22:52:35, Auto-clean mode specified.
2005-07-28, 22:52:35, Running scanner "C:\Documents and Settings\Omar\Escritorio\sysclean\TSC.BIN"...
2005-07-28, 22:53:10, Scanner "C:\Documents and Settings\Omar\Escritorio\sysclean\TSC.BIN" has finished running.
2005-07-28, 22:53:10, TSC Log:

2005-07-28, 23:00:57, An error was detected on "C:\Archivos de programa\Conquer 1.0\c3\texture\??\*.*": El nombre de archivo, directorio o etiqueta del volumen no es válido.
2005-07-28, 23:12:09, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat": Acceso denegado.
2005-07-28, 23:12:09, An error occurred while scanning file "C:\Documents and Settings\LocalService\ntuser.dat.LOG": Acceso denegado.
2005-07-28, 23:12:09, An error occurred while scanning file "C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat": Acceso denegado.
2005-07-28, 23:12:09, An error occurred while scanning file "C:\Documents and Settings\LocalService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG": Acceso denegado.
2005-07-28, 23:12:14, An error occurred while scanning file "C:\Documents and Settings\NetworkService\NTUSER.DAT": Acceso denegado.
2005-07-28, 23:12:14, An error occurred while scanning file "C:\Documents and Settings\NetworkService\ntuser.dat.LOG": Acceso denegado.
2005-07-28, 23:12:14, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat": Acceso denegado.
2005-07-28, 23:12:14, An error occurred while scanning file "C:\Documents and Settings\NetworkService\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG": Acceso denegado.
2005-07-28, 23:12:15, An error occurred while scanning file "C:\Documents and Settings\Omar\ntuser.dat": Acceso denegado.
2005-07-28, 23:12:15, An error occurred while scanning file "C:\Documents and Settings\Omar\ntuser.dat.LOG": Acceso denegado.
2005-07-28, 23:12:41, An error occurred while scanning file "C:\Documents and Settings\Omar\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat": Acceso denegado.
2005-07-28, 23:12:41, An error occurred while scanning file "C:\Documents and Settings\Omar\Configuración local\Datos de programa\Microsoft\Windows\UsrClass.dat.LOG": Acceso denegado.
2005-07-28, 23:20:20, An error was detected on "C:\System Volume Information\*.*": Acceso denegado.
2005-07-28, 23:22:31, Could not set file for reading on "C:\WINDOWS\Prefetch\3DSMAX.EXE-1914F410.pf": Acceso denegado.
2005-07-28, 23:22:31, Could not set file for reading on "C:\WINDOWS\Prefetch\ACDSEE32.EXE-207AF39C.pf": Acceso denegado.
2005-07-28, 23:22:31, Could not set file for reading on "C:\WINDOWS\Prefetch\ACRORD32.EXE-13DAA237.pf": Acceso denegado.
2005-07-28, 23:22:31, Could not set file for reading on "C:\WINDOWS\Prefetch\AD-AWARE.EXE-1695424D.pf": Acceso denegado.
2005-07-28, 23:22:31, Could not set file for reading on "C:\WINDOWS\Prefetch\ADLMSWITCH.EXE-383ADC01.pf": Acceso denegado.
2005-07-28, 23:22:31, Could not set file for reading on "C:\WINDOWS\Prefetch\AGENT.EXE-27302393.pf": Acceso denegado.
2005-07-28, 23:22:31, Could not set file for reading on "C:\WINDOWS\Prefetch\APVXDWIN.EXE-35F4073D.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ASHAVAST.EXE-2B407D48.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ASHCHEST.EXE-1FFB7FB6.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ASHDISP.EXE-1EB7D9A0.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ASHMAISV.EXE-0A642FFA.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ASHSIMPL.EXE-1AF0B014.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ASHWEBSV.EXE-17FDB122.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ATI2EVXX.EXE-19D16EB9.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ATIPRBXX.EXE-10DB8E2A.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ATIPTAXX.EXE-30CD4121.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\AUTOPATCH.EXE-39DBC4DC.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\AVAST.SETUP-1AEFB242.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\AVASTSS.SCR-26125057.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\BACKBURNERCFG.EXE-2EF631FD.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\BLENDER.EXE-27F547B8.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\BSPLAYER.EXE-101B5FC1.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\CDANTSRV.EXE-199606CD.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\CDILLA64.EXE-0F45051A.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\CLAMSCAN.EXE-31590C17.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\CLAMTRAY.EXE-0000317C.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\CLAMWIN-0.86.1-SETUP.EXE-2721F6FF.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\CLAMWIN.EXE-21A3B493.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\CLEANMGR.EXE-1F86EA8E.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\CONQUER.EXE-1C48AD80.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\CTFMON.EXE-0E17969B.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFIANCE.EXE-2E027DF1.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\DEFRAG.EXE-273F131E.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\DFRGNTFS.EXE-269967DF.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\DIVX PLAYER.EXE-2BEE5672.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\DUMPREP.EXE-1B46F901.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\DWWIN.EXE-30875ADC.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ENCRYPT.EXE-351ECB43.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ERASEME_36583.EXE-00EC6910.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\EXIF.EXE-016C1EFC.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\FRESHCLAM.EXE-1AE526B4.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\FROZEN THRONE.EXE-07C60337.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\FTP.EXE-0FFFB5A3.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\HOLA.EXE-0A37D59E.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\IEXPLORE.EXE-07A56490.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\IK TUTORIAL.EXE-2C68809B.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\IKERNEL.EXE-1452DECD.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\IMAPI.EXE-0BF740A4.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\INCD.EXE-2B0DB923.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\INTERFAZ.EXE-2275161D.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\IS-RBJ44.TMP-05EC5B5E.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\ISUSPM.EXE-1D2897F5.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\Layout.ini": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGON.SCR-151EFAEA.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\LOGONUI.EXE-0AF22957.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\MAXFIND.EXE-17C7E8B8.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\MSI15.TMP-03C07716.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\MSI16.TMP-0FA39C95.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\MSI1665.TMP-3B16F72F.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\MSI20.TMP-3B566497.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\MSI21.TMP-3A0FF3B0.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\MSIEXEC.EXE-2F8A8CAE.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\MSMSGS.EXE-1DD922B5.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNMSGR.EXE-0756593E.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\MSNT32.EXE-13436405.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\MSPAINT.EXE-11CBB631.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\NERO.EXE-0F473A81.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROCHECK.EXE-092C6DFA.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\NEROSTARTSMART.EXE-03D278F9.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\NETSH.EXE-085CFFDE.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\NOTEPAD.EXE-336351A9.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\NTOSBOOT-B00DFAAD.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\NTVDM.EXE-1A10A423.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\OSE.EXE-3154E5BC.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\PHOTOSHOP.EXE-0ED4CFB5.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\PLAY.EXE-1E563313.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\QTTASK.EXE-2FCE56F5.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-170702E4.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-19065E1B.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BAE0303.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1BF9B1D0.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1D661987.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-1FE5FA28.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-26DA8C9B.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-30F277D7.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3552085D.pf": Acceso denegado.
2005-07-28, 23:22:32, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-3591E8B1.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-408E1EA9.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-451FC2C0.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-47A42AF0.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-47B02B85.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4903BDFF.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4920AF4E.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\RUNDLL32.EXE-4B26111E.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\SET4.TMP-23622F24.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-0595AD24.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-072C30AF.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-14CCA662.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-35A8149E.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.EXE-393E66AE.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\SETUP.OVR-2236A41B.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\SLRUNDLL.EXE-0A50E51B.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\SSSTARS.SCR-2D6FC20D.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\SVCHOST.EXE-3530F672.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\TASKMGR.EXE-20256C55.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\TFTP.EXE-2FB50BCA.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\UNINS000.EXE-00E29249.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\UPDATE.EXE-14456641.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\VS7JIT.EXE-1CB682D5.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WAR3.EXE-31B5078F.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WCLOSE.EXE-000B7AD4.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WEBPROXY.EXE-0599F06E.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WINAMP.EXE-365E3000.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WINAMPA.EXE-105CD680.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WINDOWSUPDATE.EXE-0246F055.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WINDOWSXP-KB823980-X86-ESN.EX-2EBD2D95.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WINHLP32.EXE-2C18E975.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WINRAR.EXE-25A6EAE3.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WINWORD.EXE-084F3258.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WISPTIS.EXE-0C21B942.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WMIPRVSE.EXE-28F301A9.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-2958D920.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WMPLAYER.EXE-2958D921.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\WUAUCLT.EXE-399A8E72.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\XPSP1HFM.EXE-39E72EAC.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\_INS5176._MP-23834F0A.pf": Acceso denegado.
2005-07-28, 23:22:33, Could not set file for reading on "C:\WINDOWS\Prefetch\_IU14D2N.TMP-1377D49A.pf": Acceso denegado.
2005-07-28, 23:24:27, An error occurred while scanning file "C:\WINDOWS\system32\config\default": Acceso denegado.
2005-07-28, 23:24:27, An error occurred while scanning file "C:\WINDOWS\system32\config\default.LOG": Acceso denegado.
2005-07-28, 23:24:28, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM": Acceso denegado.
2005-07-28, 23:24:28, An error occurred while scanning file "C:\WINDOWS\system32\config\SAM.LOG": Acceso denegado.
2005-07-28, 23:24:28, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY": Acceso denegado.
2005-07-28, 23:24:28, An error occurred while scanning file "C:\WINDOWS\system32\config\SECURITY.LOG": Acceso denegado.
2005-07-28, 23:24:28, An error occurred while scanning file "C:\WINDOWS\system32\config\software": Acceso denegado.
2005-07-28, 23:24:28, An error occurred while scanning file "C:\WINDOWS\system32\config\software.LOG": Acceso denegado.
2005-07-28, 23:24:29, An error occurred while scanning file "C:\WINDOWS\system32\config\system": Acceso denegado.
2005-07-28, 23:24:29, An error occurred while scanning file "C:\WINDOWS\system32\config\system.LOG": Acceso denegado.
2005-07-28, 23:26:19, An error occurred while scanning file "C:\WINDOWS\Temp\Perflib_Perfdata_510.dat": Acceso denegado.
2005-07-28, 23:26:23, Running scanner "C:\Documents and Settings\Omar\Escritorio\sysclean\VSCANTM.BIN"...
2005-07-28, 23:54:14, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 7/28/2005 23:26:25
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 749 (105356 Patterns) (2005/07/27) (274900)
Command Line: C:\Documents and Settings\Omar\Escritorio\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Omar\Escritorio\sysclean

C:\WINDOWS\system32\MSNT32.EXE.VIR [WORM_RBOT.BVF]
53864 files have been read.
53864 files have been checked.
38337 files have been scanned.
103899 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/28/2005 23:54:14
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-28, 23:54:14, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 7/28/2005 23:26:25
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 749 (105356 Patterns) (2005/07/27) (274900)
Command Line: C:\Documents and Settings\Omar\Escritorio\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Omar\Escritorio\sysclean

Success Clean [ WORM_RBOT.BVF]( 1) from C:\WINDOWS\system32\MSNT32.EXE.VIR
53864 files have been read.
53864 files have been checked.
38337 files have been scanned.
103899 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/28/2005 23:54:14 27 minutes 47 seconds (1666.47 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-28, 23:54:14, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 7/28/2005 23:26:25
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 749 (105356 Patterns) (2005/07/27) (274900)
Command Line: C:\Documents and Settings\Omar\Escritorio\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\Omar\Escritorio\sysclean

53864 files have been read.
53864 files have been checked.
38337 files have been scanned.
103899 files have been scanned. (including files in archived)
1 files containing viruses.
Found 1 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/28/2005 23:54:14 27 minutes 47 seconds (1666.47 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-28, 23:54:14, Scanner "C:\Documents and Settings\Omar\Escritorio\sysclean\VSCANTM.BIN" has finished running.
2005-07-29, 00:16:08, Running scanner "C:\Documents and Settings\Omar\Escritorio\sysclean\VSCANTM.BIN"...
2005-07-29, 00:25:45, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 7/29/2005 00:16:08
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 749 (105356 Patterns) (2005/07/27) (274900)
Command Line: C:\Documents and Settings\Omar\Escritorio\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Omar\Escritorio\sysclean

E:\System Volume Information\_restore{AAE18532-3AB8-428C-8666-81D57EA3EF84}\RP3\A0004622.EXE [PS_MPC.336]
10982 files have been read.
10982 files have been checked.
6525 files have been scanned.
20882 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/29/2005 00:25:45
---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-29, 00:25:45, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 7/29/2005 00:16:08
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 749 (105356 Patterns) (2005/07/27) (274900)
Command Line: C:\Documents and Settings\Omar\Escritorio\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Omar\Escritorio\sysclean

Success Clean [ JOKE_BUTTONS.A]( 1) from E:\mis doc.1\hm2eng\zips\mas archivos.rar,(mas archivos\aburrido.exe)
10982 files have been read.
10982 files have been checked.
6525 files have been scanned.
20882 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/29/2005 00:25:45 9 minutes 35 seconds (574.89 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-29, 00:25:45, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 7/29/2005 00:16:08
VSAPI Engine Version : 7.510-1002
VSCANTM Version : 1.1-1001
Virus Pattern Version : 749 (105356 Patterns) (2005/07/27) (274900)
Command Line: C:\Documents and Settings\Omar\Escritorio\sysclean\VSCANTM.BIN /NBPM /S /CLEANALL /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 E:\*.* /P=C:\Documents and Settings\Omar\Escritorio\sysclean

10982 files have been read.
10982 files have been checked.
6525 files have been scanned.
20882 files have been scanned. (including files in archived)
3 files containing viruses.
Found 3 viruses totally.
Maybe 0 viruses totally.
Stop At : 7/29/2005 00:25:45 9 minutes 35 seconds (574.89 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2005-07-29, 00:25:45, Scanner "C:\Documents and Settings\Omar\Escritorio\sysclean\VSCANTM.BIN" has finished running.
  • 0

#21
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,272 posts
Hi sigfrid. Crete has taken ill and I am going to help out on this. Let's use a different scanner and see what it shows us.

Download WinPFind.zip and unzip the contents to the C:\ folder.

Start in Safe Mode Using the F8 method:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until the boot menu appears.
  • Use the arrow keys to select the Safe Mode menu item.
  • Press the Enter key.
Locate the c:\winpfind\winpfind.exe file and double-click it to run it. Now click the Start Scan button to begin the scan.

When the scan is complete reboot normally and post the WinPFind.txt file (located in the WinPFind folder) back here so I can review it.

OT
  • 0

#22
sigfrid

sigfrid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
sorry pal, i haven`t been able to post lately, i`ll do it when i get the results, thx
  • 0

#23
sigfrid

sigfrid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
o yea, by the way, i think i'm really (bleep ;)). cause its getting worse, my msn sudenlly stops responding, and the internet explorer too, adn a lot of weired stuff happend, should i call a priest to exorcise the computer? :tazz:
  • 0

#24
sigfrid

sigfrid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
:tazz: this is urgent, it was nearly 8 hours and that scan was not done yet,(with that pfid), any other suggestions?
  • 0

#25
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,272 posts
Hi sigfrid. I haven't heard of it running more than a hour and that was on a really huge hard drive. Make sure to start in Saafe Mode and that no other programs are running and try it again. It could be that one of the infections is trying to block it.

Cheers.

OT
  • 0

Advertisements


#26
sigfrid

sigfrid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
erm, did it again and again was taking more than 3 hours (1 hour in a huge drive, mine is not hughe), mmmm, what shuold i do?(in fact, after that i tired like 5 times with the same result, and it was the only program running)
  • 0

#27
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,272 posts
Hi sigfrid. Can you post a new hijackthis log. We'll clean out what we can see but I can almost guarantee that we are not seeing everything in the Hijackthis log.

Cheers.

OT
  • 0

#28
sigfrid

sigfrid

    Member

  • Topic Starter
  • Member
  • PipPip
  • 42 posts
well, i might have won few battles :) , but was loosin da war, so i reformated my computer, so any suggestions to avoid this from happening again? :tazz:
  • 0

#29
OldTimer

OldTimer

    Global Moderator

  • Global Moderator
  • 3,272 posts
Hi sigfrid. Well, that will certainly clean things out!

Now that you are clean, to help protect your computer in the future I recommend the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should definitely have a good antivirus to stop infections before they can start and spread. Here are 3 free anti-virus programs that are available for personal use (I use each of these on various machines and they are all good):You should also have a good firewall for blocking unwanted access to and from your computer. These also are free for personal use:It is best to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit Microsoft Windows Update monthly. Microsoft puts out new updates on the 2nd Tuesday of every month so be sure to check regularly.

And to keep your system clean be aware of what emails you open, what websites you visit, and update and run these free malware scanners once a week:To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

I will now close this topic. Have a safe and happy computing day!

OT
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP