Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

they just won't stop [RESOLVED]

Started by Feenin , Aug 14 2005 12:35 PM

  • This topic is locked This topic is locked

#1
Feenin
Posted 14 August 2005 - 12:35 PM

Feenin

    New Member

  • Member
  • Pip
  • 6 posts
was wondering if anyone could help me stop some pop-ups...

Logfile of HijackThis v1.99.1
Scan saved at 12:54:49 PM, on 8/13/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCEVTMGR.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON CLEANSWEEP\CSINJECT.EXE
C:\PROGRAM FILES\NORTON SYSTEMWORKS\NORTON UTILITIES\NPROTECT.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\SYMTRAY.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCAPP.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\TIGER WOODS\TIGER WOODS PGA TOUR 2004\BIN\TW2004.EXE
C:\WINDOWS\TEMP\~E5D141.TMP
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\WINZIP\WINZIP32.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R3 - Default URLSearchHook is missing
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O4 - HKLM\..\RunServices: [ccEvtMgr] "C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe"
O4 - HKLM\..\RunServices: [ScriptBlocking] "C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe" -reg
O4 - HKLM\..\RunServices: [CSINJECT.EXE] C:\Program Files\Norton SystemWorks\Norton CleanSweep\CSINJECT.EXE
O4 - HKLM\..\RunServices: [NPROTECT] C:\Program Files\Norton SystemWorks\Norton Utilities\nprotect.exe
O4 - HKLM\..\RunServices: [SymTray - Norton SystemWorks] C:\Program Files\Common Files\Symantec Shared\SymTray.exe "Norton SystemWorks"
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\WINDOWS\SYSTEM\SHDOCVW.DLL
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://zone.msn.com/...aploader_v6.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://remote.cente...ca32/wficat.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} - http://a19.g.akamai....02/cpbrkpie.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab
  • 0

Advertisements

#2
Buckeye_Sam
Posted 17 August 2005 - 06:22 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
Feenin
Posted 17 August 2005 - 07:39 PM

Feenin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi Sam and thank you for your help. Here is an updated log from 08/17/2005:

Logfile of HijackThis v1.99.1
Scan saved at 8:35:15 PM, on 8/17/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL (file missing)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://remote.cente...ca32/wficat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab


Please let me know if I can be of any more assistance and thanks again for your help.
  • 0

#4
Buckeye_Sam
Posted 18 August 2005 - 03:20 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That log looks clean to me. What problems are you having?
  • 0

#5
Feenin
Posted 18 August 2005 - 05:37 PM

Feenin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
an unreal amount of pop-ups...

They are active only when the internet connection is present (cable connection) even without IE being open at all. random but I would estimate on the average 2 per minute with random periods of none (that lasts about 5 to 6 minutes max of no pop-ups). The ads are from coolwebsearch.com, coolwwwsearch.com, hi.studioaperto.net, webbrowser.tv, hityou.com, 777search.com, spidersearch.com, google123web1000.com, freescratchandwin.com, acip.com, edhq.com, aabc.com, pacimedia.com and about 100 others that I currently have blocked =)

I'be ran every trojan finder, anti-virus, spyware killer (trusted ones) that I can get my hands on and nothing as of yet has helped.

Any suggestions beyond a format?

Edited by Feenin, 18 August 2005 - 05:39 PM.

  • 0

#6
Buckeye_Sam
Posted 18 August 2005 - 06:14 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Ok, let's dig a little deeper.
  • Download DLLCompare.
  • Double-click on DllCompare.exe to run the program.
  • Click "Run Locate.com" and it will scan your system for files.
  • Once the scan has finished click "Compare" to compare your files to valid Windows files.
  • Once it has finished comparing click "Make a Log of what was found".
  • Click "Yes" at the View Log file? prompt to view the log.
  • Copy and paste the entire log into this topic.
  • If you accidentally close out of the log it is also saved as log.txt to where you saved DllCompare.exe.
  • Click "Exit" to exit DLLCompare.

  • 0

#7
Feenin
Posted 19 August 2005 - 06:03 AM

Feenin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
* DLLCompare Log version(1.0.0.127)
Files Found that Windows does not See or cannot Access
*Not everything listed here means you are infected!
________________________________________________

C:\WINDOWS\SYSTEM\spell.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\qrap.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\medmo.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\rccrt4.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\mrapsspc.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\wxsui.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\dtmstor.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\ccrds.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\cufg95.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\aciv16xx.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\dtmasf.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\nbtos.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\ozdis400.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mliole.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mvimusic.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\dogest.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\fcpwpp.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\mfi.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\bbowsewm.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\sjrobj.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\dxraw.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\wsadmod.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\wepui.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\wkspdmod.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\iymp.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\scell.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\mxcn30.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\djvx_x~1.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\aiv10w9x.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\mvang.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\wo2_32.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\ig41_qc.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\mfyuv.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\qv-mt331.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\im41_qcx.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\do7vb.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\ddnet.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\mdcms.dll Fri Jun 17 2005 3:52:30p ..S.R 226,592 221.28 K
C:\WINDOWS\SYSTEM\cim.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\oqe2.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\siw32.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\mqang.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\mwdmo.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\qqap.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\ofbcjt32.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\opfox32.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\auiv16xx.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\mfvfw32.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\sgsthunk.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\aii2cqag.dll Thu Jul 14 2005 3:21:56p ..S.R 227,616 222.28 K
C:\WINDOWS\SYSTEM\rpaui.dll Thu Jul 14 2005 3:21:56p ..S.R 227,616 222.28 K
C:\WINDOWS\SYSTEM\jzvacypt.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\mosip32.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\sgndmail.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\fpeeim~1.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\demclien.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\it1xgdev.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\ijetcplc.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\qnv.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\8146d5~1.dll Sun Jul 3 2005 11:45:40a ..SHR 80 0.08 K
C:\WINDOWS\SYSTEM\ueicows.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\arv02w9x.dll Mon Jul 11 2005 10:55:24a ..S.R 227,616 222.28 K
C:\WINDOWS\SYSTEM\ukicows.dll Fri Jun 24 2005 5:43:24p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\wr2thk.dll Mon Jul 11 2005 10:55:24a ..S.R 227,616 222.28 K
C:\WINDOWS\SYSTEM\wpidx.dll Mon Jul 11 2005 2:36:46p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\pzikey.dll Mon Jul 11 2005 2:36:46p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\sbiw9x.dll Mon Jul 11 2005 2:36:46p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\rcfrate.dll Mon Jul 11 2005 2:36:46p ..S.R 227,104 221.78 K
C:\WINDOWS\SYSTEM\issapi32.dll Thu Jul 14 2005 3:21:56p ..S.R 227,616 222.28 K
C:\WINDOWS\SYSTEM\mijter40.dll Thu Jul 14 2005 3:21:56p ..S.R 227,616 222.28 K
C:\WINDOWS\SYSTEM\crl3dv2.dll Thu Jul 14 2005 3:21:56p ..S.R 227,616 222.28 K
C:\WINDOWS\SYSTEM\mwacm32.dll Thu Jul 14 2005 3:21:56p ..S.R 227,616 222.28 K
C:\WINDOWS\SYSTEM\dcusic32.dll Thu Jul 14 2005 3:21:56p ..S.R 227,616 222.28 K
C:\WINDOWS\SYSTEM\tnavel.dll Thu Jul 14 2005 3:21:56p ..S.R 227,616 222.28 K
C:\WINDOWS\SYSTEM\ahrace.dll Thu Jul 14 2005 3:21:56p ..S.R 227,616 222.28 K
C:\WINDOWS\SYSTEM\mirle32.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mdrclr40.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\cbmpobj.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\joaw400.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\vu4en16.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\wbidx.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\igsrmt.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mcpmsp.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mocms.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\wepdinfo.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\rwoc3260.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mbcshext.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\wuw32.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mxls2.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mdang.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mtmbg.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mjdmo.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\cvutil.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\pktorerc.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\de8vb.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\gfhand.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\dxip32.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mhjdbc10.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\dcugui10.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\mrimusic.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\wnspdmod.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\8m46d5~1.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\ekcapi.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\rqrc16.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\meawt.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\ucer32.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\wj2_32.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\roched20.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
C:\WINDOWS\SYSTEM\dygest.dll Thu Jul 21 2005 7:11:18p ..S.R 226,080 220.78 K
________________________________________________

962 items found: 962 files (109 H/S), 0 directories.
Total of file sizes: 210,805,244 bytes 201.04 M

--------------------End log---------------------
  • 0

#8
Buckeye_Sam
Posted 19 August 2005 - 03:39 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
There's a few clues to your problem. :tazz:


Please download L2m9xfix here:
http://swandog46.gee...om/l2m9xfix.exe

Save it to the desktop and run it. Extract the files, and then open the l2m9xfix folder you just created and run RunThis.bat.

A window will open, and your desktop will disappear, then reappear. Please be patient until the batch says it is completed.

Then please restart your computer, and post a new HijackThis log as well as the entire text of the log.txt file which should be in the same folder as RunThis.bat.
  • 0

#9
Feenin
Posted 19 August 2005 - 04:29 PM

Feenin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Log of L2M9XFix v1

************

Running from directory:
C:\WINDOWS\Desktop\l2m9xfix

************

Files found:

C:\WINDOWS\system\8M46D59DA6.dll
C:\WINDOWS\system\ACIV16XX.DLL
C:\WINDOWS\system\ACIV16XX.DLL
C:\WINDOWS\system\AHRACE.DLL
C:\WINDOWS\system\AHRACE.DLL
C:\WINDOWS\system\AII2CQAG.DLL
C:\WINDOWS\system\AII2CQAG.DLL
C:\WINDOWS\system\AIV10W9X.DLL
C:\WINDOWS\system\AIV10W9X.DLL
C:\WINDOWS\system\ANVPACK.DLL
C:\WINDOWS\system\ANVPACK.DLL
C:\WINDOWS\system\ARV02W9X.DLL
C:\WINDOWS\system\ARV02W9X.DLL
C:\WINDOWS\system\AUIV16XX.DLL
C:\WINDOWS\system\AUIV16XX.DLL
C:\WINDOWS\system\BBOWSEWM.DLL
C:\WINDOWS\system\BBOWSEWM.DLL
C:\WINDOWS\system\CBMPOBJ.DLL
C:\WINDOWS\system\CCRDS.DLL
C:\WINDOWS\system\CIM.DLL
C:\WINDOWS\system\CIM.DLL
C:\WINDOWS\system\CRL3DV2.DLL
C:\WINDOWS\system\CRL3DV2.DLL
C:\WINDOWS\system\CUFG95.DLL
C:\WINDOWS\system\CVUTIL.DLL
C:\WINDOWS\system\dcuGUI10.dll
C:\WINDOWS\system\DCUSIC32.DLL
C:\WINDOWS\system\DCUSIC32.DLL
C:\WINDOWS\system\DDNET.DLL
C:\WINDOWS\system\DDNET.DLL
C:\WINDOWS\system\de8vb.dll
C:\WINDOWS\system\DEMCLIEN.DLL
C:\WINDOWS\system\DEMCLIEN.DLL
C:\WINDOWS\system\djvx_xx07.dll
C:\WINDOWS\system\djvx_xx07.dll
C:\WINDOWS\system\DO7VB.DLL
C:\WINDOWS\system\DO7VB.DLL
C:\WINDOWS\system\DOGEST.DLL
C:\WINDOWS\system\DOGEST.DLL
C:\WINDOWS\system\dtmasf.dll
C:\WINDOWS\system\DTMSTOR.DLL
C:\WINDOWS\system\DXIP32.DLL
C:\WINDOWS\system\DXRAW.DLL
C:\WINDOWS\system\DXRAW.DLL
C:\WINDOWS\system\DYGEST.DLL
C:\WINDOWS\system\ekcapi.dll
C:\WINDOWS\system\FCPWPP.DLL
C:\WINDOWS\system\FCPWPP.DLL
C:\WINDOWS\system\FpeeImage.dll
C:\WINDOWS\system\FpeeImage.dll
C:\WINDOWS\system\GFHAND.DLL
C:\WINDOWS\system\IG41_QC.dll
C:\WINDOWS\system\IG41_QC.dll
C:\WINDOWS\system\IGSRMT.DLL
C:\WINDOWS\system\IJETCPLC.DLL
C:\WINDOWS\system\IJETCPLC.DLL
C:\WINDOWS\system\IM41_QCX.dll
C:\WINDOWS\system\IM41_QCX.dll
C:\WINDOWS\system\ISSAPI32.DLL
C:\WINDOWS\system\ISSAPI32.DLL
C:\WINDOWS\system\IT1XGDEV.DLL
C:\WINDOWS\system\IT1XGDEV.DLL
C:\WINDOWS\system\IYMP.DLL
C:\WINDOWS\system\IYMP.DLL
C:\WINDOWS\system\JOAW400.DLL
C:\WINDOWS\system\JZVACYPT.DLL
C:\WINDOWS\system\JZVACYPT.DLL
C:\WINDOWS\system\mbcshext.dll
C:\WINDOWS\system\MCPMSP.DLL
C:\WINDOWS\system\MDANG.DLL
C:\WINDOWS\system\MDCMS.DLL
C:\WINDOWS\system\MDCMS.DLL
C:\WINDOWS\system\MDRCLR40.DLL
C:\WINDOWS\system\MEAWT.DLL
C:\WINDOWS\system\MEDMO.DLL
C:\WINDOWS\system\MEDMO.DLL
C:\WINDOWS\system\MFI.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFVFW32.DLL
C:\WINDOWS\system\MFYUV.DLL
C:\WINDOWS\system\MFYUV.DLL
C:\WINDOWS\system\MHJDBC10.DLL
C:\WINDOWS\system\MIJTER40.DLL
C:\WINDOWS\system\MIJTER40.DLL
C:\WINDOWS\system\MIRLE32.DLL
C:\WINDOWS\system\MJDMO.DLL
C:\WINDOWS\system\mk43dmod.dll
C:\WINDOWS\system\mk43dmod.dll
C:\WINDOWS\system\MLIOLE.DLL
C:\WINDOWS\system\MOCMS.DLL
C:\WINDOWS\system\MOSIP32.DLL
C:\WINDOWS\system\MOSIP32.DLL
C:\WINDOWS\system\MQANG.DLL
C:\WINDOWS\system\MQANG.DLL
C:\WINDOWS\system\MRAPSSPC.DLL
C:\WINDOWS\system\MRAPSSPC.DLL
C:\WINDOWS\system\MRIMUSIC.DLL
C:\WINDOWS\system\MTMBG.DLL
C:\WINDOWS\system\MVANG.DLL
C:\WINDOWS\system\MVANG.DLL
C:\WINDOWS\system\MVIMUSIC.DLL
C:\WINDOWS\system\MWACM32.DLL
C:\WINDOWS\system\MWACM32.DLL
C:\WINDOWS\system\MWDMO.DLL
C:\WINDOWS\system\MWDMO.DLL
C:\WINDOWS\system\MXCN30.DLL
C:\WINDOWS\system\MXCN30.DLL
C:\WINDOWS\system\MXCO30.DLL
C:\WINDOWS\system\MXLS2.DLL
C:\WINDOWS\system\MYDMO.DLL
C:\WINDOWS\system\MYDMO.DLL
C:\WINDOWS\system\NBTOS.DLL
C:\WINDOWS\system\NBTOS.DLL
C:\WINDOWS\system\OFBCJT32.DLL
C:\WINDOWS\system\OFBCJT32.DLL
C:\WINDOWS\system\OPFOX32.DLL
C:\WINDOWS\system\OPFOX32.DLL
C:\WINDOWS\system\OQE2.DLL
C:\WINDOWS\system\OQE2.DLL
C:\WINDOWS\system\OZDIS400.DLL
C:\WINDOWS\system\PKTORERC.DLL
C:\WINDOWS\system\PZIKey.dll
C:\WINDOWS\system\PZIKey.dll
C:\WINDOWS\system\QNV.DLL
C:\WINDOWS\system\QNV.DLL
C:\WINDOWS\system\QQAP.DLL
C:\WINDOWS\system\QQAP.DLL
C:\WINDOWS\system\QRAP.DLL
C:\WINDOWS\system\QRAP.DLL
C:\WINDOWS\system\qv-mt331.dll
C:\WINDOWS\system\qv-mt331.dll
C:\WINDOWS\system\RCCRT4.DLL
C:\WINDOWS\system\RCCRT4.DLL
C:\WINDOWS\system\RCFRATE.DLL
C:\WINDOWS\system\RCFRATE.DLL
C:\WINDOWS\system\ROCHED20.DLL
C:\WINDOWS\system\RPAUI.DLL
C:\WINDOWS\system\RPAUI.DLL
C:\WINDOWS\system\RQRC16.DLL
C:\WINDOWS\system\rwoc3260.dll
C:\WINDOWS\system\SBIW9X.DLL
C:\WINDOWS\system\SBIW9X.DLL
C:\WINDOWS\system\SCELL.DLL
C:\WINDOWS\system\SCELL.DLL
C:\WINDOWS\system\SGNDMAIL.DLL
C:\WINDOWS\system\SGNDMAIL.DLL
C:\WINDOWS\system\SGSTHUNK.DLL
C:\WINDOWS\system\SGSTHUNK.DLL
C:\WINDOWS\system\SIW32.DLL
C:\WINDOWS\system\SIW32.DLL
C:\WINDOWS\system\SJROBJ.DLL
C:\WINDOWS\system\SJROBJ.DLL
C:\WINDOWS\system\SOMSCRPT.DLL
C:\WINDOWS\system\SOMSCRPT.DLL
C:\WINDOWS\system\SPELL.DLL
C:\WINDOWS\system\SPELL.DLL
C:\WINDOWS\system\Tnavel.dll
C:\WINDOWS\system\Tnavel.dll
C:\WINDOWS\system\UCER32.DLL
C:\WINDOWS\system\ueicows.dll
C:\WINDOWS\system\ueicows.dll
C:\WINDOWS\system\ukicows.dll
C:\WINDOWS\system\ukicows.dll
C:\WINDOWS\system\VU4EN16.DLL
C:\WINDOWS\system\wbidx.dll
C:\WINDOWS\system\WEPDINFO.DLL
C:\WINDOWS\system\wepui.dll
C:\WINDOWS\system\wepui.dll
C:\WINDOWS\system\WJ2_32.DLL
C:\WINDOWS\system\wkspdmod.dll
C:\WINDOWS\system\wkspdmod.dll
C:\WINDOWS\system\wnspdmod.dll
C:\WINDOWS\system\WO2_32.DLL
C:\WINDOWS\system\WO2_32.DLL
C:\WINDOWS\system\wpidx.dll
C:\WINDOWS\system\wpidx.dll
C:\WINDOWS\system\WR2THK.DLL
C:\WINDOWS\system\WR2THK.DLL
C:\WINDOWS\system\WSADMOD.DLL
C:\WINDOWS\system\WSADMOD.DLL
C:\WINDOWS\system\WUW32.DLL
C:\WINDOWS\system\WXSUI.DLL

************

Registry entries found:

[HKEY_CLASSES_ROOT\CLSID\{C8E0FEEB-08B0-4FDB-BB51-19ACDDACB507}\InprocServer32]
@="C:\\WINDOWS\\SYSTEM\\MIRLE32.DLL"

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform]
"{C236E1C8-5DBB-82ED-B71B-3B29E926D7D4}"=""


************

Killing Explorer
Done!

Killing Rundll32
Done!

Removing malicious CLSID(s)
Done!

Restarting Explorer
Done!

Deleting malicious files
Done!


Finished!
______________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 5:24:26 PM, on 8/19/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\ATI2EVXX.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\RPCSS.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE
C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Openwares LiveUpdate] C:\Program Files\LiveUpdate\LiveUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\SYSTEM\QTTASK.EXE" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP
O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [ATIPOLL] ati2evxx.exe
O4 - HKLM\..\RunServices: [ATISmart] C:\WINDOWS\SYSTEM\ati2s9ag.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL (file missing)
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab27513.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop...p/PCPitStop.CAB
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://remote.cente...ca32/wficat.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A922B6AB-3B87-11D3-B3C2-0008C7DA6CB9} (InetDownload Class) - https://media.pineco...loadcontrol.cab




Thank you again, you help is very appreciated.
  • 0

#10
Feenin
Posted 19 August 2005 - 05:14 PM

Feenin

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I believe you have done it!!!!!!!!!!!

/bow
  • 0

#11
Buckeye_Sam
Posted 19 August 2005 - 07:39 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let me know if you are still having problems, but your log looks clean to me. :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:tazz: :)
  • 0

#12
Buckeye_Sam
Posted 04 September 2005 - 08:16 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP