Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Problems removing Winfixer/Aurora infection [RESOLVED]


  • This topic is locked This topic is locked

#16
sixpacker

sixpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
OK, I delete all the files/directories listed, except C:\WINDOWS\Downloaded Program Files\DeskAdX.dll, which was not there. I scanned with Trend Micro anti-spyware, and here is the log;

Started Scanning
Internet Cookies
Found 'tradedoubler.com' in 'Internet Explorer Cache'
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'advertising.com' in 'Internet Explorer Cache'
Found 'statcounter.com' in 'Internet Explorer Cache'
Found 'insightexpressai.com' in 'Internet Explorer Cache'
Found 'serving-sys.com' in 'Internet Explorer Cache'
Found 'mediaplex.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'apmebf.com' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'questionmarket.com' in 'Internet Explorer Cache'
Found 'ads.pointroll.com' in 'Internet Explorer Cache'
Found 'casalemedia.com' in 'Internet Explorer Cache'
Found 'zedo.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'hitbox.com' in 'Internet Explorer Cache'
Found 'imrworldwide.com' in 'Internet Explorer Cache'
Found 'linksynergy.com' in 'Internet Explorer Cache'
Found 'servedby.advertising.com' in 'Internet Explorer Cache'
Found 'www.burstbeacon.com' in 'Internet Explorer Cache'
Found '2o7.net' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\LimeWire'
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'SOFTWARE\Classes\AppID\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}'
Found '' in 'SOFTWARE\Classes\AppID\IeBHOs.DLL'
Found '' in 'SOFTWARE\Classes\IeBHOs.Control.1'
Found '' in 'SOFTWARE\Classes\IeBHOs.Control.1\CLSID'
Found '' in 'SOFTWARE\Classes\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}\1.0'
Found '' in 'SOFTWARE\Classes\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}\1.0\0\win32'
Found '' in 'SOFTWARE\Classes\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}\1.0\FLAGS'
Found '' in 'SOFTWARE\Classes\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}\1.0\HELPDIR'
Found '' in 'SOFTWARE\E2G'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\e2g Plugin'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'Software\intexp'
Found '' in 'Software\intexp\Config'
Found '' in 'Software\intexp\MyFileSystem2'
Found 'InstallDay' in 'Software\intexp\Config'
Found 'KeywordMatch' in 'Software\intexp\Config'
Found 'LogUrl' in 'Software\intexp\Config'
Found 'PostCGITime' in 'Software\intexp\Config'
Found 'SystemDate' in 'Software\intexp\Config'
Found 'SystemID' in 'Software\intexp\MyFileSystem2'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found 'IgnoreAll' in 'Software\Kazaa\InstantMessaging'
Found 'DisableListFiles' in 'Software\Kazaa\LocalContent'
Found '' in 'SOFTWARE\DeskAd Service'
Found '' in 'SOFTWARE\Classes\DeskAdX.Installer\CLSID'
Found '' in 'SOFTWARE\Classes\DeskAdX.Installer'
Found '' in 'SOFTWARE\Classes\TypeLib\{3B99F202-145A-4E5A-AC7B-88A36910BF5E}'
Found '' in 'Software\PTech'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinMX'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Internet URL Shortcuts
Found 'Funcade.lnk' in 'C:\Documents and Settings\MIKES\Start Menu\Programs\Funcade\'
Found 'Uninstall.lnk' in 'C:\Documents and Settings\MIKES\Start Menu\Programs\Funcade\'
Files and Directories
Found '' in 'C:\Documents and Settings\MIKES\Favorites\Finances & Business'
Found '' in 'C:\Documents and Settings\MIKES\Favorites\Health & Insurance'
Found '' in 'C:\Documents and Settings\MIKES\Favorites\Homelife & Travel'
Found '' in 'C:\Documents and Settings\MIKES\Start Menu\Programs\Funcade'
Found '' in 'C:\Documents and Settings\MIKES\Start Menu\Programs\WinMX'
Found 'LimeWire20.dll' in 'C:\Program Files\LimeWire'
Found '' in 'C:\Program Files\WinMX'
Found 'errcatch.exe' in 'C:\Program Files\WinMX'
Found 'uninstall.exe' in 'C:\Program Files\WinMX'
Found 'WinMX.exe' in 'C:\Program Files\WinMX'
Found 'wapisvcc.exe' in 'C:\WINDOWS\SYSTEM32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Documents and Settings\MIKES\Favorites\Finances & Business' in shortcut areas.
Checking for 'C:\Documents and Settings\MIKES\Favorites\Finances & Business' in startup areas.
Cleaning 'C:\Documents and Settings\MIKES\Favorites\Finances & Business'
Checking for 'C:\Documents and Settings\MIKES\Favorites\Health & Insurance' in shortcut areas.
Checking for 'C:\Documents and Settings\MIKES\Favorites\Health & Insurance' in startup areas.
Cleaning 'C:\Documents and Settings\MIKES\Favorites\Health & Insurance'
Checking for 'C:\Documents and Settings\MIKES\Favorites\Homelife & Travel' in shortcut areas.
Checking for 'C:\Documents and Settings\MIKES\Favorites\Homelife & Travel' in startup areas.
Cleaning 'C:\Documents and Settings\MIKES\Favorites\Homelife & Travel'
Checking for 'C:\Documents and Settings\MIKES\Start Menu\Programs\Funcade' in shortcut areas.
Checking for 'C:\Documents and Settings\MIKES\Start Menu\Programs\Funcade' in startup areas.
Cleaning 'C:\Documents and Settings\MIKES\Start Menu\Programs\Funcade'
Checking for 'C:\Documents and Settings\MIKES\Start Menu\Programs\WinMX' in shortcut areas.
Checking for 'C:\Documents and Settings\MIKES\Start Menu\Programs\WinMX' in startup areas.
Cleaning 'C:\Documents and Settings\MIKES\Start Menu\Programs\WinMX'
Checking for 'C:\Documents and Settings\MIKES\Start Menu\Programs\WinMX\WinMX.lnk' in shortcut areas.
Checking for 'C:\Documents and Settings\MIKES\Start Menu\Programs\WinMX\WinMX.lnk' in startup areas.
Cleaning 'C:\Documents and Settings\MIKES\Start Menu\Programs\WinMX\WinMX.lnk'
Checking for 'C:\Program Files\LimeWire\LimeWire20.dll' in shortcut areas.
Checking for 'C:\Program Files\LimeWire\LimeWire20.dll' in startup areas.
Cleaning 'C:\Program Files\LimeWire\LimeWire20.dll'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\colors.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\colors.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\colors.dat'
Checking for 'C:\Program Files\WinMX\contacts.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\contacts.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\contacts.dat'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
Checking for 'C:\Program Files\WinMX\library.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\library.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\library.dat'
Checking for 'C:\Program Files\WinMX\license.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\license.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\license.txt'
Checking for 'C:\Program Files\WinMX\settings.dat' in shortcut areas.
Checking for 'C:\Program Files\WinMX\settings.dat' in startup areas.
Cleaning 'C:\Program Files\WinMX\settings.dat'
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\MIKES\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\MIKES\Desktop\'
[SCANMODS] The file 'C:\Documents and Settings\MIKES\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt'
Checking for 'C:\Program Files\WinMX\errcatch.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\errcatch.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\errcatch.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\errcatch.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in shortcut areas.
Checking for 'C:\Program Files\WinMX\uninstall.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\uninstall.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\uninstall.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in shortcut areas.
Found 'WinMX.lnk' in 'C:\Documents and Settings\MIKES\Start Menu\Programs\WinMX\'
Found 'WinMX.lnk' in 'C:\Documents and Settings\MIKES\Desktop\'
[SCANMODS] The file 'C:\Documents and Settings\MIKES\Start Menu\Programs\WinMX\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
[SCANMODS] The file 'C:\Documents and Settings\MIKES\Desktop\WinMX.lnk' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\Program Files\WinMX\WinMX.exe' in startup areas.
Cleaning 'C:\Program Files\WinMX\WinMX.exe'
[SCANMODS] The file 'C:\Program Files\WinMX\WinMX.exe' was not found. Most likely already cleaned by another scanner module.
Checking for 'C:\WINDOWS\SYSTEM32\wapisvcc.exe' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\wapisvcc.exe' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\wapisvcc.exe'
Finished Cleaning

Thanks for your help!!
  • 0

Advertisements


#17
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Post me this:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and paste the List from the notebook onto your post
Let me know all the problems you're having at the moment..

- Rawe :tazz:
  • 0

#18
sixpacker

sixpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Here is the HJT uninstall mgr log;

Abacast Client
Ad-Aware SE Personal
Adobe Reader 7.0
Advanced PDF Password Recovery (remove only)
AttachmentOptions
Autodesk WHIP! (Release 4.0-102)
CCleaner (remove only)
CleanUp!
Dell Solution Center
Easy CD Creator 5 Basic
ewido security suite
HijackThis 1.99.1
Intel ® Pro Alerting Agent
Intel® Extreme Graphics Driver
Intel® PRO Network Adapters and Drivers
Intel® PROSet
Java 2 Runtime Environment, SE v1.4.2
Kaspersky On-line Scanner
LANBridge
LimeWire 4.8.1
LiveUpdate 1.7 (Symantec Corporation)
MATLAB 6.5
Microsoft Data Access Components KB870669
Microsoft FrontPage 2000 SR-1
Microsoft Office 2000 SR-1 Professional
Microsoft Project 98
MSN Music Assistant
OIN
OMCI
Oracle JInitiator 1.1.5.21.1
ORG50
Panda ActiveScan
QuickTime
RealPlayer
ScanIt 1.0
Security Task Manager 1.6c
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
SONARtrac Professional Edition R2.2.6
Spambayes Outlook Addin 0.81
Spybot - Search & Destroy 1.4
Symantec AntiVirus Client
Sysnet
TContext
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
WebEx
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows VisFx Components
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinZip

I am currently having no obvious problems with my machine. Is there a particular strategy or combination of scanners that you would recommend running on a periodic basis? To date, I have been using Spybot and Ad-aware periodically, with Norton antivirus running full time. Thanks for your help and any suggestions!!!
  • 0

#19
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Do you need these programs?

Abacast Client
LimeWire 4.8.1
OMCI
ORG50
Sysnet
TContext
WebEx
Windows VisFx Components


What you can uninstall:

OIN
Java 2 Runtime Environment, SE v1.4.2


As for the Java Runtime Environment, install the latest version here: http://www.java.com/...load/manual.jsp

Run the update function once installed.

- Rawe :tazz:

After that,
Can you also run this online scan and post the results:
Panda Activescan
  • 0

#20
sixpacker

sixpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I have uninstalled ORG50, SYSNET, TCONTEXT, WINDOWSVISFX and OIN, and have uninstalled and reinstalled Java. Here is a new Panda Activescan. Thanks so much for your assistance, you are really knowledgable, Rawe!!


Incident Status Location

Adware:adware/wupd No disinfected C:\PROGRAM FILES\Windows AdStatus
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Adware:adware/aurora No disinfected Windows Registry
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\MIKES\Desktop\Spyware Utilities\l2mfix\Process.exe
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\MIKES\Desktop\Spyware Utilities\nailfix\Process.exe
Adware:Adware/WUpd No disinfected C:\WINDOWS\Downloaded Program Files\DeskAdX.dll
  • 0

#21
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Delete this folder if present:

C:\PROGRAM FILES\Windows AdStatus

Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files - option.

Then see if you can find this file and if you do, delete:

C:\WINDOWS\Downloaded Program Files\DeskAdX.dll

Empty recycle bin - reboot and post a new HiJackThis log to make sure it's clean.

- Rawe :tazz:
  • 0

#22
sixpacker

sixpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I found and deleted the folder, but could not locate the file;

C:\WINDOWS\Downloaded Program Files\DeskAdX.dll

I did a search of the entire c: drive, but could not find any instances of that file.

Here is a new HJT log;

Logfile of HijackThis v1.99.1
Scan saved at 1:54:20 PM, on 8/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\Documents and Settings\MIKES\Desktop\Spyware Utilities\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://smbusiness.dellnet.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cidranet/
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKCU\..\Run: [CMAPP] "C:\Program Files\CMAPP\Client\cmappclient.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp4: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin5.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {9F77A997-F0F3-11d1-9195-00C04FC990DC} (JavaBeansBridge Object) - http://dbase2.cidra....jinit115211.exe
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

Thanks!!
  • 0

#23
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Great job it appears your system is clean. :)

**Re-hide hidden files option you modified earlier**

Let's clear out your restore points now.

Disable System Restore;

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".


Reboot.

Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".


System Restore will now be active again. :) Be sure to set a new restore point, and if you need additional help with that, here's a link; http://filext.com/in...thread.php?t=27

Here's some tips for future to prevent spyware;

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed. (My favourite)
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program <= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kaspersky, this is a must have.
  • Firewall <= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser <= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox.
And also see TonyKlein's good advice;
So how did I get infected in the first place? (My favourite)

Remember to keep Windows updated!!

Visit;
http://www.windowsupdate.com

- Rawe :tazz:

If you want to learn how to help people with malware problems like I helped you, feel free to take a look at this thread; http://www.geekstogo...here-t4817.html
  • 0

#24
sixpacker

sixpacker

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
I will perform the steps listed. Thanks so much for your help - I used to be able to eradicate many of these myself, but they are getting too sophisticated!!

My machine seems to be in great shape now!!! Thanks again, Rawe!
  • 0

#25
ScHwErV

ScHwErV

    Member 5k

  • Retired Staff
  • 21,285 posts
  • MVP
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP