Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

winfixer popup problem [resolved]


  • This topic is locked This topic is locked

#1
Drdnutz

Drdnutz

    New Member

  • Member
  • Pip
  • 9 posts
I have been infected with the winfixer popup malware and would appreciate any assistance on removing it. I have ran a microsoft anti spyware and spybot but they could not clean the problem. Below is my hijack this log. Thanks in advance.

Logfile of HijackThis v1.99.1
Scan saved at 9:41:58 PM, on 9/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\DeeEnEs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
I:\winfixer fix\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:\\www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:\\www.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\ServicePackFiles\i386\antiras.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DeeEnEs] D:\DeeEnEs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http:\\www.google.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://203.141.196.52/kxhcm10.ocx
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://dd8il.dyndns....activex/AMC.cab
O20 - Winlogon Notify: antiras - C:\WINDOWS\ServicePackFiles\i386\antiras.dll
O20 - Winlogon Notify: dbacc - C:\WINDOWS\ServicePackFiles\i386\dbacc.dll
O20 - Winlogon Notify: dbinet - C:\WINDOWS\msagent\dbinet.dll
O20 - Winlogon Notify: dbutil - C:\WINDOWS\repair\dbutil.dll
O20 - Winlogon Notify: dvdwave - C:\WINDOWS\Help\dvdwave.dll
O20 - Winlogon Notify: fontinet - C:\WINDOWS\msagent\intl\fontinet.dll
O20 - Winlogon Notify: fonttcp - C:\WINDOWS\java\Packages\fonttcp.dll
O20 - Winlogon Notify: imgodbc - C:\WINDOWS\Fonts\imgodbc.dll
O20 - Winlogon Notify: infodvd - C:\WINDOWS\repair\infodvd.dll
O20 - Winlogon Notify: logeula - C:\WINDOWS\Cursors\logeula.dll
O20 - Winlogon Notify: msad - C:\WINDOWS\Fonts\msad.dll
O20 - Winlogon Notify: srvdns - C:\WINDOWS\SERVIC~1\srvdns.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome Drdnutz to Geeks to Go!

We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.

Open Microsoft AntiSpyware.
Click on Tools, Settings.
In the left pane, click on Real-time Protection.
Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents on startup (recommended).
Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.
Reverse the process when you’ve carried out the advise.

***

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    it should look like this

    VundoFix V2.1 by Atri
    By pressing enter you agree that you are using this at your own risk
    Please seek assistance at one of the following forums:
    http://www.atribune.org/forums
    http://www.247fixes.com/forums
    http://www.geekstogo.com/forum
    http://forums.net-integration.net

  • At this point press enter one time.
  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\ServicePackFiles\i386\antiras.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\ServicePackFiles\i386\saritna.*
    This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HijackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\ServicePackFiles\i386\antiras.dll

    O20 - Winlogon Notify: antiras - C:\WINDOWS\ServicePackFiles\i386\antiras.dll

    O20 - Winlogon Notify: dbacc - C:\WINDOWS\ServicePackFiles\i386\dbacc.dll

    O20 - Winlogon Notify: dbinet - C:\WINDOWS\msagent\dbinet.dll

    O20 - Winlogon Notify: dbutil - C:\WINDOWS\repair\dbutil.dll

    O20 - Winlogon Notify: dvdwave - C:\WINDOWS\Help\dvdwave.dll

    O20 - Winlogon Notify: fontinet - C:\WINDOWS\msagent\intl\fontinet.dll

    O20 - Winlogon Notify: fonttcp - C:\WINDOWS\java\Packages\fonttcp.dll

    O20 - Winlogon Notify: imgodbc - C:\WINDOWS\Fonts\imgodbc.dll

    O20 - Winlogon Notify: infodvd - C:\WINDOWS\repair\infodvd.dll

    O20 - Winlogon Notify: logeula - C:\WINDOWS\Cursors\logeula.dll

    O20 - Winlogon Notify: msad - C:\WINDOWS\Fonts\msad.dll

    O20 - Winlogon Notify: srvdns - C:\WINDOWS\SERVIC~1\srvdns.dll
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
Download and install Cleanup from here (Alternate site if the above is not working, go Here)

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.
  • 0

#3
Drdnutz

Drdnutz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thank you it appears like you solved the issue. I have not seen one popup from the winfixer pond scums. I guess I got what I deserved running without antivirus software but consider this lesson learned. Would Norton have prevented this? From what I have seen one this board it appears like this is an epidemic. Let me know if my logs look clean but like i said i have not seen one popup yet. Thanks again you guys rock.


Incident Status Location

Virus:Trj/Agent.AJK Disinfected C:\WINDOWS\system32\vtutu.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\repair\dbutil.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\repair\infodvd.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\Help\dvdwave.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\Fonts\imgodbc.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\Fonts\msad.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\msagent\intl\fontinet.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\msagent\dbinet.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\Cursors\logeula.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\java\Packages\fonttcp.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\ServicePackFiles\i386\dbacc.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\ServicePackFiles\srvdns.dll
Virus:Trj/Downloader.DLQ Disinfected Personal Folders\Inbox\Mail\zam.exe
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0132860.dll
Virus:Trj/Agent.AJK Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0132997.dll
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0132998.dll
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0132999.dll
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0133000.dll
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0133001.dll
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0133002.dll
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0133003.dll
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0133004.dll
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0133005.dll
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0133006.dll
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0133007.dll
Virus:Trj/Pakes.AV Disinfected C:\System Volume Information\_restore{6F9846EF-C60B-472B-B1A9-06FC16AA187B}\RP528\A0133008.dll


Logfile of HijackThis v1.99.1
Scan saved at 10:22:25 PM, on 9/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Messenger\msmsgs.exe
D:\DeeEnEs.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\CleanUp!\cleanup.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft AntiSpyware\GIANTAntiSpywareMain.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\rundll32.exe
I:\winfixer fix\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http:\\www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http:\\www.google.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\Elaborate Bytes\CloneCD\CloneCDTray.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [DeeEnEs] D:\DeeEnEs.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O14 - IERESET.INF: START_PAGE_URL=http:\\www.google.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KX-HCM10 Control) - http://203.141.196.52/kxhcm10.ocx
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://dd8il.dyndns....activex/AMC.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
  • 0

#4
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Weldone :tazz:
Looks like you did it!

I don't think anything was preventing this yet. It's a mean one. But you cleaned it out!

Is the computer running ok?
If so, shall I post you some tips for the future and close this topic?
  • 0

#5
Drdnutz

Drdnutz

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
The PC is running great with no popups. Thanks again. Do you know how this infects the PC? I would like to take steps to prevent it from coming back.
  • 0

#6
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
I don't know how you got it, I only know how to remove it (that's what we did together :tazz: ).

----------

Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Re-enable system restore with the instructions from the tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer always has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & Hijacker protection on your computer alongside your virus protection. You should also scan your computer with this program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware – Download and install Ad-Aware. You should also scan your computer with this program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from your Computer

  • Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Glad I was able to help.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP