Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

usenet [RESOLVED]

Started by Geri1 , Oct 13 2005 10:37 PM

  • This topic is locked This topic is locked

#1
Geri1
Posted 13 October 2005 - 10:37 PM

Geri1

    Member

  • Member
  • PipPip
  • 12 posts
this is my first experience with this so please bear with me. i read and had already done the things on your list hours ago. i was on the phone with my computer manufacture over this problem for 2 hours and tried a number of different things and they suggested i contact you before having to do a recovery to take it back to the factory settings. when i tried to get into c-net downloads tonight i got "page can not be displayed". instead of ever getting into downloads.com i got the UseNet homepage. i then tried to get into limewire and again i got the "page can not be displayed". then i tried other web pages and it appears that it is only pages with downloads on them that have been highjacked. when i ran sypbot it told me that a registry key had been changed. it gave me the number but no option to change it back. i don't even know if that is possible. my computer manufacture found that there are now many cases of this program doing this and that it is being sold by c-net. i have no idea how i got it unless it was bundled with something i downloaded. tonight was the first i noticed it and i have not downloaded anything for a week now. i don't have a clue what else to do. i had just recently read about geeks to go but i have never been to site before. now that i am here i will have a look around and read up on things. i find it most interesting and helpful. thank you very much for this site.

you have an particularly large amount of hijacked domains. it's probably better to delete the file itself then to fix each item (and create a backup). if you see the same IP address in all the reported 01 items, consider deleting your Hosts file, which is located at c:\wndows\systemLogfile of HijackThis v1.99.1
Scan saved at 1:09:00 AM, on 10/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\PowerCinema\PCMService.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\winlogin.exe
C:\Program Files\BySoft FreeRAM\FreeRAM.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Outlook Express\msimn.exe
C:\new downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O1 - Hosts: 195.158.172.121 amazon.at
O1 - Hosts: 195.158.172.121 www.amazon.at
O1 - Hosts: 195.158.172.121 www.all-inkl.de
O1 - Hosts: 195.158.172.121 all-inkl.de
O1 - Hosts: 195.158.172.121 www.united-domains.de
O1 - Hosts: 195.158.172.121 united-domains.de
O1 - Hosts: 195.158.172.121 www.sedo.de
O1 - Hosts: 195.158.172.121 sedo.de
O1 - Hosts: 195.158.172.121 www.sedo.com
O1 - Hosts: 195.158.172.121 sedo.com
O1 - Hosts: 195.158.172.121 www.domains.de
O1 - Hosts: 195.158.172.121 domains.de
O1 - Hosts: 195.158.172.121 sedo.fr
O1 - Hosts: 195.158.172.121 sedo.it
O1 - Hosts: 195.158.172.121 sedo.se
O1 - Hosts: 195.158.172.121 sedo.dk
O1 - Hosts: 195.158.172.121 www.sedo.fr
O1 - Hosts: 195.158.172.121 www.sedo.it
O1 - Hosts: 195.158.172.121 www.sedo.se
O1 - Hosts: 195.158.172.121 www.sedo.dk
O1 - Hosts: 195.158.172.121 e-hausaufgaben.de
O1 - Hosts: 195.158.172.121 hausaufgaben.de
O1 - Hosts: 195.158.172.121 www.e-hausaufgaben.de
O1 - Hosts: 195.158.172.121 www.hausaufgaben.de
O1 - Hosts: 195.158.172.121 young.de
O1 - Hosts: 195.158.172.121 schoolunity.de
O1 - Hosts: 195.158.172.121 schoolwork.de
O1 - Hosts: 195.158.172.121 hausarbeiten24.com
O1 - Hosts: 195.158.172.121 hausarbeiten.de
O1 - Hosts: 195.158.172.121 www.young.de
O1 - Hosts: 195.158.172.121 www.schoolunity.de
O1 - Hosts: 195.158.172.121 www.schoolwork.de
O1 - Hosts: 195.158.172.121 www.hausarbeiten24.com
O1 - Hosts: 195.158.172.121 www.hausarbeiten.de
O1 - Hosts: 195.158.172.121 www.probenclub.de
O1 - Hosts: 195.158.172.121 www.couponmountain.de
O1 - Hosts: 195.158.172.121 www.warenproben.ag
O1 - Hosts: 195.158.172.121 www.gratisproben24.net
O1 - Hosts: 195.158.172.121 probenclub.de
O1 - Hosts: 195.158.172.121 couponmountain.de
O1 - Hosts: 195.158.172.121 warenproben.ag
O1 - Hosts: 195.158.172.121 gratisproben24.net
O1 - Hosts: 195.158.172.121 probendino.de
O1 - Hosts: 195.158.172.121 www.probendino.de
O1 - Hosts: 195.158.172.121 www.proben.de
O1 - Hosts: 195.158.172.121 www.produktproben.de
O1 - Hosts: 195.158.172.121 proben.de
O1 - Hosts: 195.158.172.121 produktproben.de
O1 - Hosts: 195.158.172.121 de.supereva.com
O1 - Hosts: 195.158.172.121 www.de.supereva.com
O1 - Hosts: 195.158.172.121 www.knuddels.de
O1 - Hosts: 195.158.172.121 www.flirt-fever.de
O1 - Hosts: 195.158.172.121 www.neu.de
O1 - Hosts: 195.158.172.121 neu.de
O1 - Hosts: 195.158.172.121 chat.lycos.de
O1 - Hosts: 195.158.172.121 www.spinchat.de
O1 - Hosts: 195.158.172.121 www.chat.de
O1 - Hosts: 195.158.172.121 www.chatcity.de
O1 - Hosts: 195.158.172.121 www.webchat.de
O1 - Hosts: 195.158.172.121 chat.yahoo.de
O1 - Hosts: 195.158.172.121 www.friendscout24.de
O1 - Hosts: 195.158.172.121 www.ilove.de
O1 - Hosts: 195.158.172.121 www.traumpartnerchat.de
O1 - Hosts: 195.158.172.121 knuddels.de
O1 - Hosts: 195.158.172.121 flirt-fever.de
O1 - Hosts: 195.158.172.121 chat.lycos.de
O1 - Hosts: 195.158.172.121 spinchat.de
O1 - Hosts: 195.158.172.121 chat.de
O1 - Hosts: 195.158.172.121 chatcity.de
O1 - Hosts: 195.158.172.121 webchat.de
O1 - Hosts: 195.158.172.121 chat.yahoo.de
O1 - Hosts: 195.158.172.121 friendscout24.de
O1 - Hosts: 195.158.172.121 ilove.de
O1 - Hosts: 195.158.172.121 traumpartnerchat.de
O1 - Hosts: 195.158.172.121 www.planetwin.de
O1 - Hosts: 195.158.172.121 www.gewinnspiele.de
O1 - Hosts: 195.158.172.121 www.gewinnspiel.de
O1 - Hosts: 195.158.172.121 www.gewinnspiele.com
O1 - Hosts: 195.158.172.121 www.freewin.tv
O1 - Hosts: 195.158.172.121 www.gewinnclub.de
O1 - Hosts: 195.158.172.121 www.winwin.de
O1 - Hosts: 195.158.172.121 www.primawin.de
O1 - Hosts: 195.158.172.121 www.profiwin.de
O1 - Hosts: 195.158.172.121 planetwin.de
O1 - Hosts: 195.158.172.121 gewinnspiele.de
O1 - Hosts: 195.158.172.121 gewinnspiel.de
O1 - Hosts: 195.158.172.121 gewinnspiele.com
O1 - Hosts: 195.158.172.121 freewin.tv
O1 - Hosts: 195.158.172.121 gewinnclub.de
O1 - Hosts: 195.158.172.121 winwin.de
O1 - Hosts: 195.158.172.121 primawin.de
O1 - Hosts: 195.158.172.121 profiwin.de
O1 - Hosts: 195.158.172.121 www.lesen.de
O1 - Hosts: 195.158.172.121 www.bol.de
O1 - Hosts: 195.158.172.121 www.buecher.de
O1 - Hosts: 195.158.172.121 www.buch24.de
O1 - Hosts: 195.158.172.121 www.buchhandel.de
O1 - Hosts: 195.158.172.121 www.abebooks.de
O1 - Hosts: 195.158.172.121 www.buch.de
O1 - Hosts: 195.158.172.121 lesen.de
O1 - Hosts: 195.158.172.121 bol.de
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [D9dhw9wV] C:\WINDOWS\pjoee.exe
O4 - HKLM\..\Run: [D9dh$vùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\pjoee.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Winlogun] C:\WINDOWS\system32\winlogin.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\new downloads\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_2
O4 - HKCU\..\Run: [eMule Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\eMule Acceleration Patch\eMule Acceleration Patch.lnk
O4 - HKCU\..\Run: [Emule Speed Up Pro] C:\Program Files\Emule Speed Up Pro\Emule Speed Up Pro.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: Morpheus.lnk = C:\Program Files\Morpheus\Morpheus.exe
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Read Me.lnk = C:\Program Files\Opera\Readme.txt
O4 - Global Startup: Software License Agreement.lnk = C:\Program Files\Opera\License.txt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.emusic.com
O15 - Trusted Zone: http://www.pianoladynancy.com
O15 - Trusted Zone: http://www.roughstock.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

32\drivers\etc\hosts

Edited by Geri1, 13 October 2005 - 11:23 PM.

  • 0

Advertisements

#2
Buckeye_Sam
Posted 16 October 2005 - 07:49 AM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

We're going to try to download some programs to help us. Let me know if you can not get them downloaded.


Download Hoster.

This will restore your original Host files.
Run the program and press Restore Original Hosts and press OK.


=========


Please download Bit Defender 8 Free Edition
  • Install the program and then follow the prompts to download all available updates.
  • Perform a full scan on your Local drive.
  • When the scan is complete save the log and post it back here in your next reply.

=========


Reboot your computer and post a new hijackthis log and the log from Bit Defender.
  • 0

#3
Geri1
Posted 16 October 2005 - 10:13 AM

Geri1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i sure hope i did everythi/-----------------------------------------------------------------
//
// Product: BitDefender 8 Free Edition
// Version: 8.0
//
// Created on: 16/10/2005 10:22:18
//
//-----------------------------------------------------------------


Statistics

Scan path : C:\
D:\
Folders : 7051
Files : 454887
Archives : 18698
Packed files : 23943
Identified viruses : 6
Infected files : 9
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 4
Copied files : 0
Moved files : 2
Renamed files : 0
I/O errors : 27
Scan time : 01:08:07
Scan speed (files/sec) : 111

Virus definitions : 222169
Scan plugins : 13
Archive plugins : 39
Unpack plugins : 4
Mail plugins : 6
System plugins : 1

Scan options

Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user

Scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: vscan.log
[ ] Append to existing report

Summary:

C:\Documents and Settings\GERI\Local Settings\Temp\perfectnavUninstall.exe=>(NSIS o)=>zlib_nsis0002 Infected Trojan.Downloader.Keenval.F
C:\Documents and Settings\GERI\Local Settings\Temp\perfectnavUninstall.exe=>(NSIS o)=>zlib_nsis0002 Disinfection failed
C:\Documents and Settings\GERI\Local Settings\Temp\perfectnavUninstall.exe=>(NSIS o)=>zlib_nsis0002 Move failed
C:\Documents and Settings\GERI\My Documents\My Music\Wanda Jackson - 20 Rock N Roll Hits.exe Infected Win32.Worm.Lexi.A
C:\Documents and Settings\GERI\My Documents\My Music\Wanda Jackson - 20 Rock N Roll Hits.exe Deleted
C:\My Downloads\Wanda Jackson - 20 Rock N Roll Hits.exe Infected Win32.Worm.Lexi.A
C:\My Downloads\Wanda Jackson - 20 Rock N Roll Hits.exe Deleted
C:\Program Files\Emule Speed Booster\NNGLZA638.EXE Detected: Application.Adware.NewDotNet.B.Dropper
C:\Program Files\Emule Speed Booster\NNGLZA638.EXE Deleted
C:\Program Files\support.com\backup\NE\newdotnet6_38.dll\229376_51a9f736b_=>newdotnet6_38.dll Detected: Application.Adware.NewDotNet.B
C:\Program Files\support.com\backup\NE\newdotnet6_38.dll\229376_51a9f736b_=>newdotnet6_38.dll Disinfection failed
C:\Program Files\support.com\backup\NE\newdotnet6_38.dll\229376_51a9f736b_=>newdotnet6_38.dll Move failed
C:\WINDOWS\browserxtras\pn\remove.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0002 Infected Trojan.Downloader.Keenval.F
C:\WINDOWS\browserxtras\pn\remove.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0002 Disinfection failed
C:\WINDOWS\browserxtras\pn\remove.exe=>(NSIS o)=>zlib_nsis0001=>(NSIS o)=>zlib_nsis0002 Move failed
C:\WINDOWS\gltdwif.exe Infected Trojan.Pakes.AM
C:\WINDOWS\gltdwif.exe Disinfection failed
C:\WINDOWS\gltdwif.exe Moved
C:\WINDOWS\system32\winlogin.exe Infected Win32.Worm.Lexi.A
C:\WINDOWS\system32\winlogin.exe Deleted
C:\WINDOWS\wfo.exe Infected Trojan.Pakes.BV
C:\WINDOWS\wfo.exe Disinfection failed
C:\WINDOWS\wfo.exe Moved
ng right. and thank you for answering.Attached File  highjackthis.log_2.txt   6.86KB   145 downloads
  • 0

#4
Geri1
Posted 16 October 2005 - 03:01 PM

Geri1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i just wanted to let you know that i think everything is ok, unless you see something in the scans that needs further attention. after rebooting everything ran very slow and was freezing up for about 1/2 hours. then i unplugged everything for a while and then when i ran it things seem back to normal. i ran another scan and included my external hard drives to make sure they were clean and nothing at all showed up. that was about an hour ago. hopefully there is nothing more. i thank you so much and please contact me if there is anything further i should know.
  • 0

#5
Buckeye_Sam
Posted 16 October 2005 - 08:31 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Unfortunately your log still shows that you are infected. If you would still like help please copy and paste a new hijackthis log into your next reply.
  • 0

#6
Geri1
Posted 16 October 2005 - 08:43 PM

Geri1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
i did sent it but as an attachment because i thought it would all be too long. i'll send another copy now. thank you
  • 0

#7
Geri1
Posted 16 October 2005 - 08:48 PM

Geri1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:46:45 PM, on 10/16/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\Dit.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\PowerCinema\PCMService.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BySoft FreeRAM\FreeRAM.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\eMule\emule.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
c:\program files\softwin\bitdefender8\bdmcon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Listen Rhapsody\rhaphlpr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\new downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [D9dhw9wV] C:\WINDOWS\pjoee.exe
O4 - HKLM\..\Run: [D9dh$vùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\pjoee.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Winlogun] C:\WINDOWS\system32\winlogin.exe
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\new downloads\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_2
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMule Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\eMule Acceleration Patch\eMule Acceleration Patch.lnk
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Read Me.lnk = C:\Program Files\Opera\Readme.txt
O4 - Global Startup: Software License Agreement.lnk = C:\Program Files\Opera\License.txt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.emusic.com
O15 - Trusted Zone: http://www.pianoladynancy.com
O15 - Trusted Zone: http://www.roughstock.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

#8
Buckeye_Sam
Posted 16 October 2005 - 08:59 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Please disable Spybot's Teatimer and WinPatrol before proceeding with this fix.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O4 - HKLM\..\Run: [D9dhw9wV] C:\WINDOWS\pjoee.exe
O4 - HKLM\..\Run: [D9dh$vùõš/‚²‘ÆßfÏNC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\pjoee.exe
O4 - HKLM\..\Run: [Winlogun] C:\WINDOWS\system32\winlogin.exe


Please delete these files:

C:\WINDOWS\system32\winlogin.exe
C:\WINDOWS\pjoee.exe
C:\Program Files\ISTsvc <-- delete this folder


Reboot and post a new hijackthis log.
  • 0

#9
Geri1
Posted 16 October 2005 - 09:36 PM

Geri1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
ok, i am going to have to run search to find spybot. in some ways that is almost as bad as spyware. i removed that from add/remove programs today because everything i tried to do, that you told me, i could not do because of the pop ups trying to block it. it is removed but i know it still on here because it keep showing up. it may be a good program but i got rid of it before becaue of this. i probably will not get back to post this until morning maybe. it depends on how long it takes me to find all of it. thank you.
  • 0

#10
Geri1
Posted 17 October 2005 - 08:54 AM

Geri1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:52:10 AM, on 10/17/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\keyhook.exe
C:\WINDOWS\Dit.exe
C:\WINDOWS\mHotkey.exe
C:\WINDOWS\CNYHKey.exe
C:\Program Files\PowerCinema\PCMService.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\PRISMSTA.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Softwin\BitDefender8\bdnagent.exe
C:\Program Files\Softwin\BitDefender8\bdmcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\BySoft FreeRAM\FreeRAM.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\TrueAssistant\TrueAssistant.exe
C:\WINDOWS\system32\wuauclt.exe
C:\new downloads\HijackThis.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.file-webber.de
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\keyhook.exe
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [CHotkey] mHotkey.exe
O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\PowerCinema\PCMService.exe"
O4 - HKLM\..\Run: [tgcmd] C:\Program Files\Support.com\bin\tgcmd.exe /server /startmonitor /deaf
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [PRISMSTA.EXE] PRISMSTA.EXE START
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender8\bdnagent.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender8\bdmcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeRAM XP] "C:\new downloads\FreeRAM XP Pro 1.40.exe" -win
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [BySoft FreeRAM] C:\Program Files\BySoft FreeRAM\FreeRAM.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_2
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [eMule Acceleration Patch] C:\Documents and Settings\All Users\Start Menu\Programs\eMule Acceleration Patch\eMule Acceleration Patch.lnk
O4 - Startup: TrueAssistant.lnk = C:\Program Files\TrueAssistant\TrueAssistant.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Read Me.lnk = C:\Program Files\Opera\Readme.txt
O4 - Global Startup: Software License Agreement.lnk = C:\Program Files\Opera\License.txt
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://www.emusic.com
O15 - Trusted Zone: http://www.pianoladynancy.com
O15 - Trusted Zone: http://www.roughstock.com
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
  • 0

Advertisements

#11
Geri1
Posted 17 October 2005 - 10:57 AM

Geri1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
now i keep a runtime error for C:\programs files\microsoft office\office10\WINWORD.EXE. i never had a problem with this before. thanks
  • 0

#12
Buckeye_Sam
Posted 17 October 2005 - 04:55 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That's Microsoft Word. If you have the disc, just reinstall it. It should fix that error for you.

How is everything else working for you?
  • 0

#13
Geri1
Posted 17 October 2005 - 05:10 PM

Geri1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
everything else seems to be find. i do have the disc and will reinstall it. is there other prople that you have come across with the problem with usenet. is usenet the one that high jacked this or was it another program that used usenet. i never ran into this before. i have more programs on here to prevent these things than i have regular programs...lol. thanks so much again.
  • 0

#14
Buckeye_Sam
Posted 17 October 2005 - 05:40 PM

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I don't believe your issue came from usenet. I think you arise from your P2P file sharing. Using programs like Emule and Shareaza to download music and other files is extremely risky. This is most likely where your infections came from.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

    You can find instructions on how to enable and reenable system restore here:

    Managing Windows Millenium System Restore

    or

    Windows XP System Restore Guide

    Renable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:

    Virus, Spyware, and Malware Protection and Removal Resources

  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:

    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

:tazz: :)
  • 0

#15
Geri1
Posted 17 October 2005 - 05:50 PM

Geri1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 12 posts
thank you. i will do the restore things. i do have everyone of the things you just mentioned except spyware blaster. i also update them everyday. i have automatic windows updates and d/l them as soon as they are there. thank you, i'll go fix the restore right now.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP