[eddie5659]

That's better, looked at it this morning and was hoping it was a post problem

Well, its looking clean. The file that AVG flagged up looks like it was in the Temp folder. If it appears again, see if it gives you the location of the file.

We'll just do an online scan, and if all clear, we'll tidy things up


Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
• Please post this log in your next reply.

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6 Update 7.
• Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-6u7-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version.(Vista users, right cklick on the jre-6u7-windows-i586-p.exe and select "Run as an Administrator.")

[Advertisements]

online scan with [ul="http://www.kaspersky...vwebscan.html"]Kaspersky WebScanner[/url]

Done .... scanned 'Critical Areas' ... no threats found

Thank you for the help

As I said, the system is less sluggish (IE Win Explorer start-up, menu display/choices, etc) = unfortunately, when Firefox 3 displays options (Tools->Options) it takes almost 10 seconds before displaying the choices (a pain when want to clear the cache while making website changes). I'll have to 'reset' the profile and see if that fixes the delay.

Is it OK to delete all of the Kaspersky files (it takes up .5 GB of the free space on my C: disk and I'm very stingy with the free space there - it's only 9.32 GB total ... I have a 2nd hd that's 120GB but Kaspersky used my C: without asking).

Thanks again ... don't know how to put [RESOLVED] in subject line - but as far as I'm concerned it's resolved

Edited by 911pchelp, 16 October 2008 - 11:49 PM.

[911pchelp]

online scan with [ul="http://www.kaspersky...vwebscan.html"]Kaspersky WebScanner[/url]

Done .... scanned 'Critical Areas' ... no threats found

Thank you for the help

As I said, the system is less sluggish (IE Win Explorer start-up, menu display/choices, etc) = unfortunately, when Firefox 3 displays options (Tools->Options) it takes almost 10 seconds before displaying the choices (a pain when want to clear the cache while making website changes). I'll have to 'reset' the profile and see if that fixes the delay.

Is it OK to delete all of the Kaspersky files (it takes up .5 GB of the free space on my C: disk and I'm very stingy with the free space there - it's only 9.32 GB total ... I have a 2nd hd that's 120GB but Kaspersky used my C: without asking).

Thanks again ... don't know how to put [RESOLVED] in subject line - but as far as I'm concerned it's resolved

Edited by 911pchelp, 16 October 2008 - 11:49 PM.

[eddie5659]

I can mark it Resolved, but just need to clean up any leftovers of stuff we've used, and then we're done

I'm not sure about the Kaspersky files, need to know what there are, as I have it, and I can check with mine. So, for that, do this:

Please download DirLook by jpshortstuff from from one of the following mirrors:
Link 1
Link 2
Link 3

• Double-click DirLook.exe to run it.
• Ensure that Show Hidden Files/Folders and BBCode Ouput are both checked.
• Copy the content of the following codebox into the main textfield:
  
  Put the location of the folder/s into a text file, and copy/paste eg:
  
  

  C:\Program Files\Kaspersky Lab
  C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0

• Click the DirLook button to start the scan.
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply. (Note: The log can also be found at C:\dl_log.txt)

Note: Scanning may take longer for large folders.

=============

Also, have you added these entries to the Host file:

127.0.0.1 www.136136.net
127.0.0.1 www.136136.net
127.0.0.1 132.com

etc

Edited by eddie5659, 18 October 2008 - 10:41 AM.

[eddie5659]

Will mark this as Resolved, as the Malware is clear now, but it was just some leftovers

[eddie5659]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

[eddie5659]

Opened as requested

eddie

[911pchelp]

DirLook scan:
DirLook.exe v2.0 by jpshortstuff
Log created at 15:32 on 30/10/2008
==================================
Contents of "C:\Program Files\Kaspersky Lab"

Unable to find directory.

==================================
Contents of "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0"

Unable to find directory.

==================================
=EOF=
------------------------------------------------------------------------------------------------
Couldn't find anything with Win Search either (using several diff search args).

What does this mean?

=============

Also, have you added these entries to the Host file:

127.0.0.1 www.136136.net
127.0.0.1 www.136136.net
127.0.0.1 132.com

etc

[eddie5659]

Sorry for the late reply, was away this weekend.

Just realised what you mean about Kaspersky. You don't have the antivirus program, this is just for the online scanner.

If you go to AddRemove via the Control Panel, there should be an option to uninstall it there. After you have done that, go to Windows Explorer, and see if there is a folder for it still. If so, just delete it (leave it in the Recycle bin for now).

As for the bit I added below:

Also, have you added these entries to the Host file:

127.0.0.1 www.136136.net
127.0.0.1 www.136136.net
127.0.0.1 132.com

Some people edit their Hosts file, to stop access to certain sites. As these are not regarded as nice sites, I was wondering if you had edited the Hosts file yourself, or used a program to add entries, so that you can't open these by mistake online.

eddie

[911pchelp]

Response - no problem

Hadn't modified HOST file - did it now

No Kaspersky anywhere.

Did a scan with ClamWin - found a possible Trojan in a downloaded file I had never installed. Was from Softronics - they claim (on their website) that all downloads are virus free. (Scanned file - a zip file - by itself and AVG 8 didn't find anything wrong with file.)

[eddie5659]

My apologies, I never got an email notification, hence my lateness

If Kaspersky isn't showing in AddRemove or via the Program List, it will just be the ActiveX that was installed from the online scan. Its just you mentioned this bit:

Is it OK to delete all of the Kaspersky files (it takes up .5 GB of the free space on my C: disk...

Do you know the location of these files?

As regards to ClamWin, what file did it find? It may be a false possitive.

eddie

[911pchelp]

Is it OK to delete all of the Kaspersky files (it takes up .5 GB of the free space on my C: disk...

Do you know the location of these files?

My apologies this time ...jumped the gun ... I try to keep careful watch of my C: free space and when the space decreased by .5 GB assumed it was due to the Kaspersky scan ... but there are NO files.

As regards to ClamWin, what file did it find? It may be a false possitive.

Suspect you're right. ClamWin reported:

F:\Downloads\Madotate_2.02.02.zip: Trojan.Delf-3442 FOUND   (F: is my additional hard disk)



Since I hadn't unzipped/installed - just deleted file.


RESOLVED again? As far as I'm concerned it is. THANK YOU

[eddie5659]

Oki Doki, just lets clean up what we've used, and then its all okay

OTCleanIt
Download the following program:

http://download.blee...r/OTCleanIt.exe

Then, click the CleanUp! button. It will go thorugh the list and remove all of the tools it finds and then delete itself. Reboot.


=====

Please download ATF Cleaner by Atribune.

Caution: This program is for Windows 2000, XP and Vista only
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.


=======

Now, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View tab.
* Under the Hidden files and folders heading UNSELECT Show hidden files and folders.
* CHECK the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Next, let's clean your restore points and set a new one:

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs from changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected)1. Turn off System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Restart your computer.

3. Turn ON System Restore.On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
[/list]System Restore will now be active again.

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:

• SpywareBlaster to help prevent spyware from installing in the first place.
• SpywareGuard to catch and block spyware before it can execute.
• ZonedOut to block access to malicious websites so you cannot be redirected to them from an infected site or email.

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

• Microsoft Windows Update

monthly. And to keep your system clean run these free malware scanners

• Malwarebytes' Anti-Malware
  
• Spybot Search & Destroy

weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klein: So how did I get infected in the first place?

Have a safe and happy computing day!


eddie

Edited by eddie5659, 10 November 2008 - 02:29 PM.

[911pchelp]

DONE - THANK YOU

[eddie5659]

No problem

[eddie5659]

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.