Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

win32/olmarik trojan unable to clean [Closed]

Started by Malucogus , Sep 28 2009 11:03 PM

  • This topic is locked This topic is locked

#16
Malucogus
Posted 10 October 2009 - 11:14 AM

Malucogus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
hi Summer , I didn't hear from you. I want to know if somthing else to do.

thanks u.
:)
  • 0

Advertisements

#17
Carina
Posted 10 October 2009 - 12:52 PM

Carina

    Member

  • Member
  • PipPipPip
  • 623 posts
Hi Malucogus,

Sorry for the delay. Please do the following below: :)

Step 1. Combofix Script

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Rootkit::
c:\windows\S42FFAA56.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000000
"AntiVirusOverride"=dword:00000000

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.




Step 2. Please Download and run MBAM

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.

Logs for your next reply:
Combofix
MBAM

Summer :)

Edited by summerpb, 10 October 2009 - 01:06 PM.

  • 0

#18
Malucogus
Posted 12 October 2009 - 10:47 AM

Malucogus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Hi Summer, thanks for your answer.

ComboFix 09-10-11.03 - Gustavo 10/12/2009 11:57.3.1 - NTFSx86
Running from: c:\documents and settings\Gustavo\Desktop\malucoguscf.exe
Command switches used :: c:\documents and settings\Gustavo\Desktop\CFScript..txt
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-09-12 to 2009-10-12 )))))))))))))))))))))))))))))))
.

2009-10-06 17:24 . 2009-10-06 17:24 -------- d-----w- C:\_OTS
2009-09-29 04:17 . 2009-09-29 04:17 -------- d-----w- c:\documents and settings\Gustavo\Application Data\Malwarebytes
2009-09-29 04:17 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-29 04:17 . 2009-09-29 04:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-29 04:17 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-29 04:17 . 2009-10-06 17:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-26 15:06 . 2009-09-26 15:06 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-09-26 14:54 . 2009-09-26 14:54 -------- d-----w- c:\program files\Enigma Software Group
2009-09-20 15:44 . 2009-09-20 15:44 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-09-13 16:32 . 2009-09-13 16:32 -------- d-----w- c:\program files\Microsoft Office Outlook Connector
2009-09-13 15:46 . 2009-09-30 02:16 -------- d-----w- c:\documents and settings\Gustavo\Tracing

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-12 16:07 . 2009-10-12 16:07 0 --sha-w- c:\windows\S42FFAA56.tmp
2009-10-08 16:40 . 2009-05-26 04:19 -------- d-----w- c:\documents and settings\Gustavo\Application Data\uTorrent
2009-10-07 21:08 . 2009-07-16 21:15 -------- d-----w- c:\documents and settings\Gustavo\Application Data\LimeWire
2009-09-26 20:05 . 2009-08-29 03:39 -------- d-----w- c:\program files\Google
2009-09-26 15:50 . 2008-10-16 02:04 -------- d-----w- c:\program files\AVG
2009-09-26 15:06 . 2009-07-11 15:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-09-22 15:41 . 2008-10-26 23:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-09-13 16:30 . 2008-02-08 20:49 -------- d-----w- c:\program files\Windows Live
2009-09-10 16:59 . 2009-08-19 05:18 -------- d-----w- c:\program files\Microsoft Silverlight
2009-09-08 23:00 . 2009-09-08 22:57 -------- d-----w- c:\program files\Coupons
2009-08-31 03:36 . 2007-09-22 16:47 -------- d-----w- c:\documents and settings\Gustavo\Application Data\AdobeUM
2009-08-29 03:40 . 2009-08-29 03:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-08-21 04:34 . 2009-08-21 04:34 0 ----a-w- c:\windows\nsreg.dat
2009-08-21 02:42 . 2009-07-16 21:15 -------- d-----w- c:\program files\LimeWire
2009-08-19 20:59 . 2007-09-11 16:31 50880 -c--a-w- c:\documents and settings\Gustavo\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-19 05:57 . 2008-01-01 03:33 -------- d-----w- c:\program files\Common Files\logishrd
2009-08-19 05:50 . 2008-02-08 21:00 -------- d-----w- c:\program files\Windows Live Toolbar
2009-08-19 05:49 . 2009-08-19 05:49 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-08-19 05:41 . 2009-08-19 05:41 -------- d-----w- c:\program files\Microsoft
2009-08-19 05:40 . 2009-08-19 05:40 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-19 05:12 . 2009-08-19 03:56 -------- d-----w- c:\program files\Windows Desktop Search
2009-08-19 04:52 . 2009-08-19 04:52 -------- d-----w- c:\program files\MSBuild
2009-08-19 04:01 . 2009-08-19 04:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-08-19 03:59 . 2009-08-19 03:59 -------- d-----w- c:\documents and settings\Gustavo\Application Data\Windows Search
2009-08-19 03:57 . 2009-08-19 03:57 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-19 03:57 . 2009-08-19 03:57 -------- d-----w- c:\documents and settings\Gustavo\Application Data\Windows Desktop Search
2009-08-16 06:03 . 2009-08-16 06:03 -------- d-----w- c:\documents and settings\Gustavo\Application Data\ImgBurn
2009-08-16 04:04 . 2009-08-16 04:04 -------- d-----w- c:\program files\ImgBurn
2009-08-06 23:24 . 2007-09-10 18:11 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 23:24 . 2007-09-10 18:11 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 23:24 . 2007-09-10 18:11 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 23:24 . 2007-07-30 23:19 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 23:24 . 2007-09-10 18:11 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 23:24 . 2004-08-04 04:56 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 23:23 . 2007-09-10 18:11 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 23:23 . 2007-09-15 06:06 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-08-06 23:23 . 2007-09-10 18:11 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-06 23:23 . 2007-07-30 23:18 215920 ----a-w- c:\windows\system32\muweb.dll
2009-08-06 02:48 . 2009-08-19 05:51 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-08-05 09:01 . 2004-08-04 04:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2004-08-04 04:56 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-15 03:35 . 2009-07-15 03:36 410984 ----a-w- c:\windows\system32\deploytk.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-02_03.24.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-12 16:08 . 2009-10-12 16:08 16384 c:\windows\temp\Perflib_Perfdata_4e4.dat
+ 2009-10-07 16:14 . 2009-08-06 23:24 44768 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups2.dll\7.4.7600.226\wups2.dll
+ 2009-10-07 16:14 . 2009-08-06 23:24 35552 c:\windows\system32\SoftwareDistribution\Setup\ServiceStartup\wups.dll\7.4.7600.226\wups.dll
+ 2002-08-29 08:00 . 2009-10-10 17:14 79294 c:\windows\system32\perfc009.dat
- 2002-08-29 08:00 . 2009-10-02 03:14 79294 c:\windows\system32\perfc009.dat
+ 2007-09-10 18:11 . 2009-08-06 23:24 35552 c:\windows\system32\dllcache\wups.dll
+ 2007-09-10 18:11 . 2009-08-06 23:24 53472 c:\windows\system32\dllcache\wuauclt.exe
+ 2004-08-04 04:56 . 2009-08-06 23:24 96480 c:\windows\system32\dllcache\cdm.dll
- 2002-08-29 08:00 . 2009-10-02 03:14 465512 c:\windows\system32\perfh009.dat
+ 2002-08-29 08:00 . 2009-10-10 17:14 465512 c:\windows\system32\perfh009.dat
+ 2007-09-10 18:11 . 2009-08-06 23:24 209632 c:\windows\system32\dllcache\wuweb.dll
+ 2007-09-10 18:11 . 2009-08-06 23:24 327896 c:\windows\system32\dllcache\wucltui.dll
+ 2007-09-10 18:11 . 2009-08-06 23:23 575704 c:\windows\system32\dllcache\wuapi.dll
+ 2007-09-10 18:11 . 2009-08-06 23:23 1929952 c:\windows\system32\dllcache\wuaueng.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\WCESCOMM.EXE" [2004-02-03 401491]
"HDDHealth"="c:\program files\HDD Health\HDDHealth.exe" [2008-06-15 1692672]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-29 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2007-10-25 2178832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696]
"SpyHunter Security Suite"="c:\program files\Enigma Software Group\SpyHunter\SpyHunter3.exe" [2009-04-02 868352]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2006-09-21 53248]
"S3Trayp"="S3trayp.exe" - c:\windows\system32\S3Trayp.exe [2007-09-30 200704]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\PPMate\\ppmate.exe"=
"c:\\Program Files\\Microsoft ActiveSync\\WCESCOMM.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Documents and Settings\\Gustavo\\Desktop\\utorrent-1.8.2.upx.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R2 gupdate1ca285afab5edb8;Google Update Service (gupdate1ca285afab5edb8);c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 133104]
R3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [2009-08-06 704864]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-06-23 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-06-23 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-06-23 72944]
S2 fssfltr;fssfltr;c:\windows\system32\DRIVERS\fssfltr_tdi.sys [2009-08-06 54752]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 S3GIGP;S3GIGP;c:\windows\system32\DRIVERS\S3gIGPm.sys [2008-04-17 603648]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-10-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-08-29 03:39]

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 03:44]

2009-10-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-08-29 03:44]
.
.
------- Supplementary Scan -------
.
uStart Page = www.ole.com.ar/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: E&xportar a Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
Trusted Zone: com.tw\www.msi
FF - ProfilePath - c:\documents and settings\Gustavo\Application Data\Mozilla\Firefox\Profiles\alppyhfg.default\
FF - prefs.js: browser.startup.homepage - www.ole.com.ar
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1698.5652\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-12 12:08
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ř•€|˙˙˙˙•€|ů•A~*]
"A0C0110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(504)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\drivers\KodakCCS.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\searchindexer.exe
c:\program files\Common Files\logishrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2009-10-12 12:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-12 16:15
ComboFix2.txt 2009-10-06 17:19
ComboFix3.txt 2009-10-02 03:30

Pre-Run: 75,067,371,520 bytes free
Post-Run: 75,270,279,168 bytes free

215 --- E O F --- 2009-10-10 03:04
  • 0

#19
Malucogus
Posted 12 October 2009 - 12:07 PM

Malucogus

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Malwarebytes' Anti-Malware 1.41
Database version: 2916
Windows 5.1.2600 Service Pack 3

10/12/2009 2:06:05 PM
mbam-log-2009-10-12 (14-06-05).txt

Scan type: Quick Scan
Objects scanned: 107307
Time elapsed: 4 minute(s), 20 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#20
Carina
Posted 14 October 2009 - 06:28 AM

Carina

    Member

  • Member
  • PipPipPip
  • 623 posts
Hi Malucogus,


Please do the following below: :)

Step 1. JAVA Update

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:

  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u16-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586.exe and select "Run as an Administrator.")




Step 2. Kaspersky On-line Scan

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:

  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply


Step 3. Install Anti-virus


Anti-Virus is a vital program in every computer as it protects the machine from widespread viruses which can be detrimental for the computer system.
Please download and install an anti-virus program.
Note: Keep it updated. This will make you protected from all the latest threats.

Below are some Free Anti-Virus Softwares.


Also, just like anti-virus, FIREWALL is a necessity in every computer. It is considered as first line of defense in keeping your computer secure from intruders particularly in protecting your private information. It works by allowing or blocking all traffic into and out of you computer.
PLEASE INSTALL AND USE ONE OF THE FOLLOWING FREE FIREWALLS:


You may also check other free security applications here.


Summer :)

Edited by summerpb, 14 October 2009 - 06:53 AM.

  • 0

#21
Essexboy
Posted 20 October 2009 - 11:08 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP