Trojan.Vundo.H, Trojan.FakeAlert, Stolen.data, [Solved]
Started by
rebross
, Mar 03 2010 10:55 AM
This topic is locked
#46
Posted 16 March 2010 - 08:16 AM
rebross
- Topic Starter
-
- Member
-
- 193 posts
Member
#47
Posted 16 March 2010 - 09:23 AM
azarl
-
- Community Leader
-
- 25,310 posts
GeekU Admin
No probs. Let me know what chkdsk finds please
#48
Posted 16 March 2010 - 09:54 AM
rebross
- Topic Starter
-
- Member
-
- 193 posts
Member
Ok chkdsk just finished. No problems, it said the volume was clean. Should I disable and antivirus or malware before running eset online scanner?
#49
Posted 16 March 2010 - 10:15 AM
rebross
- Topic Starter
-
- Member
-
- 193 posts
Member
Is there a way for me to tell what processes I don't need? It takes awhile for things to load. Like literally 30 minutes.
#50
Posted 16 March 2010 - 10:43 AM
azarl
-
- Community Leader
-
- 25,310 posts
GeekU Admin
Not really my skill set. We can move you to the XP forum if you like or take a look here for some ideasIs there a way for me to tell what processes I don't need? It takes awhile for things to load. Like literally 30 minutes.
Edited by azarl, 16 March 2010 - 10:43 AM.
#51
Posted 16 March 2010 - 10:48 AM
rebross
- Topic Starter
-
- Member
-
- 193 posts
Member
Ok I'll check that out. I just got ESET to start running. Internet Explorer kept freezing and I had to reboot several times. I deactivated the Avira AntiVir guard but Eset still saw it. Hopefully it won't hinder the process. I'll do some posting once it finishes and I can run TDSSKiller.
#52
Posted 16 March 2010 - 12:39 PM
rebross
- Topic Starter
-
- Member
-
- 193 posts
Member
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2efa466784373a4c9c2f60324f8afdbd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-16 06:09:37
# local_time=2010-03-16 02:09:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 840123 840123 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 94 0 40473074 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=114028
# found=0
# cleaned=0
# scan_time=4821
14:37:16:625 1676 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
14:37:16:625 1676 ================================================================================
14:37:16:625 1676 SystemInfo:
14:37:16:625 1676 OS Version: 5.1.2600 ServicePack: 3.0
14:37:16:625 1676 Product type: Workstation
14:37:16:625 1676 ComputerName: KELLYLAPTOP
14:37:16:625 1676 UserName: Sorber
14:37:16:625 1676 Windows directory: C:\WINDOWS
14:37:16:625 1676 Processor architecture: Intel x86
14:37:16:625 1676 Number of processors: 2
14:37:16:625 1676 Page size: 0x1000
14:37:16:625 1676 Boot type: Normal boot
14:37:16:625 1676 ================================================================================
14:37:16:687 1676 UnloadDriverW: NtUnloadDriver error 2
14:37:16:687 1676 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:37:16:750 1676 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
14:37:16:750 1676 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:37:16:750 1676 wfopen_ex: Trying to KLMD file open
14:37:16:750 1676 wfopen_ex: File opened ok (Flags 2)
14:37:16:750 1676 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
14:37:16:750 1676 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:37:16:750 1676 wfopen_ex: Trying to KLMD file open
14:37:16:750 1676 wfopen_ex: File opened ok (Flags 2)
14:37:16:750 1676 Initialize success
14:37:16:750 1676
14:37:16:750 1676 Scanning Services ...
14:37:17:453 1676 GetAdvancedServicesInfo: Raw services enum returned 448 services
14:37:17:468 1676
14:37:17:468 1676 Scanning Kernel memory ...
14:37:17:468 1676 Devices to scan: 7
14:37:17:468 1676
14:37:17:468 1676 Driver Name: Disk
14:37:17:468 1676 IRP_MJ_CREATE : F7564BB0
14:37:17:468 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:468 1676 IRP_MJ_CLOSE : F7564BB0
14:37:17:468 1676 IRP_MJ_READ : F755ED1F
14:37:17:468 1676 IRP_MJ_WRITE : F755ED1F
14:37:17:468 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:468 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:468 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:468 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:468 1676 IRP_MJ_FLUSH_BUFFERS : F755F2E2
14:37:17:468 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:468 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:468 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:468 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:468 1676 IRP_MJ_DEVICE_CONTROL : F755F3BB
14:37:17:468 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7562F28
14:37:17:468 1676 IRP_MJ_SHUTDOWN : F755F2E2
14:37:17:468 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:468 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:468 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:468 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:468 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:468 1676 IRP_MJ_POWER : F7560C82
14:37:17:468 1676 IRP_MJ_SYSTEM_CONTROL : F756599E
14:37:17:468 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:468 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:468 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:484 1676 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:37:17:484 1676
14:37:17:484 1676 Driver Name: usbstor
14:37:17:484 1676 IRP_MJ_CREATE : F77EB218
14:37:17:484 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:484 1676 IRP_MJ_CLOSE : F77EB218
14:37:17:484 1676 IRP_MJ_READ : F77EB23C
14:37:17:484 1676 IRP_MJ_WRITE : F77EB23C
14:37:17:484 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:484 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:484 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:484 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:484 1676 IRP_MJ_FLUSH_BUFFERS : 804F4562
14:37:17:484 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:484 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:484 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:484 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:484 1676 IRP_MJ_DEVICE_CONTROL : F77EB180
14:37:17:484 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77E69E6
14:37:17:484 1676 IRP_MJ_SHUTDOWN : 804F4562
14:37:17:484 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:484 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:484 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:484 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:484 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:484 1676 IRP_MJ_POWER : F77EA5F0
14:37:17:484 1676 IRP_MJ_SYSTEM_CONTROL : F77E8A6E
14:37:17:484 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:484 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:484 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:500 1676 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
14:37:17:500 1676
14:37:17:500 1676 Driver Name: Disk
14:37:17:500 1676 IRP_MJ_CREATE : F7564BB0
14:37:17:500 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:500 1676 IRP_MJ_CLOSE : F7564BB0
14:37:17:500 1676 IRP_MJ_READ : F755ED1F
14:37:17:500 1676 IRP_MJ_WRITE : F755ED1F
14:37:17:500 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:500 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:500 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:500 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:500 1676 IRP_MJ_FLUSH_BUFFERS : F755F2E2
14:37:17:500 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:500 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:500 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:500 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:500 1676 IRP_MJ_DEVICE_CONTROL : F755F3BB
14:37:17:500 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7562F28
14:37:17:500 1676 IRP_MJ_SHUTDOWN : F755F2E2
14:37:17:500 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:500 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:500 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:500 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:500 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:500 1676 IRP_MJ_POWER : F7560C82
14:37:17:500 1676 IRP_MJ_SYSTEM_CONTROL : F756599E
14:37:17:500 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:500 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:500 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:546 1676 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:37:17:546 1676
14:37:17:546 1676 Driver Name: ti21sony
14:37:17:546 1676 IRP_MJ_CREATE : F62BB196
14:37:17:546 1676 IRP_MJ_CREATE_NAMED_PIPE : F628A6B2
14:37:17:546 1676 IRP_MJ_CLOSE : F62BB204
14:37:17:546 1676 IRP_MJ_READ : F62BB40C
14:37:17:546 1676 IRP_MJ_WRITE : F62BB65E
14:37:17:546 1676 IRP_MJ_QUERY_INFORMATION : F628A6B2
14:37:17:546 1676 IRP_MJ_SET_INFORMATION : F628A6B2
14:37:17:546 1676 IRP_MJ_QUERY_EA : F628A6B2
14:37:17:546 1676 IRP_MJ_SET_EA : F628A6B2
14:37:17:546 1676 IRP_MJ_FLUSH_BUFFERS : F62BB2FE
14:37:17:546 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : F628A6B2
14:37:17:546 1676 IRP_MJ_SET_VOLUME_INFORMATION : F628A6B2
14:37:17:546 1676 IRP_MJ_DIRECTORY_CONTROL : F628A6B2
14:37:17:546 1676 IRP_MJ_FILE_SYSTEM_CONTROL : F628A6B2
14:37:17:546 1676 IRP_MJ_DEVICE_CONTROL : F62BB248
14:37:17:546 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F62BB272
14:37:17:546 1676 IRP_MJ_SHUTDOWN : F62BB4D2
14:37:17:546 1676 IRP_MJ_LOCK_CONTROL : F628A6B2
14:37:17:546 1676 IRP_MJ_CLEANUP : F62BB0FC
14:37:17:546 1676 IRP_MJ_CREATE_MAILSLOT : F628A6B2
14:37:17:546 1676 IRP_MJ_QUERY_SECURITY : F628A6B2
14:37:17:546 1676 IRP_MJ_SET_SECURITY : F628A6B2
14:37:17:546 1676 IRP_MJ_POWER : F62BB364
14:37:17:546 1676 IRP_MJ_SYSTEM_CONTROL : F62BB596
14:37:17:546 1676 IRP_MJ_DEVICE_CHANGE : F628A6B2
14:37:17:546 1676 IRP_MJ_QUERY_QUOTA : F628A6B2
14:37:17:546 1676 IRP_MJ_SET_QUOTA : F628A6B2
14:37:17:578 1676 C:\WINDOWS\system32\drivers\ti21sony.sys - Verdict: 1
14:37:17:578 1676
14:37:17:578 1676 Driver Name: Disk
14:37:17:578 1676 IRP_MJ_CREATE : F7564BB0
14:37:17:578 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:578 1676 IRP_MJ_CLOSE : F7564BB0
14:37:17:578 1676 IRP_MJ_READ : F755ED1F
14:37:17:578 1676 IRP_MJ_WRITE : F755ED1F
14:37:17:578 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:578 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:578 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:578 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:578 1676 IRP_MJ_FLUSH_BUFFERS : F755F2E2
14:37:17:578 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:578 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:578 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:578 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:578 1676 IRP_MJ_DEVICE_CONTROL : F755F3BB
14:37:17:578 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7562F28
14:37:17:578 1676 IRP_MJ_SHUTDOWN : F755F2E2
14:37:17:578 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:578 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:578 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:578 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:578 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:578 1676 IRP_MJ_POWER : F7560C82
14:37:17:578 1676 IRP_MJ_SYSTEM_CONTROL : F756599E
14:37:17:578 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:578 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:578 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:578 1676 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:37:17:578 1676
14:37:17:593 1676 Driver Name: Disk
14:37:17:593 1676 IRP_MJ_CREATE : F7564BB0
14:37:17:593 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:593 1676 IRP_MJ_CLOSE : F7564BB0
14:37:17:593 1676 IRP_MJ_READ : F755ED1F
14:37:17:593 1676 IRP_MJ_WRITE : F755ED1F
14:37:17:593 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:593 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:593 1676 IRP_MJ_FLUSH_BUFFERS : F755F2E2
14:37:17:593 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_DEVICE_CONTROL : F755F3BB
14:37:17:593 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7562F28
14:37:17:593 1676 IRP_MJ_SHUTDOWN : F755F2E2
14:37:17:593 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:593 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:593 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:593 1676 IRP_MJ_POWER : F7560C82
14:37:17:593 1676 IRP_MJ_SYSTEM_CONTROL : F756599E
14:37:17:593 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:593 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:593 1676 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:37:17:593 1676
14:37:17:593 1676 Driver Name: atapi
14:37:17:593 1676 IRP_MJ_CREATE : F73736F2
14:37:17:593 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:593 1676 IRP_MJ_CLOSE : F73736F2
14:37:17:593 1676 IRP_MJ_READ : 804F4562
14:37:17:593 1676 IRP_MJ_WRITE : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:593 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:593 1676 IRP_MJ_FLUSH_BUFFERS : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_DEVICE_CONTROL : F7373712
14:37:17:593 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F736F852
14:37:17:593 1676 IRP_MJ_SHUTDOWN : 804F4562
14:37:17:593 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:593 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:593 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:593 1676 IRP_MJ_POWER : F737373C
14:37:17:593 1676 IRP_MJ_SYSTEM_CONTROL : F737A336
14:37:17:593 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:593 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:609 1676 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
14:37:17:609 1676
14:37:17:609 1676 Completed
14:37:17:609 1676
14:37:17:609 1676 Results:
14:37:17:609 1676 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
14:37:17:609 1676 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:37:17:609 1676 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:37:17:609 1676
14:37:17:609 1676 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
14:37:17:609 1676 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
14:37:17:625 1676 KLMD(ARK) unloaded successfully
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=2efa466784373a4c9c2f60324f8afdbd
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-03-16 06:09:37
# local_time=2010-03-16 02:09:37 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 840123 840123 0 0
# compatibility_mode=768 16777215 100 0 0 0 0 0
# compatibility_mode=1797 16775141 100 94 0 40473074 0 0
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=4352 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=114028
# found=0
# cleaned=0
# scan_time=4821
14:37:16:625 1676 TDSS rootkit removing tool 2.2.8 Mar 10 2010 15:53:20
14:37:16:625 1676 ================================================================================
14:37:16:625 1676 SystemInfo:
14:37:16:625 1676 OS Version: 5.1.2600 ServicePack: 3.0
14:37:16:625 1676 Product type: Workstation
14:37:16:625 1676 ComputerName: KELLYLAPTOP
14:37:16:625 1676 UserName: Sorber
14:37:16:625 1676 Windows directory: C:\WINDOWS
14:37:16:625 1676 Processor architecture: Intel x86
14:37:16:625 1676 Number of processors: 2
14:37:16:625 1676 Page size: 0x1000
14:37:16:625 1676 Boot type: Normal boot
14:37:16:625 1676 ================================================================================
14:37:16:687 1676 UnloadDriverW: NtUnloadDriver error 2
14:37:16:687 1676 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
14:37:16:750 1676 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
14:37:16:750 1676 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:37:16:750 1676 wfopen_ex: Trying to KLMD file open
14:37:16:750 1676 wfopen_ex: File opened ok (Flags 2)
14:37:16:750 1676 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
14:37:16:750 1676 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:37:16:750 1676 wfopen_ex: Trying to KLMD file open
14:37:16:750 1676 wfopen_ex: File opened ok (Flags 2)
14:37:16:750 1676 Initialize success
14:37:16:750 1676
14:37:16:750 1676 Scanning Services ...
14:37:17:453 1676 GetAdvancedServicesInfo: Raw services enum returned 448 services
14:37:17:468 1676
14:37:17:468 1676 Scanning Kernel memory ...
14:37:17:468 1676 Devices to scan: 7
14:37:17:468 1676
14:37:17:468 1676 Driver Name: Disk
14:37:17:468 1676 IRP_MJ_CREATE : F7564BB0
14:37:17:468 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:468 1676 IRP_MJ_CLOSE : F7564BB0
14:37:17:468 1676 IRP_MJ_READ : F755ED1F
14:37:17:468 1676 IRP_MJ_WRITE : F755ED1F
14:37:17:468 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:468 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:468 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:468 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:468 1676 IRP_MJ_FLUSH_BUFFERS : F755F2E2
14:37:17:468 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:468 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:468 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:468 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:468 1676 IRP_MJ_DEVICE_CONTROL : F755F3BB
14:37:17:468 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7562F28
14:37:17:468 1676 IRP_MJ_SHUTDOWN : F755F2E2
14:37:17:468 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:468 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:468 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:468 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:468 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:468 1676 IRP_MJ_POWER : F7560C82
14:37:17:468 1676 IRP_MJ_SYSTEM_CONTROL : F756599E
14:37:17:468 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:468 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:468 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:484 1676 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:37:17:484 1676
14:37:17:484 1676 Driver Name: usbstor
14:37:17:484 1676 IRP_MJ_CREATE : F77EB218
14:37:17:484 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:484 1676 IRP_MJ_CLOSE : F77EB218
14:37:17:484 1676 IRP_MJ_READ : F77EB23C
14:37:17:484 1676 IRP_MJ_WRITE : F77EB23C
14:37:17:484 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:484 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:484 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:484 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:484 1676 IRP_MJ_FLUSH_BUFFERS : 804F4562
14:37:17:484 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:484 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:484 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:484 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:484 1676 IRP_MJ_DEVICE_CONTROL : F77EB180
14:37:17:484 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F77E69E6
14:37:17:484 1676 IRP_MJ_SHUTDOWN : 804F4562
14:37:17:484 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:484 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:484 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:484 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:484 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:484 1676 IRP_MJ_POWER : F77EA5F0
14:37:17:484 1676 IRP_MJ_SYSTEM_CONTROL : F77E8A6E
14:37:17:484 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:484 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:484 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:500 1676 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS - Verdict: 1
14:37:17:500 1676
14:37:17:500 1676 Driver Name: Disk
14:37:17:500 1676 IRP_MJ_CREATE : F7564BB0
14:37:17:500 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:500 1676 IRP_MJ_CLOSE : F7564BB0
14:37:17:500 1676 IRP_MJ_READ : F755ED1F
14:37:17:500 1676 IRP_MJ_WRITE : F755ED1F
14:37:17:500 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:500 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:500 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:500 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:500 1676 IRP_MJ_FLUSH_BUFFERS : F755F2E2
14:37:17:500 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:500 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:500 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:500 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:500 1676 IRP_MJ_DEVICE_CONTROL : F755F3BB
14:37:17:500 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7562F28
14:37:17:500 1676 IRP_MJ_SHUTDOWN : F755F2E2
14:37:17:500 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:500 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:500 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:500 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:500 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:500 1676 IRP_MJ_POWER : F7560C82
14:37:17:500 1676 IRP_MJ_SYSTEM_CONTROL : F756599E
14:37:17:500 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:500 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:500 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:546 1676 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:37:17:546 1676
14:37:17:546 1676 Driver Name: ti21sony
14:37:17:546 1676 IRP_MJ_CREATE : F62BB196
14:37:17:546 1676 IRP_MJ_CREATE_NAMED_PIPE : F628A6B2
14:37:17:546 1676 IRP_MJ_CLOSE : F62BB204
14:37:17:546 1676 IRP_MJ_READ : F62BB40C
14:37:17:546 1676 IRP_MJ_WRITE : F62BB65E
14:37:17:546 1676 IRP_MJ_QUERY_INFORMATION : F628A6B2
14:37:17:546 1676 IRP_MJ_SET_INFORMATION : F628A6B2
14:37:17:546 1676 IRP_MJ_QUERY_EA : F628A6B2
14:37:17:546 1676 IRP_MJ_SET_EA : F628A6B2
14:37:17:546 1676 IRP_MJ_FLUSH_BUFFERS : F62BB2FE
14:37:17:546 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : F628A6B2
14:37:17:546 1676 IRP_MJ_SET_VOLUME_INFORMATION : F628A6B2
14:37:17:546 1676 IRP_MJ_DIRECTORY_CONTROL : F628A6B2
14:37:17:546 1676 IRP_MJ_FILE_SYSTEM_CONTROL : F628A6B2
14:37:17:546 1676 IRP_MJ_DEVICE_CONTROL : F62BB248
14:37:17:546 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F62BB272
14:37:17:546 1676 IRP_MJ_SHUTDOWN : F62BB4D2
14:37:17:546 1676 IRP_MJ_LOCK_CONTROL : F628A6B2
14:37:17:546 1676 IRP_MJ_CLEANUP : F62BB0FC
14:37:17:546 1676 IRP_MJ_CREATE_MAILSLOT : F628A6B2
14:37:17:546 1676 IRP_MJ_QUERY_SECURITY : F628A6B2
14:37:17:546 1676 IRP_MJ_SET_SECURITY : F628A6B2
14:37:17:546 1676 IRP_MJ_POWER : F62BB364
14:37:17:546 1676 IRP_MJ_SYSTEM_CONTROL : F62BB596
14:37:17:546 1676 IRP_MJ_DEVICE_CHANGE : F628A6B2
14:37:17:546 1676 IRP_MJ_QUERY_QUOTA : F628A6B2
14:37:17:546 1676 IRP_MJ_SET_QUOTA : F628A6B2
14:37:17:578 1676 C:\WINDOWS\system32\drivers\ti21sony.sys - Verdict: 1
14:37:17:578 1676
14:37:17:578 1676 Driver Name: Disk
14:37:17:578 1676 IRP_MJ_CREATE : F7564BB0
14:37:17:578 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:578 1676 IRP_MJ_CLOSE : F7564BB0
14:37:17:578 1676 IRP_MJ_READ : F755ED1F
14:37:17:578 1676 IRP_MJ_WRITE : F755ED1F
14:37:17:578 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:578 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:578 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:578 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:578 1676 IRP_MJ_FLUSH_BUFFERS : F755F2E2
14:37:17:578 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:578 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:578 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:578 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:578 1676 IRP_MJ_DEVICE_CONTROL : F755F3BB
14:37:17:578 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7562F28
14:37:17:578 1676 IRP_MJ_SHUTDOWN : F755F2E2
14:37:17:578 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:578 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:578 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:578 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:578 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:578 1676 IRP_MJ_POWER : F7560C82
14:37:17:578 1676 IRP_MJ_SYSTEM_CONTROL : F756599E
14:37:17:578 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:578 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:578 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:578 1676 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:37:17:578 1676
14:37:17:593 1676 Driver Name: Disk
14:37:17:593 1676 IRP_MJ_CREATE : F7564BB0
14:37:17:593 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:593 1676 IRP_MJ_CLOSE : F7564BB0
14:37:17:593 1676 IRP_MJ_READ : F755ED1F
14:37:17:593 1676 IRP_MJ_WRITE : F755ED1F
14:37:17:593 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:593 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:593 1676 IRP_MJ_FLUSH_BUFFERS : F755F2E2
14:37:17:593 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_DEVICE_CONTROL : F755F3BB
14:37:17:593 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F7562F28
14:37:17:593 1676 IRP_MJ_SHUTDOWN : F755F2E2
14:37:17:593 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:593 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:593 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:593 1676 IRP_MJ_POWER : F7560C82
14:37:17:593 1676 IRP_MJ_SYSTEM_CONTROL : F756599E
14:37:17:593 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:593 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:593 1676 C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: 1
14:37:17:593 1676
14:37:17:593 1676 Driver Name: atapi
14:37:17:593 1676 IRP_MJ_CREATE : F73736F2
14:37:17:593 1676 IRP_MJ_CREATE_NAMED_PIPE : 804F4562
14:37:17:593 1676 IRP_MJ_CLOSE : F73736F2
14:37:17:593 1676 IRP_MJ_READ : 804F4562
14:37:17:593 1676 IRP_MJ_WRITE : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_SET_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_EA : 804F4562
14:37:17:593 1676 IRP_MJ_SET_EA : 804F4562
14:37:17:593 1676 IRP_MJ_FLUSH_BUFFERS : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_VOLUME_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_SET_VOLUME_INFORMATION : 804F4562
14:37:17:593 1676 IRP_MJ_DIRECTORY_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_FILE_SYSTEM_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_DEVICE_CONTROL : F7373712
14:37:17:593 1676 IRP_MJ_INTERNAL_DEVICE_CONTROL : F736F852
14:37:17:593 1676 IRP_MJ_SHUTDOWN : 804F4562
14:37:17:593 1676 IRP_MJ_LOCK_CONTROL : 804F4562
14:37:17:593 1676 IRP_MJ_CLEANUP : 804F4562
14:37:17:593 1676 IRP_MJ_CREATE_MAILSLOT : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_SECURITY : 804F4562
14:37:17:593 1676 IRP_MJ_SET_SECURITY : 804F4562
14:37:17:593 1676 IRP_MJ_POWER : F737373C
14:37:17:593 1676 IRP_MJ_SYSTEM_CONTROL : F737A336
14:37:17:593 1676 IRP_MJ_DEVICE_CHANGE : 804F4562
14:37:17:593 1676 IRP_MJ_QUERY_QUOTA : 804F4562
14:37:17:593 1676 IRP_MJ_SET_QUOTA : 804F4562
14:37:17:609 1676 C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: 1
14:37:17:609 1676
14:37:17:609 1676 Completed
14:37:17:609 1676
14:37:17:609 1676 Results:
14:37:17:609 1676 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
14:37:17:609 1676 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:37:17:609 1676 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:37:17:609 1676
14:37:17:609 1676 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
14:37:17:609 1676 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
14:37:17:625 1676 KLMD(ARK) unloaded successfully
#53
Posted 17 March 2010 - 03:04 AM
azarl
-
- Community Leader
-
- 25,310 posts
GeekU Admin
Hi
We've not finished yet, but how does your system seem now?
Are you still experiencing any problems?
We've not finished yet, but how does your system seem now?
Are you still experiencing any problems?
#54
Posted 17 March 2010 - 07:20 AM
rebross
- Topic Starter
-
- Member
-
- 193 posts
Member
It seems like my only problems are program related now. I downloaded SeaTools yesterday and ran a hard drive test and it passed. So did I have viruses or were they remnants left over from the the trojans malwarebytes found and deleted?
A big problem is that programs I am removing are still showing up in add/remove programs. When I originally uninstalled them they disappeared but when I rebooted and went back into add/remove they were there again. Like Java, Itunes, Pixela Image Mixer, Quicktime, etc.
A big problem is that programs I am removing are still showing up in add/remove programs. When I originally uninstalled them they disappeared but when I rebooted and went back into add/remove they were there again. Like Java, Itunes, Pixela Image Mixer, Quicktime, etc.
#55
Posted 17 March 2010 - 09:11 AM
azarl
-
- Community Leader
-
- 25,310 posts
GeekU Admin
Basically remnants, but they were stopping your PC working. We got them in posts 9 & 12.
For your installs you could try the Microsoft Installer Cleanup tool or Safarp
Your logs are now clean - you are clear or seem to be. Please advise me if you still have any problems.
We'll move on to the cleanup now. There's quite A bit to do here, just take your time
Updates
Before we begin the actual cleanup, I'll just say a few words on the importance of updates. From time to time, software vendors introduce updates for their products. Sometimes these are to enhance the product, but often they are to repair an exploitable vulnerability. You may like to consider installing Secunia PSI. This is a free application (for home users) that sits in the system tray and alerts you when security updates are available, and where from. Secunia PSI can be downloaded from HERE
Follow these steps to uninstall ComboFix and tools used in the removal of malware
A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Preventing re-infection
Now that your system is clear, there are a number of steps you can take to prevent re-infection
It is critical that you have both a firewall and anti virus to protect your system and to keep them updated.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Winpatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found Here
SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
MVPS Hosts File - Blocks known bad sites by adding them to your Hosts file thereby preventing you from accessing them
TFC (Temp File Cleaner)- Cleans an enormous amount of junk held in temporary files and disposes of any malware lurking there.
Anti Spyware Program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware
Browsers
Consider using FIREFOX or OPERA, both are free to use and are more secure than IE. If you are using Firefox you can stay more secure by adding NoScript and WOT (Web Of Trust). NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
For your installs you could try the Microsoft Installer Cleanup tool or Safarp
Your logs are now clean - you are clear or seem to be. Please advise me if you still have any problems.
We'll move on to the cleanup now. There's quite A bit to do here, just take your time
Updates
Before we begin the actual cleanup, I'll just say a few words on the importance of updates. From time to time, software vendors introduce updates for their products. Sometimes these are to enhance the product, but often they are to repair an exploitable vulnerability. You may like to consider installing Secunia PSI. This is a free application (for home users) that sits in the system tray and alerts you when security updates are available, and where from. Secunia PSI can be downloaded from HERE
Follow these steps to uninstall ComboFix and tools used in the removal of malware
- Click START then RUN
- Now type ComboFix /Uninstall in the run box and click OK. Note the space between the ComboFix and the /U, it needs to be there.
A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself.
Preventing re-infection
Now that your system is clear, there are a number of steps you can take to prevent re-infection
It is critical that you have both a firewall and anti virus to protect your system and to keep them updated.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Winpatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. Help file and tutorial can be found Here
SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
MVPS Hosts File - Blocks known bad sites by adding them to your Hosts file thereby preventing you from accessing them
TFC (Temp File Cleaner)- Cleans an enormous amount of junk held in temporary files and disposes of any malware lurking there.
Anti Spyware Program - We recommend MalwareBytes Anti-Malware and SUPERAntiSpyware
Browsers
Consider using FIREFOX or OPERA, both are free to use and are more secure than IE. If you are using Firefox you can stay more secure by adding NoScript and WOT (Web Of Trust). NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
- Run Internet Explorer
- Click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
#56
Posted 17 March 2010 - 10:27 AM
rebross
- Topic Starter
-
- Member
-
- 193 posts
Member
Thank you for all that information. What do I do about Java?
#57
Posted 17 March 2010 - 10:34 AM
azarl
-
- Community Leader
-
- 25,310 posts
GeekU Admin
Have you an install disk for this machine?
#58
Posted 17 March 2010 - 10:35 AM
rebross
- Topic Starter
-
- Member
-
- 193 posts
Member
I have all the documentation along with the recovery disks but not the Windows XP disk.
#59
Posted 17 March 2010 - 10:46 AM
rebross
- Topic Starter
-
- Member
-
- 193 posts
Member
Is the Microsoft Installer Untility safe? I was looking at the readme file and it sounds scary. Safarp gives me the same message as add/remove when I try to remove Java
#60
Posted 17 March 2010 - 10:48 AM
azarl
-
- Community Leader
-
- 25,310 posts
GeekU Admin
deleted
Edited by azarl, 17 March 2010 - 10:56 AM.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
As Featured On:
Sign In
Create Account
