Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

BROKEN LINKS


  • Please log in to reply

#31
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
You can uninstall

Yahoo! Software Update

I see a problem with Word. Usually this is caused by a bad normal.dot template (sometimes they get infected too). Follow the instructions on
http://elamb.org/howto/normal-dot.htm
to rename all of your normal.dot templates. (When you restart Word it will create a clean one if it can't find the old one.)

After you do that start Word from the Start, All Programs list (not by clicking on an existing document). Then Disable Macros:

See the instructions toward the bottom of this page:

http://www.thuto.org...mpu/hcsmsw1.htm

Now while still in Word:

Tools then Options then Save: find the box for "Prompt to save normal template" and check it then OK. Close Word. It should ask you this time if you want to Save the Normal Template. Tell it Yes. In the future you want to always say NO unless you have just made a change to the default formatting.

It looks like your system is clean of the infection now as far as the scans we have run are concerned. Are you still seeing a problem?

Ron
  • 0

Advertisements


#32
simplee55

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

No problems, system is running great. :) The Link problem stopped awhile back, I can't tell what you had me doing when it stopped, but it stopped.

The only thing that I could not do in Word was Disable Macros because there is no place where I could do that, but every thing else went fine I hope.


Thank U !!! :unsure:

Edited by simplee55, 19 May 2011 - 04:21 AM.

  • 0

#33
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\george.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

To hide hidden files again:

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You do not have the latest Java (Java™ 6 Update 25). Get the latest at:

http://javadl.sun.co...?BundleId=41723

Save it to your PC then close all browsers and install it.

Once you install it, go into Control Panel, Add/Remove Software and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:

Java™ 6 Update 24 which is new enough that it should be removed automatically. If you use Firefox go into tools, Add-ons and make sure that CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA is not enabled. CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA is OK but 0024 should be disabled or uninstalled. Java seems to have a real problem removing the old consoles from Firefox. Having multiple Java consoles will make Firefox very sluggish and slow to start.


Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat. Adobe is fond of foisting GetPlus on you. You can let them install it and then afterwards, go into Control Panel, Add/Remove Software and remove it. It probably doesn't hurt to leave it but I don't see the need for it and it has caused problems in the past.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

I recommend you install the free WinPatrol from http://www.winpatrol.com/download.html

It's a small program that will sit in your systray and warn you if something tries to make changes to your system.

If you use USB drives you might want to install Autorun Eater v2.5.
http://download.cnet...4-10752777.html
Another small program which will stay resident and prevent an infected USB drive from infecting your PC.

If you use Firefox then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox. It seems to work best if you reboot right after running it. You can run it any time that Firefox seems slow.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you install the MVP Hosts file:
http://www.mvps.org/...p2002/hosts.htm
it will keep you from going to most bad sites. You do not need Spybot's Immunize which does the same thing.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#34
simplee55

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

Finished with the clean up of Systenm Restore.

I followed the instructions Start, Run and put: "%userprofile%\Desktop\george.exe" /Uninstall and hit OK, this is what I got, See SNAPSHOT.

I'm still working on your other instructions.

Attached Thumbnails

  • Attachment No. 1.JPG

  • 0

#35
simplee55

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

I'm getting ready to Sell this PC and what I really need is information on how to wipe my Hard Drive clean of any and all of my Sensitive information before I sale.

Can you instruct me please ???

Thank U !!!

simplee

Edited by simplee55, 20 May 2011 - 04:21 PM.

  • 0

#36
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
Try this to uninstall Combofix. Make sure you copy the whole line including the quotation mark at the begining:

"c:\documents and settings\Debra Flowers\Desktop\George.exe" /Uninstall

Then open the Command Prompt and right click and Paste or Edit then Paste. Then hit Enter.

Your sensitive data should be stored in c:\documents and settings\Debra Flowers\ so I would go into Control Panel, User Accounts and create a new User (call it Owner). Make sure you give Owner Administration power then log off and log on as Owner. Right click on the Recycle Bin and choose properties, then check the
box, "Do not move files to the Recycle Bin, Remove files immediately when
deleted".

Open Explore and find the Hidden System folder called RECYCLER. Delete any folders you find within it. They will have names like S-1-5-21-.....

Then go back into User Accounts and delete the user Debra Flowers. Then open Explorer and make sure that folder c:\documents and settings\Debra Flowers has been deleted. If not, delete it. Then I would open My Computer and right click on the C:\ drive and select Properties then Tools then Defragment Now. Then go back into My Computer and right click on the C:\ drive and select Properties and do a Disk Cleanup.

If you are really feeling paranoid then first delete the Debra Flowers folder with eraser
http://eraser.heidi.ie/
then if Debra Flowers still exists as a User delete the user from Control Panel, User Accounts.

Ron
  • 0

#37
simplee55

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

I got the same message with "c:\documents and settings\Debra Flowers\Desktop\George.exe" /Uninstall in, Start + Run and Enter.

I have another question, is there some simpler way of erasing my Hard Drive. Is there not some FREE tool that I can download and can use ??? Wow that's a LOT of work.
  • 0

#38
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
If you want to erase the whole thing INCLUDING THE OPERATING SYSTEM then
format C:

from a command prompt should do it or you can use something like Darik's Boot and Nuke:
http://www.dban.org/

However, who is going to want to buy a computer that has no operating system? IF this is an HP or Compaq or Dell they usually have an option to return the PC to how it came from the factory. If you have the XP CD you can do a reinstall but first delete the original partition.

Ron
  • 0

#39
simplee55

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

What about a Quick Restore, where you hold CTRL and tapping the F11 key. Is that called Quick Restore ??

I don't know how long you will keep this Post opened, but I'm not releasing the PC until 28th of June and would like to do the Resore on the 26th so I can have time to get every thing right before I release it.

What do you think about that ???

Thank U !!!
  • 0

#40
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
It's not a standard windows command but it sounds like a revert to how it came from the factory. If that is what it is it should work. What make and model PC is this? (You might have told me but I can't find it now.) Once you do that it will be behind about a zillion MS updates (and thus very vulnerable to infection so your first step should be to go to windows updates and get all of the critical updates) but your own data should be gone.

Ron
  • 0

Advertisements


#41
simplee55

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Yes Sir, that's the FIRST thing I do, go directly to Win Updates. Because my internet connection is a tad bit faster than regular DSL, hopefully I will breeze through the downloads and install I'll have to do.

I have a DELL Dimension 3000; XP Home Edition.

Also, I'm sure you will close this Post before I'm ready to do the QR, and I can always come back to get your instructions. May I contact you just in case I run into any problems ???

Thank U !!!

simplee55
  • 0

#42
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
yes I won't close the post but it may expire. Just PM me if you need it opened.
  • 0

#43
simplee55

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

I just PM'ed you so you can look at the SNAPSHOTS I had to take because I'm having problems after do that Quick Restore. I have tried and retried to get onto Microsoft's web site so I can do all the UPDATING, but can not access it

I tried to do a RESTART and the PC would not restart, so I had to do a HARD SHUT down. You would think that after wiping my hard drive I shouldn't be having these type problems.

Thank U !!!

simplee55

Attached Thumbnails

  • Attachment No. 1.JPG
  • Attachment No. 2.JPG

  • 0

#44
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,680 posts
  • MVP
I'm not really sure what a quick restore does but I would uninstall McAfee and run the McAfee uninstall tool.

http://service.mcafe...spx?id=TS100507

Then install Avast.

http://www.avast.com...ivirus-download

Download, Save, and right click and Run As Administrator.

Once you have it installed and it has updated:

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

In IE, Files, uncheck Work Offline. Restart IE and test. If still no good:

In IE, Tools, Internet Options, Connections, LAN Settings, then uncheck all boxes and OK. Close IE and restart IE.


Restart and test. If still no good:

Start, All Programs, Accessories, Command Prompt. Type with an Enter after each line in the code box:


ipconfig /flushdns

netsh  winsock  reset catalog

netsh  int ip reset reset.log

proxycfg  -d

(I use two spaces in the code box so you will be sure to see where 1 space goes.)

Reboot and test. If it still doesn't work:

Open IE, Tools, Internet Options, Security, Restricted Sites, Sites. If you see Microsoft.com in there delete it.
Close IE and retry.

If still no luck:


1. Click "Start," click "Control Panel," click "Network and Internet Connections," and then click "Network Connections."
2. Right-click the network connection that you want to configure (the one you use to connect to the Internet), and then click Properties.
3. On the General tab (for a local area connection), or the Networking tab (for all other connections), click "Internet Protocol (TCP/IP)", and then click "Properties."

4. Click "Use the following DNS server addresses," and then type 8.8.8.8 in the Preferred DNS server and 4.2.2.1 in the Alternate DNS server boxes.

5. Click "OK"

Reboot and test. If it still doesn't work:

(Start) Right click on My Computer, select Manage then Device Manager. Find the Network Adapters and click on the + in front to open up the sub entries. Right click on each sun-entry under Network Adapters and Uninstall. (Doesn't hurt to write down the names in case you need to download the drivers from the PC Maker's website. Normally you don't but with malware you never know.) Reboot and test.

Ron
  • 0

#45
simplee55

simplee55

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 539 posts
Ron:

I had to run another Restore and system is running real good now. Maybe I got the name wrong, I thought it was called a "Quick Restore". At one time I had a Compaq and that's what their Techs use to call it.

This is a lot of work. I've been at it since 6:00-pm Sat and it's now 3:30-am Sunday. I had to do a lot of uninstalling of Programs that were put back on the system and then do a Search on each uninstall to make sure that no Files and Folders were left on the system. Still a bit more to do before I'm finished.

One of the first things I did after Windows finished Updating was Uninstalled McAfee so I could download AVAST.

I hope I don't have to bother you again after all is finished.

But at any rate, I really thank you for all your help .... take care !!!

simplee55
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP