Jump to content
Sign in to follow this  
ilikenemo

Having probs again

Recommended Posts

Been having probs again with a fake spyware alert program :mrsgreen: I have a blue shield on my taskbar that alternates with a red cross. Heres the hjt results can someone please have a look and tell me if anything needs removing.

Thanks

 

 

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 16:31:47, on 05/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Filseclab\xfilter\xfilter.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Filseclab\FilMsg.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\hjt\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Filseclab Messenger.lnk = ?

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1181304953697

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Share this post


Link to post
Share on other sites

Hi ilikenemo,

 

Please do the following...

 

1. I don't see any indication of a Firewall in your HijackThis log. This may be because:

 

(1.) You are using Windows Firewall or a hardware Firewall.

(2.) You are using a Firewall of an unknown vendor.

(3.) You are using a Firewall, but it is disabled for unknown reasons

(4.) You don't use any firewall at all.

 

In the case you don't have a Firewall, please download one from the list below - They are Free!

 

Comodo << I recommend this

Zone Alarm

Sunbelt Kerio PF

Outpost Firewall

 

2. Download SmitfraudFix (by S!Ri) to your Desktop.

http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Extract all the files to your Destop. A folder named SmitfraudFix will be created on your Desktop.

 

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #1 - Search by typing 1 and press Enter

This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

 

IMPORTANT: Do NOT run any other options until you are asked to do so!

 

3. I need to see another log from HijackThis.

  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.
4. Please post the following...
  • SmitfraudFix report
  • Uninstall list
  • New HijackThis log

Share this post


Link to post
Share on other sites

Hi, heres the smitfraud results

 

 

SmitFraudFix v2.200

 

Scan done at 22:00:17.92, 06/07/2007

Run from C:\Documents and Settings\julie\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in normal mode

 

»»»»»»»»»»»»»»»»»»»»»»»» Process

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Filseclab\xfilter\xfilter.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Filseclab\FilMsg.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Thunderbird\thunderbird.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\cmd.exe

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\julie

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\julie\Application Data

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\julie\FAVORI~1

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

 

 

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

 

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]

"Source"="About:Home"

"SubscribedURL"="About:Home"

"FriendlyName"="My Current Home Page"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

 

[HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]

@="C:\WINDOWS\system32\xnvaogd.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]

@="C:\WINDOWS\system32\xnvaogd.dll"

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

 

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

Description: Linksys LNE100TX Fast Ethernet Adapter(LNE100TX v4) - Packet Scheduler Miniport

DNS Server Search Order: 194.168.4.100

DNS Server Search Order: 194.168.8.100

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3024F637-4B93-454A-B0A6-97264F525B17}: DhcpNameServer=194.168.4.100 194.168.8.100

HKLM\SYSTEM\CS1\Services\Tcpip\..\{3024F637-4B93-454A-B0A6-97264F525B17}: DhcpNameServer=194.168.4.100 194.168.8.100

HKLM\SYSTEM\CS3\Services\Tcpip\..\{3024F637-4B93-454A-B0A6-97264F525B17}: DhcpNameServer=194.168.4.100 194.168.8.100

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

Heres the hjt results. My firewall is at 010 but it says unknown file :blink:

 

Logfile of HijackThis v1.99.1

Scan saved at 22:02:44, on 06/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Filseclab\xfilter\xfilter.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Filseclab\FilMsg.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\hjt\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Filseclab Messenger.lnk = ?

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1181304953697

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Share this post


Link to post
Share on other sites

Hi, heres the uninstall list.

 

 

Ad-Aware 2007

Adobe Acrobat 5.0

AOL UK

avast! Antivirus

Bejeweled 1.5

CompuServe 2000 Version 6

Conexant SoftK56 Modem(M)

Filseclab Personal Firewall

HijackThis 1.99.1

IExplorer Security Plug-in

Microsoft Interactive Training

Microsoft Money

Microsoft Money System Pack

Microsoft Works 2000

Mozilla Firefox (2.0.0.4)

Mozilla Thunderbird (2.0.0.0)

Picasa 2

PowerDVD

RealPlayer Basic

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Media Player 9 (KB917734)

Security Update for Windows XP (KB890046)

Security Update for Windows XP (KB893756)

Security Update for Windows XP (KB896358)

Security Update for Windows XP (KB896423)

Security Update for Windows XP (KB896428)

Security Update for Windows XP (KB899587)

Security Update for Windows XP (KB899591)

Security Update for Windows XP (KB900725)

Security Update for Windows XP (KB901017)

Security Update for Windows XP (KB901214)

Security Update for Windows XP (KB902400)

Security Update for Windows XP (KB904706)

Security Update for Windows XP (KB905414)

Security Update for Windows XP (KB905749)

Security Update for Windows XP (KB908519)

Security Update for Windows XP (KB911562)

Security Update for Windows XP (KB911927)

Security Update for Windows XP (KB913580)

Security Update for Windows XP (KB914388)

Security Update for Windows XP (KB914389)

Security Update for Windows XP (KB917344)

Security Update for Windows XP (KB917422)

Security Update for Windows XP (KB917953)

Security Update for Windows XP (KB918118)

Security Update for Windows XP (KB918439)

Security Update for Windows XP (KB919007)

Security Update for Windows XP (KB920213)

Security Update for Windows XP (KB920670)

Security Update for Windows XP (KB920683)

Security Update for Windows XP (KB920685)

Security Update for Windows XP (KB922819)

Security Update for Windows XP (KB923191)

Security Update for Windows XP (KB923414)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB923694)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB923980)

Security Update for Windows XP (KB924191)

Security Update for Windows XP (KB924270)

Security Update for Windows XP (KB924496)

Security Update for Windows XP (KB924667)

Security Update for Windows XP (KB925902)

Security Update for Windows XP (KB926255)

Security Update for Windows XP (KB926436)

Security Update for Windows XP (KB927779)

Security Update for Windows XP (KB927802)

Security Update for Windows XP (KB928255)

Security Update for Windows XP (KB928843)

Security Update for Windows XP (KB929123)

Security Update for Windows XP (KB929969)

Security Update for Windows XP (KB930178)

Security Update for Windows XP (KB931261)

Security Update for Windows XP (KB931768)

Security Update for Windows XP (KB931784)

Security Update for Windows XP (KB932168)

Security Update for Windows XP (KB933566)

Security Update for Windows XP (KB935839)

Security Update for Windows XP (KB935840)

Spybot - Search & Destroy 1.4

Update for Windows XP (KB894391)

Update for Windows XP (KB898461)

Update for Windows XP (KB900485)

Update for Windows XP (KB908531)

Update for Windows XP (KB910437)

Update for Windows XP (KB911280)

Update for Windows XP (KB916595)

Update for Windows XP (KB920872)

Update for Windows XP (KB922582)

Update for Windows XP (KB927891)

Update for Windows XP (KB930916)

Update for Windows XP (KB931836)

Windows Installer 3.1 (KB893803)

Windows XP Hotfix - KB873339

Windows XP Hotfix - KB885835

Windows XP Hotfix - KB885836

Windows XP Hotfix - KB886185

Windows XP Hotfix - KB887472

Windows XP Hotfix - KB888302

Windows XP Hotfix - KB890859

Windows XP Hotfix - KB891781

Windows XP Service Pack 2

 

 

Thanks

Share this post


Link to post
Share on other sites

Hi ilikenemo,

 

Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

 

Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.

http://www.ewido.net/en/download/

  • Install AVG Anti-Spyware by double clicking the installer.
  • Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
  • On the main screen under Your Computer's security.
    • Click on Change state next to Resident shield. It should now change to inactive.
    • Click on Change state next to Automatic updates. It should now change to inactive.
    • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
    • Wait until you see the Update succesfull message.
  • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.

AVG Anti-Spyware manual updates.

Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

______________________________

 

Reboot your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.
______________________________

 

Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.

Select option #2 - Clean by typing 2 and press Enter.

Wait for the tool to complete and disk cleanup to finish.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.

The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

 

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

 

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

______________________________

 

Navigate to C:\Windows\Temp

Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

 

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp

Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

 

Clean out your Temporary Internet files. Proceed like this:

  • Quit Internet Explorer and quit any instances of Windows Explorer.
  • Click Start, click Control Panel, and then double-click Internet Options.
  • On the General tab, click Delete Files under Temporary Internet Files.
  • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
  • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
  • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
  • Click OK.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.

 

Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.

______________________________

 

Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.

  • Click on Scanner on the toolbar.
  • Click on the Settings tab.
    • Under How to act?
      • Click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan?
      • All checkboxes should be ticked.
    • Under Possibly unwanted software:
      • All checkboxes should be ticked.
    • Under Reports:
      • Select Do no automatically generate reports
    • Under What to scan?
      • Select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When the scan has finished, follow the instructions below.

    IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.

    • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
    • At the bottom of the window click on the Apply all Actions button. (3)

      Posted Image

  • When done, click the Save Scan Report button. (4)
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.

______________________________

 

Open the SmitfraudFix folder and double-click smitfraudfix.cmd

Select option #3 - Delete Trusted zone by typing 3 and press Enter.

Answer Yes to the question "Restore Trusted Zone ?" by typing Y and hit Enter.

 

Note, if you use SpywareBlaster and/or IE-SPYAD, it will be necessary to re-install the protection both afford. For SpywareBlaster, run the program and re-protect all items. For IE-SPYAD, run the batch file and reinstall the protection.

______________________________

 

Please post:

  • c:\rapport.txt
  • AVG Anti-Spyware log
  • A new HijackThis log
You may need several replies to post the requested logs, otherwise they might get cut off.

Share this post


Link to post
Share on other sites

Hi, I'm having a problem downloading avg. It got to 9% and stopped. I have 2 avg icons on the desktop but they don't do anything :cr@sh: just says not valid application.

Share this post


Link to post
Share on other sites

Hi, managed to get as far as

 

Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp

Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.

 

 

I have been into all users and julie folders, theres a settings folder but no local settings folder. The settings folder is empty.

 

I won't do anymore until I hear from you again :)

 

The blue shield is no longer on my task bar :clap:

Share this post


Link to post
Share on other sites

Hi,

 

You can skip that section. We can deal with Temp files later.

 

I'm not sure where you are up to, so please continue or post the logs if you're finished. :)

Share this post


Link to post
Share on other sites

Hi, heres the smitfraud results :) these were done last night so if it needs to be done again, just let me know :)

 

 

 

SmitFraudFix v2.200

 

Scan done at 22:58:36.76, 06/07/2007

Run from C:\Documents and Settings\julie\Desktop\SmitfraudFix\SmitfraudFix

OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT

The filesystem type is NTFS

Fix run in safe mode

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]

"{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}"="coronally"

 

[HKEY_CLASSES_ROOT\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]

@="C:\WINDOWS\system32\xnvaogd.dll"

 

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1b17f1db-790e-4d42-8e0c-d4d19123ee5b}\InProcServer32]

@="C:\WINDOWS\system32\xnvaogd.dll"

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Killing process

 

 

»»»»»»»»»»»»»»»»»»»»»»»» hosts

 

 

127.0.0.1 localhost

 

»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

 

GenericRenosFix by S!Ri

 

C:\WINDOWS\system32\xnvaogd.dll -> Hoax.Win32.Renos.gen.o

C:\WINDOWS\system32\xnvaogd.dll -> Deleted

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» DNS

 

HKLM\SYSTEM\CCS\Services\Tcpip\..\{3024F637-4B93-454A-B0A6-97264F525B17}: DhcpNameServer=194.168.4.100 194.168.8.100

HKLM\SYSTEM\CS1\Services\Tcpip\..\{3024F637-4B93-454A-B0A6-97264F525B17}: DhcpNameServer=194.168.4.100 194.168.8.100

HKLM\SYSTEM\CS3\Services\Tcpip\..\{3024F637-4B93-454A-B0A6-97264F525B17}: DhcpNameServer=194.168.4.100 194.168.8.100

HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100

HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100

HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System

!!!Attention, following keys are not inevitably infected!!!

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

"System"=""

 

 

»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

 

Registry Cleaning done.

 

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix

!!!Attention, following keys are not inevitably infected!!!

 

SrchSTS.exe by S!Ri

Search SharedTaskScheduler's .dll

 

 

»»»»»»»»»»»»»»»»»»»»»»»» End

Share this post


Link to post
Share on other sites

AVG report

 

 

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 15:09:39 07/07/2007

 

+ Scan result:

 

 

 

C:\System Volume Information\_restore{12E38C8D-3A70-4FD1-8B65-191CBC4866EB}\RP37\A0007613.dll -> Hijacker.Agent.jw : Cleaned with backup (quarantined).

:mozilla.75:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.

:mozilla.23:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

:mozilla.24:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.

:mozilla.20:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.21:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.22:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.26:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.

:mozilla.15:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.

:mozilla.110:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Com : Cleaned.

:mozilla.13:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.

:mozilla.88:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.90:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.91:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.

:mozilla.106:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.107:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.108:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.

:mozilla.31:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.32:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.33:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.

:mozilla.124:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Intelli-direct : Cleaned.

:mozilla.16:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.

:mozilla.11:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.12:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.

:mozilla.96:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.97:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Revsci : Cleaned.

:mozilla.10:C:\Documents and Settings\julie\Application Data\Mozilla\Firefox\Profiles\316qmvix.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.

 

 

::Report end

Share this post


Link to post
Share on other sites

Heres the hjt report :)

 

 

Logfile of HijackThis v1.99.1

Scan saved at 15:37:53, on 07/07/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\Program Files\Filseclab\xfilter\xfilter.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Common Files\Filseclab\FilMsg.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\Program Files\Windows NT\Accessories\WORDPAD.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\Documents and Settings\julie\Desktop\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.freeserve.co.uk

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.freeserve.co.uk

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKLM\..\Run: [XFILTER] "C:\Program Files\Filseclab\xfilter\xfilter.exe" -a

O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Global Startup: Filseclab Messenger.lnk = ?

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: Money Viewer - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O10 - Unknown file in Winsock LSP: c:\program files\filseclab\xfilter\xfilter.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.freeserve.co.uk

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1181304953697

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)

O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

Share this post


Link to post
Share on other sites

Hi, good job! :)

 

One more thing to do:

 

Open HijackThis

- Click the Do a system scan only button

- Check the following entries (below)

 

O2 - BHO: (no name) - {184746EC-9E9D-4C7D-B9E7-9039EBD801A9} - C:\Program Files\Video ActiveX Access\iesplg.dll (file missing)

 

- Close ALL open windows (especially Internet Explorer!)

- Click Fix Checked

Close HiajckThis

 

Apart from that, the log is clean. Anymore problems? :)

Edited by Trogan

Share this post


Link to post
Share on other sites

All done :banana::banana2:

 

All seems to be running fine.

I have taken off filseclab and I've put comodo firewall back on.

 

Thanks for all your help :cheers:

 

Do I need to run another hjt log as I've changed firewalls since I done the last one?

 

Thanks again :clap:

Share this post


Link to post
Share on other sites

Nope, that's fine. :)

 

Let me know if we can mark this resolved?

___________________________________

 

Here are some tips for a clean and secure computer.

 

For XP users.

It's a good idea to Flush your System Restore points after ridding yourself of malware. You can clean this by doing the following:

  • Click Start | Help and Support | Undo changes to your computer with System Restore.
  • Click Create A Restore Point then click Next. Give it a name it and then click Create, then Close.
  • Close the Help and Support Center box.
  • Click Start | Run and type Cleanmgr
  • Select (C: ) then click OK.
  • Click the More Options tab.
  • Click Clean Up in the System Restore Section.
This will remove all previous restore points except the newly created one.

 

Make your Internet Explorer more secure

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click on the Security tab
  • Click the Internet icon so it becomes highlighted.
  • Click on Default Level and click OK
  • Click on the Custom Level button.
    • Change the Download signed ActiveX controls to Prompt
    • Change the Download unsigned ActiveX controls to Disable
    • Change the Initialise and script ActiveX controls not marked as safe to Disable
    • Change the Installation of desktop items to Prompt
    • Change the Launching programs and files in an IFRAME to Prompt
    • Change the Navigate sub-frames across different domains to Prompt
    • Internet Explorer 7 users: Check all other items and make sure that they meet the (recommended) setting when applies.
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the
    settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
Keep your Sun Java up to date

 

The most current version of Sun Java is: Java Runtime Environment Version 6.0

http://java.sun.com/javase/downloads/index.jsp

  • Scroll down to where it says Java Runtime Environment (JRE) 6.
  • Click the Download button to the right.
  • Check the box that says: Accept License Agreement.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
And in the future, remember to remove older versions of Java when you update to a newer version to avoid exploitation of older versions left on your system.

 

Free programs that may help you in keeping the PC clean

  • SpywareBlaster

    SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    You can download SpywareBlaster here

    A tutorial can be found here

  • SpywareGuard

    It provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method. An anti-virus program scans files before you open them and prevents execution if a virus is detected - SpywareGuard does the same thing, but for spyware. And you can easily have an anti-virus program running alongside SpywareGuard. It also features Download Protection and Browser Hijacking Protection.

    You can download SpywareGuard here

    A tutorial can be found here

  • IE-SPYAD

    IE-SPYAD puts over 5000 sites in your restricted zone, so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. It basically prevents any downloads, cookies, scripts from the sites listed, although you will still be able to connect to the sites.

    You can download IE-SPYAD here

    A tutorial can be found here

  • Hosts File

    A Hosts file replaces your current HOSTS file with one containing well known ad, spyware sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.

    A tutorial can be found here

  • MVPS Hosts File

    You can download the MVPS Hosts File here

    Furthermore the website contains useful tips and links to other resources and utilities.

  • Bluetack's Hosts File and Hosts Manager

    Essentially based on the research made by Webhelper, Andrew Clover and Eric L. Howes, it contains most if not all the known spyware sites...sites responsible for hijacks, rogue apllications etc...

    Download Bluetack's Hosts file here

    Download Bluetack's HostsManager here

Free Spyware Detection and Removal Programs
  • Ad-Aware

    It scans for known spyware on your computer. These scans should be run at least once every two weeks.

    You can download Ad-Aware here

    A tutorial can be found here

  • Spybot - Search & Destroy

    It scans for spyware and other malicious programs. Spybot has preventitive tools that stop programs from even installing on your computer.

    You can download Spybot - S&D here

    A tutorial can be found here

Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright Foistware.

You will find the list here

 

WinPatrol

 

WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files.

  • Detect & Neutralize Spyware.
  • Detect & Neutralize ADware.
  • Detect & Neutralize Viral infections.
  • Detect & Neutralize Unwanted IE Add-Ons.
  • Detect & Restore File Type Changes.
  • Automatically Filter Unwanted Cookies.
  • Avoid Start Page Hijacking.
  • Detect changes to HOSTS & critical system files.
  • Kill Multiple Tasks that replicate each other, in a single step!
  • Stop programs that repeatedly add themselves to your Startup List!
Starting with WinPatrol 9.5 PLUS users also get the addition of Real-time Infiltration Detection so they'll know immediately when changes are made to critical system areas. WinPatrol Free is not demo or trial software. You're welcome to use it as long as you like.

You can download WinPatrol here

WinPatrol FAQ

 

SiteHound by Firetrust

 

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer. (Users of Firefox - a version for you is coming soon.) SiteHound's comprehensive database gathers the knowledge from other users and respected experts from the online security community to tell you which sites are real and which are bogus.

 

SiteHound will alert you when you enter a site which is known to contain:

  • Fraudulent claims or scams
  • Offensive material
  • Security vulnerabilities
  • Spyware or Adware
  • Spam related material
  • or other content deemed to be unsafe
Specifically, SiteHound blocks these categories:

 

• Adult • Spyware • Spam Advertising • Phishing • Possible scam or fraud • Misleading or False Advertising

• Pharming • Rogue or Suspect Product • Adware • Malware or Virus

 

System Requirements:

Internet Explorer 5.5+ and Windows 95/98/NT 4/ME/2000/XP

 

Product Info & Download: SiteHound Toolbar

 

Use an AntiVirus Software

 

It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See the link below for a listing of some online & their stand-alone antivirus programs.

Computer Safety On line - Anti-Virus

http://forum.malwareremoval.com/viewtopic.php?p=53#53

 

Update your Anti Virus Software

 

It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.

 

Use a Firewall

 

I can not stress enough how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below.

Computer Safety On line - Software Firewalls

http://forum.malwareremoval.com/viewtopic.php?p=56#56

A tutorial on Understanding and Using Firewalls can be found here

 

Happy Surfing! :)

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×