Jump to content
Sign in to follow this  
SaintsVenom

[Solved]Hijack Log File

Recommended Posts

Logfile of HijackThis v1.99.1

Scan saved at 3:42:46 AM, on 06/14/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\windm32.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\WINDOWS\system32\sdkkl.exe

C:\iFtpSvc\iFtpSvc.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\teamspeak2_RC2\TeamSpeak.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\WINDOWS\System32\devldr32.exe

C:\PROGRAM FILES\WINACE\WinAce.exe

C:\WINDOWS\TEMP\~AceTemp\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/index.htm

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {FF9849CC-6C90-6CAB-B092-7A873652819D} - C:\WINDOWS\ntoh.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [windm32.exe] C:\WINDOWS\windm32.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab

O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkkl.exe

O23 - Service: Ipswitch WS_FTP Server (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

 

 

 

 

What to keep & what to delete?

Thanks for the help.

Share this post


Link to post
Share on other sites

Please follow these instructions to the letter.

 

Step#1:

 

Please save these instructions to WordPad so that you have them accessible while following the steps. You also may want to print out these directions as the Internet will not be available. You must disconnect from the internet totally, as staying connected while fixing will prevent the fix from working. Also please keep Internet Explorer closed throughout as opening it will reinstall the infection. Read through all the instructions so that you can ask any questions now, before you disconnect from the Internet.

 

Please continue with the next step and if you run into any problems with the current one, just keep going through the list step by step. Just be sure to let us know what the problem was when you finally reply.

 

Step#2:

 

Please download and open the following zip file. Double-click on the file inside the zip and when it asks you if you would like to merge the file into your registry, please answer yes. This will make sure all files are visible on your computer.

http://www.davehigham.zen.co.uk/downloads/xphidden.zip

 

Step#3:

 

 

1. Please download About:Buster from here:

http://www.malwarebytes.biz/AboutBuster5.zip

 

2. Once it is downloaded extract it to c:\aboutbuster. Do NOT use it yet

 

Step#4:

 

Another program to download is Registrar Lite for use later: Please download http://www.resplendence.com/download/reglite.exe

and install it to C:\Program Files\RegLite\ . This is a registry editor that is very easy to use.

 

Step#5:

 

Please disconnect from the Internet and unplug your modem for the duration of this fix

 

1. Reboot your computer into Safe Mode by tapping F8 while booting up and continue for the rest of the fix in SAFE MODE

 

2. Click on start > control panel > administrative programs > services. Look for a service called Network Security Service Double click on that service and click stop and then set the startup to disabled

 

Step#6:

 

Press control-alt-delete to get into the task manager and end the following processes if they exist:

 

C:\WINDOWS\windm32.exe

C:\WINDOWS\system32\sdkkl.exe

 

Step#7:

 

I now need you to delete the following files:

 

C:\WINDOWS\system32\hkiht.dll

C:\WINDOWS\ntoh.dll

 

C:\WINDOWS\windm32.exe

C:\WINDOWS\system32\sdkkl.exe

 

If you get an error when deleting a file. Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

 

Step#8:

 

Then close all programs and windows and run hijackthis. Put a checkmark next to each of these entries and click 'fix checked' button when ready (some may be gone after uninstalling some programs):

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\hkiht.dll/sp.html#37049

 

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/index.htm

 

R3 - Default URLSearchHook is missing

 

O2 - BHO: Class - {FF9849CC-6C90-6CAB-B092-7A873652819D} - C:\WINDOWS\ntoh.dll

 

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm

 

O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkkl.exe

 

Step#9:

 

In the next step we are going to remove a service that gets installed by this malware.

 

1. Open Registrar Lite and run it.

 

2. Copy and paste the bold text below into the address bar of Registrar Lite:(this is making a Registry backup for safety in case of error)

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\

 

Go to File> Export and and save as (in the C:\Program Files\Registrar Lite (Reglite) folder):

 

1.) Winkey.reg (Save as type: regedit4 .reg type)

2.) Winkey.hiv (Save as type: Scroll to select-regetd32/WinAPI *hiv *dat files)

 

 

3. Copy and paste the bold text below into the address bar of Reglite:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\11Fßä#·ºÄÖ`I

3. Click Go

 

4. If 11Fßä#·ºÄÖ`I exists it will be highlighted in the left pane, right click on it and choose delete from the menu.

 

5. Copy and Paste the bold text below into the address bar of Registrar Lite:

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_11Fßä#·ºÄÖ`I

6. Click Go

 

7. If LEGACY_11Fßä#·ºÄÖ`I

exists then right click on it and choose delete from the menu.

 

8. If you have trouble deleting a key. Then click once on the key name to highlight it and on the top menu choose Security, then Edit Permissions. Then make sure you are an Administrator and give yourself Full Control of that key. Then click on everyone and put a checkmark in "full control". Then press apply and ok and attempt to delete the key again. Once you have deleted the key please return to the key and reinstate the original security permissions.

 

9. If you have had to change the permissions on the keys in Registrar Lite then they will have to be returned to the way they were . To do this please navigate to C:\ProgramFiles\Registrar Lite (Reglite) and double-click on Winkey.reg. It will ask if you want to merge this file with the registry, say Yes. Then double-click on Winkey.hiv and merge this file with the Registry. You have now returned the permissions to the way they were.

 

 

Step#10:

 

This is the step where we will use About:Buster that you had downloaded previously.

 

Navigate to the c:\aboutbuster directory and double-click on aboutbuster.exe When the tool is open press the OK button, then the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files. If it asks if you would like to do a second pass, allow it to do so. Post the log file in your next reply

 

 

When it has completed move on to step 11.

 

 

Step#11:

 

Copy the contents of the Quote Box below to Notepad.

Name the file as fix.reg

Change the Save as Type to *All Files*

and Save it on the desktop

 

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]

Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

 

Step#12:

 

1.Reboot your computer back to normal mode and Scan again with HijackThis. We still have a few steps to complete but a log file at this time would be helpful.

 

2. Post both your log from About Buster and your HijackThis log here in this thread with any questions or problems that you have run into. There are still some steps that are necessary to clear out all of the malware. There will be necessary files that it has deleted that will need to be replaced.

 

Good Luck!

Share this post


Link to post
Share on other sites

Thanks for the fast response. I followed steps 1 through 12 (lol there was alot, eek!) so heres the follow up logs.

 

 

HJT Log:

 

Logfile of HijackThis v1.99.1

Scan saved at 10:58:23 PM, on 06/14/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\iFtpSvc\iFtpSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\system32\sdknb.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\System32\taskmgr.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Documents and Settings\Gateway User\Desktop\Torrent Downloads\hijackthis\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yxouv.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yxouv.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yxouv.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yxouv.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yxouv.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yxouv.dll/sp.html#37049

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yxouv.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/index.htm

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {7DBB2BF8-5C0C-795B-B7AC-12281A796197} - C:\WINDOWS\mfcuo32.dll

O2 - BHO: (no name) - {FF9849CC-6C90-6CAB-B092-7A873652819D} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [windm32.exe] C:\WINDOWS\windm32.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [sdknb.exe] C:\WINDOWS\system32\sdknb.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab

O23 - Service: Ipswitch WS_FTP Server (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

 

 

 

 

 

AboutBuster Log:

 

AboutBuster 5.0 reference file 28

Scan started on [06/14/2005] at [10:45:44 PM]

------------------------------------------------

Streams(ADS) not scanned: System not NTFS

------------------------------------------------

Removed File! : C:\Windows\onwbxv.dat

Removed File! : C:\Windows\aetdoy.dat

Removed File! : C:\Windows\attejl.dat

Removed File! : C:\Windows\hwtytt.dat

Removed File! : C:\Windows\iagfid.dat

Removed File! : C:\Windows\bbhpz.dat

Removed File! : C:\Windows\pkkcf.dat

Removed File! : C:\Windows\lecyen.dat

Removed File! : C:\Windows\jbrpfl.dat

Removed File! : C:\Windows\jwwswq.dat

Removed File! : C:\Windows\zacwcp.dat

Removed File! : C:\Windows\ymvkib.dat

Removed File! : C:\Windows\qnfqcm.dat

Removed File! : C:\Windows\zmwmej.dat

Removed File! : C:\Windows\apsxa.dat

Removed File! : C:\Windows\pzodvo.dat

Removed File! : C:\Windows\wglikj.dat

Removed File! : C:\Windows\ohwoeu.dat

Removed File! : C:\Windows\skybf.dat

Removed File! : C:\Windows\doqnv.dat

Removed File! : C:\Windows\qohrxd.dat

Removed File! : C:\Windows\rhrrjw.dat

Removed File! : C:\Windows\amwmk.dat

Removed File! : C:\Windows\lftho.dat

Removed File! : C:\Windows\wziyru.dat

Removed File! : C:\Windows\eufeq.dat

Removed File! : C:\Windows\eohyf.dat

Removed File! : C:\Windows\rwwqmz.dat

Removed File! : C:\Windows\nygqmc.dat

Removed File! : C:\Windows\dmtymt.dat

Removed File! : C:\Windows\qrxsa.dat

Removed File! : C:\Windows\ybydt.dat

Removed File! : C:\Windows\lqddk.dat

Removed File! : C:\Windows\hwyrvy.dat

Removed File! : C:\Windows\jthcl.dat

Removed File! : C:\Windows\runpc.dat

Removed File! : C:\Windows\drcgjp.dat

Removed File! : C:\Windows\ohksp.dat

Removed File! : C:\Windows\hxppir.dat

Removed File! : C:\Windows\xqtye.dat

Removed File! : C:\Windows\ngrceb.dat

Removed File! : C:\Windows\tvgev.dat

Removed File! : C:\Windows\wwruyb.dat

Removed File! : C:\Windows\hxczsd.dat

Removed File! : C:\Windows\jhrvo.dat

Removed File! : C:\Windows\prrdl.dat

Removed File! : C:\Windows\lupuqv.dat

Removed File! : C:\Windows\vuhzlg.dat

Removed File! : C:\Windows\xvwicm.dat

Removed File! : C:\Windows\qwhnep.dat

Removed File! : C:\Windows\yztpub.dat

Removed File! : C:\Windows\nsiolr.dat

Removed File! : C:\Windows\eygrl.dat

Removed File! : C:\Windows\ljvda.dat

Removed File! : C:\Windows\ujytd.dat

Removed File! : C:\Windows\wysaf.dat

Removed File! : C:\Windows\aqmvss.dat

Removed File! : C:\Windows\qvnzab.dat

Removed File! : C:\Windows\kljhkl.dat

Removed File! : C:\Windows\clcnmw.dat

Removed File! : C:\Windows\pnynrz.dat

Removed File! : C:\Windows\hoqsuk.dat

Removed File! : C:\Windows\mbrdmo.dat

Removed File! : C:\Windows\fbkioz.dat

Removed File! : C:\Windows\birlu.dat

Removed File! : C:\Windows\ihymiu.dat

Removed File! : C:\Windows\ropyvc.dat

Removed File! : C:\Windows\jpidxm.dat

Removed File! : C:\Windows\piufab.dat

Removed File! : C:\Windows\hbmkdm.dat

Removed File! : C:\Windows\ezwyh.dat

Removed File! : C:\Windows\blijcs.dat

Removed File! : C:\Windows\umtoev.dat

Removed File! : C:\Windows\vfbia.dat

Removed File! : C:\Windows\rdnrmo.dat

Removed File! : C:\Windows\itcji.dat

Removed File! : C:\Windows\jnvtxa.dat

Removed File! : C:\Windows\bvosv.dat

Removed File! : C:\Windows\lvxaoe.dat

Removed File! : C:\Windows\dwqfqp.dat

Removed File! : C:\Windows\mjhtm.dat

Removed File! : C:\Windows\bjkqne.dat

Removed File! : C:\Windows\vxjfnd.dat

Removed File! : C:\Windows\oxtkhn.dat

Removed File! : C:\Windows\xvzcz.dat

Removed File! : C:\Windows\iocmv.dat

Removed File! : C:\Windows\rdlou.dat

Removed File! : C:\Windows\ygvvdv.dat

Removed File! : C:\Windows\qmkxt.dat

Removed File! : C:\Windows\lrcpt.dat

Removed File! : C:\Windows\kdnhn.dat

Removed File! : C:\Windows\vfqrj.dat

Removed File! : C:\Windows\ksbiep.dat

Removed File! : C:\Windows\ctunza.dat

Removed File! : C:\Windows\emjhp.dat

Removed File! : C:\Windows\kzwggr.dat

Removed File! : C:\Windows\ucvwt.dat

Removed File! : C:\Windows\ckgneq.dat

Removed File! : C:\Windows\mlrsya.dat

Removed File! : C:\Windows\rrvui.dat

Removed File! : C:\Windows\mqyfsj.dat

Removed File! : C:\Windows\rfuvoc.dat

Removed File! : C:\Windows\kgnaim.dat

Removed File! : C:\Windows\ymaoy.dat

Removed File! : C:\Windows\wpsak.dat

Removed File! : C:\Windows\hqvtg.dat

Removed File! : C:\Windows\qoxvf.dat

Removed File! : C:\Windows\ytffth.dat

Removed File! : C:\Windows\qhsfm.dat

Removed File! : C:\Windows\litgbl.dat

Removed File! : C:\Windows\ejlldv.dat

Removed File! : C:\Windows\euovb.dat

Removed File! : C:\Windows\rufzlc.dat

Removed File! : C:\Windows\cvxffm.dat

Removed File! : C:\Windows\eklrz.dat

Removed File! : C:\Windows\yfjeoq.dat

Removed File! : C:\Windows\nuvtz.dat

Removed File! : C:\Windows\bteagf.dat

Removed File! : C:\Windows\appcz32.exe

Removed File! : C:\Windows\kkqtec.dat

Removed File! : C:\Windows\vlteax.dat

Removed File! : C:\Windows\kydbo.dat

Removed File! : C:\Windows\nazzmx.dat

Removed File! : C:\Windows\fbrfgh.dat

Removed File! : C:\Windows\gfivf.dat

Removed File! : C:\Windows\qapdz.dat

Removed File! : C:\Windows\gctksf.dat

Removed File! : C:\Windows\qffrw.dat

Removed File! : C:\Windows\yovrrm.dat

Removed File! : C:\Windows\dplkhm.dat

Removed File! : C:\Windows\ynfls.dat

Removed File! : C:\Windows\ugaifd.dat

Removed File! : C:\Windows\hwloca.dat

Removed File! : C:\Windows\szuno.dat

Removed File! : C:\Windows\System32\opbnt.dat

Removed File! : C:\Windows\System32\cheaq.dat

Removed File! : C:\Windows\System32\kzpyt.dat

Removed File! : C:\Windows\System32\enmqm.dat

Removed File! : C:\Windows\System32\zprwv.dat

Removed File! : C:\Windows\System32\hcsja.dat

Removed File! : C:\Windows\System32\bjcky.dat

Removed File! : C:\Windows\System32\jwhle.dat

Removed File! : C:\Windows\System32\mqpct.dat

Removed File! : C:\Windows\System32\icmuq.dat

Removed File! : C:\Windows\System32\sejcm.dat

Removed File! : C:\Windows\System32\ghzyk.dat

Removed File! : C:\Windows\System32\sqjfk.dat

Removed File! : C:\Windows\System32\dyuzq.dat

Removed File! : C:\Windows\System32\xhqcc.dat

Removed File! : C:\Windows\System32\mtvfx.dat

Removed File! : C:\Windows\System32\kedlz.dat

Removed File! : C:\Windows\System32\zgaiz.dat

Removed File! : C:\Windows\System32\hfhbp.dat

Removed File! : C:\Windows\System32\ahdtr.dat

Removed File! : C:\Windows\System32\urlqb.dat

Removed File! : C:\Windows\System32\tzuwd.dat

Removed File! : C:\Windows\System32\usvqc.dat

Removed File! : C:\Windows\System32\baeba.dat

Removed File! : C:\Windows\System32\uawpc.dat

Removed File! : C:\Windows\System32\yfocs.dat

Removed File! : C:\Windows\System32\tbgda.dat

Removed File! : C:\Windows\System32\vcvey.dat

Removed File! : C:\Windows\System32\xawaj.dat

Removed File! : C:\Windows\System32\ljcqw.dat

Removed File! : C:\Windows\System32\nqfoe.dat

Removed File! : C:\Windows\System32\wshdj.dat

Removed File! : C:\Windows\System32\uwajf.dat

Removed File! : C:\Windows\System32\kljpa.dat

Removed File! : C:\Windows\System32\diznt.dat

Removed File! : C:\Windows\System32\ftcuw.dat

Removed File! : C:\Windows\System32\xtqtg.dat

Removed File! : C:\Windows\System32\odzxy.dat

Removed File! : C:\Windows\System32\flqjw.dat

Removed File! : C:\Windows\System32\igpbz.dat

Removed File! : C:\Windows\System32\eqczn.dat

Removed File! : C:\Windows\System32\scsud.dat

Removed File! : C:\Windows\System32\yjluk.dat

Removed File! : C:\Windows\System32\bevyo.dat

Removed File! : C:\Windows\System32\aqstd.dat

Removed File! : C:\Windows\System32\cxlva.dat

Removed File! : C:\Windows\System32\d3va32.exe

Removed File! : C:\Windows\System32\addgx32.exe

Removed File! : C:\Windows\System32\mshb.exe

Removed File! : C:\Windows\System32\apisl32.exe

Removed File! : C:\Windows\System32\sdkgj.exe

Removed File! : C:\Windows\System32\nujpb.dat

------------------------------------------------

Scan was COMPLETED SUCCESSFULLY at 10:52:25 PM

 

 

 

 

Now not sure if this is important or not, but a few things were;

 

 

1. Press control-alt-delete to get into the task manager and end the following processes if they exist:

 

C:\WINDOWS\windm32.exe

C:\WINDOWS\system32\sdkkl.exe

 

Those didnt show up when doing ctrl-alt-delete.

 

 

 

2. O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\system32\sdkkl.exe

 

 

That didnt show up in the HJT program when running in safe mode.

 

 

3. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_11Fßä#·ºÄÖ`I

 

 

Didnt find that.

 

 

4. Step#11:

 

Copy the contents of the Quote Box below to Notepad.

Name the file as fix.reg

Change the Save as Type to *All Files*

and Save it on the desktop

 

 

 

QUOTE

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]

 

 

 

Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

 

 

When doing that it created some kind of access error.

 

 

 

You said there was more to follow, will be awaiting the next steps, thanks again for the help.

Share this post


Link to post
Share on other sites

Okay, let's try this again. Print these instructions out.....

 

1. Please Download the most recent version of CWShredder (stand alone version):

http://www.intermute.com/spysubtract/cwshr...r_download.html

 

2. Check for Updates but please Do NOT use it yet.

 

First disable TeaTimer as it will try to interfere with this 'fix':

1) Run Spybot-S&D

2) Go to the Mode menu, and make sure "Advanced Mode" is selected

3) On the left hand side, choose Tools -> Resident

4) Uncheck "Resident TeaTimer" and OK any prompts

Do NOT restart your computer...

 

Please disconnect from the Internet and unplug your modem for the duration of this fix

 

Press control-alt-delete to get into the task manager and end the following processes if they exist:

 

C:\WINDOWS\windm32.exe

C:\WINDOWS\system32\sdknb.exe

 

I now need you to delete the following files:

 

C:\WINDOWS\yxouv.dll

C:\WINDOWS\mfcuo32.dll

 

C:\WINDOWS\windm32.exe

C:\WINDOWS\system32\sdknb.exe

 

If you get an error when deleting a file Right click on the file and check to see if the read only attribute is checked. if it is uncheck it and try again.

 

Then close all programs and windows and run hijackthis. Put a checkmark next to each of these entries and click 'fix checked' button:

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yxouv.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yxouv.dll/sp.html#37049

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\yxouv.dll/sp.html#37049

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\yxouv.dll/sp.html#37049

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\yxouv.dll/sp.html#37049

R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yxouv.dll/sp.html#37049

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\yxouv.dll/sp.html#37049

 

R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://find4u.net/index.htm

 

R3 - Default URLSearchHook is missing

 

O2 - BHO: Class - {7DBB2BF8-5C0C-795B-B7AC-12281A796197} - C:\WINDOWS\mfcuo32.dll

 

O2 - BHO: (no name) - {FF9849CC-6C90-6CAB-B092-7A873652819D} - (no file)

 

O4 - HKLM\..\Run: [windm32.exe] C:\WINDOWS\windm32.exe

 

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

 

O4 - HKLM\..\Run: [sdknb.exe] C:\WINDOWS\system32\sdknb.exe

 

Now please double click on CWshredder to run it.

CLOSE ALL WINDOWS except CWShredder

 

Run the program by clicking 'fix' and letting it fix all CWS remnants.

Next

Navigate to the c:\aboutbuster directory

double-click on aboutbuster.exe

When the tool opens press the OK button, then Start button, then the OK button

then finally the Yes button. It will start scanning your computer for files.

If it asks if you would like to do a second pass, allow it to do so.

Post the log file in your next reply

 

Try Regedit4 again:

 

Copy the contents of the Quote Box below to Notepad.

Name the file as fix.reg

Change the Save as Type to *All Files*

and Save it on the desktop

 

REGEDIT4

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\HSA]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SE]

 

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SW]

 

Then double-click on the fix.reg file, and when it prompts to merge say yes, and this will clear some registry entries left behind by the process.

 

Reboot your computer back to normal mode

 

Scan again with HijackThis

 

Reconnect To The Internet

 

Post both your log from About Buster and your HijackThis log

Share this post


Link to post
Share on other sites

Ok, followed every step to the T, here is a fresh log file from both HJT & AboutBuster.

 

 

 

Logfile of HijackThis v1.99.1

Scan saved at 5:01:30 AM, on 06/15/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\iFtpSvc\iFtpSvc.exe

C:\Program Files\InterMute\SpySubtract\SpySub.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Gateway User\Desktop\Torrent Downloads\hijackthis\HijackThis.exe

 

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab

O23 - Service: Ipswitch WS_FTP Server (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

 

 

 

Ok, I might be wrong, but that looks good, right? *crosses fingers*

 

 

AboutBuster 5.0 reference file 28

Scan started on [06/15/2005] at [5:01:58 AM]

------------------------------------------------

Streams(ADS) not scanned: System not NTFS

------------------------------------------------

No Files Found!

------------------------------------------------

Scan was COMPLETED SUCCESSFULLY at 5:10:04 AM

 

 

And the AboutBuster log looks the same correct? *crosses toes*

 

 

Now IF & I stress if everything is clean, whats next & since theres 18 million spyware, malware ect ect programs out & about, how do I continue to protect my system from viruses ect? What programs would you suggest & btw, THANK YOU for all of the help!

Share this post


Link to post
Share on other sites

Okay, that's looking good. :)

 

If you are having any difficulty with Notepad, please go to http://www.spywareinfo.com/~merijn/winfiles.html#control and choose 'Windows Files' from the menu on the left hand side of the page. Then choose 'Notepad' from the list and download it to C:\Windows and C:\Windows\System32

 

Step#1:

 

Now we need to see if we need to restore some deleted files:

Please check for the following files using the Windows Search Engine:

 

 

control.exe

 

rundll32.exe

 

wmplayer.exe

 

msconfig.exe

 

notepad.exe

 

shell.dll

 

SDHelper.dll

 

If any are missing or not working properly then you can download new copies from http://www.spywareinfo.com/~merijn/winfiles.html#control

and following the instructions at that site to have them where they belong for your OS.

 

 

Download the Hoster from http://www.funkytoad.com/download/hoster.zip

Press "Restore Original Hosts" and press "OK". Exit Program. This will restore the original deleted Hosts file.

 

This infection deletes the windows file, shell.dll.

 

please download shell.dll from here for your OS:

shell-dll.zip. Once the file is downloaded uncompress the zip file and copy shell.dll to the following locations (%windir% being the windows or winnt directory):

 

%windir%\system32

%windir%\system

 

If you have Spybot S&D installed you will also need to replace one file. Go here: SDHelper.zip and download SDHelper.dll. Copy the file to the folder containing you Spybot S&D program (normally C:\Program Files\Spybot - Search & Destroy). Then click Start > Run > regsvr32 "C:\Program Files\Spybot - Search & Destroy\SDHelper.dll" and press the OK button

 

Run an online antivirus scan at:

 

http://housecall.antivirus.com/

 

Reboot and post a last log

Share this post


Link to post
Share on other sites

Logfile of HijackThis v1.99.1

Scan saved at 11:07:00 AM, on 06/15/2005

Platform: Windows XP (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\InterMute\SpySubtract\SpySub.exe

C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

C:\iFtpSvc\iFtpSvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\devldr32.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Documents and Settings\Gateway User\Desktop\Torrent Downloads\hijackthis\HijackThis.exe

 

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe

O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15009/CTSUEng.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab

O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14.hotmail.msn.com/resources/MsnPUpld.cab

O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...StatsClient.cab

O16 - DPF: {9AA73F41-EC64-489E-9A73-9CD52E528BC4} (ZoneAxRcMgr Class) - http://messenger.zone.msn.com/binary/ZAxRcMgr.cab

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll

O16 - DPF: {B3872502-F9FD-4E96-93FF-0D37298F0689} (SOESysInfo Control) - http://everquest2.station.sony.com/systemscan/soesysinfo.cab

O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15010/CTPID.cab

O23 - Service: Ipswitch WS_FTP Server (iFtpSvc) - Ipswitch, Inc. 10 Maguire Road - Suite 220 Lexington MA. - C:\iFtpSvc\iFtpSvc.exe

O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

 

 

 

 

AboutBuster 5.0 reference file 28

Scan started on [06/15/2005] at [11:08:43 AM]

------------------------------------------------

Streams(ADS) not scanned: System not NTFS

------------------------------------------------

No Files Found!

------------------------------------------------

Scan was COMPLETED SUCCESSFULLY at 11:16:39 AM

 

 

 

There ya go, now whats next? :)

Share this post


Link to post
Share on other sites

This will clean your temps and prefetch:

 

Open notepad and copy and paste the following into it:

 

 

del c:\*.tmp

del %temp%\*.tmp /f

del %windir%\prefetch\*.*

del %windir%\temp\*.* /f

del C:\documents and settings\*\local settings\temp\*.* /f

 

Save the file to your desktop as clean.bat and make sure you save the file type as "all files".

Double click the "clean.bat" file and answer YES to all the prompts..

 

Reboot

 

 

Great job! Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here: Managing Windows Millenium System Restore or Windows XP System Restore Guide Renable system restore with instructions from tutorial above
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources
  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly. For a tutorial on Firewalls and a listing of some available ones see the link below: Understanding and Using Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software. A tutorial on installing & using this product can be found here: Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial on installing & using this product can be found here: Using SpywareBlaster to protect your computer from Spyware and Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically

Share this post


Link to post
Share on other sites
Sign in to follow this  

Click here to Read Amazon Reviews!



×