Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

rwilkins1

29 Posts

5586

August 3rd, 2009 00:00

Virus in [Filename]

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:18:38 AM, on 8/3/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18813)
Boot mode: Normal

Running processes:
c:\PROGRA~2\mcafee.com\agent\mcagent.exe
C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
C:\Program Files (x86)\Dell Remote Access\ezi_ra.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~2\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files (x86)\Dell\BAE\BAE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files (x86)\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O4 - Global Startup: Dell Remote Access.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O23 - Service: Andrea RT Filters Service (AERTFilters) - Unknown owner - C:\Windows\system32\AERTSr64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Ati External Event Utility - Unknown owner - C:\Windows\system32\Ati2evxx.exe (file missing)
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Advanced Networking Service (hnmsvc) - Dell Inc. - c:\ProgramData\SingleClick Systems\Advanced Networking Service\hnm_svc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxdcCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxdcserv.exe
O23 - Service: lxdc_device -   - C:\Windows\system32\lxdccoms.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~2\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~2\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~2\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files (x86)\McAfee\MSK\MskSrver.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9226 bytes





 I performed a "SCAN" using Mcafee Anti-virus. I got a 2 yr subsription with McAfee when I purchased my PC from Dell this pass January of 2009. So, it is the "retail version"(probably not as good). Anyway, as I was saying, I performed a scan, and it stopped only after 75% of the way through. When it stopped, an error message popped up that said, "McAfee virus scan on-demand scanner has encountered problems and needs to close." So, I closed and tried once more only to get the same message after 75% in the process. I tried once more...same thing.

That's when I started a "CHAT line" with a lady. She said she needed to analyze my PC remotely. A few minutes later she informed me I had a "Malious Trojan". That was all the information she gave me. She told me that McAfee could remotely remove the Trojan for $89.00, but, I am sure most will agree at this time in need, "Money don't grow on trees."

I decided to do a "System Health Report" hoping I could get answers. I think I attached it. It may be helpful reviewing it. The Health Report addressed issues regarding the Anti-virus. When you open it scroll to the section "Anti-virus Information". There it says, "The Security Center has not recorded an anti-virus product". It further says, "The Security Center is unable to identify an active antivirus application. Either there is no antivirus product installed or it is not recognized".

Well, I know the McAfee anti-virus is in the system because I uninstalled it and reinstalled it. After I reinstalled it, I performed a "SCAN", and it scanned to 100% complete, but did not locate the first piece of adware or anything. I feel it should have discovered something if it was working properly, especially since the lady at McAfee said earlier I had a Trojan.

Next thing I did was try to figure out why this negative information was being concluded on my "Health Report". I searched online and found a link that says "McAfee and Windows Defender are not compatible", i.e. if one is on the other will possibly not perform as should. This is that link

http://social.answers.microsoft.com/Forums/en-US/vistasecurity/thread/574fb871-034c-4b42-b800-328af16a9177

After I read this link, I decided to disable 'Windows Defender" restart my PC and see if that fixed the problem. So, I ran the "System Health Report", but unfortunately I received the same message as before.

About a week or two ago I downloaded a few freeware program. I was a little skeptical but still did it. Theses freeware programs consist of the following names: "Convert VOB to AVI". Aother program was, DVDx, Auto GK, Xvid. I also downloaded an Ac3 Codec. I tried to uninstall all these programs but they would not uninstall. They all say they "Don't have a Unins000.dat file". As far as the Ac3 codec, well I can not find it anywhere on my PC, but I know I downloaded it.

Also, viewing my "Program Files (x86) folder", there is a folder labeled "Gabest". I looked it up on the internet and the page said the following:
Gabest Media Player Classic Description
"It is an illegal advertising application that secretly works in background and shows undesirable commercial information. Gabest Media Player Classic shows advertisements in numerous pop-ups, web browser windows or toolbars. It can get into the computer from unsafe web sites. Some ad-supported softwares include it as a component. Gabest Media Player Classic doesn't possess any serious threat to the computer security, but may severely violate user privacy."
http://www.spywareremove.com/removeGabestMediaPlayerClassic.html

I don't remember downloading "Gabest", and I don't think I did.
I almost forgot, the lady from McAfee did tell me the mcod.exe was a Trojan, and I discovered that on my own when the "McAfee virus scan on-demand scanner has encountered problems and needs to close" error popped up.
As far as a Trojan...Well, I don't know. The lady working at McAfee said I had one but that could have been a sales pitch. I do know something is not right about my PC, and I do think it is infected, but since my McAfee Anti-virus finds nothing I can;t give you the information you requested. I know no way to narrow the search down in order to single the "Virus" out.
Maybe you can look at the "System Health Report", and that will raise ideas. If you still want me to perform the instructions in the reply you sent before this one, I will. Then I'll inform you of result.

rwilkins1

29 Posts

August 6th, 2009 18:00

Okay, do you want me to delete these items in the "Services " window, and if I do, it want cause any present or future issues will it, not that you don't know what you are doing because I know that you do?

In "Task Manager" under "Services" I have the following...

Names of   the services:

AERTFilters--- Run
ALG---Stop
DFSR---Stop
ATIPOLAB---Not Listed (can't find)
KeyIso---Stop
MSDTC---Stop
Netlogon---Stop
ProtectedStorage---Run
RpcLocator---STOP
slsvc---run
SNMPTRAP---STOP
Spooler---run

-----------------------------------------------------------------------------

Going to "Services" as discribes in the link you sent me (Services" window, I have the following...

 

Name                                       Status                                      Staertup Type

AERTFilters                           Started                                     Automatic

ALG                       (Not listed in services window)

ATIPOLAB           (Not listed in services window)

KeyIso                  (Not Listed in services window)

MSDTC                 (Not listed in services window)

Netlogon                              (No info in status row)            Manual

ProtectedStorage               Started                                      Manual

RpcLocator         (Not listed in services window)

slsvc                     (Not listed in services window)

SNMPTRAP         (No info in the status row)                      Manual

Spooler                (Not listed in services window)


_______________________________________________________

I hope this makes sense. The top information is directed towards what was listed in "Task Manager" window' and the bottom information was directed towards what was listed in the "Services" page.

Thanks

Bugbatter

20.5K Posts

August 6th, 2009 20:00

Just leave them the way that you have them and don't delete them. Comparing what you are seeing to what we see in HijackThis, it appears that HijackThis is not giving us an accurate picture of those services based on the operating system.

Otherwise, how is everything running?

rwilkins1

29 Posts

August 6th, 2009 22:00

Everything seems well. No, pop-ups, and I am not being directed to different pages. This issue of worring that I have some sort of virus started last week when I performed a scan. At least three times in a row my anti-virus program (McAfee) stopped at 75% from being a complete scan. So, I opened "System Health Report" and that's when the results said "System does not recognized anti-virus". After I seen that I became a little concerned, so I got in touch with McAfee for technical support. The tech suppot rep remotely viewed my computer for a brief minute. When the rep returned to let me know whether or not I had a problem, that's when I was told I had a "Trojan".

Shortly after that I began to research a little so I could find out what would be causing my system to not recognize my PC and cause my McAfee program to stop 25 % from being complete. I found a Microsoft site that pertained to the "Warning" I had in my 'System Health Report". It said that some of the "Service Pack 2" downloads would cause the computer to not recognize the anti-virus. So then, I uninstalled my "Service Pack 2" and rebooted. After I was logged back on I ran another "System Health Report", but I just continued to get the same warning message regarding my anti-virus not being recognized.

The next thing I did was uninstall then reinstall my McAfee program and reboot. Once I was back up I performed another scan; however, I still got the same message about anti-virus not being recognized. One thing that was different due to the uninstall then reinstall of McAfee...I was able to perform a scan at a hundred percent. The McAfee results once complete was zero viruses, nothing at all--not even a cookie.

Later that evening I bought the AVG program. Hoping that if I did have a virus the AVG would find it. After I got the results of the scan I posted them into this thread. They all were cookies, about 300 or more (all posted in above sections thoughout our discussions.

I really can't tell if there is a virus in my PC. The performance seems good, and as I said earlier, I am not being redirected to other pages or lured to other websites.

The only thing I can't understand is the McAfee rep saying I had a Trojan. The rep also said they would charge me $90 dollars to remove it. I'm thinking it could have been a sales pitch.

Have you ever had this experience with other computers?

As the McAfee rep said I have a Trojan. Do you see that I have a Trojan looking at the logs?

To answer your question...Yes, everything seems the way it was the day I purchased my PC. It was fast then and it is still fast.

So, what do you suggest?

 

Thank you for your help!! :emotion-1:

 

Bugbatter

20.5K Posts

August 7th, 2009 06:00

 

The only thing I can't understand is the McAfee rep saying I had a Trojan. The rep also said they would charge me $90 dollars to remove it.
Malware very often disables the resident anti-virus when it gets on a system, so I'm thinking that may be the first reply the phone techs give. Better to tell users that they have a virus and find out otherwise than to tell them they do not and leave infection on there. They would have charged you $90.00 to do what we just did.  We have heard from others who had the same problem as far as incomplete scans. The solution has been to uninstall McAfee, run McAfee's Removal Tool, and re-install McAfee - not from the CD, but running the installation of McAfee online. However, you went ahead and installed AVG before we could reply with that information.

Have you ever had this experience with other computers?
  Yes, this forum is for owners of other brands as well as Dell.

Let's run  DiskCleanup in each user's profile, and then you will be good to go.

1. Open Disk Cleanup by clicking the Start button Picture of the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.

2. In the Disk Cleanup Options dialog box, choose whether you want to clean up your own files only or all of the files on the computer. Administrator permission required If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

3. If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.

4. Click the Disk Cleanup tab.

* Please make sure only the following are checked:

-- Downloaded Program Files

-- Temporary Internet Files

-- Recycle Bin

-- Temporary Files

5. When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.

http://windowshelp.microsoft.com/Windows/en-US/Help/1264bc24-72a8-48aa-84e3-a355327139d91033.mspx

If everything is running well, it would be good to flush System Restore so you can start fresh. We'll purge the old, infected Restore Points by turning System Restore off and on again., thus creating a new, clean Restore Point.

To turn off Windows Vista System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
9. When you have finished, restart the computer and follow the instructions in the next section to turn on System Restore.

To turn on Windows Vista System Restore:

1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Place a checkmark in the box for any drive you wish to enable System Restore on
7. Click OK

Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

If you have used Malwarebytes' Anti-Malware as part of your cleaning procedures, keep it updated and use it to scan every so often for malware, or upgrade to the paid version for realtime scanning and auto updating.

The following suggestions are general prevention and are not customized for your computer. You may have already taken some of these steps, and depending on your current security, you may not need to implement all of these:

1. Visit Microsoft Update: Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS. Microsoft's widows Update: http://v4.windowsupdate.microsoft.com/en/default.asp  If I were you, I'd try installing SP2 again.

2. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.

3.You might consider installing Mozilla / Firefox.
http://www.mozilla.com/en-US/

4. Do not use file sharing. Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

5. Before using or purchasing any Spyware/Malware protection/removal program, always check the following Rogue/Suspect Spyware Lists. http://www.spywarewarrior.com/rogue_anti-spyware.htm http://www.malwarebytes.org/database.php

6. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.

7.Web Of Trust , uses colored alerts to warn about risky websites warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Red for Warning = STOP
  • Yellow for Use Caution
  • Green for Safe
  • Grey for Unknown

There is a Web Of Trust version for Firefox as well.

 

8. You might consider installing SpywareBlaster: http://www.javacoolsoftware.com/spywareblaster.html
It will:
Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
Block spyware/tracking cookies in Internet Explorer and Mozilla Firefox.
Restrict the actions of potentially unwanted sites in Internet Explorer.
Tutorial here:http://www.bleepingcomputer.com/forums/tutorial49.html
Periodically check for updates

9. Here are some helpful articles:
"How did I get infected?"
http://www.bleepingcomputer.com/forums/topic2520.html


"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx

 

rwilkins1

29 Posts

August 7th, 2009 15:00

bugbatter,

First of all thank you much for your help and being nothing but persistent and motivated. Yea, I also believe that I saved $90 bucks not asking deal to fix the problem. I downloaded the Web Of Trust. That is a cool program. Web Of Trust makes you feel more secure when surfing the net. Thanks for all the tools, the links you provided, more importantly, the knowledge I feel I've gained in this experience. I thiught the whole process was fun, of course that may seem a little crazy though.

I turned off System Restore and then booted, then enabled it. After that, I rebooted. Then I created a restore point. Oh almost forgot, I also did Disk Cleanup and cleaned the items you instructed.

So, is there anything else I should do, or should that be all?

Thank you for saving me that money

rwilkins1

 

Bugbatter

20.5K Posts

August 7th, 2009 17:00

You are most welcome.

I think you will like WOT.  It has saved me many times! The first time their big red and black "Warning!" pops up, it might scare you, but that's what it was intended to do. You will be happy to have help from WOT!

That's it. Nothing else to do but to keep Windows, MBAM, and your AVG updated so you can stay safe. :emotion-1:

Glad we were able to help.
NOTE: The issue has been resolved, so this thread is now closed.
Everyone else who is having a similar issue, please begin a New Message at the top of the forum.

 

 

View More

View All

No Events found!

Top