Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

sandan83

40 Posts

1621

March 26th, 2006 17:00

Possible Virus - Please Help

 

I recently post this request for assistance in the Virus Forum...I was instructed to send a copy of the HJT report to this forum to be analyze.  Please help me to be able to clean/clear my computer of any or all infections.  I should also mention that I have both the AVAST AV free and the AVG 7 free on my computer.  I thought I "disabled" the AVG7 so as not to cause conflict, however I'm now not sure I did it correctly.   Thank you in advance...

 Sandan83

After running the scan using the Avast prog. it once again showed infection from the ....."Win32: Kuangu, and also another one called, "Win32:CTX" .  After reading some information about the CTX virus, I am really worried as to how to remove these things from my computer.  Please help me rid my computer of these things.  Right now they are contained in a folder that AVAST has in its program....I've written the specifics of what the scan reported if that would help you to identify what we are dealing with better.

Thank you for your help.

 

Logfile of HijackThis v1.99.0
Scan saved at 1:42:55 PM, on 3/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://www.globalchat.com/custom/nativeclient/msichat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

 

Message Edited by sandan83 on 03-26-2006 02:07 PM

ALgal

1.2K Posts

March 28th, 2006 18:00

Hello sandman83 and Welcome to Dell,

Let's start with a few scans. Please do the following:


STEP 1.
======
SpySweeper

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.


Please do not delete anything unless you are instructed to.


Download the trial version of Spy Sweeper from Here

Install it using the Standard Install option. (You will be asked for your e-mail address, it is safe to give it. If you receive alerts from your firewall, allow all activities for Spy Sweeper)

You will be prompted to check for updated definitions, please do so.
(This may take several minutes)

Click on Options > Sweep Options and check Sweep all Folders on Selected drives. Check Local Disc C. Under What to Sweep, check every box.

Click on Sweep and allow it to fully scan your system.If you are prompted to restart the computer, do so immediately. This is a necessary step to kill the infection!

When the sweep has finished, click Remove. Click Select All and then Next

From 'Results', select the Session Log tab. Click Save to File and save the log somewhere convenient.

Exit Spy Sweeper.


STEP 2.
======
Ewido Trojan Scanner
Please download, install, and update the NEW free version of Ewido trojan scanner:

  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

  • From the main ewido screen, click on update in the left menu, then click the Start update button.

  • After the update finishes (the status bar at the bottom will display "Update successful")

  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

  • If ewido finds anything, it will pop up a notification. Select "clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.

  • When the scan finishes, click on "Save Report". This will create a text file. Make sure you know where to find this file again.


Empty Recycle Bin and reboot.

Please post the results from SpySweeper, ewido and a new hijackthis log.

sandan83

40 Posts

March 29th, 2006 00:00

Thank you so much for wanting to help me ALgal.  Just to let you know that I have seen your reply to my request of assistance and will be following through with your instructions.  I have to be away from the computer tomorrow, but hopeful I will have these results for you very soon.

Thanks again for wanting to help me...:smileyvery-happy:

Sandan83

sandan83

40 Posts

March 30th, 2006 02:00

Sorry it took me so long to get back here.  I began following your instructions , clearing the check mark from the box where it read "Hide protected operating system files."......



STEP 1.
======
SpySweeper

Double-click My Computer.
Click the Tools menu, and then click Folder Options.
Click the View tab.
Clear "Hide file extensions for known file types."
Under the "Hidden files" folder, select "Show hidden files and folders."
Clear "Hide protected operating system files."
Click Apply, and then click OK.
When another window opened up with this message....

 

Warning!

You have chosen to display protected operating system files (files labeled System and Hidden) in Windows Explorer.

These files are required to start and run Windows. Deleting or editing them can make you computer inoperable.

Are you sure you want to display these files?

       Yes             No

I didn't know what to do, so will await your instructions....Thank you for helping me,

Sandan83



 

ALgal

1.2K Posts

March 30th, 2006 07:00

Go ahead and display them. You can always hide them when we are through. It's a warning. Many times we must have victims search for malware files and these would be hidden too if files were not displayed.

Do not hesitate to ask questions though! Questions are welcome.

sandan83

40 Posts

March 30th, 2006 12:00

:smileyvery-happy:  thank you so very much for being so patient with me...as you know by now, I am green when it comes to computers, even though,  I absolutely love having my Dell and learning.  Will be doing as you suggested and will be posting results as per request.

Sandan83

sandan83

40 Posts

March 30th, 2006 21:00

Here are the results of the noted scans you wanted me to run and post....I will say here thank you so very much for your excellent ability to explain all of the "how to's" of these scans...I have never done anything like this and I was very comfortable following your instructions...

Thank you so very much.  I will wait for further direction from this report from you,:smileyvery-happy:

Sandan83

The Spy Sweeper Scan revealed:

********
4:28 PM: |       Start of Session, Thursday, March 30, 2006       |
4:28 PM: Spy Sweeper started
4:28 PM: Sweep initiated using definitions version 645
4:28 PM: Starting Memory Sweep
4:33 PM: Memory Sweep Complete, Elapsed Time: 00:04:48
4:33 PM: Starting Registry Sweep
4:33 PM: Registry Sweep Complete, Elapsed Time:00:00:27
4:33 PM: Starting Cookie Sweep
4:33 PM:   Found Spy Cookie: ask cookie
4:33 PM:   owner@ask[1].txt (ID = 2245)
4:33 PM:   Found Spy Cookie: 2o7.net cookie
4:33 PM:   owner@msnportal.112.2o7[1].txt (ID = 1958)
4:33 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
4:33 PM: Starting File Sweep
5:09 PM:   Warning: Invalid Stream
5:09 PM: File Sweep Complete, Elapsed Time: 00:35:36
5:09 PM: Full Sweep has completed.  Elapsed time 00:40:56
5:09 PM: Traces Found: 2
5:10 PM: Removal process initiated
5:10 PM:   Quarantining All Traces: 2o7.net cookie
5:10 PM:   Quarantining All Traces: ask cookie
5:10 PM: Removal process completed.  Elapsed time 00:00:01
********
4:25 PM: |       Start of Session, Thursday, March 30, 2006       |
4:25 PM: Spy Sweeper started
4:26 PM: Your spyware definitions have been updated.
4:28 PM: |       End of Session, Thursday, March 30, 2006       |

 

The Ewido Trojan Scanner revealed:

---------------------------------------------------------
 ewido anti-malware - Scan report
---------------------------------------------------------

 + Created on:   6:05:31 PM, 3/30/2006
 + Report-Checksum:  39EF3AC4

 + Scan result:

 No infected objects found.


::Report End

 

The new HJT Log reveals:

Logfile of HijackThis v1.99.0
Scan saved at 6:10:38 PM, on 3/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://www.globalchat.com/custom/nativeclient/msichat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BCBC2CE-BCBC-4327-92A1-D1D9D476A4C5}: NameServer = 65.174.118.5 65.174.118.6
O23 - Service: avast! iAVS4 Control Service - Unknown - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

ALgal

1.2K Posts

March 30th, 2006 23:00

Hello and Welcome to the Forums!

Disable SpySweeper:
You have SpySweeper installed. While this is a great program, we need to temporarily disable (not uninstall) the program because it might stop our fix.
  • Open it click >Options over to the left then >program options>Uncheck "load at windows startup"
  • Over to the left click "shields" and uncheck all there.
  • Uncheck" home page shield".
  • Uncheck ''automatically restore default without notification".

After all of the fixes are complete it is very important that you enable SpySweeper again.

Disable Microsoft AntiSpyware:
We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.
  • Open Microsoft AntiSpyware
  • Click on Tools, Settings.
  • In the left pane, click on Real-time Protection
  • Under Startup Options uncheck Enable the Microsoft AntiSpyware Security Agents
  • Under Real-time spyware threat protection uncheck Enable real-time spyware threat protection (recommended).
  • After you uncheck these, click on the Save button and close Microsoft AntiSpyware.
  • Right click on the Microsoft AntiSpyware icon on the taskbar and select Shutdown Microsoft AntiSpyware.


After all of the fixes are complete it is very important that you enable Real-time Protection again. Better yet, uninstall it and replace it with Microsoft Windows Defender. Microsoft Antispyware has been updated and renamed Microsoft Windows Defender. You can download the new version from http://www.microsoft.com/athome/security/spyware/software/default.mspx

Update Your Java
Update your Java to the latest version.
  • Uninstall any and all versions you have listed in add/remove programs
  • Install the latest version from here: http://www.java.com/en/


Close all programs leaving only HijackThis running. Place a check against each of the following, making sure you get them all and not any others by mistake:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
Click on Fix Checked when finished and exit HijackThis.

Although Incredimail is considered to be a legitimate program that people install intentionally, please read this information regarding Incredimail very carefully and use you best judgment in deciding if you want to keep this program on your computer or not.
The use of Incredimail opens your system to attacks, and in the User Agreement, claims permanent ownership of everything sent through their mail service. See the full article. I read this article and noticed the date was 10/10/02 so just in case the information had changed since then and was no longer a concern, I downloaded Incredimail from Incredimail's site. Before installing, I read the EULA and there it was still. It may be worthwhile to fix it with HijackThis. Uninstall using Control Panel>Add/ Remove Programs. This is the item to fix in HijackThis:

O4 - HKLM\..\Run: [IncrediMai] C:\INCRED~1\bin\IncrediMail.exe /c


Your version of hijackthis is out-of-date. So please post a fresh log with the new version.
http://forums.us.dell.com/supportforums/board/message?board.id=si_hijack&message.id=4987

sandan83

40 Posts

March 31st, 2006 00:00

Thank you for your quick response.  Does my computer have a virus? trojan? worm?  I will be doing exactly what you have instructed. 
 
Question :
May I please ask for another explanation of what I am to do with this quote...."Disable Microsoft AntiSpyware:
We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make"... then you spoke of "uninstalling it all together"
 My question is,
should I just uninstall the Microsoft AntiSpyware, or would you rather I follow the "Disable Microsoft AntiSpyware" and then uninstall this program. I didn't know if it was required to do both to make sure it was completely off the system. 
______________________________________________________________________
Question:
Also I do not know what Java is...What do I look for to identify it in order to uninstall it.  I know how to access the Add/Remove programs through the Control Panel, so I understand what you are asking about that.
 
Update Your Java
Update your Java to the latest version.
  • Uninstall any and all versions you have listed in add/remove programs
  • Install the latest version from here: http://www.java.com/en/
____________________________________________________________________
Question:
Also, when you say to not have any other programs running, I notice that the  AVAST AV  runs in the background.  Also I notice that the Spy sweep runs continuously in the background also.  The Zone Alarm also says it runs in the background too.  Do I close these programs from the taskbar?
______________________________________________________________________
Question:
In your opinion, what would happen if I should want to keep the Incredimail program?  The reason I ask is, I am a co-owner of a Christian group that uses only the Incredimail program.  I have made such wonderful friends through this Christian group, I can't bear thinking I have to give it up.  I read the article concerning the Incredimail, however, I am hoping that you see a way around any harm my computer may be suffering from it.  Please if you could, I would really appreciate it.  Also if I am allowed to keep the Incredimail, would I still follow the instructions for the HJT deletion of it?
 
I will download the newer version of HJT as you have recomended.  Will await further assistance before proceeding.  Thank you so very much for helping me,
Sandan83

Message Edited by sandan83 on 03-30-2006 09:43 PM

ALgal

1.2K Posts

March 31st, 2006 01:00

You do not have any infection that I can tell. You are really in good shape. Ewido log was clean. The entries
With “red.clentapps” are considered adware related and I was taught to have person check and fix them. You have two that can be deleted. Sorry that I only listed one—go ahead and delete the other one too.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com

Question :
May I please ask for another explanation of what I am to do with this quote...."Disable Microsoft AntiSpyware:
We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make"... then you spoke of "uninstalling it all together"
My question is,
should I just uninstall the Microsoft AntiSpyware, or would you rather I follow the "Disable Microsoft AntiSpyware" and then uninstall this program. I didn't know if it was required to do both to make sure it was completely off the system.

Uninstall Microsoft AntiSpyware and after hijackthis fixes, install the Windows Defender would be easiest and the best way..

Question:
Also I do not know what Java is...What do I look for to identify it in order to uninstall it. I know how to access the Add/Remove programs through the Control Panel, so I understand what you are asking about that.

You will see a little coffee cup icon to left and it may say JS2E Runtime Environment, etc. The new version has security updates. Your hijackthis log indicates that the old version is still installed. This is a safety precaution..

Update Your Java
Update your Java to the latest version.
• Uninstall any and all versions you have listed in add/remove programs
• Install the latest version from here: http://www.java.com/en/

Question:
Also, when you say to not have any other programs running, I notice that the AVAST AV runs in the background. Also I notice that the Spy sweep runs continuously in the background also. The Zone Alarm also says it runs in the background too. Do I close these programs from the taskbar?

I am sorry, I should have said all windows or browsers closed except the hijackthis window.

Question:
In your opinion, what would happen if I should want to keep the Incredimail program? The reason I ask is, I am a co-owner of a Christian group that uses only the Incredimail program. I have made such wonderful friends through this Christian group, I can't bear thinking I have to give it up. I read the article concerning the Incredimail, however, I am hoping that you see a way around any harm my computer may be suffering from it. Please if you could, I would really appreciate it. Also if I am allowed to keep the Incredimail, would I still follow the instructions for the HJT deletion of it?

I think that privacy was an issue here with Incredimail. I was just wanting to warn you. It is considered an optional fix—not a malware-must-be fixed issue which is why I listed it after the one hijackthis fix.


I will download the newer version of HJT as you have recommended. Will await further assistance before proceeding. Thank you so very much for helping me,
Sandan83

You are welcome and I await your log.

sandan83

40 Posts

April 1st, 2006 03:00

Thank you again for all your help.  I have done everything you asked and even though I have some additonal questions, I am posting the HJT report from the newest version...(I hope) 
 
Question:  Java
Reply:    There were no "Java" programs in the Add/Remove section. I ran a "Search" and it showed 71 "Java" indications in the Windows/Documents&Settings and other program files....I didn't do anything since not knowing what I should do.  Also there is no icon on my desktop of this new download version either.
 
Question:  Microsoft Anti-spyware
Reply:  I uninstalled and reinstalled the new Windows Defender as requested.  I ran the software with it showing no threats ...
 
Question:  HJT
Reply:  I couldn't find where to uninstall the old version of HJT, so I did go ahead and install the new version from your post.  The new icon is not on my desktop either.  From the HJT log report, did I download the new version correctly?  I deleted the two things you told me too on the HJT.
 
 
Logfile of HijackThis v1.99.1
Scan saved at 9:09:20 PM, on 3/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Lexmark X74-X75\lxbbbmon.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\C9U3G1AB\HijackThis[1].exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: UberButton Class - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: YahooTaggedBM Class - {65D886A2-7CA7-479B-BB95-14D1EFB7946A} - C:\Program Files\Yahoo!\Common\YIeTagBm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Lexmark X74-X75] "C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,81/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zonelabs.com/bin/promotions/spywaredetector/WebAAS.cab
O16 - DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} (msichat50 Client Control) - http://www.globalchat.com/custom/nativeclient/msichat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab33902.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{4BCBC2CE-BCBC-4327-92A1-D1D9D476A4C5}: NameServer = 65.174.118.5 65.174.118.6
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
 
Thank you so very much for helping me...will wait for further instructions
Sandan83

Message Edited by sandan83 on 04-01-2006 12:44 AM

Message Edited by sandan83 on 04-01-2006 12:56 AM

ALgal

1.2K Posts

April 1st, 2006 09:00

Question: Java
Reply: There were no "Java" programs in the Add/Remove section. I ran a "Search" and it showed 71 "Java" indications in the Windows/Documents&Settings and other program files....I didn't do anything since not knowing what I should do. Also there is no icon on my desktop of this new download version either.
You are right. There is no Java so do not worry about. I apologize.

Question: Microsoft Anti-spyware
Reply: I uninstalled and reinstalled the new Windows Defender as requested. I ran the software with it showing no threats ...
Good.



Question: HJT
Reply: I couldn't find where to uninstall the old version of HJT, so I did go ahead and install the new version from your post. The new icon is not on my desktop either. From the HJT log report, did I download the new version correctly? I deleted the two things you told me too on the HJT.
You did fine. The only thing was that you placed the hijackthis in a temporary folder and backups would not be made. However, since your log appears to be clean, we are not going to fix items, so we will not worry about it now. But if you post again to this forum with hijackthis log, you need to have an up-to-date version, and place it in a permanent folder. Your up-to-date version did not show any problems.

Don’t become overconfident with antivirus applications installed. I want to leave you with this warning:

http://forum.malwareremoval.com/viewtopic.php?t=8138&sid=3965a617e3ae8fa3039eba6ea0b5e8ee

One reason keyloggers are becoming so prevalent and stealthy is that far too many Windows users rely on anti-virus programs to stop attacks while continuing to ignore safe-computing advice, according to Ken Dunham, director of rapid response for Reston, Va.-based iDefense, a security subsidiary of VeriSign.

That advice has changed little since the first computer viruses appeared: Stay up to date on security patches and be extremely wary of clicking on links and attachments that arrive unbidden in instant messages and e-mail.

"The number one thing the majority of the malicious code we're seeing now does is disable or delete anti-virus and other security software," Dunham said. "In a lot of cases, once the user clicks on that attachment, it's already too late."

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:


  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  • Test your Firewall - Please test your firewall and make sure it is working properly.
    Test Firewall


  • Visit Microsoft's Update Site Frequently - It is important that you visit Windows Updates regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers


  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer


  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware


  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  • More info on how to prevent malware you can also find here (By Tony Klein)
    and here: http://wiki.castlecops.com/Malware_Prevent...nt_Re-infection



Follow this list and your potential for being infected again will reduce dramatically.

Thank you for allowing me to assist you.

Susan

sandan83

40 Posts

April 1st, 2006 12:00

Hi Susan, thank you so very much for helping me "clean" my computer. I have several more questions for you before I "let go of your hand"...LOL 

I don't know how to uninstall the old HJT prog. and reinstall the HJT newest version, nor do I know how to make the folders as you suggested in your last post.

The second question is, could you look at all of these programs that I have installed on my computer and tell me which ones are duplicating the other.  Meaning, if the Spybot S & D program is a tool used for deletion of spyware, malware, adware, then why do I have to have all the others?  The following anti programs on my computer are....

Ad-aware SE Personal, Spyware Sweep, Spybot S & D, Microsoft Defender, Zone Labs Security, Ewido Anti-Malware and soon to be installed per your advice, Spyware EBlaster...

Another question is should I go back and recheck the boxes in My Computer, which were these that you had me to uncheck before we began the process of cleaning my computer...."Hide file extensions for known file types." and
"Hide protected operating system files." 

Also, at one time I had the "Microsoft Photo Editor", however it is no where to be found now. It eventually quit working all together and I did delete it from the Add/remove option.  Is there anyway that I can reinstall this program?  What would have made it quit working?

Last, I ran "check your firewall" and it said that my firewall was working and it wasn't able to pentatrate my computer...:smileyvery-happy:  I will continue to update and run all of these programs as you suggested. My concern is that the other AV program that I had on my computer didn't pick up the problems that we had to deal with....:smileysad:  Therefore, I am now using Avast AV in place of the "other". You ask that I let you know how I liked the Avast program. 

Again, Thank you so very much for all your assistance. You and another "tech" from the Virus/Spyware forum that helped me, are in my opinion the best of the best here at the Dell Forum.  I applaud and am sending hugs to both of you..(my husband is too, since he thought that he was going to have to buy me another computer...LOL)

Thanks again,

Sandi
 

Message Edited by sandan83 on 04-01-2006 09:22 AM

ALgal

1.2K Posts

April 2nd, 2006 01:00

I don't know how to uninstall the old HJT prog. and reinstall the HJT newest version, nor do I know how to make the folders as you suggested in your last post.

You did fine. Your last log showed the new version. You have it in a temporary file so when you delete your temporary files, it will be gone. The following link will answer questions about hijackthis
http://www.russelltexas.com/malware/copyHJTfile.htm

The second question is, could you look at all of these programs that I have installed on my computer and tell me which ones are duplicating the other. Meaning, if the Spybot S & D program is a tool used for deletion of spyware, malware, adware, then why do I have to have all the others? The following anti programs on my computer are....

Ad-aware SE Personal,- this one is free for personal use and good for adware

Spy Sweeper- this is a free trial that is useful for us to have poster to use to remove spyware, etc. It will expire unless you purchase it. We take advantage of using free trials to clean up.

Spybot S & D- this is free for personal use. It is useful for removal of some spyware. Spy Sweeper will target certain things that this one will not. But Spybot S &D is useful to run and detect spyware

Microsoft Defender- this is free from Microsoft and targets spyware ,

Zone Labs Security- this is a firewall, it is different from antivirus and is important to have on pc to guard ports or openings that malware can try to access to invade your pc.

Ewido Anti-Malware- this application complements your antivirus. It is different from antivirus in that it complements antivirus and detects malware. You should not have more than one antivirus application installed on computer because they can interfere with each other. However ewido does not fall into this category as it complements antivirus. It is a trial and will expire.

and soon to be installed per your advice,

Spyware EBlaster- this is application that helps block access to bad sites on the web.

We generally do not advise poster’s to purchase applications but do advise what free applications can be used to protect the pc.

Another question is should I go back and recheck the boxes in My Computer, which were these that you had me to uncheck before we began the process of cleaning my computer...."Hide file extensions for known file types." and
"Hide protected operating system files." You can go back and check to hide the protected operating system files. What you cannot see, you are not likely to delete.

Also, at one time I had the "Microsoft Photo Editor", however it is no where to be found now. It eventually quit working all together and I did delete it from the Add/remove option. Is there anyway that I can reinstall this program? What would have made it quit working? I do not know about the program offhand and would have to research to find an answer

Hope this helps you!

Susan

Was this post helpful?

View All

No Events found!

Top