You have some other things to clean up, however. First, disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.
Exit by a right-click on the "Spyware Doctor" icon in the system tray and choose "Exit".
[To enable Spyware Doctor when you are finished cleaning, open the program, Settings>Startup Settings> CHECK "Run at Windows Startup">APPLY
Exit. Reboot.]
To disable PCTools Browser Monitor: If you are running Internet Explorer, click Tools > Manage Add-ons. If PCTools Browser Monitor is on the list, click it & select Disable. You will need to restart your browser after making the change.
Launch
HijackThis and place a checkmark next to these:
(If you are using the Yahoo sidebar the R1 entry will probably be installed again, but we'll fix it for now.)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
Close all windows except HijackThis and click "Fix Checked".
Reboot.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
** Please note #10 below. Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run.
You may have already taken some of these steps: 1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update:
http://v4.windowsupdate.microsoft.com/en/default.asp
2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
6. Install spyware detection and removal programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
I would check for updates in SpyBot once a week or so.
Check for updates in Ad-aware frequently.
If you have recently installed AVG Anti-Spyware, it is a free trial product for 30 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update it using the *update* button
8. If you have not already done so, you might want to install
CCleaner and run it in each user's profile:
http://www.ccleaner.com/ ** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.
9. If you use
Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 8. It would be best to remove prior versions before updating to a new version.
Info here:
http://www.adobe.com/support/security/bulletins/apsb06-20.html If you need additional assistance, the Adobe forums are here:
http://www.adobe.com/support/forums/main.html
10.
Make sure you are using the most updated version of Java. The current version is Java Runtime Environment (JRE)1.6.0
You can go here to download the latest version of
Java Runtime Environment (JRE) 6.
Scroll down to where it says "
The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the link to download the
Windows (Offline Installation) package: Save it, do
not run it. When the download is complete, close the browser.
Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on
jre-6-windows-i586.exe to install the newest version.
Official JAVA Installation Instructions if needed.
Reboot.
11. Practice Safe Surfing with with
SiteAdvisor by McAfee. SiteAdvisor is a browser plugin that assigns a safety rating to domains listed in your search engine.
The following color codes are used by SiteAdvisor to indicate the safety of each site.
Red for Warning Yellow for Use Caution Green for Safe Grey for Unknown
13. This is an excellent resource for users of all levels. General computer maintenance as well as internet security is covered.
Rootkits for Dummies (Paperback)
by Larry Stevenson (Author), Nancy Altholz (Author)
Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!
Thanks so much for your help. I was afraid I had a bad virus, and couldn't really understand where it came from, since I don't do very much downloading. The only thing I updated recently was my Adobe Flash, Adobe Shockwave, and Java.
I was wondering, however, if you could think of any reason why my system restore did not work, or if you think it is even a good idea to use system restore. I tried to restore to a week earlier, and it would not restore. Tried a few other dates but was still denied a restore to any earlier time. Doesn't really matter now, since I now understand what the problem is, but just wondering for the future.
Thanks again for all your help!!!! This is a great forum.
Did you have restore points on those days that you tried to restore to?
The problem may be due to the lack of space available on your hard drive. System Restore requires a full 200MB of free space for minimum data storage. If you've freed up space on your hard drive, System Restore should be enabled automatically.
Go to the Start menu, point to Control Panel, click Performance And Maintenance, and then double-click the System icon. This will display numerous tabs for monitoring your computer's system, including the System Restore tab. Click System Restore and make sure that the Turn Off System Restore checkbox does not have a check mark (by default, System Restore should be on, unless you don't have enough available hard drive space).
From here, you can also change the amount of hard drive space dedicated to System Restore. Use the slider to decrease or increase the amount of space used—from the minimum of 200MB to the maximum of 400MB. The more disk space allotted means the greater number of restore points available.
If you are still having problems with System Restore, it might be good to post your question on the Windows XP forum. YES, you need to have System Restore in good working order!!
Thanks again for the info. I did go to the Windows XP forum section and found my answer there. I just had to turn off system restore, reboot, and then turn it back on. something about the database being corrupt and this restarts it. All is working properly again now.
I have a trial version of spyware doctor. I am running Trend Micro PC-cillin Internet Security as my virus protection. Do you think Spyware Doctor is necessary too. I did download spybot search and destroy, Ad-Aware, and CCleaner. Just wondering what your thoughts are on Spyware Doctor too and if it is really needed with everything else I am using. Sorry to be a pest, but I know some programs will just conflict with each other and don't want that to be the case here. Thanks again!!!!
It sounds as if you are asking about realtime anti-spyware protection rather than an on-demand scanner.
Ad-aware does not have realtime protection but scans on demand (unless you are using the paid version with Ad-watch).
CCleaner only does maintenance such as cleaning temp folders/cookies, etc. It does not protect you from spyware.
Spybot does have a realtime protection feature. Don't forget to immunize after you download each Spybot update.
It depends on how much you surfing you do and what type of sites you go to, but after the trial of Spyware Doctor runs out (rather than upgrading to its paid version), you might want to try
SpywareBlaster and
SpywareGuard. Both are free. Links are in my Prevention Tips above.
In addition to my ONE anti-virus, for spyware I use
Ad-aware,
Spybot,
SpywareGuard,
SpywareBlaster. I also use
WinPatrol which has a free version and has some very handy features:
http://www.winpatrol.com/
Thanks again for all your help. I am very much reassured that things are working properly again on my computer. I appreciate all your recommendations and will definitely put them to use. :smileywink:
I was trouble shooting the TROJ_Generic.ADV file that TrendMicro detected with their definitions on 3/06/07. Today after TrendMicro definitions updated, 3/08/07, the file was NOT detected. It was a false positive caused by TrendMicro and corrected by the same.
Message Edited by PcFirewire on 03-08-2007 04:49 PM
Bugbatter
3 Apprentice
•
20.5K Posts
0
March 7th, 2007 17:00
Read here:
http://www.dellcommunity.com/supportforums/board/message?board.id=si_hijack&thread.id=57458
You have some other things to clean up, however. First, disable Spyware Doctor from running on your system startup:
1. First, disable the OnGuard Tools. This way, when you exit Spyware Doctor, these tools won't stay resident in the background.
2. Click the "Settings" button on the left side.
3. Click the "Startup Settings" link.
4. Uncheck "Run at Windows Startup".
5. Click the "Apply" button.
Exit by a right-click on the "Spyware Doctor" icon in the system tray and choose "Exit".
[To enable Spyware Doctor when you are finished cleaning, open the program, Settings>Startup Settings> CHECK "Run at Windows Startup">APPLY
Exit. Reboot.]
To disable PCTools Browser Monitor: If you are running Internet Explorer, click Tools > Manage Add-ons. If PCTools Browser Monitor is on the list, click it & select Disable. You will need to restart your browser after making the change.
Launch HijackThis and place a checkmark next to these:
(If you are using the Yahoo sidebar the R1 entry will probably be installed again, but we'll fix it for now.)
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ie/defaults/su/sbcydsl/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
Close all windows except HijackThis and click "Fix Checked".
Reboot.
Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.
** Please note #10 below.
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. It is possible that you may be running Java code in your applications that absolutely require a specific version of the JRE to run.
You may have already taken some of these steps:
1. Visit Windows Update:
Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp
2. Adjust your security settings for ActiveX:
Go to Internet Options/Security/Internet, press 'default level', then OK.
Now press "Custom Level."
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.
3. Download and install the following free programs:
a. SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Tutorial here: http://www.bleepingcomputer.com/forums/tutorial49.html
b. SpywareGuard:
http://www.javacoolsoftware.com/spywareguard.html
Tutorial here: http://www.bleepingcomputer.com/tutorials/tutorial50.html
Periodically check for updates in both programs.
4. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
Note: Zone Alarm Firewall (Zone Labs) http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads
Sunbelt Kerio has a free version: http://www.kerio.com/kpf_download.html
5. You might consider installing Mozilla / Firefox.
http://www.mozilla.org/
6. Install spyware detection and removal programs:
You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.
a. Ad-aware: http://www.lavasoft.de/software/adaware/
b. SpyBot S&D: http://safer-networking.org/en/news/2005-05-31.html
I would check for updates in SpyBot once a week or so.
Check for updates in Ad-aware frequently.
If you have recently installed AVG Anti-Spyware, it is a free trial product for 30 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
You will still be able to manually update it using the *update* button
7. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List.
Here is the link:
http://www.spywarewarrior.com/rogue_anti-spyware.htm
8. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/
** UNcheck the option to install the Yahoo toolbar that is checked by default for the Standard version, or download the toolbar-free versions (Slim or Basic) when given the option for those.
9. If you use Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 8. It would be best to remove prior versions before updating to a new version.
Info here: http://www.adobe.com/support/security/bulletins/apsb06-20.html
If you need additional assistance, the Adobe forums are here: http://www.adobe.com/support/forums/main.html
10. Make sure you are using the most updated version of Java.
The current version is Java Runtime Environment (JRE)1.6.0
You can go here to download the latest version of Java Runtime Environment (JRE) 6.
Scroll down to where it says " The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the link to download the Windows (Offline Installation) package: Save it, do not run it. When the download is complete, close the browser.
Remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6-windows-i586.exe to install the newest version.
Official JAVA Installation Instructions if needed.
Reboot.
11. Practice Safe Surfing with with SiteAdvisor by McAfee. SiteAdvisor is a browser plugin that assigns a safety rating to domains listed in your search engine.
The following color codes are used by SiteAdvisor to indicate the safety of each site.
Red for Warning
Yellow for Use Caution
Green for Safe
Grey for Unknown
12. Here are some helpful articles:
"So how did I get infected in the first place?"
by TonyKlein
http://computercops.biz/postlite7736-.html
"I'm not pulling your leg, honest"
by Sandi Hardmeier
http://www.microsoft.com/windows/IE/community/columns/pulling.mspx
13. This is an excellent resource for users of all levels. General computer maintenance as well as internet security is covered.
Rootkits for Dummies
(Paperback)
by Larry Stevenson (Author), Nancy Altholz (Author)
Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!
djlanigan
5 Posts
0
March 7th, 2007 18:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
March 7th, 2007 20:00
The problem may be due to the lack of space available on your hard drive. System Restore requires a full 200MB of free space for minimum data storage. If you've freed up space on your hard drive, System Restore should be enabled automatically.
Go to the Start menu, point to Control Panel, click Performance And Maintenance, and then double-click the System icon. This will display numerous tabs for monitoring your computer's system, including the System Restore tab. Click System Restore and make sure that the Turn Off System Restore checkbox does not have a check mark (by default, System Restore should be on, unless you don't have enough available hard drive space).
From here, you can also change the amount of hard drive space dedicated to System Restore. Use the slider to decrease or increase the amount of space used—from the minimum of 200MB to the maximum of 400MB. The more disk space allotted means the greater number of restore points available.
If you are still having problems with System Restore, it might be good to post your question on the Windows XP forum. YES, you need to have System Restore in good working order!!
djlanigan
5 Posts
0
March 7th, 2007 22:00
Bugbatter
3 Apprentice
•
20.5K Posts
0
March 8th, 2007 00:00
Ad-aware does not have realtime protection but scans on demand (unless you are using the paid version with Ad-watch).
CCleaner only does maintenance such as cleaning temp folders/cookies, etc. It does not protect you from spyware.
Spybot does have a realtime protection feature. Don't forget to immunize after you download each Spybot update.
It depends on how much you surfing you do and what type of sites you go to, but after the trial of Spyware Doctor runs out (rather than upgrading to its paid version), you might want to try SpywareBlaster and SpywareGuard. Both are free. Links are in my Prevention Tips above.
In addition to my ONE anti-virus, for spyware I use Ad-aware, Spybot, SpywareGuard, SpywareBlaster. I also use WinPatrol which has a free version and has some very handy features:
http://www.winpatrol.com/
By the way, that Local Settings\Temp\clclean.0001 was scanned by many virus scanners and came up clean.
Here:
http://www.dellcommunity.com/supportforums/board/message?board.id=si_hijack&thread.id=57574
Message Edited by Bugbatter on 03-07-2007 09:29 PM
Bugbatter
3 Apprentice
•
20.5K Posts
0
March 8th, 2007 11:00
djlanigan
5 Posts
0
March 8th, 2007 11:00
rleduc
14 Posts
0
March 8th, 2007 13:00
Users may benefit from this temporary fix while PCCillan sorts out their fix, or, like myself, choose to adopt it as a permanent solution.
PcFirewire
1 Message
0
March 8th, 2007 20:00
Message Edited by PcFirewire on 03-08-2007 04:49 PM
Bugbatter
3 Apprentice
•
20.5K Posts
0
March 8th, 2007 23:00