Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

valdasn

10 Posts

1071

August 5th, 2006 03:00

system error #1752

I had an attack from spyware yesterday. I ran my spyware anti-virus and removed everything.  But on start up I get a warning screen instaed of my desk top picture.  The screen states "Warning! Spyware threat detected! System error #1752."  The computer is working OK but I can't get rid of the screen. Could you possibly help? Sending you a copy of the contents I received after scanning with HijackThis. Thanks in advance.
 
 Logfile of HijackThis v1.99.1
Scan saved at 22:10:22, on 2006.08.04
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\WINDOWS\VM305_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\NetWaiting\netWaiting.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Documents and Settings\Valdas\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.takas.lt/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ShowLOMControl]
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: .protected
O4 - Global Startup: .protected
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152462935562
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE
 

Bugbatter

4 Apprentice

 • 

20.5K Posts

August 5th, 2006 14:00

Welcome to DCF:)

First we will search for the infection. After your next post we will clean it.

Please download SmitfraudFix (by S!Ri) to your Desktop.
http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Extract all the files to your Desktop. A folder named SmitfraudFix will be created on your Desktop.
______________________________

Download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program

  2. Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  3. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'
  4. Right click on ewido in the system tray and uncheck "Start with Windows".
    Go to Start > Run and type: services.msc
  5. Press "OK".
  6. In Services, click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
  7. When you find the guard service, double-click on it.
  8. In the Properties Window > General Tab that opens, click the "Stop" button.
  9. From the drop-down menu next to "Startup Type", click on "Manual".
  10. Now click "Apply", then "OK" and close the Services window.
  11. Once the setup is complete you will need run ewido and update the definition files.
  12. On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you are having problems with the updater, manually update with the Ewido Full database installer from here.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
    • Under "Reports"
      • Select "Automatically generate report after every scan"
      • Un-Select "Only if threats were found"
      • Close ewido anti-spyware, Do Not run a scan just yet. We will shortly.
        ______________________________

        Open the SmitfraudFix folder and double-click smitfraudfix.cmd
        Select option #1 - Search by typing 1 and press Enter
        This program will scan large amounts of files on your computer for known patterns so please be patient while it works. When it is done, the results of the scan will be displayed and it will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

        Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
        http://www.beyondlogic.org/consulting/proc...processutil.htm

        IMPORTANT: Do NOT run any other options until you are asked to do so!


        Rightclick on an empty space on your desktop and choose New > Folder
        Name it HijackThis (HJT, or whatever)
        Rightclick HijackThis.exe, choose Cut.
        Doubleclick (to open) the folder you created.
        Rightclick inside and choose Paste.

        Please post your rapport.txt, and a fresh HijackThis log.
        We will have more work to do after we identify the files to be cleaned.

      valdasn

      10 Posts

      August 6th, 2006 06:00

      Hi there,

       

      It's where I got stuck while following your instructions:

      "Open the SmitfraudFix folder and double-click smitfraudfix.cmd
      Select option #1 - Search by typing 1 and press Enter"

      I could not possibly find the smitfraudfix.cmd

      Any suggestions?

      Thanks.

       



      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      August 6th, 2006 14:00

      After you unzip/extract the files from the .zip that you downloaded, you will see a folder on your desktop. smitfraudfix.cmd should be in there.

      Here are some instructions with screenshots:
      http://www.geekstogo.com/forum/index.php?showtopic=109268&pid=696765&st=0&#entry696765

      valdasn

      10 Posts

      August 8th, 2006 15:00

      Morning!

      Again regarding System error #1752.

      Thanks for the patience and detailed instructions for SmithfraudFix download. But it seems that I'm geting a slightly different list of stuff in the folder I download from the one that is in your instructions. Here is the list:

      GenericRenosFix 80 KB application

      Process 52 KB application

      Reboot 24 KB application

      Restart 16 KB application

      SmithfraudFix 642 KB application

      SrchSTS 282 KB application

      swreg 42 KB application

      swsc 40 KB application

      Am I getting a different version of SmithfraudFixor is there something wrong again?

      Thanks.

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      August 8th, 2006 18:00

      Delete the copy that you have. Download it from one of the sites listed at the Geeks To Go link provided above. Follow the instructions for extracting the folder and for running Option 1. Hopefully, then we will be on the right track.

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      August 9th, 2006 02:00

      Are you saying that you have opened this:
      SmithfraudFix 642 KB application
      and there is nothing in it?

      valdasn

      10 Posts

      August 9th, 2006 02:00

      Hello again!
       
      I must be mad or something, but the file in the instructions does nor exist in the folder I download. I extracted all the files and got exactly the same ones as before. Could something block the download of the necessary file(s)?
       
       
      Regards,
       
      Valdas
       

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      August 9th, 2006 03:00

      Yes, please follow the instructions to run Option 1 and post your logs.

      valdasn

      10 Posts

      August 9th, 2006 03:00

      Yes yes i have it, the confusion was because i did not see the extension .cmd in the list of unzipped stuff...
      Shall I follow the further instructions?

      valdasn

      10 Posts

      August 9th, 2006 15:00

      Hello again,

      Hopefully i managed to do as instructed. here are my logs you asked for.

      Logfile of HijackThis v1.99.1
      Scan saved at 19:15:01, on 2006.08.09
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\WLTRYSVC.EXE
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
      C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      C:\WINDOWS\stsystra.exe
      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
      C:\WINDOWS\VM305_STI.EXE
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\NetWaiting\netWaiting.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
      C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
      C:\WINDOWS\NOTEPAD.EXE
      C:\Documents and Settings\Valdas\My Documents\Hijack this\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.takas.lt/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.euro.dell.com
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
      O4 - HKLM\..\Run: [ShowLOMControl]
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
      O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
      O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
      O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
      O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
      O4 - Startup: .protected
      O4 - Global Startup: .protected
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152462935562
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
      O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

       

      SmitFraudFix v2.81

      Scan done at 19:02:31,89, 2006.08.09
      Run from C:\Documents and Settings\Valdas\Desktop\SmitfraudFix\SmitfraudFix
      OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
      Fix ran in normal mode

      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

      C:\WINDOWS\.protected FOUND !
      C:\WINDOWS\warnhp.html FOUND !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Valdas\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

      C:\DOCUME~1\Valdas\STARTM~1\Programs\Startup\.protected FOUND !
      C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Valdas\FAVORI~1


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
       
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="C:\\WINDOWS\\warnhp.html"
      "SubscribedURL"=""
      "FriendlyName"="Desktop Uninstall"
       
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="My Current Home Page"

      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


      »»»»»»»»»»»»»»»»»»»»»»»» End


      SmitFraudFix v2.81

      Scan done at 19:02:31,89, 2006.08.09
      Run from C:\Documents and Settings\Valdas\Desktop\SmitfraudFix\SmitfraudFix
      OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
      Fix ran in normal mode

      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

      C:\WINDOWS\.protected FOUND !
      C:\WINDOWS\warnhp.html FOUND !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Valdas\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

      C:\DOCUME~1\Valdas\STARTM~1\Programs\Startup\.protected FOUND !
      C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Valdas\FAVORI~1


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
       
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="C:\\WINDOWS\\warnhp.html"
      "SubscribedURL"=""
      "FriendlyName"="Desktop Uninstall"
       
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="My Current Home Page"

      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


      »»»»»»»»»»»»»»»»»»»»»»»» End

       

       

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      August 9th, 2006 16:00

      Good job! Now we are on the right track and are ready for some cleaning.

      Did you knowing install SpywareBot recently? I did not notice it in your first log.
      SpywareBot is on the well-respected list of rogue products here:

      http://www.spywarewarrior.com/rogue_anti-spyware.htm

      I strongly suggest that you go to Add/Remove Programs and remove it. Then delete the SpywareBot folder here: C:\Program Files\ SpywareBot --FOLDER

      Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.

      Reboot your computer in Safe Mode.
      • If the computer is running, shut down Windows, and then turn off the power.
      • Wait 30 seconds, and then turn the computer on.
      • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
      • Ensure that the Safe Mode option is selected.
      • Press Enter. The computer then begins to start in Safe mode.
      • Login on your usual account.
      ______________________________
      Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
      Select option #2 - Clean by typing 2 and press Enter.
      Wait for the tool to complete and disk cleanup to finish.
      You will be prompted : " Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
      The tool will also check if wininet.dll is infected. If it is infected and a clean version is found, you will be prompted to replace the infected wininet.dll with the clean file. Answer Yes to the question " Replace infected file ?" by typing Y and hit Enter.

      A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

      The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.
      ______________________________

      Clean out your Temporary Internet files. Proceed like this:
      • Quit Internet Explorer and quit any instances of Windows Explorer.
      • Click Start, click Control Panel, and then double-click Internet Options.
      • On the General tab, click Delete Files under Temporary Internet Files.
      • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
      • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
      • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
      • Click OK.
      Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
      Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin
      ______________________________
      Close ALL open Windows / Programs / Folders.
      • In Safe Mode, load Ewido and click on the Scanner tab at the top and then click on Complete System Scan. This scan can take quite a while to run, so be prepared.

      • Ewido will list any infections found on the left hand side. When the scan has finished, it will automatically set the recommended action. Click the Apply all actions button. Ewido will display "All actions have been applied" on the right hand side.

      • Click on "Save Report", then "Save Report As". This will create a text file. Make sure you know where to find this file again (such as on the Desktop).

      • Restart back into Normal Mode.


      Please launch Hijackthis and place a checkmark next to these if they still exist:
      O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
      O4 - Startup: .protected
      O4 - Global Startup: .protected

      Close all windows except HijackThis and click "Fix Checked".

      Reboot.

      Please post your rapport.txt, the ewido report, and a fresh HijackThis log.

      valdasn

      10 Posts

      August 9th, 2006 19:00

      It seems I've done it! Lots of thans for your great assistance!

      Am I supposed to keep the software I dowloaded in the process of repairing?

      Sending you the stuff you requested:

      Logfile of HijackThis v1.99.1
      Scan saved at 22:58:17, on 2006.08.09
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\WLTRYSVC.EXE
      C:\WINDOWS\System32\bcmwltry.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
      C:\Program Files\ewido anti-spyware 4.0\guard.exe
      C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      C:\WINDOWS\stsystra.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Dell\QuickSet\quickset.exe
      C:\WINDOWS\system32\WLTRAY.exe
      C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
      C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
      C:\WINDOWS\VM305_STI.EXE
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\NetWaiting\netWaiting.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Skype\Phone\Skype.exe
      C:\Program Files\Digital Line Detect\DLG.exe
      C:\WINDOWS\system32\NOTEPAD.EXE
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Valdas\My Documents\Hijack this\HijackThis.exe

      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
      O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
      O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
      O4 - HKLM\..\Run: [ShowLOMControl]
      O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
      O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
      O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
      O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
      O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
      O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Digital Line Detect.lnk = ?
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152462935562
      O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
      O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
      O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
      O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
      O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
      O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
      O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
      O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

      SmitFraudFix v2.81

      Scan done at 19:02:31,89, 2006.08.09
      Run from C:\Documents and Settings\Valdas\Desktop\SmitfraudFix\SmitfraudFix
      OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
      Fix ran in normal mode

      »»»»»»»»»»»»»»»»»»»»»»»» C:\


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

      C:\WINDOWS\.protected FOUND !
      C:\WINDOWS\warnhp.html FOUND !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


      »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Valdas\Application Data


      »»»»»»»»»»»»»»»»»»»»»»»» Start Menu

      C:\DOCUME~1\Valdas\STARTM~1\Programs\Startup\.protected FOUND !
      C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\.protected FOUND !

      »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Valdas\FAVORI~1


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop


      »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


      »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


      »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
       
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
      "Source"="C:\\WINDOWS\\warnhp.html"
      "SubscribedURL"=""
      "FriendlyName"="Desktop Uninstall"
       
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\1]
      "Source"="About:Home"
      "SubscribedURL"="About:Home"
      "FriendlyName"="My Current Home Page"

      »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
      !!!Attention, following keys are not inevitably infected!!!

      SrchSTS.exe by S!Ri
      Search SharedTaskScheduler's .dll

      »»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


      »»»»»»»»»»»»»»»»»»»»»»»» End

       

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      August 9th, 2006 21:00

      You did not remove SpywareBot??? When we are finished I will suggest some better FREE anti-spyware programs. You are already using ewido which excellent.

      In spite of your unbridled joy, valdasn, we have more to do.

      Run Disk Cleanup in each user's profile:
      Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
      Please make sure the following are checked:
      -- Downloaded Program Files
      -- Temporary Internet Files
      -- Recycle Bin
      -- Temporary Files
      Click "OK" and Disk Cleanup will delete those files for you.

      Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update.

      Updating Java:
      • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 7.
      • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
      • Click the "Download" button to the right.
      • Check the box that says: "Accept License Agreement".
      • The page will refresh.
      • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
      • Close any programs you may have running - especially your web browser.
      • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
      • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
      • Click the Remove or Change/Remove button.
      • Repeat as many times as necessary to remove each Java versions.
      • Reboot your computer once all Java components are removed.
      • Then from your desktop double-click on jre-1_5_0_07-windowsi586-p.exe to install the newest version.


      The rapport.txt that you posted this time was the same one you posted earlier. Please post the one that was saved afer running Option 2.
      Also include your log from ewido and a fresh HijackThis log. That is 3 logs that I will need to review. Thank you.

      valdasn

      10 Posts

      August 10th, 2006 04:00

      Morning,

      thanks for the further assistance. i dowloaded the software you recommended.

      Re: spywarebot.

      I don't think I have it. When I received your instructions about removing it I deleted Spybot Search and Destroy, thinking that it may be the one. I do not see anything like spywarebot either on my desktop or in the program files.

      Re: rapport, a log from ewido and a fresh HijackThis.

      While working in the safe mode they might have been saved elsewhere, rather than my desktop. I'm afraid to take any action myself, therefore would like to ask you assistance to create those new logs, so that you could revew what you want.

      regards,

      valdasn

      Bugbatter

      4 Apprentice

       • 

      20.5K Posts

      August 10th, 2006 19:00

      We cannot recreate those logs because they were saved at a certain date and time.

      If you do not have them, and Error #1752 is no longer coming up, I'll assume that everything is working as it should be.

      After something like this it is a good idea to purge the Restore Points and start fresh.
      If everything is running well....
      To flush the XP System Restore Points:
      (Using XP, you must be logged in as Administrator to do this.)

      Go to Start>Run and type msconfig Press enter.
      When msconfig opens, click the Launch System Restore Button.
      On the next page, click the System Restore Settings Link on the left.
      Check the box labeled Turn Off System Restore.

      Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

      Yes, you can delete the SmitfraudFix tool. If I were you, I would keep ewido. After the triral runs out, you can still update it manually and use it as an on-demand scanner.

      Here is my standard list of simple steps that you can take to reduce the chance of infection in the future.

      You may have already taken some of these steps:
      1. Visit Windows Update:
      Make sure that you have all the Critical Updates recommended for your operating system and IE. The first defense against infection is a properly patched OS.
      Windows Update: http://v4.windowsupdate.microsoft.com/en/default.asp

      2. Adjust your security settings for ActiveX:
      Go to Internet Options/Security/Internet, press 'default level', then OK.
      Now press "Custom Level."
      In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to 'prompt', and 'Initialize and Script ActiveX controls not marked as safe" to 'disable'.

      3. Download and install the following free programs:
      a. SpywareBlaster:
      http://www.javacoolsoftware.com/spywareblaster.html
      Tutorial here: http://www.bleepingcomputer.com/forums/tutorial49.html
      b. SpywareGuard:
      http://www.javacoolsoftware.com/spywareguard.html
      Tutorial here: http://www.bleepingcomputer.com/tutorials/tutorial50.html
      Periodically check for updates in both programs.

      4. Please use a firewall and realtime anti-virus. Keep the anti-virus software and firewall software up to date.
      Note: Zone Alarm Firewall (Zone Labs) http://www.zonelabs.com/store/content/company/products/trial_zaFamily/trial_zaFamily.jsp?lid=home_freedownloads
      Sunbelt Kerio has a free version: http://www.kerio.com/kpf_download.html

      5. You might consider installing Mozilla / Firefox.
      http://www.mozilla.org/

      6. Install spyware detection and removal programs:
      You may also want to consider installing either or both of AdAware (free version) and Spybot S&D (freeware). Use these programs to regularly scan your system for and remove many forms of spyware/malware.

      a. Ad-aware: http://www.lavasoft.de/software/adaware/

      b. SpyBot S&D: http://safer-networking.org/en/news/2005-05-31.html

      I would check for updates in SpyBot once a week or so.
      Check for updates in Ad-aware frequently.

      If you have recently installed Ewido, it is a free trial product for 30 days. After that you can purchase it for full features OR you can also keep the free version to use as an on-demand scanner (recommended).
      You will still be able to manually update Ewido using the *update* button

      7. Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List.
      Here is the link:
      http://www.spywarewarrior.com/rogue_anti-spyware.htm
      If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs: http://www.spywarewarrior.com/asw-test-guide.htm
      8. If you have not already done so, you might want to install CCleaner and run it in each user's profile: http://www.ccleaner.com/
      ** UNcheck the option to install the Yahoo toolbr.

      9. If you use Adobe Reader it may need to be updated to be sure that you have a more secure version. If you are using a version prior to v. 6.05, you should update to 6.05, preferably version 7.08. It would be best to remove prior versions before updating to a new version.
      Info here: http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows
      If you need additional assistance, the Adobe forums are here: http://www.adobe.com/support/forums/main.html

      10. Make sure you are using the most udpated version of Java. To verify your Java version go here:
      http://www.java.com/en/download/installed.jsp

      If you need to update, remove all prior versions using Add/Remove Programs, and delete the Java folder in Program Files.
      You can go here to download the latest version: Sun Java and click the link to download the Windows (Offline Installation) package: Save it, do not run it. When the download is complete, close the browser.
      Proceed with reinstalling Java. Reboot.

      11. Here are some helpful articles:
      "So how did I get infected in the first place?"
      http://computercops.biz/postlite7736-.html

      "I'm not pulling your leg, honest"
      by Sandi Hardmeier
      http://www.microsoft.com/windows/IE/community/columns/pulling.mspx

      Let us know if we have not resolved your problem. Otherwise, you are good to go.
      Happy and Safe Surfing!

      Was this post helpful?

      View All

      No Events found!

      Top