errr.. something's not right...
as the combofix loads, there is always a error notification report window of something REG.EXE that has to close... after a few moments i keep on closing that window, the combofix tells me that i am not an admin and i cant run it.. but my account for windows im using is the admin's one...
okay.. erm woke up this morning, switched on the comp and the first thing i did was on the combofix again... apparently it worked, and it began scanning, halfway through, some unknown prog, something with a .exe had to close.. and the combofix has been stuck at stage 7 for over 30 minutes i suppose...
Okie.. ran it again.. the combofix window/console turns red and says comspec environment variable was found to be corupt, combofix has attempted repairs and needs to restart... it has been like that ever since..
Hie again mr jake..
sorry for the many many posts. lol..
was too free and din noe wat else to do other den tell u about it...
anyways after i reboot, i tried again and it worked...
here goes the log..
ComboFix 07-10-12.4 - Administrator 2007-10-15 23:43:21.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1597 [GMT 8:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\check_LSA7.txt
C:\Documents and Settings\Administrator\Desktop\internet.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\agladcuk.ini
C:\WINDOWS\system32\aqdlwvdj.dll
C:\WINDOWS\system32\gebyw.dll
C:\WINDOWS\system32\jdvwldqa.ini
C:\WINDOWS\system32\kucdalga.dll
C:\WINDOWS\system32\pfwwtwbw.dll
C:\WINDOWS\system32\qouitdft.ini
C:\WINDOWS\system32\rmfrltgu.dll
C:\WINDOWS\system32\snahtkgu.ini
C:\WINDOWS\system32\tfdtiuoq.dll
C:\WINDOWS\system32\ugkthans.dll
C:\WINDOWS\system32\ugtlrfmr.ini
C:\WINDOWS\system32\wbwtwwfp.ini
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak1
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.bak2
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\wybeg.ini
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\system32\wybeg.ini2
C:\WINDOWS\system32\wybeg.tmp
C:\WINDOWS\system32\wybeg.tmp
C:\WINDOWS\system32\wybeg.tmp
C:\WINDOWS\system32\xpistgql.dll
C:\WINDOWS\system32\ywcammio.dll
.
((((((((((((((((((((((((( Files Created from 2007-09-15 to 2007-10-15 )))))))))))))))))))))))))))))))
.
2007-10-15 15:26 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 21:41 <DIR> d-------- C:\VundoFix Backups
2007-10-07 16:46 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-05 00:38 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-04 06:36 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-10-02 19:30 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-30 00:43 2,560 --a------ C:\WINDOWS\system32\bitcometres.dll
2007-09-29 17:29 <DIR> d-------- C:\Program Files\Norton Internet Security
2007-09-29 17:28 123,952 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-29 17:28 60,800 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-29 17:27 <DIR> d-------- C:\Program Files\Symantec
2007-09-29 17:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2007-09-29 16:48 <DIR> d-------- C:\Program Files\SpywareBlaster
2007-09-27 18:22 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-18 14:43 317,616 --a------ C:\WINDOWS\system32\drivers\srtspl.sys
2007-09-18 14:43 278,576 --a------ C:\WINDOWS\system32\drivers\srtsp.sys
2007-09-18 14:43 43,696 --a------ C:\WINDOWS\system32\drivers\srtspx.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-06 09:05 --------- d-----w C:\Program Files\LimeWire
2007-10-04 16:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-03 22:36 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF
2007-10-03 22:36 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2007-09-18 06:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat
2007-09-18 06:44 10,662 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat
2007-09-18 06:44 10,658 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat
2007-09-18 06:44 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf
2007-09-18 06:44 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf
2007-09-18 06:44 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf
2007-09-14 16:39 --------- d-----w C:\Program Files\Zoom Player
2007-09-08 02:09 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-09-05 03:25 9,344 ----a-w C:\WINDOWS\system32\drivers\NSDriver.sys
2007-09-05 03:25 8,320 ----a-w C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-31 10:50 --------- d-----w C:\Program Files\Maxis
2007-07-30 11:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 11:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 11:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 11:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 11:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 11:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 11:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 11:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-03-07 08:49]
"nwiz"="nwiz.exe" [2007-03-07 08:49 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-03-07 08:49]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 19:49 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 18:04 C:\WINDOWS\SkyTel.exe]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [2007-07-12 04:00]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-09-03 15:04]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2006-09-06 09:22]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 18:30]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:56]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26]
Wireless Utility.lnk - C:\Program Files\Wireless\Common\Utility.exe [2007-06-03 13:29:49]
R1 BIOS;BIOS;\??\C:\WINDOWS\system32\drivers\BIOS.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fd6d837f-1059-11dc-bae7-806d6172696f}]
AutoRun\command - wscript .\autorun.vbs
configure\command - D:\SETUP.EXE
install\command - D:\SETUP.EXE
*Newly Created Service* - COMHOST
.
Contents of the 'Scheduled Tasks' folder
"2007-10-12 13:16:55 C:\WINDOWS\Tasks\Norton Internet Security - Run Full System Scan - Administrator.job"
.
**************************************************************************
catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-15 23:49:26
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-15 23:50:18 - machine was rebooted
.
--- E O F ---
Hi
Ok very good...
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
- Restart your computer
- Start tapping the F8 key when the computer restarts.
- When the start menu opens, choose Safe mode
- Press Enter. The computer then begins to start in Safe mode.
Run a scan with Dr.Web CureIt
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, you should now mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found
- If so, click it and then click the next icon right below and select Move incurable
- After the scan, in the menu, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot the computer in Normal Mode,
- Post the Cure-it report and a fresh HijackThis log
Also please let me know how the pc is running
Okie! Done as u asked! But it seemed rather simple for there was nothing like the incurable files u said as quoted.
Originally Posted by Mr_JAk3
[*] When the scan has finished, look if you can click next icon next to the files found[*] If so, click it and then click the next icon right below and select Move incurable
Anyways here is the log. I even deleted the mirc stuff to be safe... lol..
MIRC32.EXE;E:\Admin\EDrive\Abackup\Backup\Documents\INTERNET\MIRC;Program.mIRC.571;Deleted.;
MIRC32.EXE;E:\Admin\EDrive\Documents\INTERNET\MIRC;Program.mIRC.571;Deleted.;
RegUBP2b-Administrator.reg;C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Snapshots2;Trojan.StartPage.1505;Deleted.;
A0044064.reg;C:\System Volume Information\_restore{A0394881-2113-491E-A1E8-3743B2C21983}\RP167;Trojan.StartPage.1505;Deleted.;
Here is the HJT log
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:57:31 AM, on 10/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Wireless\Common\Utility.exe
C:\WINDOWS\ALCFDRTM.EXE
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\skanneri.exe.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\Wireless\Common\Utility.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: BitComet Search - {461CC20B-FB6E-4f16-8FE8-C29359DB100E} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.8.30.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107fd.bay107.hotmail.msn.co...s/MsnPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E60C64B1-8DD7-4AB2-A1AD-34B82D74AA0F}: NameServer = 202.188.1.5,202.188.0.133
O17 - HKLM\System\CCS\Services\Tcpip\..\{E89B31BB-1DD7-461D-81C9-69076B909B09}: NameServer = 202.188.0.133,202.188.1.5
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
--
End of file - 7950 bytes
Oh rite, the comp seems fine after that, cuz there were no signs of malware, no popups, nothing crashed etc... so i did a Spybot scan, and found some.. so din really noe if i should deleted them.. here it is.. please advice
Hi again, it is looking clean now
Let the Spybot fix those found entries. They're just cookies.
You may fix this leftover with HijackThis:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Then we may restore Mirc if you use it as it really isn't malware.
You can remove the tools we used.
Then you should update your Java to the latest version (6u3
- Start
- Control Panel
- Add/Remove Programs
- Delete the old Java,
J2SE Runtime Environment 6 Update 2- Download the latest version of [url=http://java.sun.com/javase/downloads/index.jsp]Java Runtime Environment (JRE) 6u3/url].
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement."
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Install it
Now you can make your hidden files hidden again.
- Go to My Computer
- Select the Tools menu and click Folder Options
- Click the View tab.
- Checkmark the "Display the contents of system folders"
- Under the Hidden files and folders select "Show hidden files and folders"
- Check "Hide protected operating system files"
- Click Apply and then the OK and close My Computer.
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
- Clear your system restore
This will clear the system restore folders from possible malware that was left behind during the cleaning process.- Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.- Use Ad-Aware
Download and install Ad-Aware. Update it and scan your computer regularly with it.- Use AVG Anti-Spyware
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.- Use Spybot S&D
Download and install Spybot S&D. Update it and scan your computer regularly with it.- Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.- Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.- Use Firefox browser
Firefox is faster and more secure browser than Internet Explorer.- Keep your systen up-to-date
Visit Windows Update regularly. How to enable Automatic Updates?- Keep your antivirus and firewall up-to-date
Scan your computer regularly with you antivirus software.- Read this article by TonyKlein
So how did I get infected in the first place?- Stand Up and Be Counted !
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe
Cant really express how much i owe u for this. Thanks a bunch for helping me out. Never knew this much about antivirus & malware and stuffs... Previously i would just turn off sys restore do some scanning etc. If that doesnt work i would just format off my comp..
I know feel like the computer has taken a really nice bath and is sparkling clean. Thank you again for putting up with me...
Best regards!
That's great news and you're very welcome
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.
Glad we could help
Posting Permissions
