Page 2 of 2 FirstFirst 12
Results 11 to 15 of 15

Thread: Please help - Trojans "downloader"

  1. 2007-11-27, 21:58 #11
    ravenglade
    ravenglade is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    8

    Default

    Things are running a lot better! I haven't had a popup since restart yet. I did however get a DDL error:

    RUNDLL
    C:\windows\system32\ptegdfcc.dll

    The specified module could not be found.
    Also... some simple stuff seems to be broke, such as my calculator and wordpad (notepad is fine).



    Without further delay, here is my new ComboFix log:


    ComboFix 07-11-19.4 - mmussleman 2007-11-27 15:05:32.4 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.341 [GMT -5:00]
    Running from: C:\Documents and Settings\mmussleman\Desktop\ComboFix.exe
    Command switches used :: C:\Documents and Settings\mmussleman\Desktop\CFScript.txt

    FILE
    C:\WINDOWS\17PHolmes572.exe
    C:\WINDOWS\io43mvuiw4kj.exe
    C:\WINDOWS\mrofinu572.exe.tmp
    C:\WINDOWS\system32\atwnyndi.dll
    C:\WINDOWS\system32\byxvwtt.dll
    C:\WINDOWS\system32\byxwxww.dll
    C:\WINDOWS\system32\ccbdewop.dll
    C:\WINDOWS\system32\jhvdaers.dll
    C:\WINDOWS\system32\mljjhij.dll
    C:\WINDOWS\system32\mljjkij.dll
    C:\WINDOWS\system32\nybgwjvd.dll
    C:\WINDOWS\system32\ptegdfcc.dll
    C:\WINDOWS\system32\qomjkjj.dll
    C:\WINDOWS\system32\tuvvstu.dll
    C:\WINDOWS\system32\tyvbvbjp.exe
    C:\WINDOWS\system32\wvuvwwx.dll
    C:\WINDOWS\system32\xcpqljxa.dll
    C:\WINDOWS\TTC-4444.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
    C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
    C:\Documents and Settings\mmussleman\Desktop\Live Safety Center.lnk
    C:\Documents and Settings\mmussleman\Desktop\Online Security Guide.lnk
    C:\Documents and Settings\mmussleman\Favorites\Online Security Guide.lnk
    C:\Temp\abW9
    C:\Temp\abW9\tPho.log
    C:\WINDOWS\17PHolmes572.exe
    C:\WINDOWS\io43mvuiw4kj.exe
    C:\WINDOWS\mrofinu572.exe.tmp
    C:\WINDOWS\system32\adeeg.ini
    C:\WINDOWS\system32\adeeg.ini2
    C:\WINDOWS\system32\atwnyndi.dll
    C:\WINDOWS\system32\atwnyndi.dllbox
    C:\WINDOWS\system32\byxvwtt.dll
    C:\WINDOWS\system32\byxwxww.dll
    C:\WINDOWS\system32\cc1
    C:\WINDOWS\system32\ccbdewop.dll
    C:\WINDOWS\system32\geeda.dll
    C:\WINDOWS\system32\jhvdaers.dll
    C:\WINDOWS\system32\mljjhij.dll
    C:\WINDOWS\system32\mljjkij.dll
    C:\WINDOWS\system32\nybgwjvd.dll
    C:\WINDOWS\system32\ptegdfcc.dll
    C:\WINDOWS\system32\qomjkjj.dll
    C:\WINDOWS\system32\rMa02yy
    C:\WINDOWS\system32\rMa02yy\rMa02yy1099.exe
    C:\WINDOWS\system32\rMa06yy
    C:\WINDOWS\system32\rMa06yy\rMa06yy1083.exe
    C:\WINDOWS\system32\tuvvstu.dll
    C:\WINDOWS\system32\tyvbvbjp.exe
    C:\WINDOWS\system32\wvuvwwx.dll
    C:\WINDOWS\system32\xcpqljxa.dll

    .
    ((((((((((((((((((((((((( Files Created from 2007-10-27 to 2007-11-27 )))))))))))))))))))))))))))))))
    .

    2007-11-26 16:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Corel
    2007-11-26 16:09 <DIR> d-------- C:\Documents and Settings\mmussleman\Application Data\Apple Computer
    2007-11-26 16:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2007-11-26 14:02 <DIR> d-------- C:\Program Files\Spyware Doctor
    2007-11-26 14:02 <DIR> d-------- C:\Documents and Settings\mmussleman\Application Data\PC Tools
    2007-11-26 14:02 626,688 --a------ C:\WINDOWS\system32\msvcr80.dll
    2007-11-26 08:51 780,579 ---hs---- C:\WINDOWS\system32\dvjwgbyn.ini
    2007-11-21 16:29 <DIR> d-------- C:\Program Files\MSXML 4.0
    2007-11-21 15:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
    2007-11-21 15:04 584,192 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
    2007-11-21 11:17 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Rabio
    2007-11-09 16:31 <DIR> d-------- C:\Program Files\Dassault Systemes
    2007-11-09 16:31 <DIR> d-------- C:\Documents and Settings\mmussleman\Application Data\DassaultSystemes
    2007-11-09 16:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\DassaultSystemes
    2007-11-09 16:26 <DIR> d-------- C:\Program Files\MSXML 6.0
    2007-11-09 16:03 <DIR> d-------- C:\Program Files\Virtual Earth 3D
    2007-11-07 08:55 <DIR> d-------- C:\FlexLM
    2007-11-07 08:47 <DIR> d-------- C:\Program Files\GLOBEtrotter Software Inc
    2007-11-07 08:47 18,432 --a------ C:\WINDOWS\system32\RNBOVDD.DLL
    2007-11-07 08:47 9,949 --------- C:\WINDOWS\system32\SENTINEL.HLP
    2007-11-07 08:47 6,656 --a------ C:\WINDOWS\system32\haspvdd.dll
    2007-11-07 08:47 383 --a------ C:\WINDOWS\system32\haspdos.sys
    2007-11-07 08:44 <DIR> d-------- C:\Program Files\Autodesk
    2007-11-07 08:35 <DIR> d-------- C:\Program Files\Common Files\Alias Shared
    2007-11-07 08:34 3,497,832 --a------ C:\WINDOWS\system32\d3dx9_34.dll
    2007-11-07 08:34 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
    2007-10-31 15:35 <DIR> d-------- C:\Program Files\Common Files\Avery
    2007-10-31 15:35 <DIR> d-------- C:\Program Files\Avery Wizard 3.1

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2007-11-27 20:25 --------- d-----w C:\Program Files\Symantec AntiVirus
    2007-11-27 15:04 --------- d-----w C:\Documents and Settings\mmussleman\Application Data\AVG7
    2007-11-26 20:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2007-11-21 16:10 --------- d-----w C:\Documents and Settings\mmussleman\Application Data\uTorrent
    2007-11-07 13:47 47,616 ----a-w C:\WINDOWS\system32\drivers\Haspnt.sys
    2007-11-07 13:35 --------- d-----w C:\Program Files\Common Files\Autodesk Shared
    2007-10-18 05:16 79,688 ----a-w C:\WINDOWS\system32\drivers\iksyssec.sys
    2007-10-18 05:16 29,000 ----a-w C:\WINDOWS\system32\drivers\kcom.sys
    2007-10-18 05:15 62,280 ----a-w C:\WINDOWS\system32\drivers\iksysflt.sys
    2007-10-18 05:14 41,288 ----a-w C:\WINDOWS\system32\drivers\ikfilesec.sys
    2007-10-12 20:46 --------- d-----w C:\Program Files\FileZilla Client
    2007-10-10 14:13 --------- d-----w C:\Program Files\ZC2.10
    2005-09-06 19:50 56 --sh--r C:\WINDOWS\system32\2D078FCBD5.sys
    2007-04-10 20:44 3,350 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "4c1bf536"="C:\WINDOWS\system32\ptegdfcc.dll" []
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2005-10-06 09:19]
    "SDTray"="C:\Program Files\Spyware Doctor\SDTrayApp.exe" [2007-11-02 17:24]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-04-30 12:48]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjhij]
    mljjhij.dll
    C:\WINDOWS\system32\NavLogon.dll 2006-05-26 20:02 43760 C:\WINDOWS\system32\NavLogon.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    "Authentication Packages"= msv1_0 C:\WINDOWS\system32\geeda.dll

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
    backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]
    path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
    backup=C:\WINDOWS\pss\WinZip Quick Pick.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe /minimized

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 7.0]
    2006-01-12 20:52 483328 --a------ C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]
    2005-03-29 21:05 339968 --a------ C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
    2006-03-07 12:02 53408 --a------ C:\Program Files\Common Files\Symantec Shared\ccApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DW4]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
    C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe -start

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2005-09-16 07:43 274432 --a------ C:\Program Files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\JobHisInit]
    2001-11-16 20:23 135168 --a------ C:\Program Files\RMClient\JobHisInit.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MplSetUp]
    2000-11-04 20:09 40960 --a------ C:\Program Files\RMClient\MplSetUp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
    C:\Program Files\Messenger\msmsgs.exe /background

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2001-07-09 10:50 155648 --a------ C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OE]
    2006-08-18 13:06 315392 --a------ C:\Program Files\Trend Micro\Internet Security 2007\TMAS_OE\TMAS_OEMon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE2]
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pccguide.exe]
    2006-08-25 11:25 3112960 --a------ C:\Program Files\Trend Micro\Internet Security 2007\pccguide.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    C:\Program Files\QuickTime\qttask.exe -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
    2004-10-14 19:42 1404928 --a------ C:\Program Files\Analog Devices\Core\smax4pnp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2003-11-19 17:48 32881 --a------ C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    2006-05-26 20:01 124656 --a------ C:\PROGRA~1\SYMANT~1\VPTray.exe

    R2 NLCSAgent;NLCS Agent;C:\WINDOWS\system32\nlcspro\csagtprosvc.exe

    *Newly Created Service* - ERASERUTILDRVI1
    .
    **************************************************************************

    catchme 0.3.1262 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2007-11-27 15:25:48
    Windows 5.1.2600 Service Pack 2 NTFS

    detected NTDLL code modification:
    ZwClose

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2007-11-27 15:27:34 - machine was rebooted
    C:\ComboFix2.txt ... 2007-11-27 13:39
    .
    --- E O F ---
  2. 2007-11-27, 22:00 #12
    ravenglade
    ravenglade is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    8

    Default

    and my new HijackThis:


    Logfile of HijackThis v1.99.1
    Scan saved at 15:56, on 2007-11-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\WINDOWS\system32\nlcspro\csagtprosvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Corel\Corel Graphics 12\Programs\CorelDRW.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\Documents and Settings\mmussleman\Desktop\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [4c1bf536] rundll32.exe "C:\WINDOWS\system32\ptegdfcc.dll",b
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.couvrette.com/Remote/msrdp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cbs-virginia.int
    O17 - HKLM\Software\..\Telephony: DomainName = cbs-virginia.int
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cbs-virginia.int
    O20 - Winlogon Notify: mljjhij - mljjhij.dll (file missing)
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NLCS Agent (NLCSAgent) - Unknown owner - C:\WINDOWS\system32\nlcspro\csagtprosvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
  3. 2007-11-27, 22:11 #13
    Simon V.
    Simon V. is offline
    Retired Security Volunteer
    Join Date
    Nov 2007
    Posts
    69

    Default

    Hi

    Things are running a lot better! I haven't had a popup since restart yet. I did however get a DDL error.

    Also... some simple stuff seems to be broke, such as my calculator and wordpad (notepad is fine).
    Let's try and fix those errors now:

    Step 1

    Open HijackThis, perform a scan and put a check next to the following items (if present):

    O4 - HKLM\..\Run: [4c1bf536] rundll32.exe "C:\WINDOWS\system32\ptegdfcc.dll",b
    O20 - Winlogon Notify: mljjhij - mljjhij.dll (file missing)

    Close all programs except HijackThis and click on Fix checked.

    Step 2

    Be sure that you are set to see hidden files and folders:

    • Close all programs so that you are at your desktop.
    • Double-click on the My Computer icon.
    • Select the Tools menu and click Folder Options.
    • After the new window appears select the View tab.
    • Put a checkmark in the checkbox labelled Display the contents of system folders.
    • Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.
    • Remove the checkmark from the checkbox labelled Hide file extensions for known file types.
    • Remove the checkmark from the checkbox labelled Hide protected operating system files. Answer Yes to the prompt.
    • Press the Apply button and then the OK button and close My Computer.


    Step 3

    Navigate to the following files/folders using Windows Explorer and delete them when found:

    C:\WINDOWS\system32\dvjwgbyn.ini <-- File

    Step 4

    Copy the text below into a Notepad (Go to Start > Run, type Notepad and hit Enter) document:

    Code:
    REGEDIT4

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"=hex(7):6d,73,76,31,5f,30,00,00
    Note: Make sure there is no blank line before REGEDIT4 and one blank line at the end.

    Go to File > Save As:. Save the file as "Fix.reg" (Including the quotes)

    Double-click on Fix.reg. When asked if you want to merge the file with the registry, click Yes.

    Step 5

    Your Java software is out of date. Follow these instructions to update it:

    • Go to Start and click on Control Panel, then double-click on Add or Remove Programs.
    • Search for previously installed versions of Java (J2SE Runtime Environment), and remove it. It should have this icon next to it:
    • Then download and install Java Runtime Environment (JRE) 6 Update 3.


    Post a new HijackThis log in your next reply, and tell me how everything is working.
    Trained at Malware Removal University; Member of ASAP and UNITE.

    So How Did I Get Infected In The First Place?
    Stand Up and Be Counted!
  4. 2007-11-27, 22:55 #14
    ravenglade
    ravenglade is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    8

    Default

    OK, I have restarted with no errors, and I just fixed my calculator and word. No problems as far as I can see!

    You were so much help!!!! Thank you!!!


    Here's my latest HijackThis log:

    Logfile of HijackThis v1.99.1
    Scan saved at 16:51, on 2007-11-27
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Dell\OpenManage\Client\Iap.exe
    C:\WINDOWS\system32\nlcspro\csagtprosvc.exe
    C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Symantec AntiVirus\SavRoam.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\PROGRA~1\MICROS~2\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
    C:\WINDOWS\system32\rundll32.exe
    C:\Documents and Settings\mmussleman\Desktop\HijackThis.exe
    \?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://mail.couvrette.com/Remote/msrdp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = cbs-virginia.int
    O17 - HKLM\Software\..\Telephony: DomainName = cbs-virginia.int
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = cbs-virginia.int
    O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: NLCS Agent (NLCSAgent) - Unknown owner - C:\WINDOWS\system32\nlcspro\csagtprosvc.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Protection Against Spyware (PcScnSrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcScnSrv.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


    Again, thank you for all your time and effort. Is there some where I can give you points or something? I dont know if people rate themselves here or not.

    Let me know if this looks clean.
  5. 2007-11-27, 23:39 #15
    Simon V.
    Simon V. is offline
    Retired Security Volunteer
    Join Date
    Nov 2007
    Posts
    69

    Default

    Hi

    I only notice this now, but you are operating your computer with multiple Anti-Virus programs running in memory at once:

    AVG 7.5
    Symantec AntiVirus
    Trend Micro PC-cillin Internet Security 2007

    Anti-Virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two Anti-Virus programs running at the same time can cause your computer to run very slow, become unstable and even crash.

    If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

    Please disable or uninstall one or the other so they do not conflict.

    Again, thank you for all your time and effort. Is there some where I can give you points or something? I dont know if people rate themselves here or not.
    You're welcome You can't give me points or rate me, but your kind words are encouraging enough

    However, if you want to donate to support this forum and Spybot Search and Destroy, you can go here: http://www.spybot.info/en/donate/index.html

    Let me know if this looks clean.
    Your log looks clean indeed. Here are some tips to keep your computer clean in the future:

    Click Start then Run....

    • Type Combofix /u in the runbox and click OK. (Note: The space between the x and the /u needs to be there)


    • When shown the disclaimer, select 2.


    Rehide your System Files

    • Double-click My Computer.
    • Click the Tools menu, and then click Folder Options.
    • Click the View tab.
    • Put a check next to Hide file extensions for known file types.
    • Under the Hidden files folder, select Do not show hidden files and folders.
    • Check Hide protected operating system files.
    • Click Apply, and then click OK.


    Disable and Enable System Restore - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    Step 1: Turn off System Restore:

    • On the desktop, right-click My Computer
    • Click Properties
    • Click the System Restore tab
    • Check Turn off System Restore
    • Click Apply, and then click OK


    Step 2: Reboot your computer.

    Step 3: Turn on System Restore:

    • On the desktop, right-click My Computer
    • Click Properties
    • Click the System Restore tab
    • Uncheck Turn off System Restore
    • Click Apply, and then click OK


    Note: Only do this once, NOT on a regular basis!

    Make your Internet Explorer More Secure

    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab.
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.

      • Change the Download signed ActiveX controls to Prompt.
      • Change the Download unsigned ActiveX controls to Disable.
      • Change the Initialise and script ActiveX controls not marked as safe to Disable.
      • Change the Installation of desktop items to Prompt.
      • Change the Launching programs and files in an IFRAME to Prompt.
      • Change the Navigate sub-frames across different domains to Prompt.
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.


    • Next press the Apply button and then the OK to exit the Internet Properties page.


    Update your Anti-Virus Software - It is very imprtant that you update your anti-virus software at least once a week (even more if you wish). If you do not update your anti-virus software then it will not be able to catch any of the new variants that will come out.

    Use a Firewall - Without a firewall your computer is susceptible to being hacked and taken over. The Windows firewall isn't sufficient as it only monitors incoming connections.

    Here are a few (free) firewalls, please download and install one of them:



    Visit Microsoft's Update Site Frequently - It is important that you visit http://update.microsoft.com/ regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

    Install Ad-Aware - Download and install Ad-Aware. You should scan your computer with the program on a regular basis just as you would with your anti-virus software. A tutorial on installing and using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware

    Install SpywareBlaster - SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. An article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware

    Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

    Follow this list and your potential for being infected again will reduce dramatically.

    Stand Up and Be Counted! - Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints: Malware Complaints. You have to be registered to post. After registering just find your country room and register your complaint. The infection you had was Vundo (Virtumundo).
    Trained at Malware Removal University; Member of ASAP and UNITE.

    So How Did I Get Infected In The First Place?
    Stand Up and Be Counted!
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules