Page 2 of 2 FirstFirst 12
Results 11 to 14 of 14

Thread: Pop-ups, random processes, and all the other stuff your mother warned you about!

  1. #11
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi again, we'll continue

    You should print these instructions or save these to a text file. Follow these instructions carefully.

    Open AVG Anti-Spyware:
    • On the main screen under Your Computer's security.
      • Click on Change state next to Resident shield. It should now change to inactive.
      • Click on Change state next to Automatic updates. It should now change to inactive.
      • Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
      • Wait until you see the Update succesfull message.
    • Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    If you are having problems with the updater, you can use this link to manually update ewido.
    AVG Anti-Spyware manual updates.
    Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.

    Download ATF Cleaner by Atribune to your desktop.
    Do NOT run yet.

    You got some infections there.

    Make your hidden files visible:
    • Go to My Computer
    • Select the Tools menu and click Folder Options
    • Click the View tab.
    • Checkmark the "Display the contents of system folders"
    • Under the Hidden files and folders select "Show hidden files and folders"
    • Uncheck "Hide protected operating system files"
    • Click Apply and then the OK and close My Computer.


    ==================

    Open Control Panel -> Add/Remove programs -> Remove all the of the following or similar entries if found:
    Oin
    Yazzle by Oin
    Purityscan by Oin
    Snowballwars by Oin
    or anything similar with Oin or Outerinfo in it.
    Zolero
    Tizzletalk
    MediaTickets
    Cowabanga
    VSAdd-in
    VS Toolbar

    and any other programs you didn't install or don't recognize - if your not sure please ask first

    Download and run this uninstaller:
    http://www.outerinfo.com/OiUninstaller.exe

    Tutorial for the uninstaller if needed

    Run HijackThis, click Do a system scan only, and check the box next to each of these entries if still present. Close all other windows and press Fix checked. If something isn't there, please continue with the next entry in the list.

    R3 - URLSearchHook: (no name) - {D99D21B8-9809-BE8C-780D-C3896D58669F} - C:\WINDOWS\System32\bvqojb.dll (file missing)
    O2 - BHO: (no name) - {0730636A-ED8F-1700-7F6E-07A5A9CF17AB} - C:\WINDOWS\System32\byvmdy.dll
    O2 - BHO: (no name) - {1742C71A-212D-4722-AED0-536116A52863} - C:\WINDOWS\System32\awvvu.dll (file missing)
    O2 - BHO: (no name) - {18D0F46D-1A11-DE44-9286-08B0E25FF968} - C:\WINDOWS\System32\mspgcsj.dll (file missing)
    O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\System32\iamwnixk.dll
    O2 - BHO: (no name) - {46A4E9D9-B30E-452A-8157-DBBEC8573B03} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O2 - BHO: (no name) - {CFE9E8A8-38C0-4EF8-AEC2-5035EFE81030} - C:\WINDOWS\System32\ljjgghe.dll (file missing)
    O2 - BHO: (no name) - {D99D21B8-9809-BE8C-780D-C3896D58669F} - C:\WINDOWS\System32\bvqojb.dll (file missing)
    O2 - BHO: (no name) - {DE9C22BC-9C09-EF8A-780D-C3896D5866CA} - C:\WINDOWS\System32\ldmjvpe.dll (file missing)
    O3 - Toolbar: &VSAdd-in - {74DD705D-6834-439C-A735-A6DBE2677452} - C:\Program Files\VSAdd-in\VSAdd-in.dll
    O4 - HKLM\..\Run: [enuzwsl.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\enuzwsl.dll,pvpkemc
    O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
    O4 - HKLM\..\Run: [bntcogh.dll] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\bntcogh.dll,uiyblgb
    O4 - HKCU\..\Run: [Tjmhrk] ????\w?wexec.exe
    O20 - Winlogon Notify: ljjgghe - ljjgghe.dll (file missing)
    O20 - Winlogon Notify: winaqr32 - winaqr32.dll (file missing)

    Restart your computer to the safe mode:
    • Restart your computer
    • Start tapping the F8 key when the computer restarts.
    • When the start menu opens, choose Safe mode
    • Press Enter. The computer then begins to start in Safe mode.


    Go to the My Computer and delete the following files (if present):
    C:\WINDOWS\System32\byvmdy.dll
    C:\WINDOWS\System32\iamwnixk.dll
    C:\WINDOWS\System32\enuzwsl.dll
    C:\WINDOWS\System32\bntcogh.dll

    Go to the My Computer and delete the following folders (if present):
    C:\Program Files\ipwins
    C:\Program Files\VSAdd-in

    Run ATF Cleaner
    • Under Main choose: Select All
      Click the Empty Selected button.
    If you use Firefox browser
    • Click Firefox at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browser
    • Click Opera at the top and choose: Select All
      Click the Empty Selected button.
      NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.

    Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
    • Click on Scanner on the toolbar.
    • Click on the Settings tab.
      • Under How to act?
        • Click on Recommended Action and choose Quarantine from the popup menu.
      • Under How to scan?
        • All checkboxes should be ticked.
      • Under Possibly unwanted software:
        • All checkboxes should be ticked.
      • Under Reports:
        • Select Automatically generate report after every scan and uncheck Only if threats were found.
      • Under What to scan?
        • Select Scan every file.
    • Click on the Scan tab.
    • Click on Complete System Scan to start the scan process.
    • Let the program scan the machine.
    • When the scan has finished, follow the instructions below.
      IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
      • Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
      • At the bottom of the window click on the Apply all Actions button. (3)
    • When done, click the Save Scan Report button. (4)
      • Click the Save Report as button.
      • Save the report to your Desktop.
    • Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
    Reboot in Normal Mode.

    ================

    When you're ready, please post the following logs to here:
    - AVG's report
    - a fresh HijackThis log
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  2. #12
    Junior Member
    Join Date
    Nov 2006
    Posts
    9

    Default

    Here's the AVG log:


    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 1:26:43 PM 12/3/2006

    + Scan result:



    C:\Documents and Settings\Christopher Vincent\Desktop\OiUninstaller.exe -> Adware.MediaTickets : Cleaned with backup (quarantined).
    C:\mstFF.tmp -> Not-A-Virus.Hoax.Win32.Renos.fw : Cleaned with backup (quarantined).
    :mozilla.18:C:\RECYCLED\NPROTECT\00055094.MOZ -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.18:C:\RECYCLED\NPROTECT\00055095.MOZ -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.18:C:\RECYCLED\NPROTECT\00055098.MOZ -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.24:C:\RECYCLED\NPROTECT\00055099.MOZ -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.6:C:\RECYCLED\NPROTECT\00055091.MOZ -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.10:C:\RECYCLED\NPROTECT\00055099.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.11:C:\RECYCLED\NPROTECT\00055099.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.17:C:\RECYCLED\NPROTECT\00055089.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.18:C:\RECYCLED\NPROTECT\00055089.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.18:C:\RECYCLED\NPROTECT\00055090.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.19:C:\RECYCLED\NPROTECT\00055089.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.19:C:\RECYCLED\NPROTECT\00055090.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.20:C:\RECYCLED\NPROTECT\00055090.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.20:C:\RECYCLED\NPROTECT\00055094.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.21:C:\RECYCLED\NPROTECT\00055091.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.21:C:\RECYCLED\NPROTECT\00055094.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.22:C:\RECYCLED\NPROTECT\00055091.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.22:C:\RECYCLED\NPROTECT\00055094.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.22:C:\RECYCLED\NPROTECT\00055095.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.23:C:\RECYCLED\NPROTECT\00055091.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.23:C:\RECYCLED\NPROTECT\00055095.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.24:C:\RECYCLED\NPROTECT\00055095.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.25:C:\RECYCLED\NPROTECT\00055098.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.26:C:\RECYCLED\NPROTECT\00055098.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.27:C:\RECYCLED\NPROTECT\00055098.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.7:C:\RECYCLED\NPROTECT\00055099.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.8:C:\RECYCLED\NPROTECT\00055099.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    :mozilla.9:C:\RECYCLED\NPROTECT\00055099.MOZ -> TrackingCookie.Casalemedia : Cleaned.
    C:\RECYCLED\NPROTECT\00055976.exe -> Trojan.Small : Cleaned with backup (quarantined).


    ::Report end




    And the HJT log:




    Logfile of HijackThis v1.99.1
    Scan saved at 1:33:53 PM, on 12/3/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\atiptaxx.exe
    C:\Program Files\Messenger Plus! 3\MsgPlus.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    C:\WINDOWS\System32\LVCOMSX.EXE
    C:\Program Files\Logitech\Video\LogiTray.exe
    C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    C:\Program Files\MSN Webcam Recorder\ml20gui.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Logitech\SetPoint\KEM.exe
    C:\Program Files\Logitech\SetPoint\KHALMNPR.EXE
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Logitech\Video\FxSvr2.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Hijackthis\Scanner.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton SystemWorks\Norton Antivirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [ATIPTA] atiptaxx.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
    O4 - HKLM\..\Run: [AsioReg] REGSVR32.EXE /S CTASIO.DLL
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Device Detector] "C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe" -autorun
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
    O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\Messenger Plus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [MSN Webcam Recorder] "C:\Program Files\MSN Webcam Recorder\ml20gui.exe" -silent
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE (file missing)
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mistermonkus.spaces.msn.com//...d/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1164595525342
    O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\navapsvc.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Antivirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

  3. #13
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    Hi again, it is looking clean now
    The computer is running fine ?

    Now you can clean AVG's Quarantine:
    • Open AVG Anti-Spyware
    • Click Infections
    • Click Quarantine tab
    • Click Select all
    • Click Remove finally
    • Close the program

    You can remove the tools we used.

    Then the first priority is to visit Windows Update and get your system updated
    -> At first, install Win XP Service Pack 2 Update
    -> Reboot and get back to the Windows Update
    -> Install all remaining important updates
    (NOTE: You'll propably have to reboot and get back to the update several times before all of them are installed)

    You should empty Norton protected recycle bin -> Instructions
    Then you should update your Java to the latest version (5.0 update 10)
    • Start
    • Control Panel
    • Add/Remove Programs
    • Delete the old Java, J2SE Runtime Environment 5.0 Update 1
    • Download the latest version of Java Runtime Environment (JRE) 5.0 Update 10.
    • Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
    • Click the "Download" button to the right.
    • Check the box that says: "Accept License Agreement."
    • The page will refresh.
    • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
    • Install it

    Now you can make your hidden files hidden again.
    • Go to My Computer
    • Select the Tools menu and click Folder Options
    • Click the View tab.
    • Checkmark the "Display the contents of system folders"
    • Under the Hidden files and folders select "Show hidden files and folders"
    • Check "Hide protected operating system files"
    • Click Apply and then the OK and close My Computer.


    =============

    Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
    • Clear your system restore
      This will clear the system restore folders from possible malware that was left behind during the cleaning process.
    • Use ATF Cleaner
      Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
    • Use Ad-Aware
      Download and install Ad-Aware. Update it and scan your computer regularly with it.
    • Use AVG Anti-Spyware
      Update it and scan your computer regularly with it.
    • Use Spybot S&D
      Download and install Spybot S&D. Update it and scan your computer regularly with it.
    • Install SpywareBlaster
      SpywareBlaster will prevent spyware from being installed.
    • Install MVPS Hosts file
      This prevents your computer from connecting to harmful sites.
    • Use Firefox browser
      Firefox is faster, safer and better browser than Internet Explorer.
    • Keep your systen up-to-date
      Visit Windows Update regularly.
    • Keep your antivirus and firewall up-to-date
      Scan your computer regularly with your antivirus.
    • Read this article by TonyKlein
      So how did I get infected in the first place?
    • Stand Up and Be Counted !
      The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.


    Stay clean and be safe
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

  4. #14
    Security Expert-Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    3,934

    Default

    As the problem appears to be resolved this topic has been archived.

    If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.

    Glad we could help
    MalWare Removal University - You too could train to help others
    UNITE & ASAP member since 2006

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •