Many, many thanks
You are the man/woman..... lol.
Thank you for all your time and your patience with me. I followed all of your instructions and the last update set everything back right. I immediately downloaded all of the windows updates and avast updates and spybot updates and ad-aware and re-ran them all along with defragging and everything is working again. Again, thanks for your time and expertise. John T
We need to clear up a few malware files and remove the tools we used:
- Open a new notepad window (Start>All Programs>Accessories>Notepad)
- Copy & paste the contents of the following codebox into the notepad window
Code:del /a /f C:\WINDOWS\system32\bcghkqkb.dat del /a /f C:\WINDOWS\system32\ixbtddbe.dat del /a /f C:\WINDOWS\system32\hvkacjll.dat del /a /f C:\WINDOWS\system32\dfentqsr.dat del /a /f C:\WINDOWS\system32\hvnzahqj.dat del /a /f C:\WINDOWS\system32\wifu.exe del /a /f "%userprofile%\desktop\combofix.exe" rmdir /q /s "C:\qoobox"- Click File > Save as
- In the box labelled File name copy and paste cleanup.bat
- Change Save as type to All Files
- Save it to your desktop
- Close the notepad window
- Double click on cleanup.bat
- A DOS window will come up briefly and then disappear, this is normal
Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
Updating Java:
- Download the latest version of Java Runtime Environment (JRE) 6 .
- Scroll down to where it says "The Java SE Runtime Environment (JRE) allows end-users to run Java applications".
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement".
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.
You now appear to be clean. Congratulations!
Please take the time to tell us what you would like to be done about the people who are behind all the problems you have had. We can only get something done about this if the people that we help, like you, are prepared to complain. We have a dedicated forum for collecting these complaints Malware Complaints, you need to be registered to post as unfortunately we were hit with too many spam posting to allow guest posting to continue just find your country room and register your complaint.
Below are some steps to follow in order to dramatically lower the chances of reinfection
You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented
Restart
- Turn System Restore off
- On the Desktop, right click on the My Computer icon.
- Click Properties.
- Click the System Restore tab.
- Check Turn off System Restore.
- Click Apply, and then click OK.
- Turn System Restore on
- On the Desktop, right click on the My Computer icon.
- Click Properties.
- Click the System Restore tab.
- Uncheck *Turn off System Restore*.
- Click Apply, and then click OK.
Note: only do this once, and not on a regular basis- Make sure that you keep your antivirus updated
New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.- Install and use a firewall with outbound protection
While the firewall built into Windows XP is adequate to protect you from incoming attacks, it will not be much help in alerting you to programs already on your PC attempting to connect to remote servers
I therefore strongly recommend that you install one of the following free firewalls: Comodo Firewall or Online armor
See Bleepingcomputer's excellent tutorial to help using and understanding a firewall here
Note: You should only have one firewall installed at a time. Having more than one firewall installed at once is likely to cause conflicts and may well decrease your overall protection as well as seriously impairing the performance of your PC.- Make sure you install all the security updates for Windows, Internet explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch for it to that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC, so keeping up with these patches will help to prevent malicious software being installed on your PC
Go here to check for & install updates to Microsoft applications
Note: The update process uses activex, so you will need to use internet explorer for it, and allow the activex control that it wants to install- Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month- Make Internet Explorer more secure
Click Start > Run
Type Inetcpl.cpl & click OK
Click on the Security tab
Click Reset all zones to default level
Make sure the Internet Zone is selected & Click Custom level
In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
Next Click OK, then Apply button and then OK to exit the Internet Properties page.- Install SpywareBlaster & make sure to update it regularly
SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
If you don't know what activex controls are, see here
You can download SpywareBlaster from here- Install and use Spybot Search & Destroy
Instructions are located here
Make sure you update, reimmunize & scan regularly- Make use of the HOSTS file included with Spybot Search & Destroy
Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy
Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue
- Run Spybot Search & Destroy
- Click on Mode, and then place a tick next to Advanced mode
- Click Yes
- In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File
- Click on Add Spybot-S&D hosts list
For a more detailed explanation of the HOSTS file, click here
- Click Start > Run
- Type services.msc & click OK
- In the list, find the service called DNS Client & double click on it.
- On the dropdown box, change the setting from automatic to manual.
- Click OK & then close the Services window
- Install a-squared Free & update and scan with it regularly
a-squared free is a product from Emsi Software provided free for private use that can detect and remove a variety of malicious software. You can get it here
Note: If you have a dialup internet connection, you may also like to install a-squared Anti-Dialer which provides some real time protection against premium rate dialers- Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date
Understood
I cannot thank you enough. I will be following all of your advice on my own machine now also. Are all these also compatible with Vista? I acquired a Acer laptop with Vista installed and want to make sure it is good too. John
I believe that everything except the Online Armor firewall is Vista compatible
Working
unfortunately, before I could get all the stuff installed, I think I got a trace of an infection. I am working on it now. JOhn
How are you getting on?Originally Posted by rengrafix
Posting Permissions
