Page 3 of 3 FirstFirst 123
Results 21 to 25 of 25

Thread: Virtumonde et al -- a question or two ...

  1. #21
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Your logs are clean

    Follow these steps to uninstall Combofix and tools used in the removal of malware
    • Click START then RUN
    • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.




    You now need to update your Java and remove your older versions.

    Please follow these steps to remove older version Java components.

    * Click Start > Control Panel.
    * Click Add/Remove Programs.
    * Check any item with Java Runtime Environment (JRE) in the name.
    * Click the Remove or Change/Remove button.

    Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
    here




    Below I have included a number of recommendations for how to protect your computer against malware infections.

    * Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

    * To reduce re-infection for malware in the future, I strongly recommend installing these free programs:

    SpywareBlaster protects against bad ActiveX
    IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
    Have a look at this tutorial for IE-Spyad here

    * SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time protection program or there will be a conflict.

    Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.


    * MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    * Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here

    * Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
    Here

    Thank you for your patience, and performing all of the procedures requested.
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~

  2. #22
    Junior Member
    Join Date
    Mar 2007
    Location
    New York City
    Posts
    28

    Default Using protection packages ...

    Hi Mark,

    I will, of course, do as you suggest, and uninstall Combofix. Why is it necessary to uninstall it?

    After reading the rest of your post, I realized and recognized a few things:

    One, I do use a set of good anti-virus and anti-spyware programs, and I constantly do update them. I use whichever versions allow me the greatest protection and scanning. I will add additional ones, as ones you suggest.

    Two, I do know I must delete older versions of programs and packages I have: JAVA is one, Adobe Acrobat is two, and Spybot S&D is three. Of what I am not certain is the fact that there is more than one place where JAVA is stored on my harddisk (the same with Adobe Acrobat/Reader), and which was placed there when I installed JAVA. I believe the last place was a subdirectory of "Sun" (A little different with the Adobe Acrobat/Reader.). How do I know what to delete and what not to delete, other than deleting those files which I definitely know are old? What if the files state the same dating, but just a slight difference in version number, as SB S&D version 1.5 and SB S&D version 1.5.2. Is it safe to remove one of them?

    Three, I have had the unfortunate experience of at least two anti programs tying up my computer's resources to the extent to make it run slowly and not be able to easily access the Internet. This is why I chose not to use the "Tea Timer" of Spybot, and why I chose not to use Antivir. Will any of the programs/packages you are suggesting do likewise?

    Four, just for info sake, Virtumonde had also attached itself to Firefox, so that is not much safer than IE. Also, because so many anti-virus and anti-spyware programs will only allow their internal updater when using IE, it forces me to have IE as my computer's default browser. I refuse to keep switching back and forth in stating one browser is my default at one time and then needing to state a different one is my default, at another time, all because a program or a site refuses to work with a different browser. I do not like this, but, that is how the MS Win environment is set up. For the record, I not only use Firefox as well as IE, I also use Opera.

    Five, this is OT. I have been using Ad-Aware SE Personal, updating it by downloading and copying the definitions from the Lavasoft site. I use that version of Ad-Aware because I can completely configure it, whereas, I cannot do that with 2007 Free nor with 2008 Free. Recently (past few weeks) when I run Ad-Aware, it does fine, and suddenly not only stops but becomes a non-responding program which I have to forcibly (via Task Manager) end. This happens at varying stages in its scanning. I posted this on the Lavasoft Support Forum, but have not been answered yet by anyone there, as what to do. Any suggestions?

    Thanks for all your time, attention, and help.

    Kind regards,

    Julian.

  3. #23
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    ComboFix is dangerous and it isn't something you should use, so you need to uninstall it

    Yes it is safe to uninstall those, you should remove all old versions of java

    Will any of the programs/packages you are suggesting do likewise?
    Having TeaTimer and not Avira running is dangerous. They shouldn't cause problems

    Four, just for info sake, Virtumonde had also attached itself to Firefox, so that is not much safer than IE
    Firefox is safer than IE. If you download cracks and keygens it doesn't what programs you are using, you will get infected

    I posted this on the Lavasoft Support Forum, but have not been answered yet by anyone there, as what to do. Any suggestions?
    No. Make sure all programs are closed when running scans


    Anything else ?
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~

  4. #24
    Junior Member
    Join Date
    Mar 2007
    Location
    New York City
    Posts
    28

    Default A followup ...

    Hi Mark,

    First, my ACER is running smoothly now. Thank you, ever so much. I set a Restore point soon after I got the "green light" from you as to my system being clean. I first cleaned out programs and some other files, then I did a Defrag. After this, I created the System Restore Point.

    Second, when I had Antivir installed, it was so actively checking the input port from the Internet that ZoneAlarm was constantly active and my system was slightly slowing down due to Antivir asserting itself all the time. AVG also monitors the I/N and E-Mail, etc., but does it passively -- only when I am actually browsing or working with E-Mail; thus, everything runs normal speed. Again the program is, "Antivir"; it is NOT, "Avira."

    Third, when I did run Tea Timer, I was constantly interrupted by requests and warnings, many of which turned out to be not just innocent things but things which might be actually needed by my computer system. It could accidentally become too tempting to delete something, in a warning, which could turn out to be necessary for something else in the system. Without Tea Timer, the only time SB S&D tells me of something bad, is if I either run a scan, or something is flagged.

    Fourth, I will again try to make sure all programs are closed when scanning. Just maybe that is the problem with Ad-Aware SE? Thanks for the reminder.

    It has been a pleasure knowing you.

    Regards,

    Julian.

  5. #25
    Retired Security Volunteer
    Join Date
    Sep 2007
    Location
    Ireland
    Posts
    1,620

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

    Note: If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.
    Who watches The Watchmen?

    It's like you said. All I am is what I'm going after.

    ~Scratch~

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •