Help Please, infected computer

[shelf life]

Hi,

Combofix shouldn't be used by individuals unless you know what you are doing. Its a tool to help in the removal of malware, its not a scanner like MBAM is.
MBAM is excellent, always check for updates before using it. Its good practice to keep it (and all software) updated even if you dont scan that much.

Looks like a service may have been left behind:
look in C:/Program Files/Ares
you can delete the Ares folder.

start HJT, click the "Scan" button. check the items below, close any open windows, then click "Fixed checked"

O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe

Hows it all looking on your end now?

[40luv]

Hi,

Thank you for your assistance, much appreciated.

I uninstalled combofix.
I deleted the Ares folder.
I fixed checked the 023 from the hjt scan.

It's looking good at this end, even resolved the firefox ssl protocol problem.

Any suggestions for real time anti virus?

Thanks again.

[shelf life]

your welcome. For AV I like free myself.
AVG:
http://free.avg.com/

AVAST:
http://www.avast.com/

AVIRA:
http://www.free-av.com/en/download/index.html

CLAMWIN:
http://www.clamwin.com/content/view/18/46/

You can make a new restore point. The how and why:

One of the features of Windows ME,XP and Vista is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore folder. Therefore, clearing the restore points is a good idea after malware is removed.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

If all is good, some info for you:

Reducing Your Risk To Malware:
The Short Version:

1) It is essential to Keep your OS,(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. This is also true for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there status here.

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. Do not install any files from ads, links or popups.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. Scanning frequency is a function of your computer habits.

4) Refrain from clicking on links or attachments you receive via E-Mail, IM, Chat Rooms or Social Sites, no matter how tempting or legitimate the message.

5) Don't click on ads/pop ups or offers from websites requesting that you need to install software to your computer.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website?

7) Set up and use limited accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing.*

8) Install and understand the limitations of a software firewall.

9) Consider using an alternate browser and E-mail client. Internet Explorer and OutLook Express are popular targets for malicious code because they are widely used. See also: Hardening or Securing Internet Explorer.

10) If your habits include: warez, cracks etc or you install files via p2p networks then you are much more likely to encounter malicious code. Do you trust the source? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.

[40luv]

Thanks for the recommendations.

I am logged on as the administrator but when i right click on My Computer>Properties, there is no system restore tab!

I was able to get to system restore via Start>Help and Support>System Restore>System Restore Settings and the check and unckecked "Turn Off System Restore". Is this ok.

Why did i not get the system restore tab? (see paragraph 2)

Also why can i not turn on Automatic Updates in Windows Security Center, Firewall is on.

[40luv]

I'm liking mbam, i'm gonna run it daily.

Will Perform quick scan be sufficient or should i run Full scan everytime.

I'm learning Tks again.

[shelf life]

hi,

dont know why theres no tab. the other way will work fine also for making a new restore point.

Automatic Updates

go to start>run and type in cmd
at the prompt >_
copy paste whats below and press enter
close the window
reboot computer
see if you can start Auto updates

Code:

sc start bits

quick scan be sufficient or should i run Full scan everytime

I suppose everyday a quick scan would do, and maybe a full scan once a week or so. It really depends on your computing habits. Read through that top 10 list I posted. The paid version of MBAM offers autoupdates and real time protection.

[40luv]

Hi,

I followed ur direction,

go to start>run and type in cmd
at the prompt >_
copy paste whats below and press enter
close the window
reboot computer
see if you can start Auto updates

I get a message "The system cannot find the file specified"

[shelf life]

ok do this instead. start>run and type in services.msc
click ok
the Windows service panel will open
under the name column look for:

Background Intelligent Transfer Service

right click on it and select properties.
under the general tab:

the Startup type should be: Automatic. If its not change it
The Service Status should say Started, if its not change it
by clicking the Start button
click ok
reboot computer

see if that solves it.

[40luv]

No it did not solve it, I got the following error message:

Could not start the Background Intelligent Transfer Service service on local computer.

Error 2: The system cannot find the file specified

[shelf life]

ok try this also;

start>run and type in cmd
click ok or enter
at the prompt >_
copy/paste in the code below and click enter;
close window, reboot, cross fingers

Code:

sc start wuauserv