-
Ok, good. I like questions. Which i will attempt to answer.
A proxy change in a browser can be something a user could do, so its not necessarily a bad thing, except in your case.
Only receive E-mail in plain text, no html or live links.
I cant say what the best AV is, they all claim that title. I like free myself so I use free AV on my Windows machines.
Task manager is good if you become familiar with what runs normally. Then you might recognize a process that could be malware. Always keep your AV and anti-malware up to date. Keep Windows/Browsers and web applications like Java, and Adobe products up to date also.
Nobody else was browsing on your machine, the proxy was redirecting your own browsing to other sites.
I will be offline for 16 or so hours.
-
All good tips - thank you.
Any other suggestions for my machine that will give me the 'all clear?"
-
Your welcome.
You can delete the tdsskiller and aswmbr.exe icons from your desktop as well as the log. You can remove combofix like this:
Start>run and type in combofix /uninstall and click enter.
Note the space after the x and before the /
Last you can make a new restore point. The how and the why;
One of the features of Windows XP, Vista and Windows 7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.
(winXP)
1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot
If all is good on your end, some tips to help you remain malware free;
10 Tips for Prevention and Avoidance of Malware:
There is no reason why your computer can not stay malware free.
No software can think for you. Help yourself. In no special order:
1) It is essential to keep your operating system (Windows) browser (IE, FireFox, Chrome, Opera) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the Windows auto-update feature. Staying updated is also essential for web based applications, browser plugins and addons like Java, Adobe Flash/Reader, iTunes etc. More and more third party applications are being targeted. Use the auto-update features available in most software. Not sure if you are using the latest version of software? Check their version status and get the updates here.
2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this.
3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*.
4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem. Do you trust the source? See also E-mail phishing Tricks.
5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.
6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?
7) Consider the use of limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and Windows 7 attempts to address.
8) Install and understand the *limitations* of a software firewall.
9) The why and how for securing your browser for safer surfing.
10) Warez, cracks, keygens and p2p are very popular for carrying malware payloads. A file can be named anything, be nothing but malware or have malware bundled in it. Do you really trust the source of the file?
More info/tips with pictures, link below
Happy Safe Surfing.
Last edited by shelf life; 2013-01-10 at 02:34.
-
Hi -
I think I've made a mistake and want to get your take before proceeding with the System Restore.
I proceeded to uninstall combofix, and typed what you had listed, but as the uninstall proceeded, it began what seemed to be an installation and scan. I felt that I had entered in a typo, and cancelled the process - and then it said that the combofix was uninstalled. After this occurred, I feel like combofix was going to run a final scan prior to uninstalling, but I'm not sure.
Sorry about this. Thanks for the advice.
-
hi,
You did it right. It does look like a install. As long as you got the "combofix is uninstalled" type message it should be ok, and the combofix icon should now be gone from the desktop also. Happy safe surfing out there.
-
You have helped immensely. I do have a couple questions...
1. You asked me to download very specialized tools to capture and get rid of this malware problem. Should I check the computer with any of these tools regularly?
2. I think it was ComboFix that solved this issue - what did ComboFix actually find?
Thank you for your help.
-
Glad to help. In answer to your questions: TDSSkiller is for specific malware but its also pretty automated so anybody should be able to use it. ASWmbr is also for specific malware and semi automated so most people could probably use it without problems. Both these tools are updated frequently so always get the latest version before using.
Combofix can remove alot of malware but it sometimes requires use of scripts that one has to know how to use. Its not recommended to use it yourself. Its also updated frequently.
If I remember I think combofix removed some malicious .dll files.
Malwarebytes is a good antimalware tool. Remember the free version must be updated manually and a scan started manually. Always check for updates before using.
-
Very good - thank you again so much for your help.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
