Possible Trojan ?

Hi Shaba, and all the best to you for the new year . I have emptied Opera's cashe ( my version 9,63 and is slightly different
but end result the same ..Tools ...Preferences ...Advanced .... History there are two options .. Disk cashe and Memory cashe I emptied both, there is also a check box ...Empty on Exit which I ticked ) Closed Opera re-booted pc and ran Kaspersky and they are still there !

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, January 1, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, January 01, 2010 16:30:05
Records in database: 3404718
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - Folder:
C:\Documents and Settings

Scan statistics:
Objects scanned: 39769
Threats found: 3
Infected objects found: 3
Suspicious objects found: 3
Scan duration: 00:19:11


File name / Threat / Threats count
C:\Documents and Settings\admin\Local Settings\Application Data\Identities\{FE1358E3-7514-4ABB-A5D1-A2AD4589CEEC}\Microsoft\Outlook Express\Sent Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Opera\OPERA\profile\cache4\opr0EHWL Infected: Trojan.JS.Agent.axf 1
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Opera\OPERA\profile\cache4\opr0EHXF Infected: Trojan-Downloader.Java.Agent.ah 2

Selected area has been scanned.
 
So let's do this:

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: 
    File::
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Opera\OPERA\profile\cache4\opr0EHWL 
C:\Documents and Settings\HelpAssistant\Local Settings\Application Data\Opera\OPERA\profile\cache4\opr0EHXF
  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    CFScriptB-4.gif

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
 
Hi Shaba, thanks


ComboFix 09-12-26.04 - admin 02/01/2010 14:12:31.5.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2047.1571 [GMT 0:00]
Running from: c:\documents and settings\admin\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\admin\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\documents and settings\HelpAssistant\Local Settings\Application Data\Opera\OPERA\profile\cache4\opr0EHWL"
"c:\documents and settings\HelpAssistant\Local Settings\Application Data\Opera\OPERA\profile\cache4\opr0EHXF"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\HelpAssistant\Local Settings\Application Data\Opera\OPERA\profile\cache4\opr0EHWL
c:\documents and settings\HelpAssistant\Local Settings\Application Data\Opera\OPERA\profile\cache4\opr0EHXF

.
((((((((((((((((((((((((( Files Created from 2009-12-02 to 2010-01-02 )))))))))))))))))))))))))))))))
.

2009-12-28 13:38 . 2009-12-29 09:43 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-12-28 13:38 . 2009-03-30 09:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-12-28 13:38 . 2009-02-13 11:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-12-28 13:38 . 2009-02-13 11:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-12-28 13:38 . 2009-12-28 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-12-28 13:32 . 2009-12-28 13:38 -------- d-----w- c:\program files\Avira

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-02 10:36 . 2007-08-08 10:28 384 ----a-w- c:\windows\system32\DVCStateBkp-{00000003-00000000-0000000D-00001102-00000004-20011102}.dat
2010-01-02 10:36 . 2007-08-08 10:28 384 ----a-w- c:\windows\system32\DVCState-{00000003-00000000-0000000D-00001102-00000004-20011102}.dat
2009-12-29 14:14 . 2007-09-23 14:36 -------- d-----w- c:\documents and settings\admin\Application Data\wsInspector
2009-12-28 13:05 . 2007-09-23 13:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-12-22 17:03 . 2008-07-10 09:31 -------- d-----w- c:\program files\ESET
2009-12-21 09:56 . 2008-06-10 15:43 -------- d-----w- c:\documents and settings\admin\Application Data\Vso
2009-12-20 10:49 . 2007-08-08 10:18 -------- d-----w- c:\program files\Creative
2009-12-18 17:46 . 2009-01-17 11:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-18 17:46 . 2009-04-04 10:10 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 16:14 . 2009-01-17 11:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 16:13 . 2009-01-17 11:13 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-21 15:51 . 2004-08-04 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-10-29 05:38 . 2004-08-04 12:00 667136 ------w- c:\windows\system32\wininet.dll
2009-10-21 05:38 . 2004-08-04 12:00 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38 . 2004-08-04 12:00 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20 . 2004-08-04 12:00 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:30 . 2004-08-04 12:00 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38 . 2004-08-04 12:00 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38 . 2004-08-04 12:00 79872 ----a-w- c:\windows\system32\raschap.dll
2009-01-10 11:19 . 2009-01-10 11:18 15083520 ----a-w- c:\program files\spybotsd160.exe
2007-08-24 16:17 . 2007-08-24 16:17 1164456 ----a-w- c:\program files\install_flash_player.exe
2007-12-10 09:16 . 2007-12-10 09:16 848 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-12-27_12.14.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-07 02:19 . 2007-11-07 02:19 54272 c:\windows\WinSxS\x86_Microsoft.VC90.OpenMP_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_ecc42bd1\vcomp90.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 62976 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90rus.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 46080 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90kor.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 46592 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90jpn.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 64512 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90ita.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 66048 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90fra.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esp.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 65024 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90esn.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 56832 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90enu.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 66560 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90deu.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 39936 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90cht.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 38912 c:\windows\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_b0db7d03\mfc90chs.dll
+ 2008-07-29 06:07 . 2008-07-29 06:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90u.dll
+ 2008-07-29 06:07 . 2008-07-29 06:07 59904 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfcm90.dll
+ 2010-01-02 12:07 . 2010-01-02 12:07 16384 c:\windows\Temp\Perflib_Perfdata_7d0.dat
+ 2010-01-02 12:07 . 2010-01-02 12:07 16384 c:\windows\Temp\Perflib_Perfdata_7a8.dat
+ 2010-01-02 12:07 . 2010-01-02 12:07 16384 c:\windows\Temp\Perflib_Perfdata_6a4.dat
- 2004-08-04 12:00 . 2009-12-10 08:28 71962 c:\windows\system32\perfc009.dat
+ 2004-08-04 12:00 . 2009-12-28 09:39 71962 c:\windows\system32\perfc009.dat
+ 2009-12-28 13:38 . 2009-05-11 09:12 28520 c:\windows\system32\drivers\ssmdrv.sys
+ 2008-07-29 08:05 . 2008-07-29 08:05 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcr90.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 572928 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcp90.dll
+ 2008-07-29 03:54 . 2008-07-29 03:54 225280 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_6f74963e\msvcm90.dll
+ 2009-07-12 00:02 . 2009-07-12 00:02 159032 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.4148_x-ww_353599c2\atl90.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 161784 c:\windows\WinSxS\x86_Microsoft.VC90.ATL_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_d01483b2\atl90.dll
+ 2004-08-04 12:00 . 2009-12-28 09:39 443896 c:\windows\system32\perfh009.dat
- 2004-08-04 12:00 . 2009-12-10 08:28 443896 c:\windows\system32\perfh009.dat
+ 2009-12-28 13:34 . 2009-12-28 13:34 228352 c:\windows\Installer\aa52d.msi
+ 2009-12-29 14:07 . 2009-12-29 14:07 195584 c:\windows\Installer\12d7953.msi
+ 2008-07-29 08:05 . 2008-07-29 08:05 3783672 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90u.dll
+ 2008-07-29 08:05 . 2008-07-29 08:05 3768312 c:\windows\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.1_x-ww_405b0943\mfc90.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@="{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}"
[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2007-12-02 16:05 348160 ----a-w- f:\power suit\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@="{8A814C29-D3CD-4F9E-9770-DF8704503ACA}"
[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2007-12-02 16:05 348160 ----a-w- f:\power suit\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectShellExtension.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ptipbmf"="ptipbmf.dll" [2003-06-20 118784]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\lxcfcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Symantec\\LiveUpdate\\AluSchedulerSvc.exe"=
"c:\\Program Files\\Analog Devices\\SoundMAX\\SMAgent.exe"=
"c:\\WINDOWS\\system32\\ati2evxx.exe"=
"c:\\WINDOWS\\system32\\dllhost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"65533:TCP"= 65533:TCP:Services
"52344:TCP"= 52344:TCP:Services
"3246:TCP"= 3246:TCP:Services
"2479:TCP"= 2479:TCP:Services
"3389:TCP"= 3389:TCP:Remote Desktop
"2818:TCP"= 2818:TCP:Services
"8645:TCP"= 8645:TCP:Services

R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [09/09/2008 07:27 28544]
R1 FolderProtectDriver;FolderProtectDriver;f:\power suit\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectDriver.sys [04/04/2008 08:23 15616]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [28/12/2009 13:38 108289]
R2 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [04/08/2004 12:00 5120]
R3 SymSnapService;SymSnapService;c:\program files\Norton Ghost\Shared\Drivers\SymSnapService.exe [20/12/2007 16:13 1553896]
S2 FolderProtectService;FolderProtectService;f:\power suit\Spotmau WinCare 2008\sub\FSDRIVER\FolderProtectService.exe [04/04/2008 08:23 10240]
S3 4dfa7b48ee276595;4dfa7b48ee276595;C:\4dfa7b48ee276595.dat [31/05/2000 15:19 4576]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [05/04/2008 09:45 715248]
.
------- Supplementary Scan -------
.
uStart Page =
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
FF - ProfilePath - c:\documents and settings\admin\Application Data\Mozilla\Firefox\Profiles\h5k73k4j.default\
FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/
FF - component: f:\fire fox\components\xpinstal.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-02 14:17
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\4dfa7b48ee276595]
"ImagePath"="\??\C:\4dfa7b48ee276595.dat"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-343818398-1454471165-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-343818398-1454471165-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{4D122310-A357-B2A5-17E7-DD7C2100E56B}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-343818398-1454471165-682003330-1004\Software\Policies\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (S-1-5-21-343818398-1454471165-682003330-1004)
@Allowed: (Read) (S-1-5-21-343818398-1454471165-682003330-1004)
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-343818398-1454471165-682003330-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:3a,4f,07,a2,42,66,58,70,e8,74,b7,a3,0b,b2,65,1a,a8,60,16,1d,69,4d,c9,
87,fb,8d,45,a0,c8,6d,e3,5b,75,04,da,3b,27,3a,be,90,f1,9f,52,3f,8e,eb,cc,fc,\
"??"=hex:db,f4,c1,c3,71,77,a4,14,cb,bd,17,2a,7a,20,db,54
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-02 14:19:48
ComboFix-quarantined-files.txt 2010-01-02 14:19
ComboFix2.txt 2009-12-27 12:17

Pre-Run: 25,117,540,352 bytes free
Post-Run: 25,184,165,888 bytes free

- - End Of File - - D9B12D01AA68640E7EA6FC51D2093900
 
Good :)

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) Comodo (Uncheck during installation "Install COMODO Antivirus (Recommended)"!, "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage")
2) Online Armor
3) PC Tools
4) Sunbelt/Kerio
5) ZoneAlarm (uncheck ZoneAlarm Spy Blocker during installation if you choose this one)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

Now lets uninstall ComboFix:

  • Click START then RUN
  • Now type ComboFix /Uninstall in the runbox and click OK

Next we remove all used tools.

Please download OTCleanIt and save it to desktop.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.

  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and re-enable system restore here:

    Windows XP System Restore Guide

Re-enable system restore with instructions from tutorial above

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.

  • Update your AntiVirus Software and keep your other programs up-to-date
    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
    You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Malwarebytes' Anti-Malware - Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. Tutorial on installing & using this product can be found below:

    Malwarebytes' Anti-Malware Setup Guide

    Malwarebytes' Anti-Malware Scanning Guide

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety


Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean! :bigthumb:
 
You must log in or register to reply here.
Back
Top