SHeur3.NZQ

Status
Not open for further replies.
One other thing. When you had me uninstall Norton yesterday (which I thought it was), I got a warning that I didn't have a firewall. So for the time being I enabled the Windows firewall. Once we have this cleared up, I'd appreciate any suggestions you have on an anti-virus/firewall programs, free or not. I don't want to go through this again, lol!! Also, I'm sure you will let me know, but do I need to turn system restore back on? My apologies if I am jumping the gun.
 
Are you still having issues with AVG? If so you may need to re-install it.

You have the latest version of Java installed, Java(TM) 6 Update 19, but you also have several old installs that should be removed. You can remove them with Add or Remove Programs in Control Panel.

You should also update your Adobe Reader.

http://www.adobe.com/support/downloads/product.jsp?platform=windows&product=10

++++++++++++++++++

In addition to updating and using what you currently have you may want to consider the following:

Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some free and evalutation versions that provide
better security than the Windows Firewall.For a tutorial on Firewalls and a listing of some other available ones see the link below:
Understanding and Using Firewalls

Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Install Winpatrol -
Use Winpatrol to take control of your PC and provide another layer of security.
Help file and tutorial can be found Here

Block unwanted parasites with a custom hosts file -
http://www.mvps.org/winhelp2002/hosts.htm

Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly or set your computer to receive automatic updates. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Update all of your Anti-Malware programs regularly - Make sure you update all the programs I have listed and the ones you are currently running regularly. Without regular updates you Will Not be protected when new malicious programs are released.

Keep your applications up to date -
Use Secunia Personal Software Inspector to help stay on top of application updates that could leave your PC vulnerable to attack.

I'll leave the thread open a few days in case you have questions or issues.

Regards,
Dave
 
Uninstalling combofix should have cleared out old restore points and set a fresh one. Let me know if not.
 
I went to see if it had indeed cleared all the restore points, and it said system restore had been turned off. It asked if I wanted to turn it back on. Waitng for your go-ahead, I said no. Also, once I follow your instructions in your last post, does that mean I should be good to go?

Lastly, I can not thank you enough. How does one go about making a donation to your site?
 
Morpheus1967 said:
I went to see if it had indeed cleared all the restore points, and it said system restore had been turned off. It asked if I wanted to turn it back on. Waitng for your go-ahead, I said no. Also, once I follow your instructions in your last post, does that mean I should be good to go?

Lastly, I can not thank you enough. How does one go about making a donation to your site?
Click to expand...
Had you rebooted since removing combofix? If not do so and see if SR comes back on, it should. If it doesn't then yes, turn it on by all means.

Donations can be made using the link below.

http://www.safer-networking.org/en/donate/index.html

Take care and you are very welcome,
Dave
 
One last thing, lol. Is there good software you recommend, in addition to WinPatrol and Spyware Blaster, that would serve as my anti-virus and firewall? I don't care if it's free or not, I just want excellent protection without being a resource hog. Also, with the exception of Malware Bytes, can I remove the other programs you had me download? OTL, Security Check and HiJackThis?
 
Forgot we ran OTL again and didn't have you run the cleanup. You can run it one more time and click on the Cleanup button. That should remove most of what we used if not all. And I would recommend keeping MBAM for occasional scans.

As far as security goes, we typically only recommend free utilities in the forums, but there are also many solid paid versions. It's not that one is better than the other really, it's just the paid versions offer more of a "one-stop-shop" where everything is in one. For paid, the Kaspersky products are my tool of choice. For free, my favorite AV is Avira.

There is no guaranteed solution out there. But using a layered security approach, avoiding risky online behavior, along with keeping everything up to date will go a long way toward staying clean.

Good luck
 
Dave-
After your last post two days ago, I downloaded Spyware Blaster, WinPatrol, and the trial, but fully functional, Kaspersky Internet Security 2010. I ran a scan just for peace of mind, and didn't think much more of it. But when I checked the log today, I found it had quarantined the following:

virus Heur: Trojan-Downloader.Win.32.Generic. This was found in the following two places:

C:\My Download Files\Folder\New\employment.exe (I can not find this file on my computer.)

C:\System Volume Information\_restore-{F2681A7D-91EM-401A-AC8B-015335799DC0}-\RP6A0000265.exe (This has been quarantined twice, once on the fourth and yesterday).

Can you tell me if I need to do anything? I am not posting any logs as I do not know what you will need.

Matt
 
C:\My Download Files\Folder\New\employment.exe (I can not find this file on my computer.)
Click to expand...
Was probably quarantined by Kaspersky, so it should be gone. Definitely looks suspicious. Looks like a possible downloader.

C:\System Volume Information\_restore-{F2681A7D-91EM-401A-AC8B-015335799DC0}-\RP6A0000265.exe (This has been quarantined twice, once on the fourth and yesterday).
Click to expand...
That's your restore points. They should have been cleaned out earlier when you uninstalled combofix. Not sure why they weren't. Can't really do any damage from there unless you restore to it, but it should be cleaned out. Sometimes the security products struggle to remove issues from there. Try resetting system restore again.

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which may be infected anyway).

Click Start>Help and Support>Undo changes to your computer with System Restore
Select Create A Restore Point then click Next. Give it a name it and then click Create

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.
 
I reset the system restore. However, when I do Start>Help I get an Hewlett Packard help screen. It does have a support button, but no Undo? Am I doing something wrong? I didn't go any further with your instructions. Thanks.
 
Morpheus1967 said:
I reset the system restore. However, when I do Start>Help I get an Hewlett Packard help screen. It does have a support button, but no Undo? Am I doing something wrong? I didn't go any further with your instructions. Thanks.
Click to expand...

Here's another way to do it....

Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected anyway)

1. Turn Off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.
2. Turn On System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
 
And then do this?

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

Should I scan with Kaspersky after that? Sorry for all the questions, I've just never had to deal with anything like this in the 25 years I've had a computer :laugh:
 
Morpheus1967 said:
And then do this?

Click Start>Run and type Cleanmgr
Click the More Options Tab.
Click Clean Up in the System Restore section.

Should I scan with Kaspersky after that? Sorry for all the questions, I've just never had to deal with anything like this in the 25 years I've had a computer :laugh:
Click to expand...
Shouldn't need to do the Cleanmgr steps.

Yes, I would definitely suggest running Kaspersky again. You should be running it on a regular schedule anyway. No need to be sorry , that's what we're here for. ;)
 
Thanks again. Will run Kaspersky and report back tomorrow if anything pops up (it takes a few hours for a full scan). If I don't post tomorrow, please go ahead and close this thread. Thanks so much.
 
Status
Not open for further replies.
Back
Top