Something Blocking/killing Spybot, and others
- Thread starter Redfefnir
- Start date
Alright, fired Spybot up and ran it, Win32.PornPopUp was found, 2 tracking cookies in firefox. Don't know if theres a way to post a report, but thats what it was.
Anything else you need me to run? And also, should I be worried about passwords being protected, and should I re-password everything on a seperate, uninfected computer.
Thanks
Anything else you need me to run? And also, should I be worried about passwords being protected, and should I re-password everything on a seperate, uninfected computer.
Thanks
Hi,
I wouldn't worry about those tracking cookies. However, you can reduce cookie amounts for example by installing hosts file (instructions below). Changing passwords occasionally would be recommended.
Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
Please download OTC and save it to desktop.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade
I wouldn't worry about those tracking cookies. However, you can reduce cookie amounts for example by installing hosts file (instructions below). Changing passwords occasionally would be recommended.
Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.
THESE STEPS ARE VERY IMPORTANT
Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
2. Reboot.
3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis
Now lets uninstall ComboFix:
- Click START then RUN
- Now copy-paste Combofix /uninstall in the runbox and click OK
Please download OTC and save it to desktop.
- Double-click OTC.exe.
- Click the CleanUp! button.
- Select Yes when the
Begin cleanup Process?
prompt appears. - If you are prompted to Reboot during the cleanup, select Yes.
- The tool will delete itself once it finishes, if not delete it by yourself.
Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.
UPDATING WINDOWS AND INTERNET EXPLORER
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.
If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.
Make your Internet Explorer more secure
This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
- hosts file:
- Every version of windows has a hosts file as part of them.
- In a very basic sense, they are used to locate webpages.
- We can customize a hosts file so that it blocks certain webpages.
- However, it can slow down certain computers.
- This is why using a hosts file is optional!!
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:- [*]Click the start button (at the lower left hand corner of your screen) [*]Click run [*]In the dialog box, type services.msc [*]hit enter, then locate dns client [*]Highlight it, then double-click it. [*]On the dropdown box, change the setting from automatic to manual. [*]Click ok
- Download and run Secunia Personal Software Inspector (PSI) and fix its findings.
Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Once again, please post and tell me how things are going with your system... problems etc.
Have a great day,
Blade
Blade,
When I turned off my System Restore, Comodo shot up with a virus alert.
-Location
C:\System Volume Information\_restore{121510F7-0a63-4ff1-9220-0466527DAD05}\RP13\A0002631.exe
-Malware name
ApplicUnsaf.Win32.hide.~AB@5325787
There are two entries, one for Detect, and one for Quarantine.
System Restore is now off, and such.
Also, Comodo is still not updating. Is there a way I can uninstall it and reinstall a fresh, more recent copy? Or manually update it? Since the updater isn't updating Comodo at all and I feel the actual program is out of date. Granted it just detected a virus, and quarantined it for me. Which is awesome, but it needs to be updating and such.
Spybot is running and updating fine, though, still. Do you need another DDS report?
When I turned off my System Restore, Comodo shot up with a virus alert.
-Location
C:\System Volume Information\_restore{121510F7-0a63-4ff1-9220-0466527DAD05}\RP13\A0002631.exe
-Malware name
ApplicUnsaf.Win32.hide.~AB@5325787
There are two entries, one for Detect, and one for Quarantine.
System Restore is now off, and such.
Also, Comodo is still not updating. Is there a way I can uninstall it and reinstall a fresh, more recent copy? Or manually update it? Since the updater isn't updating Comodo at all and I feel the actual program is out of date. Granted it just detected a virus, and quarantined it for me. Which is awesome, but it needs to be updating and such.
Spybot is running and updating fine, though, still. Do you need another DDS report?
Blade,
Thanks for all your help with the virus removal. I tried re-installing Comodo, but with no success. The program isn't listed in my Add/Remove programs, and I've spent a lot of time trying to get it off so I can reinstall a newer version of it.
Everything listed for how to remove it hasn't helped either, trying to re-install it does nothing. Doesn't even notify that it's already been installed like normal.
Thanks for all your help with the virus removal. I tried re-installing Comodo, but with no success. The program isn't listed in my Add/Remove programs, and I've spent a lot of time trying to get it off so I can reinstall a newer version of it.
Everything listed for how to remove it hasn't helped either, trying to re-install it does nothing. Doesn't even notify that it's already been installed like normal.
Well. I did as you asked, and got Comodo to update, once. I got all happy and stuff, and my computer needed to be rebooted, so, after reboot, the virus signature thing was dated as 'August 1st 2010' and I was like 'Alright! Finally!'
Then it went back to 'January 2nd 2010'
And when I try to update it I get
"Error 113: Update could not be completed. Seems Internet connection lost halfway during update download. Please check you Internet connection and retry."
So yeah. Still nothing.
Also, should Svchost.exe be connecting to anything, internet wise? It keeps making a UDP Out connection. with data going in and out. I'm sure it's normal. I'm not trying to be paranoid, but there is a normal svchost.exe also listed with a TCP connection, seperate from the first svchost.exe.
Probably nothing wrong, but still. Just wanted to make 100%.
-Thanks
Then it went back to 'January 2nd 2010'
And when I try to update it I get
"Error 113: Update could not be completed. Seems Internet connection lost halfway during update download. Please check you Internet connection and retry."
So yeah. Still nothing.
Also, should Svchost.exe be connecting to anything, internet wise? It keeps making a UDP Out connection. with data going in and out. I'm sure it's normal. I'm not trying to be paranoid, but there is a normal svchost.exe also listed with a TCP connection, seperate from the first svchost.exe.
Probably nothing wrong, but still. Just wanted to make 100%.
-Thanks
Hi,
Please try to drag'n'drop comodo folder on inherit file again. Are you able to reinstall Comodo after that? If any other program is acting like Comodo you have to drag 'n' drop its folder on inherit file in the same way.
Processes have different dll files and handles loaded and opened under them. If you suspect some svchost.exe process instance you get more information with Process Explorer.
Please try to drag'n'drop comodo folder on inherit file again. Are you able to reinstall Comodo after that? If any other program is acting like Comodo you have to drag 'n' drop its folder on inherit file in the same way.
Processes have different dll files and handles loaded and opened under them. If you suspect some svchost.exe process instance you get more information with Process Explorer.
Due to inactivity, this thread will now be closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.