MyTechSupport.ca :: Your Computer Technical Resource Headquarters! MyTechSupport.ca :: Your Computer Technical Resource Headquarters!
HOME FORUMS RESOURCES & TOOLS ARTICLES ONLINE STORE ABOUT US
Computer Support Forums arrow Internet & Network Support arrow Security & Viruses arrow Topic: It finally happened...now I need a hand
November 14, 2019, 11:51:31 AM
 

Home Forum Rules Help Search Mobile Version Login Register

Welcome, Guest. Please login or register.
Did you miss your activation email?
November 14, 2019, 11:51:31 AM

Login with username, password and session length
 Featured Sites:
News
Help us help you! Help us help you by helping out! The more people know about us, the more help will be available. Click here to find out how...
  0 Members and 1 Guest are viewing this topic.
Pages: [1] Go Down Print
Author Topic: It finally happened...now I need a hand  (Read 2691 times)
cast1010
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


Bookmark and Share

View Profile
« on: October 14, 2005, 04:04:02 AM »

PLEASE SUPPLY RELEVANT INFORMATION:
Operating System Version: Windows XP SP2
Problem Application Name & Version: Internet Explorer 6.0.2900 SP2
Problem Hardware Make & Model: none
Error Messages: bellow



Hi all, first timer here seeking for help.

Let me go straight to the point, a couple of weeks ago I noticed my IE acting funny, from time to time I'll have a pop up screen asking me to allow or not a cookie (even though IE was closed) I have my IE privacy settings IE on custom, that's why it always ask me if I want to save a cookie or not on a normal surfing routing. The same would happen from time to time with IE opened but not surfing, just reading some site...all of the sudden this pop up asking me to save a cookie again (for different sites everytime).

Also, lets say I have one IE window open and active, all of the sudden it will become inactive (you know, like what happens when you go to another application) the only thing is that it would do it by itself, there are no other applications running.

So, I ran a couple of online Antivirus scans (using Activescan by Panda software) and noticed I had some virus, trojans, spyware, all kind of things. Ran the usual Spybot, Ad-Aware, Microsoft Spyware beta...clean everything this programs told me to clean, but the problem was still there.

The following is the report from Activescan before running any antispyware software:

Incident                      Status                        Location                                                                                                                                                                                                                                                        

Possible Virus.               No disinfected                C:\WINDOWS\system32\gebcy.dll                                                                                                                                                                                                                                  
Spyware:spyware/virtumonde    No disinfected                Windows Registry                                                                                                                                                                                                                                                
Dialer:dialer.ags             No disinfected                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{018B7EC3-EECA-11D3-8E71-0000E82C6C0D}                                                                                                                                            
Dialer:dialer.adn             No disinfected                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{5F426A93-0821-47D2-A126-5A48A874B289}                                                                                                                                            
Adware:adware/delta           No disinfected                Windows Registry                                                                                                                                                                                                                                                
Dialer:dialer.yz              No disinfected                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{02C20140-76F8-4763-83D5-B660107B7A90}                                                                                                                                            
Dialer:dialer.yy              No disinfected                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{23273a1c-c870-43c4-a3e3-67dc98630ac6}                                                                                                                                            
Dialer:dialer.yx              No disinfected                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{6ed16eff-3b18-11d6-9139-00e02964e8e3}                                                                                                                                            
Dialer:dialer.yc              No disinfected                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{e8edb60c-951e-4130-93dc-faf1ad25f8e7}                                                                                                                                            
Adware:adware/powerstrip      No disinfected                Windows Registry                                                                                                                                                                                                                                                
Dialer:dialer.xs              No disinfected                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{ceb29da4-7afa-4f24-b3cd-17351d590df0}                                                                                                                                            
Spyware:spyware/whazit        No disinfected                Windows Registry                                                                                                                                                                                                                                                
Dialer:dialer.py              No disinfected                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{8522F9B3-38C5-4AA4-AE40-7401F1BBC851}                                                                                                                                            
Adware:adware/ieplugin        No disinfected                Windows Registry                                                                                                                                                                                                                                                
Dialer:dialer.b               No disinfected                HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\ActiveX Compatibility\{2c1651ef-8827-11d6-91a2-00e02964e8e3}                                                                                                                                            
Possible Virus.               No disinfected                C:\WINDOWS\system32\gebcy.dll                                                                                                                                                                                                                                  
Possible Virus.               No disinfected                C:\WINDOWS\system32\jkhfe.dll                                                                                                                                                                                                                                  
Possible Virus.               No disinfected                C:\WINDOWS\system32\jkhhi.dll                                                                                                                                                                                                                                  
Adware:Adware/StartPage.AIW   No disinfected                C:\WINDOWS\system32\jkkjj.dll                                                                                                                                                                                                                                  
Possible Virus.               No disinfected                C:\WINDOWS\system32\mljjh.dll                                                                                                                                                                                                                                  
Adware:Adware/StartPage.AIW   No disinfected                C:\WINDOWS\system32\mlljg.dll                                                                                                                                                                                                                                  
Adware:Adware/StartPage.AIW   No disinfected                C:\WINDOWS\system32\mllml.dll                                                                                                                                                                                                                                  
Hacktool:HackTool/SRunner.A   No disinfected                C:\WINDOWS\system32\service.exe                                                                                                                                                                                                                                
Virus:Bck/IRCFlood.I          Disinfected                   C:\WINDOWS\system32\setuphl.cmd                                                                                                                                                                                                                                
Possible Virus.               No disinfected                C:\WINDOWS\system32\sstqn.dll                                                                                                                                                                                                                                  
Adware:Adware/StartPage.AIW   No disinfected                C:\WINDOWS\system32\vturs.dll
 
                                                                                                                                                                                                                               
Yesterday, a friend told me to try XoftSpy, some sort of Antivirus and Antispyware program, I ran it and found some problems too, the program fixed them. But the problem on IE is still there, at this point though, I've only seen the "active to inactive" window issue mentioned earlier.

So I did some Activescan again today and this is the report I got:

Incident                      Status                        Location                                                                                                                                                                                                                                                        

Virus:Trj/Hooker.M            Disinfected                   C:\WINDOWS\system32\gebcy.dll                                                                                                                                                                                                                                  
Virus:Trj/Hooker.M            Disinfected                   C:\WINDOWS\system32\jkhfe.dll                                                                                                                                                                                                                                  
Virus:Trj/Hooker.M            Disinfected                   C:\WINDOWS\system32\jkhhi.dll                                                                                                                                                                                                                                  
Adware:Adware/StartPage.AIW   No disinfected                C:\WINDOWS\system32\jkkjj.dll                                                                                                                                                                                                                                  
Virus:Trj/Hooker.M            Disinfected                   C:\WINDOWS\system32\mljjh.dll                                                                                                                                                                                                                                  
Adware:Adware/StartPage.AIW   No disinfected                C:\WINDOWS\system32\mlljg.dll                                                                                                                                                                                                                                  
Adware:Adware/StartPage.AIW   No disinfected                C:\WINDOWS\system32\mllml.dll                                                                                                                                                                                                                                  
Virus:Trj/Vundo.B             Disinfected                   C:\WINDOWS\system32\ssqpm.dll                                                                                                                                                                                                                                  
Virus:Trj/Hooker.M            Disinfected                   C:\WINDOWS\system32\sstqn.dll                                                                                                                                                                                                                                  
Adware:Adware/StartPage.AIW   No disinfected                C:\WINDOWS\system32\vturs.dll  


Then, about 20 minutes ago I ran HijackThis and this is the report:

Logfile of HijackThis v1.99.1
Scan saved at 22:28:49, on 13-Oct-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis 1.99.1\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ssqpm.dll (file missing)
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-18.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab
O20 - Winlogon Notify: gebcy - gebcy.dll (file missing)
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Is there a friendly soul out there who can translate this report to English for me?
Am I still infected?
Are those BHO's out of commission or you think they'll come back?
What about those .dll files that Activescan couldn't disinfect?
Why am I still having the "active to inactive window" issue? That's not normal is it? It's not a big thing, but I just hate knowing there's some weird program doing who knows what on my computer.

Thanks in advance for any help, and apologies for such a long post.
Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #1 on: October 14, 2005, 06:38:35 AM »

You appear to be experiencing the onset of a Vundo infection.
Let's try a quicky fix first. If it works, we save ourselves some work.

Have HijackThis fix these entries:

O2 - BHO: (no name) - {00DBDAC8-4691-4797-8E6A-7C6AB89BC441} - C:\WINDOWS\system32\gebcy.dll (file missing)
O2 - BHO: MSEvents Object - {6DD0BC06-4719-4BA3-BEBC-FBAE6A448152} - C:\WINDOWS\system32\ssqpm.dll (file missing)
O20 - Winlogon Notify: gebcy - gebcy.dll (file missing)
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll (file missing)


Then rescan with HijackThis & verify if they're gone. If not, post the HijackThis log immeaditely.



If they're gone, go to Start > Run - type cmd <Press Enter>
type del C:\WINDOWS\system32\vturs.dll <Press Enter>
type exit <Press Enter>



Next, Go to Start> Run - type cleanmgr (this starts Windows DiskCleanup)
1. Select Drive C: & click the 'OK' button
2. Select the following options:
    Temporary Internet Files
     Recycle Bin
     Temporary Files
3. Click the 'OK' button


Post a new HJT when you have completed the above steps.


Logged

 
cast1010
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


Bookmark and Share

View Profile
« Reply #2 on: October 14, 2005, 10:53:04 PM »

Hi sUBs, thanks for the help.

Everything went OK, with the exception of deleting vturs.dll on the command prompt.

Trying to delete it from the prompt gives you a message that it can't find the file, I searched it from the prompt in the windows\system32 folder and it doesn't appear there. However, going to Windows Explorer and looking in the system32 folder I can see the file -faded a bit as on a system file- (I have show system files enabled in my settings). I didn't try to delete from there waiting for your instructions.

Here is the latest log from HJT:

Logfile of HijackThis v1.99.1
Scan saved at 17:44:25, on 14-Oct-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis 1.99.1\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe


Thanks again.
Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #3 on: October 14, 2005, 11:18:07 PM »

Do this..

Go to Start > Run - type cmd <Press Enter>
type attrib -h -r -s -a C:\WINDOWS\system32\vturs.dll <Press Enter>
type del C:\WINDOWS\system32\vturs.dll <Press Enter>
type exit <Press Enter>

Let me know how that went
Logged

 
cast1010
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


Bookmark and Share

View Profile
« Reply #4 on: October 14, 2005, 11:34:51 PM »

That did the trick, it's gone.

Do you need a new HJT log?

Where should I pay? Grin
Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #5 on: October 14, 2005, 11:39:07 PM »

quote:
Where should I pay? Grin
Pick your favourite charity..LOL

Please post a new HJT log
Logged

 
cast1010
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


Bookmark and Share

View Profile
« Reply #6 on: October 14, 2005, 11:57:53 PM »

It's friday night, so my local beer store will get the prize LOL

Here's the latest HJT log: You will notice some new entries, I'm in the process of adding some tools to improve security while surfing the net (following a couple of guides recommended in previous post on this forum).


Logfile of HijackThis v1.99.1
Scan saved at 18:46:10, on 14-Oct-05
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HijackThis 1.99.1\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: &Copy Location - C:\WINDOWS\WEB\graburl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to R&estricted Zone - {B06300D0-CCDE-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: (no name) - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra 'Tools' menuitem: Add to Tr&usted Zone - {BF80219A-CCDD-11d2-92D3-0000F87A4A55} - C:\WINDOWS\system32\webzone.dll
O9 - Extra button: Offline - {FC09D8A3-C85A-11d2-92D0-0000F87A4A55} - C:\WINDOWS\system32\oline.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {556EEC63-31E2-47C3-BF29-DFF799D2FE04} (Remote Access ActiveX Client) - https://secure.logmein.com/activex/RACtrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe



One more time...thank you.
Logged

 
sUBs
Global Moderator
Hero Member
*****

Karma: +0/-0
Offline Offline

Posts: 278


Bookmark and Share

View Profile
« Reply #7 on: October 15, 2005, 12:03:21 AM »

Your system is clean  

Now that your system is clean, please follow these simple steps in order to keep your computer clean and secure:
  1. Clear & reset System Restore's cache

    1. click Start >> Run - type SYSDM.CPL & press Enter
    2. Select the System Restore Tab
    3. Tick on the checkbox - Turn off System Restore on all drives
    4. Click Apply
    5. Then untick the same checkbox & click OK  


  2. DISABLE THE VIEWING OF SYSTEM FILES

  3. From Windows Explorer, go to Tools>Folder Options> View tab.
    • Enable - Show hidden files and folder
    • Disable - Hide file extensions for known types
    • Disable - Hide protected operating system files
    Click Yes to confirm & then click OK

  4. Make your Internet Explorer more secure -  This can be done by following these simple instructions:

    1. From within Internet Explorer click on the Tools menu and then click on Options.
    2. Click once on the Security tab
    3. Click once on the Internet icon so it becomes highlighted.
    4. Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
        Change the Download unsigned ActiveX controls to Disable
        Change the Initialize and script ActiveX controls not marked as safe to Disable
        Change the Installation of desktop items to Prompt
        Change the Launching programs and files in an IFRAME to Prompt
        Change the Navigate sub-frames across different domains to Prompt
    5. When all these settings have been made, click on the OK button.
    6. If it prompts you as to whether or not you want to save the settings, press the Yes button.
    7. Next press the Apply button and then the OK to exit the Internet Properties page.


  5. Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine.  This alone can save you a lot of trouble with malware in the future.

    See this link for a listing of some online & their stand-alone antivirus programs:
    Virus, Spyware, and Malware Protection and Removal Resources


  6. Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish).  If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.


  7. Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.  Without a firewall your computer is succeptible to being hacked and taken over.  I am very serious about this and see it happen almost every day with my clients.  Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:
    Understanding and Using Firewalls


  8. Visit Microsoft's Windows Update Site Frequently - It is important that you visit windowsupdate.com regularly.  This will ensure your computer has always the latest security updates available installed on your computer.  If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


  9. Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.  This will provide realtime spyware & hijacker protection on your computer alongside your virus protection.  You should also scan your computer with program on a regular basis just as you would an antivirus software.

    A tutorial on installing & using this product can be found here:
    Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers


  10. Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:
    Using Ad-aware to remove Spyware, Malware,  & Hijackers from Your Computer

  11. Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:
    Using SpywareBlaster to protect your computer from Spyware and Malware


  12. Update all these programs regularly - Make sure you update all the programs I have listed regularly.  Without regular updates you WILL NOT be protected when new malicious programs are released.


  13. Winpatrol -  Download and install the free version of Winpatrol.

    A tutorial for this product is located here  Using Winpatrol to protect your computer from malicious software


  14. IE/Spyad - IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system.  It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.


  15. MVPS Hosts file - The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc.  Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer


  16. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program!  (AOL, Yahoo, ICQ, IRC, MSN)


  17. Weather Watcher - Free taskbar weather program that is free, malware free, and resource light.


  18. Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.


  19. Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.


  20. Google Toolbar - Get the free google toolbar to help stop pop up windows.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

Follow this list and your potential for being infected again will reduce dramatically. Your system will be optimised against future threats.

It's okay to delete the Hijack This folder in a couple weeks if everything is working okay.
Have a safe & happy computing day.  

Please respond to this thread one more time so we can mark this thread as resolved.
Logged

 
cast1010
Newbie
*

Karma: +0/-0
Offline Offline

Posts: 5


Bookmark and Share

View Profile
« Reply #8 on: October 15, 2005, 12:12:25 AM »

Already started to work on that guide, will follow it to the T.

I don't know how often you get this but what you guys are doing deserves some serious recognition, personally I'll promote your site as much as I can.

Again, thank you so much, it's very appreciate it.

PS: I might be comming back for some help (I'll open a new thread if necessary), this time I'll check my laptop, eventhough it doesn't show any problems like the desktop we just fixed, I'll run a couple of programs to see how it is...of course I'll follow the guide to protect that computer as well.
Logged

 
Pages: [1] Go Up Print 
 
Jump to:  

Powered by MySQL Powered by PHP

Powered by SMF 1.1.21 | SMF © 2015, Simple Machines

Valid XHTML 1.0! Valid CSS!

Disclaimer
This site is NOT responsible for any damage that the information on this site may cause to your system. Everything you try, whether inspired by the response given from this site or not, is entirely at your own risk. All product names and company names used herein are for identification purpose only and may be trademarks or registered trademarks of their respective owners. We are in no way affiliated or representing any of the companies on this site unless specified.
Back to Top
Stop Spam Harvesters, Join Project Honey Pot Fight Back Against Spammers! Get Firefox! Get Thunderbird! View Sylvain Amyots profile on LinkedIn
Back to Top
Google visited last this page June 17, 2017, 09:25:01 AM