I'm not computer savvy and have just had my computer "fixed" at the computer shop to remove trojans/virus/spyware which Norton Anti-virus let through. Norton has been removed and I now have

AVG 7.5
AVG Anti-Spyware
Ad-aware SE
ZoneAlarm
Spybot 1.4

I don't know how often to run these programs and if I can run several at once to save time. So far I've been running them one at a time (very time consuming) every day - I'm a bit paranoid at the moment.

The computer technician also installed these programs and I don't know if it is useful to run some of them on a regular basis too or wait until I get a problem.

GWShredder
CleanUp!
RegCure
FxVMond.exe
drweb.cure
VundoFix V6.5.1
SmitfraudFix Tools
HijackThis 1.99.1

Any advice or suggestions gratefully received.

-Zone Alarm Firewall should be run every time you connect to the internet. (or just let it startup with the computer so you dont have to worry about it)
-AVG AV - Let it start up with your computer. Then set updates for some time when you know your computer will be on. Then set the automatic scanning feature for some time when you know the PC will be on and you won't be using it (say, dinner time)
-AVG AS - same thing as the AV but if you use the free version you will have to update and run the scan manually since the automation is only available for the paid version.
- Spybot -once a week update and scan

-AdAware SE and the others I havent used or used recently so i dont know

I always have my firewall and anti-virus launched on boot. Once a week, I make sure everything is updated, and run my A-V and then, sequentially, each anti-spyware application in safe mode. This improves the speed of the tests and reduces the places malware can "hide." Never run any of these applications concurrently, as they may interfere with one another, or find the other's "definition" files and report those as infections.

Certainly, having several anti-spyware applications is a good idea, since every company has a slightly different set of criteria for what its application looks for. Ad-Aware SE and AVG AS are both very good products.

The best protection, however, is a knowing and cautious user, since a vast majority of malware of all sorts is installed unknowingly by the user.

You may wish to run some of these applications more often, however.
Regards,
John

It sounds as though you're scanning with all of them every day, one after another - is that right? Well, certainly DON'T have more than one scanning at any one time (that's a bad idea, as someone else has pointed out) but you really don't need to scan with all of them every day unless you're doing some very risky browsing and/or file sharing. I run a 'quick' or 'smart' scan with a different antispyware program just once, every day, and a 'complete' antivirus/antispyware scan once a week. Using this routine I have never been infected by anything so far (but I browse carefully, also).

Looking at your list, I don't see any 'real-time' antispyware protection, unless you're using Spybot's 'Teatimer'. (Are you?) This would be a real help to you, because (like your antivirus, which runs in the background) it would help to prevent any malware getting installed in the first place. I've never used Spybot's Teatimer myself, but I do use Windows Defender, which is also free, and which offers real-time protection.

Additional protective measures that are well worth doing with Spybot if you haven't already:
DO use Spybot's Immunisation feature.
And DO use Spybot's hosts file, which will help to protect you from being diverted to malicious websites (switch to advanced mode and select tools -> hosts file, and click 'add Spybot's hosts file').

Consider adding the excellent Superantispyware to your scanners (it's also free), and don't be paranoid. Just be careful.

Thanks everyone for all your help.

I installed the ZoneAlarm myself (on recommendation of these forums) and it runs when the computer starts up.

AVG Anti-virus also runs on start up and the AVG anti-spyware I run manually (its the free version).

The Spybot was installed by the technician and sits on the desktop. I was wondering whether I should have this at computer start up also but was worried that it wouldn't work well with the AVG programs ??

Yes I did try to run a couple of programs at once. I've only just worked out how to get the computer in Safe Mode so I will use that to do the full scans one at a time from now on.

Unfortunately I don't know much about safe browsing on the internet. Family members play games and I suspect it was visits to these sites together with Limewire that started our problems.

Alice, it's much better to stop the malware getting onto your computer in the first place, than to detect and try to remove it afterwards (as you've discovered, sadly). In view of what you say here, I think certain things are essential priorities for you:


1. Your AVG will look after the antivirus department, but it bothers me that you appear to have no real-time antispyware protection that will alert you if spyware tries to install itself. To have only scanners is a significant weakness in your armour. Windows Defender is not the best antispyware solution in the world, but it DOES offer real-time protection, and it's relatively light in its use of your system's resources, and it's free. And you can get it here:
http://www.microsoft.com/athome/security/s...re/default.mspx
(If you're willing to pay, AVG Antimalware is worth considering. It doesn't cost much, it covers both antivirus and antispyware scanning, and it offers real-time protection for both as an integrated solution.)

2. In view of what you say about browsing habits, my earlier comments about using additional browser protection are even more important. You don't say whether you've used Spybot's Immunise feature. Please do use it, and re-immunise whenever you update the program. Also, please do use the Spybot hosts file as I explained above. These aren't infallible precautions, but they will reduce the browsing risk.

3. You can get additional protection for your browsing by installing Spywareblaster (also free). This will significantly extend the protection already provided by Spybot's Immunise feature, and in a similar kind of way. You can get it here:
http://www.javacoolsoftware.com/spywareblaster.html

4. McAfee Site advisor will alert you when you use a search engine if any of the sites found in your search are 'risky'. Sounds to me as if this would really help you? You can get it here:
http://www.siteadvisor.com/



Basically, the aim of the exercise is to shore up your defences so that you don't actually need to spend great quantities of time scanning your computer!

Thanks once again for your help and all the links too.



It seems to me that buying a program might be the best way for me to get a reasonable level of protection whilst I build my computing skills and knowledge. When I bought the Norton Anti-virus program I didn't use any other programs at all for protection and I now understand that is an important part of safe computer operation.

The AVG (free version) was installed by a technician when the Norton failed. I would probably chose to purchase their product because I now have a little bit of experience finding my way around their program. AVG have
AVG Internet Security ($69.95 for 2 years) and
AVG Anti-virus Professional Edition ($38.95 for 2 years)
Given that the hole in my defences is the real time anti-spyware protection, the "Anti-virus Professional Edition" is not going to fill that hole, so the "Internet Security" version would be the only choice for me ??

When I had the Norton Anti-virus installed, my computer was running very slow. I don't know if it was slow because it was full of virus etc that Norton didn't pick up or if it was because of the size? of the Norton program. Since having the AVG and ZoneAlarm products installed I am really enjoying the speed of the computer and don't want to lose that.

Do I need to uninstall the free AVG program first then buy and install the purchased AVG program?



Yes I did use the Immunise feature (although I must confess that I didn't quite know what I was doing)



I have only ever installed one program myself (ZoneAlarm) and it shows in the bottom right hand side of my screen (I think this is called the System Tray but I'm not sure). When I install the Spywareblaster and McAfee Site advisor I think they will go in that same spot. Should I then move the Spybot to that location (rather than have it sitting on my desk top)?

I'm really sorry if these seem like very stupid questions. I do appreciate the time and effort the people on this forum have put into helping me and I hope I'm not testing everyones patience too much.

No, there's another choice that you've missed on the website somehow: AVG Antimalware. See here:
http://www1.grisoft.com/doc/products-avg-a...alware/us/crp/2
You don't have to buy a TWO year subscription either: click the arrow by the 'subscription' box and you'll see the one year option which costs just $34 (US) which makes more sense while you're getting the hang of things, because you might have changed your mind by next year about how to proceed.

I have the AVG Internet Security suite myself, but you don't need that because you already have a firewall that suits you. So AVG Antimalware looks like your best option, both financially and in terms of minimising the changes. And as you say, you're already becoming familiar with it so it won't seem strange, despite extending your protection very significantly.


There's bound to be some impact on performance, but you have some idea already about the relatively soft touch of AVG so I think you'll find it acceptable. I used to use Norton too, and no way would I go back to it.


Doesn't matter. The important thing for now is that you did it.


This is what I'd do:
1. First buy and download the AVG Antimalware, saving it to desktop. Make a backup of it onto a CD or flash drive.
(Alternatively, download the trial version here: http://www.grisoft.com/doc/31/us/crp/0 and pay for it later.)
2. Create a System Restore point labelled 'Before uninstalling AVG Free'
3. Disconnect from the internet
4. Uninstall AVG Free. (Start ->Control Panel -> Add or remove programs -> highlight AVG Free and follow the prompts)
5. Create a second System Restore point labelled 'Before installing AVG Antimalware'
6. Double click on the AVG setup icon that you saved to your desktop, and follow the instructions.
7. Connect to the internet again so you can update the definitions.



The little icons in the system tray (yes that is its name) are just icons, with shortcuts to the programs, and are there for your convenience if you want them. (I only have two icons in my system tray - AVG and Windows Defender.) Similarly, the Spybot icon on your desktop is just a shortcut to the Spybot program. (If the program is a house, then the shortcut icon is a door.) Keep your Spybot shortcut on your desktop, where it is.

When you install Spywareblaster, it too will create a shortcut on your desktop. If you doubleclick it, the program opens. Click 'download updates'. Then click 'enable all protection'. That's all there is to it! (Except to check for updates once a week or so.)

Incidentally, I ALWAYS create a clearly labelled System Restore point before I install (or uninstall) ANY program, and it's saved my bacon more than once. Do you know how to do this?

Thanks so much for taking the time to help me Alan, also your instructions are really clear for which I'm very grateful.



You are right, I didn't find this product at all first time round. I thought it was odd that they only had 2 products for sale . This time round there are a number of products available and I have found the Antimalware product you mentioned, (it's frustrating, but many inexplicable events occur - most likely because I am really new to all this)



No, I don't know how to do this. I did read about the System Restore idea and I did come across its location on my computer but I can't remember where it is .

I've been trying to get my computer in safe mode tonight and for whatever reason Windows keeps coming up (another inexplicable event ).

It's very straightforward, I promise - and it's a very reassuring thing to know that if you really get in a mess, you can restore to an earlier state. There are several ways to do it, but here are two (the route can vary from one machine to another but I don't know why.):

Start -> Control Panel -> Performance and Maintenance -> System Restore.
Or:
Start -> Help and Support -> Performance and Maintenance -> Using System Restore to undo changes -> Run the system restore wizard

OK, now tick the box next to 'Create a restore point'; click 'Next'; type in your label for this restore point; click 'Create' and you're done.

If you want to see what you've done (a good idea), follow the process again but this time choose 'Restore my computer to an earlier time' and click 'next'. You'll see all the restore points available to you, including the one you just made. Don't select any of them though - make sure you click 'cancel' at the end!
Using System Restore is a rare thing - only for emergencies. But it's good to know you have a safety net if things go haywire.

SAFE MODE:
Start your computer and start tapping the F8 key about twice a second once you see the first bit of text on the screen.
But I wouldn't worry too much about scanning in safe mode just yet, unless you have reason to think you actually are infected at the moment and are having difficulty removing it. Once you've got all your armour in place, you can scan in safe mode now and then as an extra precaution, but the important thing at present is to get the armour.

Fantastic, clear instructions yet again.

I will put it all together on the week-end when I can take my time to focus and actually enjoy the process.

Thanks so much for your help.

You're welcome, Alice. I'm only passing on the benefit of the huge amount of help that others have given to me. I remember only too well what it's like trying to find a way through this minefield - and through all the jargon.

I'll keep checking this thread, so if you have any more questions put them here, and I'll help if I can.

HOORAY, I DID IT - well sort of.



The system restore point "saved my bacon".

I created a Restore Point
Installed AVG Antimalware (Trial Version)
Uninstalled AVG Spyware (free)
Updated AVG Antimalware
Installed Spywareblaster (free) then updated
Installed McAfee Site advisor (free) then updated.

then the computer started running really, really slow. I turned the computer off then came back to it about an hour later and Windows wouldn't load. I tried several times and it would get to the screen where it said "Windows is loading (or starting up)" but it never did (I waited 30 minutes on one occasion). This morning I went to try again and the computer wouldn't turn on at all so I pulled the power plug out for 15 minutes (apparently the power supply causes problems where I live), replugged it in and it started. I got into safe mode and managed to get to the System Restore - I don't know how, but I tried lots of things and I found it in the end.

I think the problem is that I've got too many things on my computer.

I noticed that the Norton Symantec program still shows in a family members program log so I tried to uninstall it but when it said something about there are other components in other systems I changed my mind and left it there.

A family member has also purchased and downloaded a "Steam" game on my account and when I log in, a Steam login window comes up which I have to cancel before I start. I was going to work out how to change this after I had put all the new Spyware programs on but I think I should have done that first.

At the moment I'm feeling really, really pleased with myself. I installed programs, uninstalled programs, got myself out of a prickly spot and now I'm back on line and ready to start learning more and more. How good is that!

That is why we are all here, and really love to hear that.

Good on ya, and keep learning. One step after the other, and you will soon be a guru. LOL

Keep on smiling

Thanks Rowal. Your encouragement in my first ever post gave me the guts to come back and try again.



Ha, I'm even starting to get a bit of credibility with the rest of the family. Whenever the family give me instructions, I tell them "I will have to check that with the experts on MY forum" . No more having the wool pulled over my eyes.

That is excellent, 'alice.' What are neighbours for, Eh? LOL

Well done Alice - and thank goodness for that restore point, eh? What I'm not clear about is (a ) your current status; and (b ) why it went wrong. So here are some suggestions.

1. Is your computer now back in the state it was in before you installed everything? For the moment, I'll assume that it is.

2. It sounds as though you installed everything at one go, one after another. Is that what you did? Now, it never occurred to me that you might do that, and my apologies for not warning you about it. For the record, I would proceed like this, as a general rule:
(a ) Create restore point
(b ) Install first program. Restart computer. Check everything is OK.
(c ) Create another restore point. Install another program ... and so on, with a restart, then a check, then a new restore point, between each new installation or uninstallation.

3. Looking at your sequence of events, I'm not at all sure about the effect of installing AVG Antimalware while AVG Antispyware was still installed - and then uninstalling the Antispyware. There may well have been some conflict there, damaging the Antimalware installation when you uninstalled the Antispyware. (The point is that the Antimalware is an integrated program combining the antivirus and antispyware.) Can I recommend trying it like this:

(a ) Uninstall AVG free (if it's still there?). Uninstall AVG antispyware. Reboot computer.
(b ) Create restore point. Install AVG antimalware. Update it. Reboot computer.
(c ) Check that everything is OK before you install anything else.

The golden rule would be - make each change as small as it can sensibly be, with a restore point between each step. Then, if something goes wrong, you know exactly what was to blame. And you'll have a restore point that will take you back just that one step. And never install more than one program without a reboot in between.

4. If you're still getting references to Norton turning up, it sounds as though it hasn't removed itself properly (I had this problem with it, too.) There is a special tool called the Norton Removal Tool and you can download it here:
http://service1.symantec.com/SUPPORT/tsgen...005033108162039
I'd be inclined to use that tool before doing anything else (I've used it myself to clear Norton out), and see if it picks up some remaining Norton junk that might be interfering with your system.


I doubt very much that you have too much running on your computer, as you said. I think one of the installations went bad (I don't know which, but I mostly suspect the AVG Antispyware uninstallation after installing the Antimalware), and next time you'll be forewarned. Softly does it. Take small steps, so that if you have to undo anything, your previous efforts aren't wasted: Create Restore Point; Install program; Check all's well; Reboot; Check all's well; Create Restore Point; Next small step. It's like a rock climber going up a cliff face, hammering safety pitons into the rock at every stage.

Hi Alan, I'm glad you are here. THANK YOU for not giving up on me.

This morning my computer was at the point where I started (ie before installing or uninstalling anything). Then when I came back on line the AVG window popped up and said it didn't have the licence number and I needed to act. I created a Restore Point then went and put in the licence number for the trial AVG Antimalware. I did an update, ran a scan and everything is working just fine. So the current status is as it was before except that I now have the Antimalware 7.5 Trial.



You did tell me. I understood the importance of creating the Restore Point before and after each program but only did it before and after the AVG Antimalware (I got a bit silly and was feeling over-confident!!!). I did actually forget to turn off the computer and restart before installing the Spywareblaster and McAfee Site Advisor.

When I read the AVG Antimalware info it asked if I was a current AVG user. Because I had their free AVG 7.5 and also Spyware I assumed that the answer was Yes. Then I had 2 options - I chose the one where I had to submit a form and get a licence number via email, then I would not have to uninstall the current versions because it would be "silently overwritten by the new AVG TRIAL 7.5 installation". This worked fine until I looked at my desktop and system tray afterwards. I still had the 2 AVG installations - one called AVG 7.5 and the other AVG anti-spyware. It seemed sensible at the time to get rid of the Anti-spyware so I created another restore point then I uninstalled it. Everything went a bit haywire so I thought it was a good idea to update the AVG Antimalware in case I had lost something. After that my poor old computer seemed awfully slow but I decided to press ahead and install the others (yes, yes, I know - how foolish was that).

Now I am at the stage where I have

on the desktop
1 x AVG Anti-Spyware
1 x AVG Anti-malware

in the system tray
1 x AVG 7.5 Anti-Malware - Control Centre - TRIAL



Yes, apart from that seeming like a sensible step, I would like to remove all references to Norton from my computer.



Thanks again Alan. I will do that.

OK, now that doesn't look right. I'm sure you shouldn't have both those programs installed together!

If you go to Start -> Control Panel -> Add/Remove programs, how many AVG installations do you see there? Are there separate entries for AVG Anti-malware and AVG Anti-spyware? The aim of our exercise is to have just the one entry, for AVG Anti-malware. I'm not at all sure what the consequences are of having both installed together, but I don't think it can be a good thing. What follows is based on the assumption that you currently have both installed, and need to get rid of the Anti-spyware. There are two options:

1) Send an email to AVG technical support, explain that you have both programs installed, and ask their advice about what you should do. You should get a reply within about 24 hours, because now you're a paid-up customer, and their customer support is excellent (I've used it a number of times).

Or, if it were me, I would try this:

2) Create a restore point. Uninstall BOTH programs (with a computer restart in between each uninstall); create another restore point. Install AVG Anti-malware again. Update it. Create a restore point. Then use your computer for a couple of days to see how it's behaving before you install anything else.

The reason I'm suggesting you uninstall both, is because you've already encountered problems when you tried to uninstall the antispyware on its own. That seems to be indicating that it may be best to start the installation with a clean slate.

Thanks again Alan, you really are very good at writing easy to read instructions. I'm now trying to control my excitement and enthusiasm whilst learning to take my time and digest the information you provide (and also follow the instructions carefully).



I currently have

1 X AVG 7.5 (that's the Anti-malware)
1 x AVG Anti-Spyware 7.5

After I installed the Anti-malware I thought I should have only 1 program so I am keen to get it right and do it properly this time.

1

That sounds like a good idea. I thought about contacting them just to let them know the reason I keep installing/uninstalling their product in case they think I am just trying to extend the 30 day trial period! I chose he trial period because of the "overwriting facility" which seemed the simplest process at the time. It is also an opportunity for me to practice contacting them, any opportunity to learn and do processes, as simple as they may seem to everyone else, is good for me.

Are the terms "reboot" and "restart" the same thing? I've been turning the computer off completely then starting again and assuming that this is correct.

I don't think that will be a problem.


Yes, sorry - I meant the same thing in each case. I believe that a 'cold' restart is when you switch the computer off completely using the 'turn off' button and then switch it on again, whereas a 'warm' restart is when you hit the 'restart' button. The restart button is all you need to use in between installations etc, but you can't do any harm by switching it off completely as you've been doing.

Incidentally, the experience you're having now will be useful to you in the long run. There's no better teacher than trying something, getting in a tangle, then fixing the mess. You'll soon know pretty well everything there is to know about using system restore and installing security software!

Well, after 4 days of being in bed with the flu, I've finally got to a point where I THINK the AVG is working OK.
(thanks for the Norton Removal Tool link Alan, I managed to use that OK and Norton seems to have all gone now)

I sent a message off to AVG and tried to follow their instructions. Despite telling them I was very computer illiterate the instructions I received were not very easy to follow - some of them seemed illogical. I think I have been spoiled by the very detailed, specific instructions I have been lucky enough to receive here .

When I followed their instructions I ended up with even more programs. It took me about 5 tries at uninstalling and installing to get it the way I think it should be. Thanks to the help and experience I've managed to get from these forums I was able to feel confident in experimenting then getting myself out of muck-ups.

The control panel list of programs now lists only 1 x AVG 7.5 Program

in the System Tray it is listed as
AVG 7.5 Anti-Malware - Control Centre - Trial

on my desktop I have 2 icons
1 x avg75amwt_476a1043.exe which when opened asks "Do you want to run this file?"
1 x AVG 7.5 when opened is called AVG 7.5 Anti-Malware - Test Center - Basic Interface - TRIAL

I wasn't sure if I should have all these icons around the place but my attempts to change it still produced the same results, so I assume that I should have this many icons!

For the last 2 days the AVG Malware has started up on its own and runs a scan when I log on. I think it scans the whole computer, I am an administrator and there are 2 other accounts on it 1 x administrator and 1 x non-administrator access.

I will wait another day before installing the Spyware Blaster so I have a bit more time to get used to the AVG. It is picking up my SmitfraudFix Tools (the technician put this on the desktop for me) and says it is a "Potentially harmful program HackTool.BVR - Status Infected - Moved to Virus Vault.

Sorry to hear about the flu, Alice. Sadly, that's one kind of virus your AVG can't protect you from.


I remember feeling a lot of relief when I reached that stage of Norton-free existence!


The quality of response will depend on who answers your email - I suppose they have a team of folk responding to help enquiries. Getting clear instructions about anything to do with computers is generally a very rare occurrence, in my experience. But it's their job to help you, as a paying customer, so if you don't understand, send the whole correspondence back to them and ask them to try again.


That's exactly how it should be.


Have you paid for the program yet, Alice? If you have, I'm surprised to see the system tray icon still showing 'trial' status. If you haven't paid yet, then that should change, when you do.


The first one (1 x avg75amwt_476a1043.exe) is the set-up file - the program you downloaded in order to install AVG. You don't need it any more (and certainly not on your desktop). You can either delete it, or just keep it in a folder labelled 'AVG set-up file' somewhere in 'My Documents' in case you need to reinstall AVG at some point. However, by the time you might need to do that there will probably be a new set-up file available for download from AVG anyway.


No, this is fine. You can get rid of the 1 x avg75amwt_476a1043.exe as I said above and that will just leave you with the main AVG shortcut icon.


That sounds good, in that it's obviously working; but also rather inconvenient. For what it's worth, I don't use automated scanning like that, and you too may prefer to do all your scans manually. If you want to switch off the automatic scanning, or reschedule it for a more convenient time, you can do it through the scheduler. Open the AVG control centre, highlight 'scheduler', then click the 'scheduled tasks' button. You can modify the scheduled scan from here, or disable it.

You might like to check that it's updating itself correctly. At the top of the screen you'll see 'Service'. Click on that and select 'Event History log'. All events are recorded in there, and if you see an update recorded most days, you know all is well.


I wouldn't rush it. Get comfortable with the AVG before you add more. You're already now very well protected, and Spybot's immunisation is already in place. The main part of the job is now done, and we can gradually add the remaining extra layers slowly, one bit at a time. (The extra few layers of protection - like adding SpywareBlaster, a hosts file, and a few more backup scanners - are all a lot easier to cope with than what you've done already.)


It can't do any harm just to leave it there. Hopefully you won't need it anyway!

No, I haven't paid for the program yet. The trial runs for another 20 or so days yet so I will make the most of the opportunity to get it set up the way I want during that time. The good part about the trial is that it is the full version so I can see how well it works and get practice working with it. I initially only chose the trial because it looked like it saved time in the download process.



Thanks again Alan for the instructions.
It was rather inconvenient and it would probably have taken me a while to work out how to change it by myself.



Yes. It is recording a scan each day.

[

Phew. I'm so pleased that the main part of the job is done. What a great learning curve it has been for me. The best part is that I no longer feel so frightened to experiment.

Was it doing a 'complete' scan on startup? (I can't remember what AVG sets up as default.) A complete scan takes a good while - 40 minutes on my machine, but it depends on how much stuff you have on your hard drive - so it makes sense to do a complete scan when you're not using the computer for anything else. I only do a complete scan once a week, myself. However, have you noticed that AVG can do what it calls a 'system areas' scan? At the top of the screen click 'Tests' and select 'Scan system areas'. This will take only about 10 seconds, while AVG does a quick check of the key parts of your system and alerts you if any changes have been made. (These are not necessarily due to malware - Windows updates can change some of these key files for example). Anyway - my point is that a system areas scan is so quick that you can easily use it at any time just to check how things are. (You could schedule one of those at startup, for instance, if you wanted to.)



Just want to check if this is a typo ... I suggested you might like to check if it was updating correctly by looking in the service history log. If it does a scan it will of course record that, but is there an update record every day too?


That's big progress.
If you feel like another small but extremely valuable experiment, here's something to try with Spybot that doesn't involve installing any new programs. It only takes 5 minutes:
1. Open Spybot. Click on 'Mode' at the top of the screen, and switch to 'Advanced' mode. (I think it asks if you're sure about this - tell it yes!)
2. At bottom left hand of screen click on 'Tools'.
3. About halfway down the left hand side of the screen, click on 'Hosts file'.
4. Click on 'Add Spybot S&D's hosts list' near top left of screen. Let it do so. Make a mental note that if you need to, you can undo this by returning to here and clicking 'restore back up'. Then close Spybot.

What you've just done (with Spybot's help) is very clever, and adds an extra layer of protection to your computer. Every time Internet Explorer is directed to a website, this 'hosts file' is checked first. There are certain bad websites that no one will EVER want to go to because they'll put nasty stuff on your computer - right? But the advertisements on some web pages (harmless enough in themselves) can direct your computer to places you don't want to go, without your knowledge. This hosts file you've just added contains a list of those bad websites, and effectively tells your computer not to go there, but to stay at home. You'll now find as you surf the net, that certain advertisements are blocked and don't appear. Those are the ones that would have probably put a tracking cookie on your computer (or occasionally something far worse).

Some people complain that a big hosts file slows down your browsing, though I haven't encountered this myself. If you want to change back, it's easy enough - just open Spybot again and restore the backup.

One last thing. If you've changed the hosts file, run an AVG 'systems area' test afterwards. It should alert you that the hosts file has been changed. That's reassuring, because it tells you that AVG is working correctly. In this case the alert is nothing to worry about, because you made the change, and you can tell AVG to accept it.

Urggg, a second bout of the flu. I won't speak too soon this time and say I'm back on deck.

I have been watching the AVG Malware scan and the complete scan was set for start-up. It takes over an hour on my computer which was very inconvenient so I have changed that now. Thanks for the instructions. I've found the 'systems area' scan and will try that instead. The Malware updates by itself each day and the service history has logged both the update and the complete scan daily so at least the computer has been protected during my illness (family members use the computer too).

I enjoyed putting the hosts file on spybot. In the past I've been repelled by the words "advanced mode". What an .....interesting .. list of website names! I'm keen to see if it has any impact on my browsing!

I will run the system area scan when I finish this post, then take a few days to get reacquainted with my computer.

That's rotten luck. I hope you've defeated the bug completely this time.


That's great. Personally, I still check the service history every week or so, just to check what's being recorded. It only takes a moment, as you now know.


Yes - Spybot scares you a bit with a warning, I seem to recall. But as long as you don't change anything that you don't understand, there's nothing to be concerned about.


You don't need to go deliberately to those sites in order to be at risk from them. It's possible for you to be redirected to them from another website that looks harmless, just by a bit of injudicious googling, for instance. With the Spybot hosts file in place, you simply can't visit those websites. The hosts file is updated now and then, so it's worth checking, after each weekly Spybot update, to see whether there are any new immunisations, and any new additions to the hosts file, because although Spybot will download them, it doesn't install them automatically.


Did your systems area scan detect your new hosts file and alert you to it?

The important thing now is gradually to add a few additional layers of protection. The idea is to build up the layers so if one method of protection fails, another may do the business instead: so now you have your hosts file, AVG's realtime protection, and the Spybot immunisation - and because they're all based on different ideas, they don't conflict with each other. The next thing would be to install SpywareBlaster, when you feel up to it. This provides an extension to the same kind of protection that Spybot's immunisation offers, and they work well together.
Don't forget to set a restore point before the installation.

I got a bit stuck with the Scan System Areas that you told me about. I was choosing "Scan Selected Areas" instead and then didn't know which option to chose. You made it really clear but I'm so used to being spoon fed and didn't think to look at the menus, I went straight for the giant words and symbols that I'm used to. The scans were taking over an hour and I felt sure that wasn't right. I decided to persevere and use my common sense then discovered that I seem to have lost it (my common sense that is ). But after 3 days I've realised my mistake and found the Scan Systems Area F3. I feel like such an idiot for taking so long to work it out.



Yes it did. Hooray I guess that means I got it right. It hasn't slowed the computer down at all (that I can notice) which is good.

Wow. Finally ready to move on (I think). And I won't forget to create the Restore Point before I add the Spywareblaster.

Thanks again Alan.

Just came back to add that I have just tried the Scan System Areas and it seemed to take less than a minute. I'm pleased about that but it seems a bit fast

No, no, don't beat yourself up about that sort of thing. These things are obvious only when you've done them and are becoming familiar with the system. And the AVG user interface (that is, the way in which it allows you to interact with the program) is not very user-friendly in my view (and sometimes is downright obscure).

It sounds like you've got the hosts file nicely sorted out.


No, that's exactly right. The system areas scan only checks a very select group of items. I think (but I'm not sure) that these are the things that would be most likely to be affected if there was any malware actually active (rather than sitting in a file somewhere waiting to be activated) on your machine. It really does, and should, take only a few seconds. It's not by any means a replacement for a complete scan, but it can be very reassuring as a quick check that nothing bad is actually running, or if you want to check that nothing nasty has messed with a key part of your system.

For example - some malware will modify your hosts file, in an attempt to redirect your computer to a bad website. But as you've already discovered, a quick system areas scan will alert you if your hosts file gets changed for any reason (including legitimate ones). If you get a hosts file alert you weren't expecting, then you'd know you should investigate why.

At the moment you're probably thinking there must be some compromise between a complete scan that takes an hour, and a system areas scan that takes less than a minute. Yes there is: we just haven't got there yet (but we will, soon). In the meantime, don't forget you already have Spybot, and a scan with Spybot only takes a few minutes. So you already have that alternative available to you. You could set up a regime where you do (for example) an AVG system areas scan at startup (and at any other time when you need fast reassurance that nothing bad is happening); a 5-minute Spybot scan every 2 or 3 days; and an AVG complete scan once a week. You can probably see already that this way, together with your immunisation and hosts file, and AVG real-time-protection, you're building up some very solid defences; and they'll be even better when we're done.

Let me know how you get on with SpywareBlaster. (Though I can't foresee any problems with that.)

Thanks so much for your kind words and encouragement Alan.

Spywareblaster has just been installed. No problems with the installation thank goodness.

Two days ago I suspected there was a problem with my computer because some of the same things occurred when I had the last invasion of spyware and trojans. Sometimes but not always, I'm typing a new email into hotmail, then the computer clicks and I'm moved back to the screen that I last used. Very inconvenient because I lose all my typing and have to start again. . Fortunately this time I didn't get lots of pop-up adverts and warnings. I ran the AVG full scan and couldn't see anything out of the ordinary. Then I ran Spybot and it picked up

MyWay.MyWebSearch Settings
MyWay.MyWebSearch Browser Helper Object
FunWeb Products
Virtumonde Settings

I fixed them all, then waited till the next day and ran all the scans again (AVG, Spybot, AdAware). They were all clear. I recall having the Virtumonde problem last time and when I searched the forums on this problem, it seems many people have difficulty getting rid of Virtumonde. I'm feeling a bit suspicious because it seemed a bit too easy to get rid of it.

I will continue keeping a close watch over the next couple of days.

If this is Virtumonde surfacing again, then you may need better advice than mine, Alice. I can help with the basic nuts and bolts of putting your defences in place - that is, with suggestions about the best ways to protect your machine and explaining how to go about doing it - but I have no experience of removing difficult infections.

However, I do have two general suggestions which I was going to make anyway, and which may be useful at this point. If I were in your position, this is what I would do next (in this order).

1. There is one particular antispyware scanner which has a very good reputation (supported by experienced folk whose opinion I've learned to trust) for detecting and, more importantly, removing 'difficult' spyware infestations. It's called SUPERAntispyware, and you can download a copy of the free version here:
http://www.superantispyware.com/
The free version doesn't offer realtime protection, but you don't need that; you just need it to scan your machine.
I would first make a SYSTEM RESTORE POINT; then download SUPERAntispyware; install it, update it, and then run a complete scan (which will probably take a while - more than half an hour) and see what it finds.
If you want to check out the effectiveness of this program at removing actual spyware threats in practice (including Virtumonde), take a look at this recent post, written by someone who has a lot of experience in this area:
http://forums.superantispyware.com/viewtopic.php?t=808

2. AVG offer a free program called AVG AntiRootkit. (A rootkit 'hides' itself within a computer's operating system, and can be very difficult to detect.) Now, I'm not sure whether the test carried out by AVG AntiRootkit is built into the normal AVG antimalware scanner (I've emailed AVG to ask them and will let you know what they say), but it surely can't do any harm to download and install it, run a scan (only takes a few minutes), and see what (if anything) it comes up with. You can get it here:
http://www.grisoft.com/doc/download-free-a...ootkit/us/crp/0

Both these programs are very simple to use. I've used SUPERAntiSpyware myself for many months without any problems. I think there's a good chance it may clear out whatever is causing your problem. And in any case, it was the next suggestion I was going to make about building up your armoury by adding this extra, highly reliable scanner.

If the problem remains, you could try running each scanner again but in SAFE mode.

And if it still remains, you need better advice than mine. But as you can see, there are some useful things to try before you reach that point. Let me know how you go on?

[I just noticed that someone has kindly posted a very detailed step-by-step description of how to use Superantispyware. It's so easy to use that I think you'll be OK, but in case you need it here it is - it's the second post in the thread:
http://www.bleepingcomputer.com/forums/topic101867.html ]

LATER:
I haven't had a reply from AVG yet but from reading around I think that AVG Antirootkit is a useful extra resource - that is, I believe it does a different kind of scan to your normal AVG Antimalware scan.
However, if you decide to try it, and if it finds something, DON'T automatically remove whatever it finds, because all 'hidden' files are not necessarily malicious. Instead, seek extra advice.

In any case, I'd try Superantispyware first, and you may not need to go any further.

Thanks Alan. I read the post which was great. When they talk about "buffering" problems is that where the computer moves you to a previous screen?

I've just created the System Restore and downloaded the superantispyware. When I've finished this I will update it and run it then unfortunately I have to go to work. So I will look at the results later tonight.

I'm pretty sure I picked up the virtumonde when I looked at a site on Alzheimer's (no clever jokes here - I'm looking after and elderly relative ). A window started downloading when I tried to close it down with the x. I panicked and kept pushing the Esc key and when that didn't work I switched off my modem and cut it off half way. I'm hoping that means I only had to deal with a bit of the Virtumonde problem not the whole virus. I really have no idea what to do when such a thing happens - hopefully as I get more experience I will get a bit cleverer with my browsing. I must say I'm rather horrified that someone would play such a nasty trick on people wanting info on Alzheimers .

I will spend a more time digesting the rest of your post when I have more time.

Thanks again.

I shouldn't think so. I think a buffer overrun error is caused by a program writing data to places where it shouldn't, and so corrupting something else (or even itself); it can be caused by a programming error but I believe can also be used maliciously to breach the security of a system. I imagine the computer puts up an error message referring to a buffer overrun - but I've never witnessed such a thing myself.


If you encounter a pop-up window, DON'T use the 'x' to close it down, because if the offered download is malicious the 'x' symbol can't be trusted - it may be fake. Instead, press the ALT key and F4 together: that will instantly close any currently open window, including a nasty one. You can try it now. When you get to the end of this sentence, press ALT and F4 and this whole window will close and disappear (of course then you'll have to start up Internet Explorer again to come back here and read the rest of this post); ready? ... steady ... ALT + F4!

Welcome back. It's worth using ALT+F4 deliberately for a while whenever you close Internet Explorer (instead of using the 'x'), just to get used to doing it; that way you won't panic when you REALLY need to remember what to do.

If that was a malicious download that you encountered, I'm surprised your AVG didn't pick it up. In any case, let's check your Internet Explorer security settings: At the top of the screen, right now, you see: File Edit View Favourites Tools Help - right? OK, click on 'Tools' and select 'Internet Options'. Look at the tabs along the top of the panel that opens. The second one from the left is 'Security'. Click on that. In the panel, 'Internet' should be highlighted, and in the lower half is a vertical slider that sets the security level. What is it set at, at present? If it's anything lower than 'medium', that's risky. So set it to 'medium' - just click on it, keep holding down the mouse button, and slide it upwards. At the end, click on the 'Apply' button, then 'OK'. Finally, just check it again to make sure that your new setting has 'taken' as it were. [You can experiment with putting the setting to 'high' but you'll probably find it interferes with your browsing quite a lot.]

Finally (this is too much information, I know, but hopefully you can absorb it in bits), I've heard from AVG and the AVG AntiRootkit is definitely a separate, stand-alone scanner which is NOT incorporated into AVG AntiMalware. So it's definitely worth adding to your armoury, after you've finished with your Superantispyware experiments.

Hey, thats so much quicker and easier than leaping up to pull the plug.



It was (and is still is) set at Medium/High. Can't explain the Virtumonde infection other than the problem I had with the one site.

I really like the way the SUPERAntiSpyware program is set up. Its very easy to understand and follow.
The final scan showed 26 Adware Tracking Cookies (which I quarantined) and nothing else. The word Virumonde didn't appear anywhere and the problem with the screen jumping to different places has gone. The computer is working fine .



Thanks so much for finding that info out. I haven't added the AntiRootKit yet. If I discovered I needed to use it, would I seek the "extra advice" from this forum? I seem to recall (when I read the AVG info) that they don't provide any support for that product.

That's excellent news, and I, like you, admire SuperAntiSpyware's user interface (UI in the jargon). It demonstrates their ability to think clearly and succinctly, and that inspires confidence. (On related grounds, the general messiness of AVG has always bothered me a bit!)

You might find a word about tracking cookies useful. While no one wants them, they really are a very low order threat and constitute the very least of our problems. Don't be impressed by any antispyware program's detection of them. It's possible to clear out ALL your cookies very simply just at the click of a button (in Internet Explorer select Tools - Internet Options - Delete Cookies), so the fact that an antispyware program makes a fuss about removing some of them is a lot of noise about very little. I've seen this described as 'cookie hysteria' and that's an apt description. You don't need to keep the cookies in quarantine. You can just delete them without further thought.

The most significant thing here is that Superantispyware basically gave you a clean bill of health, and THAT is something well worth knowing.


I do strongly recommend that you install AVG Antirootkit. My guess (knowing that Superantispyware has found nothing) is that it will give a clean scan, and that would be very reassuring. So in truth I think you won't need the 'extra advice' you're worried about. However, there is an AVG Free forum, with an AVG Antirootkit section, here:
http://forum.grisoft.cz/freeforum/list.php?11
That would be my first port of call, if I needed it. But also you could try the 'Am I infected?' forum here at Bleeping Computer:
http://www.bleepingcomputer.com/forums/forum103.html

Two final points.
1. You'll notice that SuperAntiSpyware has a 'Quick scan' option. Well, it's not so very quick - takes about 15 minutes on my machine - but it's a good, thorough scan, and well worth putting into your schedule as something you run once every few days. You can establish a routine, scanning with Spybot and SAS (quick scan) alternately, every couple of days, and a complete AVG scan once a week, and a 'complete' SAS scan every fortnight, choosing convenient times when the computer would otherwise be idle.
2. Your screen-jumping phenomenon may never have been malware-related at all. Many minor irritations like that are just software hiccups, and can often be solved just by restarting the computer.

Just noticed this comment and thought I'd better check....
When you select Internet Explore's 'internet options' (by clicking on 'Tools'), there are several tabs along the top. The tab I referred to was 'Security', but next to it is another, 'Privacy'. If you're changing the 'security' setting, you can choose between 'medium' and 'high' but there is no medium/high option. However, if you're changing the 'privacy' setting, there is a 'medium high' option.

Thinking about your comment (quoted above) I'm just a little concerned that you might have checked the 'privacy' setting by mistake, instead of the 'security' setting. Thought I should mention it. Worth checking again, just to be sure?

Thanks Alan for all the explanations about Cookies, Security etc.

I had a recheck of the Security setting and mine reads Medium (lowest setting), Medium High (middle of the bar) and High (highest setting). The Security is set in the middle (Medium High). The Privacy setting is at the bottom of the bar (Accept all cookies), I don't remember doing this myself and was wondering if this setting is OK.

Over the last week I have paid for the AVG Anti-Malware. I needed to uninstall the "free" version and then reinstall the "paid" version. I was directed to an Australian site (Avalanche Technology Group - Distributors of AVG Anti-Virus) for the purchase so perhaps that caused the need to uninstall and reinstall. The Australian site also did not have the Anti-Root Kit listed so I got it from the grisoft site. When I ran the Anti-Root Kit it did not pick anything up - so I'm happy about that.

Since uninstalling the Anti-Malware (then reinstalling it) and installing the Anti-Root Kit my computer has been doing some unusual things. Sometimes it is very slow. Today when I turned the computer on, it went straight into my account (and missed the part where the other family members are listed and I select which account to use). Very convenient, but somewhat odd. Sometimes its a bit difficult to keep track of odd computer behaviours because other people use this computer too and I have difficulty knowing whether it is something I have done or they have done. Given the history of virus/trojan problems, I think there may be a reluctance for others to confess to changes they make.

The daily fast scans with different programs and the weekly full scan is working well (I think) and I'm finding it very reassuring and convenient. I will keep watching for the "odd behaviours" and see if there is any rhyme or reason to it all.

I'd set the 'privacy' setting to at least 'Medium'. If you do a scan and tracking cookies are detected, just delete them. You can't do any harm by doing so, and there's no good reason for them to be there.


I can't shed any light on this I'm afraid.


That's good news. And it's very easy and quick to use, isn't it? I run it every week or two, as a useful extra check.


I think it's extremely unlikely that the Antirootkit has anything to do with the slow-down. It's possible that the installation of the Antimalware went slightly wrong, but I'm just guessing. You need more information. Some suggestions:

1. Open Task manager and watch what's happening when the computer runs slowly. To do this, go to the bar right at the very bottom of the screen (on the same level as the Start button and the system tray). Right click on it and select 'Task Manager'. A panel will open. Click the tab labelled 'processes'. You'll be shown a list of all the processes currently running on your computer. Look in the columns under 'CPU' and 'Mem Usage'. Is there any process that's consistently using a large CPU percentage? If so, make a note of its name. (A high value against 'System Idle Process' is fine - that just tells you not much is happening.)
You might like to experiment by starting a scan with your AVG or one of your other scanners, and watching what happens in Task Manager when a particular program uses a lot of CPU (as a scanner will, while it's scanning, in general).

2. Worth just checking the AVG scan scheduling? When you notice the slowdown - it isn't because AVG is running a scheduled scan in the background, is it?

3. You could try uninstalling and reinstalling AVG Antimalware.

4. Send AVG an email and tell them about the slowdown after installing Antimalware and see what they say.


Not knowing what others are doing does complicate things a bit. I've never used multi-user accounts so I don't have any experience in this area. Just one simple thing comes to mind: If you go to Start -> control panel -> user accounts -> change the way users log on and off .... is the 'Use the welcome screen' box ticked? But if that doesn't fix it, I'm no use to you I'm afraid.


Task Manager is a useful tool. If I notice anything at all strange happening, the first think I do is look at the processes in Task Manager.

Good luck.

Done. Thanks for the advice Alan.




I would NEVER have thought of right clicking on my "clock". However does anyone think of doing such things (I know, I know - read the manual I guess). Whenever I use the "Help" features I don't find the answer I am looking for - most likely because I don't have the language to ask the right questions . I've been wondering how to find out "what's running" and assumed that information was not available to mere mortals like me. I will watch the Processes carefully now and try to learn.



I had suspected that was the problem so I checked the schedule (several times). Re-read you earlier instructions and it looks OK but I can't help thinking something is amiss. The slowness occurs when I turn the computer on first thing in the morning and then it is OK when I turn it on again later in the evening. I will watch the Task Manager and check in the morning.



I suspect this may solve the problem but I will watch the Task Manager first just to make sure I haven't got anything running that shouldn't be running.



Now that's an understatement
I really need to get a computer just for me. At the moment I have to fight to get access.



Yes, it is ticked. I do think it is something to do with the AVG installation that is causing the hiccups.

Thanks once again for all you help Alan.

Just to clarify, Alice: You don't need to click on the clock itself. You can click on a BLANK section of the long thin bar along the bottom of the screen.


How long does the 'slowness' last in the morning? The fact that you don't experience the slowness when switching on later in the day does make me suspect that this is some scheduled activity, and since the only thing that has changed is the AVG, then that's the prime suspect at present ..... The effect you're describing is exactly what you'd experience if a complete scan were scheduled for every morning....

Well, Task Manager will tell you what's running. I've just taken a look at my own system. When AVG is scanning, the process I see in Task Manager, hogging the resources, is avgwb.dat. (I expect it's the same basic engine even though you have the Antimalware and I have the suite.) So if you see that entry with significant CPU usage, you'll know AVG is scanning.

Hmmm, just turned on the computer this morning and its quite fast!! I noticed that the AVG update popped up for a short time but that is all. I will continue to watch the task manager when I get back tonight.

I looked at the Image Name and I have

avgcc.exe
avgemc.exe
avgrssvc.exe
avgupsvc.exe
avgamsvr.exe
avgrssvc.exe

I have avgrssvc.exe listed twice! As I am sitting here watching them both, one is listed with Mem Usage 76 376K and the other is 2 756K. ??

Your AVG list looks very normal, Alice:

avgcc.exe AVG Control Centre
avgemc.exe AVG Email scanner
avgrssvc.exe AVG Resident Shield
avgupsvc.exe AVG Update Service
avgamsvr.exe AVG Alert Manager
avgrssvc.exe AVG Resident Shield


I don't know why the resident shield has two processes running, but it's fine - it's just the same on my system. (The resident shield is the process that provides the real-time protection.)

You didn't mention the CPU usage but I presume it was zero for all of those while you were watching? If you leave Task Manager open and open a Word file or something, you'll see the AVG resident shield leap into action (the CPU usage of avgrssvc.exe will go up and then drop back to zero, as it checks the file to make sure it's not infected). If you start an AVG scan, you'll see a new AVG process (the scanner) leap into action. There are of course more interesting things to do in life than watching processes in Task Manager, but becoming reasonably familiar with what's actually going on under normal conditions, and thereby being able to recognise anything unusual, means more power to your elbow.