Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Malware/Spyware


  • This topic is locked This topic is locked
10 replies to this topic

#1 Divaindeed22

Divaindeed22

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 03 November 2009 - 09:35 AM

I think i have a malware/spyware problem, please some one help, it keeps popping up several different win32 and it wont let me get to the the start up screen of my computer when i turn it on. I ran super Anit Syware and it found nothing, but my old norton antivirus kept showing virus found and supposedly quarantined it, it ran ok for a few seconds but then started again with not letting me get to the main screen, my DDS Log is posted below:


DDS (Ver_09-10-26.01) - NTFSx86 NETWORK
Run by Compaq_Administrator at 11:05:30.87 on Tue 11/03/2009
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.958.706 [GMT -8:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
svchost.exe C:\WINDOWS\TEMP\VRT2.tmp
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\sv1.exe
C:\WINDOWS\system32\lsm32.sys
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q405&bd=presario&pf=desktop&parm1=seconduser
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: CNavExtBho Class: {bdf3e430-b101-42ad-a544-fadc6b084872} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Norton AntiVirus: {42cdd1bf-3ffb-4238-8ad1-7859df00b1d6} - c:\program files\norton internet security\norton antivirus\NavShExt.dll
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [PCDrProfiler] "c:\program files\pc-doctor 5 for windows\RunProfiler.exe" -r
mRun: [SSC_UserPrompt] c:\program files\common files\symantec shared\security center\UsrPrmpt.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [IS CfgWiz] c:\program files\norton internet security\cfgwiz.exe /GUID {257BBC47-1B26-432e-9F84-188603799DD3} /MODE CfgWiz /CMDLINE "REBOOT"
mRun: [URLLSTCK.exe] c:\program files\norton internet security\UrlLstCk.exe
mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run
mRun: [SMSERIAL] sm56hlpr.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe
mRun: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
mRunOnce: [regcmdcons] c:\windows\regedit.exe /s c:\hp\bin\cmdcons2.reg
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\hewlett-packard\compaq organize\bin\displayAgent.exe
StartupFolder: c:\docume~1\compaq~1\startm~1\programs\startup\limewi~1.lnk - c:\program files\limewire\LimeWire.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\compaq~1.lnk - c:\program files\compaq connections\5577497\program\Compaq Connections.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\traymi~1.lnk - c:\program files\philips\philips spc230nc webcam\TrayMin230.exe
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Add To Compaq Organize... - c:\progra~1\hewlet~1\compaq~1\bin/module.main/favorites\ie_add_to.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0\bin\npjpi150.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2006-10-10 5632]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2006-9-19 29184]
S2 BtwSrv;BtwSrv;c:\windows\system32\svchost.exe -k netsvcs [2008-8-17 14336]
S2 fastnetsrv;fastnetsrv Service;c:\windows\system32\FastNetSrv.exe [2004-8-9 68096]
S2 Ias;Windows Protected Network;c:\windows\system32\svchost.exe -k netsvcs [2008-8-17 14336]
S2 Net_Login;Net_Login;c:\windows\svchust.exe [2009-11-1 1168896]
S2 NetLogin;Net Login;c:\windows\svchost.exe [2009-11-1 1169920]
S3 daqdrv;daqdrv;c:\windows\system32\daqdrv.sys [2008-8-17 2304]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]

=============== Created Last 30 ================

2009-11-03 18:47:26 265690 ----a-w- c:\windows\sv2.exe
2009-11-03 18:45:31 88576 ----a-w- c:\windows\system32\4.tmp
2009-11-03 18:45:30 52 ----a-w- c:\windows\system32\3.tmp
2009-11-03 11:11:05 0 d-----w- c:\windows\system32\xircom
2009-11-03 02:28:11 0 ----a-w- c:\windows\ORUN32.EXE
2009-11-03 02:28:00 0 ----a-w- c:\windows\system32\CMMGR32.EXE
2009-11-03 02:23:34 0 d-----w- c:\program files\SUPERAntiSpyware
2009-11-03 02:23:34 0 d-----w- c:\docume~1\compaq~1\applic~1\SUPERAntiSpyware.com
2009-11-03 02:23:13 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-11-03 02:21:28 0 d-----w- c:\program files\SpywareBlaster
2009-11-03 02:02:56 88576 ----a-w- c:\windows\system32\BF.tmp
2009-11-03 02:02:54 52 ----a-w- c:\windows\system32\BB.tmp
2009-11-03 02:01:24 1873 --sha-r- c:\windows\system32\drivers\103C_HP_CPC_ED881AA-ABA SR1650NX NA580_YC_0Pres_QCNH535_E54NAsyRED1_48_IAmberine M_SASUSTek Computer INC._V1.03_B3.07_T050729_WXP2_L409_M959_J250_7AMD_8Athlon 64_92.2_#080819_N10EC8139_Z10573052_G10025954.MRK
2009-11-03 01:59:20 0 d-----w- c:\docume~1\compaq~1\applic~1\Symantec
2009-11-03 01:59:20 0 d-----w- c:\docume~1\compaq~1\applic~1\Intuit
2009-11-03 01:56:19 0 d-----w- c:\windows\system32\SoftwareDistribution
2009-11-03 00:46:11 0 d-sh--r- c:\windows\system32\dllcache
2009-11-02 01:08:19 309212 ----a-w- c:\windows\sv1.exe
2009-11-02 01:07:58 1168896 ----a-w- c:\windows\svchust.exe
2009-11-02 01:07:30 1169920 ----a-w- c:\windows\svchost.exe
2009-11-02 01:07:18 885248 ----a-w- c:\windows\isvchost.exe
2009-11-02 01:06:44 94 ----a-w- C:\Clone Cash System.url
2009-11-02 01:06:39 133632 ----a-w- c:\windows\SC.INS
2009-11-02 01:06:39 0 d-----w- c:\program files\Protection System
2009-11-02 01:06:39 0 ----a-w- c:\windows\sc.exe
2009-11-02 01:06:32 0 d-----w- c:\docume~1\compaq~1\applic~1\DealAssistant
2009-11-02 01:06:25 0 d-sh--w- c:\docume~1\compaq~1\applic~1\Windows System Defender
2009-11-02 01:06:23 0 d-sh--w- c:\docume~1\alluse~1\applic~1\WSDDSys
2009-11-02 01:05:54 0 d-sh--w- c:\docume~1\alluse~1\applic~1\1911d7b
2009-11-02 00:47:15 0 ----a-w- c:\windows\win32k.sys
2009-10-30 02:14:47 0 d-----w- c:\program files\LibUSB-Win32
2009-10-25 23:16:07 64 ----a-w- c:\windows\GPlrLanc.dat
2009-10-25 23:16:07 37033 ------w- c:\windows\FRGT.ico
2009-10-25 23:15:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Free Ride Games
2009-10-25 23:15:41 0 d-----w- c:\docume~1\compaq~1\applic~1\WeatherBug
2009-10-25 23:15:15 0 d-----w- c:\program files\Free Offers from Freeze.com
2009-10-25 23:14:15 0 d-----w- c:\program files\Winferno

==================== Find3M ====================

2009-11-03 02:36:37 110593 ----a-w- c:\windows\soundman.exe
2009-11-03 02:34:49 339969 ----a-w- c:\windows\HideWin.exe
2009-11-03 02:33:32 327681 ----a-w- c:\windows\alcupd.exe
2009-11-03 02:33:31 233473 ----a-w- c:\windows\alcrmv.exe
2009-11-03 02:09:43 3649 ----a-w- c:\windows\viassary-hp.reg
2009-10-28 04:16:35 478 ----a-w- c:\docume~1\compaq~1\applic~1\wklnhst.dat

============= FINISH: 11:05:37.98 ===============

Edited by Divaindeed22, 03 November 2009 - 03:14 PM.


BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:57 PM

Posted 08 November 2009 - 06:28 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
  • Please download OTL from following mirror:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized
In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. I suggest you do this and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards _temp_


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+

#3 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 09 November 2009 - 03:31 PM

i saw a forum that said it may have been infected with virut, and i ran combfix and it didnt work because it said i may have a virut, and then i read one of the moderators tell someone to try rkill, but i think because of the virus it knocked out my internet connection, my modem is working fine but it when i try and connect it says page cannot display, any suggestions so i can take the steps you instructed me to do when i get home

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:57 PM

Posted 09 November 2009 - 05:07 PM

Hi,

I am very sorry to tell you this, but there is no cure against virut. Your only option is to do a reformat.

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. URL=http://blog.trendmicro.com/virux-cases-escalate/]Virux[/URL] is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutThis kind of infection is contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:regards _temp_


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+

#5 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 09 November 2009 - 09:53 PM

so how do i reformat my computer or reinstall

#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:57 PM

Posted 10 November 2009 - 05:47 AM

Hi,

Please check out the following website:

http://web.mit.edu/ist/products/winxp/adva...all-format.html

Let me know if this answers your questions.

I changed my nick from _temp_ to myrti tonight, I hope that won't create to much confusion.

regards myrti

Edited by myrti, 10 November 2009 - 05:48 AM.


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+

#7 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 14 November 2009 - 12:41 PM

ok i reformatted and reinstalled the OS, how can i know if im fully cured, or if it wiped out my entire hard drive, and what would you recommend as the best anti-virus security software, my internet is up and running again

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:57 PM

Posted 15 November 2009 - 07:23 PM

Hi,

you could do a couple of scans with different anti virus programs. Many of them propose online scanner:
For example Eset
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image
Or Kaspersky:
Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

They should be able to pick up on a file infector if it is active in your system.
Regarding your protection:
If you are looking for paid anti virus programs I would suggest the two programs I've linked above: Either Eset or Kaspersky. If you are looking for free anti virus programs, I would suggest the free version of Avira, which is also very good: Avira Antivir Free.
But please keep in mind that no anti virus program will be able to find 100% of malware.
regards myrti


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+

#9 Divaindeed22

Divaindeed22
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:10:57 AM

Posted 19 November 2009 - 10:38 PM

I ran ESET online scanner but it didnt find anything

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:57 PM

Posted 20 November 2009 - 05:14 AM

Hi,
that's great! :)

I have a couple of advice left to prevent future infection:
Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
    • MVPs hosts file
      A tutorial for MVPs hosts file can be found here. If you would like automatic updates you might want to take a look at HostMan host file manager. For more information on thehosts file, and what it can do for you,please consult the Tutorial on the Hosts file
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holeswill allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variantsevery single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing :(.
Some more links you might find of interest:Have a nice day
myrti

Edited by myrti, 20 November 2009 - 05:14 AM.


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+

#11 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 31,817 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:03:57 PM

Posted 25 November 2009 - 07:36 PM

Since the issue seems to be resolved, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
myrti


If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM!
Please don't send help request via PM, unless I am already helping you. Use the forums!


sig3.png

Follow BleepingComputer on: Facebook | Twitter | Google+




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users