Torpig Virus

Forum Guidelines

Read this topic before posting a log.

DO NOT post a ComboFix log unless requested to.

Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

Torpig Virus, Hidden window at startup

Options

videoguy View Member Profile	Nov 29 2007, 02:51 PM Post #16
Member Group: Members Posts: 47 Joined: 10-September 06 Member No.: 84,592	QUOTE(Yourhighness @ Nov 29 2007, 04:00 AM) Hey Videoguy, unfortunately the report will not help us in regards to you Explorer issue then. Does it still occur? The Items under D Drive are backups of deleted spam emails which contain crapware and you should delete those files. Yeah, I'm still getting the warning from my firewall at the beginning that Windows Explorer is trying to access the internet. I just keep denying it. Is there anyway to find out why its trying to access it? I'm not experiencing any performance issues at all. I just thought that I'd better check with you guys to see what was going on with my PC. Guess its a good thing I did. QUOTE(Yourhighness @ Nov 29 2007, 04:00 AM) Step #1 Please repeat step 1a) from post 7. You can double-check by navigating to Start >> Run... >> type: C:\Documents and Settings\Administrator\Application Data\Sun\Java\Deployment\cache\ and hit enter. If this folder is empty, your cache has been emptied properly. Otherwise please delete the contents of this folder. Step #2 Please delete the SmitfraudFix folder, as we will not need it anymore. And while you are at it, please navigate to and delete: C:\~WRF0409.tmp <-- this file. Step #3 Please have the above steps done and see if Kaspersky detects anything after that. You only need to report back with the Kaspersky log if it finds anything. How are the symptoms of your pc? Let me know and we will go from there. Thanks. Okay, I'll do this now and let you know. Thanks again for the help.

videoguy View Member Profile	Nov 29 2007, 04:26 PM Post #17
Member Group: Members Posts: 47 Joined: 10-September 06 Member No.: 84,592	EDIT: Forgot to empty the recycling bin. Here's the new report. Looks like there are still 2 problem files somewhere. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, November 29, 2007 6:27:27 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 29/11/2007 Kaspersky Anti-Virus database records: 468571 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 79640 Number of viruses found: 2 Number of infected objects: 2 Number of suspicious objects: 0 Duration of the scan process: 01:09:17 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xvliib5.default\cert8.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xvliib5.default\history.dat Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xvliib5.default\key3.db Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xvliib5.default\parent.lock Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xvliib5.default\search.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6xvliib5.default\urlclassifier2.sqlite Object is locked skipped C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xvliib5.default\Cache\_CACHE_001_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xvliib5.default\Cache\_CACHE_002_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xvliib5.default\Cache\_CACHE_003_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\6xvliib5.default\Cache\_CACHE_MAP_ Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\My Documents\spyware tools and info\backups\backup-20060516-170624-494.dll Infected: Trojan-Downloader.Win32.Zlob.ov skipped C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{FFB49E2C-E351-4A68-A1FA-533688BDF26E}\RP2\A0000406.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{FFB49E2C-E351-4A68-A1FA-533688BDF26E}\RP2\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\MATT-1WY6LY0WML.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped C:\WINDOWS\temp\ZLT02920.TMP Object is locked skipped C:\WINDOWS\temp\ZLT02b5e.TMP Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{FFB49E2C-E351-4A68-A1FA-533688BDF26E}\RP2\change.log Object is locked skipped Scan process completed. This post has been edited by videoguy: Nov 29 2007, 06:29 PM

Yourhighness View Member Profile	Nov 30 2007, 03:01 AM Post #18
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,644 Joined: 20-April 06 From: Hamburg Member No.: 64,788	Hey videoguy, Step #1 Could you please create a screenshot the next time this is happening? There are several ways of doing this. Would be to use the BleepingComputer guide: "How to make a screen shot in Windows" Would be this guide (it uses Windows board methods): "How to make a screenshot" The latter still requires the image to be attached or uploaded to a image hosting service. Take your pick and please post back with a screenshot of the problem. Thanks. Step #2 Please navigate to and delete: C:\Documents and Settings\Administrator\My Documents\spyware tools and info\backups <-- this folder The other file will be gone when we flush the SystemRestore point and create a new one with a clean state of your pc. Step #3 Please complete the above tasks and we will have a further look at the Explorer issue. Your pc is looking good already. Just some final adjustments before I let you go with a few more tips on how to stay clean from malware. This post has been edited by Yourhighness: Nov 30 2007, 03:02 AM -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -

videoguy View Member Profile	Nov 30 2007, 09:59 AM Post #19
Member Group: Members Posts: 47 Joined: 10-September 06 Member No.: 84,592	I've got the two images saved on MS Paint but I'm not sure how to post the image here. When I click the 'insert image' button it asks me for a web address. I tried loading it as an attachment but apparently the size is too big. Any idea how to post this?

Yourhighness View Member Profile	Nov 30 2007, 02:54 PM Post #20
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,644 Joined: 20-April 06 From: Hamburg Member No.: 64,788	Hey videoguy, I use photobucket, but it requires you to sign up. An alternative is http://imageshack.us/. Try this and post back. thanks. -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -

videoguy View Member Profile	Nov 30 2007, 03:27 PM Post #21
Member Group: Members Posts: 47 Joined: 10-September 06 Member No.: 84,592	http://img240.imageshack.us/my.php?image=screen1ot9.png http://img107.imageshack.us/my.php?image=screen2mh9.png This post has been edited by videoguy: Nov 30 2007, 03:30 PM

videoguy View Member Profile	Nov 30 2007, 03:31 PM Post #22
Member Group: Members Posts: 47 Joined: 10-September 06 Member No.: 84,592	Also, I ran another Kapersky scan and it appears I've still got some kind of virus. ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Friday, November 30, 2007 2:05:46 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 30/11/2007 Kaspersky Anti-Virus database records: 469502 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ E:\ F:\ Scan Statistics: Total number of scanned objects: 79898 Number of viruses found: 1 Number of infected objects: 1 Number of suspicious objects: 0 Duration of the scan process: 01:08:54 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012007113020071201\index.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Administrator\UserData\index.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Microsoft Office\OFFICE11\STARTUP\PALMAPP.DOT Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\access_log Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error.log Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\error_log Object is locked skipped C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\logs\ssl_request_log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{FFB49E2C-E351-4A68-A1FA-533688BDF26E}\RP2\A0000406.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped C:\System Volume Information\_restore{FFB49E2C-E351-4A68-A1FA-533688BDF26E}\RP3\change.log Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\MATT-1WY6LY0WML.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\system32\_nvidia_xxx_.log Object is locked skipped C:\WINDOWS\temp\ZLT05da1.TMP Object is locked skipped C:\WINDOWS\temp\ZLT05da4.TMP Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped D:\System Volume Information\_restore{FFB49E2C-E351-4A68-A1FA-533688BDF26E}\RP3\change.log Object is locked skipped Scan process completed.

Yourhighness View Member Profile	Nov 30 2007, 04:31 PM Post #23
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,644 Joined: 20-April 06 From: Hamburg Member No.: 64,788	Hey Videoguy, Do not worry about that one virus that is still found. If you follow the "final cleanup" steps you will get rid of that entry automatically. Please navigate to the following page: http://www.grc.com/UnPnP/UnPnP.htm Download the tool and run it. See if that fixes the explorer.exe issue. Please post back if that has helped and we will continue from there. Thanks. -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -

videoguy View Member Profile	Dec 1 2007, 11:49 AM Post #24
Member Group: Members Posts: 47 Joined: 10-September 06 Member No.: 84,592	Okay I downloaded it and the popup doesn't happen anymore. Thanks. Unfortunately, my wife just downloaded Limewire again... looks like I'm going to be stuck with it. Is there any way to remove the crapware that comes with it?

Yourhighness View Member Profile	Dec 1 2007, 12:42 PM Post #25
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,644 Joined: 20-April 06 From: Hamburg Member No.: 64,788	hey Videoguy, Ask her to have a look at this list: http://p2p.malwareremoval.com/. This is a list with safe programmes to use. They essentially all over the same service. Once she decided which suits her needs, have Limewire uninstalled. Step #1 Please remove DSS, TCPView and UnPnP.exe and the folders it created. Step #2 Please also have a look at the following links, giving some advice and suggestions for preventing future infections: So How did I get infected? Microsoft - 'Security at home' Miekies' prevention suggestions Now you should Set a New Restore Point *to prevent possible reinfection* from an old one. Some of the malware you picked up could have been saved in System Restore. Since System Restore is a protected directory, your tools cannot access it to delete these bad files which sometimes can reinfect your system. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state. The easiest and safest way to do this is: Go to Start > Programs > Accessories > System Tools and click "System Restore". Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore. Then go to Start > Run and type: Cleanmgr Click "OK". Click the "More Options" Tab. Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one. I recommend you regularly visit the Windows Update Site , you are lagging behind on a few of them! Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating. By updating your machine, you have one less headache! Update ALL Critical updates and any other Windows updates for services/programs that you use. If you wish, you can also use automatic updates. This is a good thing to have if you want to be up-to-date all the time, but can also be a bit of an annoyance due to its handling and the sizes of the updates. If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates. Note that it will download them for you, but you still have to actually click install. If you do not want to have automatic updates turned on, or are on dial-up, you can always download updates seperately at: http://windowsupdate.microsoft.com. It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates. For a nice list of freeware programmes in all categories, please have a look at this thread with freeware products that are regarded as useful by the users of this forum: Commonly Used Freeware Replacements. Another recommendation, is to download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps: Double-click the Downloaded installer and install the tool to a location of your choice Via the Startmenu, navigate to HostsMan and run the program. Click "Hosts" in the menu Click "Manage Updates" in the submenu Out of the three, select atl east one of them (I have MVPS Host as my main one) Click "Add Update*." After that you will only need to click on the following button to retrieve updates: Click the X to exit the program. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.* Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there: Simple and easy ways to keep your computer safe and secure on the Internet Glad I was able to help and if there any other problems related to your computer please feel free to post them in the appropriate forum. Though we help people with spyware and viruses here at BC, we also help people with other computer problems! Do not forget to tell your friends about us! -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -

videoguy View Member Profile	Dec 1 2007, 03:20 PM Post #26
Member Group: Members Posts: 47 Joined: 10-September 06 Member No.: 84,592	Thanks, I can't thank you enough. I'll do all of the above. But I do have some questions before you go... 1. Do I need to re-format my harddrive and re-install windows? I know that's what you said on the first page but later on you said the infection wasn't too bad. I'd prefer to not go through the hassle of doing this but I will if you feel that its necessary. 2. Is it safe now to do say... banking on my computer or should I be worried about anything? (assuming the site is safe of course) Not that I do my banking on the computer, I just want to know how vulnerable I am to the trojan that I just got hit with... you mentioned something about a back door... and my PC never being safe again. 3. The plug and play program that I installed... is that going to interfere with anything, prevent me from downloading anything or cause performance issues? 4. Is streaming live video safe on FLV sites? Thanks again. I'll do another check on what you've asked me to do here and I'll let you know if there are any issues. And yes, I tell my friends all about you guys. Thanks again. This post has been edited by videoguy: Dec 1 2007, 03:23 PM

Yourhighness View Member Profile	Dec 1 2007, 03:48 PM Post #27
The BSG Malware Fighter Group: HJT Team Coach Posts: 6,644 Joined: 20-April 06 From: Hamburg Member No.: 64,788	Hey Videoguy, In post #4 I gave you some information on "trojan horse(es)" which is what some of the malware on your pc was. It is thus suggested to change your passwords as it cannot be sure how much of your privacy had been intruded. If your pc would have been even further infected, up to a stage that changing your passwords would not have been enough to ensure privacy and/or security of your pc and private data, a clear suggestion of formatting your pc would have been given. However, since all culprits could be found, a format is not necessary any more at this stage. I suggest that you change all your passwords as mentioned in post number 4 and you should be good for now. As for your second question; as mentioned above a change of your passwords, keeping a firewall and antivirus, updating your hostsfile regulary, practicing "safe-hex" (see the link in my signatur) and last but not least important, keeping your pc updated with the latest security updates should keep you on a safe track . The plugnplay programme you installed actually "deactivated" an old security hole in Windows and made your pc more secure. You can obtain a bit more info about this here: http://www.microsoft.com/technet/security/Bulletin/MS05-039.mspx. Streaming videos such as those on youtube or news sites should generally be safe. Sites with streaming videos that are often taken to infect pcs with are those streaming adult contents or "fun" stuff kids would "fall" for. General rule of thumb is that you should not install anything that does not sound legit to you or rise scepticism. If you get a prompt that a plugin has to be installed to stream a video, it should raise your attentionand you should check if a player of which the plugin is supposed to be missing is mentioned. If it is, check if your PC has that player installed and if it si trustworthy. If it just says "you need to download this codec x to watch this particular video", then it could well be an attempt to trick you into downloading and executing their malware programme. This post has been edited by Yourhighness: Dec 1 2007, 03:50 PM -------------------- I will be scarce from mid July til end of October and from December til May. If you need to contact me or I havent replied to a topic of yours, please send a pm - "How did I get infected?" - "Safe-hex" - Member of UNITE -

« Next Oldest · HijackThis Logs and Virus/Trojan/Spyware/Malware Removal · Next Newest »

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides