 IE/AVG issues - from Downloader.Generic3.SZP, Generic12.LHS, Vundo.AV?, Found viruses, cleaned them with AVG, still have IE and AVG issues |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Dec 8 2008, 04:35 PM
Post
#31
|
|
|
Member  Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378  |
So, in the mean time, the download completed and I clicked on My Computer. It has been scanning for the last hour or so (it's 54% complete so far with no infections and no suspicious objects). All of this has been done with the Windows Security Alert window still up, prompting me to "Keep Blocking", "Unblock" or "Ask Me Later". How should I answer that prompt for now? Thanks! |
 |
 
|
|
Dec 8 2008, 04:53 PM
Post
#32
|
|
 Bleeping Curious Group: HJT Team Posts: 6,868 Joined: 8-December 07 From: The Netherlands Member No.: 175,240 |
How do you send your reply? Are you using the same computer?
--------------------  This is a voluntary free service. However, if you would like to donate click on  |
|
|
|
|
Dec 8 2008, 05:02 PM
Post
#33
|
|
|
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378 |
Yes, I am sending the reply from the computer that we've been working on.
|
|
|
|
|
Dec 8 2008, 06:43 PM
Post
#34
|
|
|
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378 |
The Kaspersky scan finished. Kaspersky's scan page said "you can continue browsing in a new Web browser window", so I did for the first 50% of the scan. The only web sites I referenced were this one and Dell's. As mentioned before, the Windows Security Alert asking if I wanted to keep blocking Internet Explorer came up about half way along. I never understood which button you wanted me to click on (Keep Blocking, Unblock or Ask Me Later), so I just left it as it was the whole time. It is still up, so let me know how you would like me to answer that question.
If any of the above information invalidated the scan, let me know and I will rerun it and not have any other browser activity going on. The statistics showed that one infection was found. Here are the report results: KASPERSKY ONLINE SCANNER 7 REPORT Monday, December 8, 2008 Operating System: Microsoft Windows XP Home Edition Service Pack 2 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Monday, December 08, 2008 15:52:54 Records in database: 1444112 Scan settings Scan using the following database extended Scan archives yes Scan mail databases yes Scan area My Computer A:\ C:\ D:\ E:\ Scan statistics Files scanned 87468 Threat name 1 Infected objects 1 Suspicious objects 0 Duration of the scan 03:26:10 File name Threat name Threats count C:\Program Files\RealVNC\vnc-4.0-x86_win32_viewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1 The selected area was scanned. |
|
|
|
|
Dec 9 2008, 03:47 AM
Post
#35
|
|
|
Bleeping Curious Group: HJT Team Posts: 6,868 Joined: 8-December 07 From: The Netherlands Member No.: 175,240 |
Good work Kelvin!
 You may let Windows block some aspects of IE for the time being. I was afraid the alert was related to Kaspersky scan and asked you not to surfe and don't block anything at that time. Seems my direction was not clear. Anyway, Kaspersky is showing no infection. That is good. It is flagging one file but it doesn't mean it is malware. That is an application (RealVNC) used to monitor or interact with a computer remotely. When you install and use the application yourself it is no problem. But if it is installed on the computer without your consent or when you don't use it you can uninstall it. Before we clean the tools we have used, there are two problems to resolve, both are optional:
Click for more information on:Understanding and Using Firewalls There are several good free programs available like: Sunbelt-Kerio Comodo Firewall Pro Online Armor Free edition Note: If you decide to install Comodo, while installing uncheck the option related to Ask Toolbar. -------------------- This is a voluntary free service. However, if you would like to donate click on |
|
|
|
|
Dec 10 2008, 12:07 AM
Post
#36
|
|
|
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378 |
Farbar,
Your instructions to not surf were clear, but by the time I got them the scan was half done, and I had been surfing because Kaspersky's site said I could. Sorry about that. I installed RealVNC a while ago, to connect to my computer at work. I use Remote Desktop now, so I can go ahead an uninstall RealVNC. Should I do that now, or wait until we're done? Based on your earlier request, I have been holding off from making changes like that to my computer (e.g. Windows Updates, using AVG and AdAware to remove spyware, Updating Quicken, etc). I presume at some point you'll let me know when I can start making those updates again. I've been reviewing firewalls, per your request. I found the bleedingcomputer article very informative. I'm having trouble translating the marketing hype at the different websites to figure out which of the features each of the free products each provides. If you have any specific recommendations on a firewall, that would be great. If not, I will continue to review them to try and pick the best one. As far as Java goes, it seems like I've been prompted for Java updates in the past, so I'm guessing that some of my applications require it. If we can figure out how to get the latest Java installed, that would be my preference. I went to their website and searched for the error message I was getting, but didn't see anything that seemed to match my symptoms. I had hoped that the JRE 5 that I have now was better than the 1.3.1 that I had before, but from your posts, it sounds like it still has security holes. I've noticed that my Start menu defaults have changed. I figured it would be better to wait until we were done before I change anything back. Should I start setting those back yet, or should I continue to wait? One other thing to mention, as it seems we're starting to get close to the end. There are 3 separate accounts on my computer. We've done most everything so far from my personal account. It's seemed like most of the things we've worked on have been focusing on the computer as a whole. Is there anything specific we need to do with the other 2 accounts that would not have been handled with the tools we've used so far? Let me know what we should do next (or whether we need to wait for my firewall choice). Thanks again for your help!! |
|
|
|
|
Dec 10 2008, 06:13 AM
Post
#37
|
|
|
Bleeping Curious Group: HJT Team Posts: 6,868 Joined: 8-December 07 From: The Netherlands Member No.: 175,240 |
QUOTE I installed RealVNC a while ago, to connect to my computer at work. I use Remote Desktop now, so I can go ahead an uninstall RealVNC. Should I do that now, or wait until we're done? Based on your earlier request, I have been holding off from making changes like that to my computer (e.g. Windows Updates, using AVG and AdAware to remove spyware, Updating Quicken, etc). I presume at some point you'll let me know when I can start making those updates again. You may uninstall RealVNC. Also use AVG and AdAware and let then remove what they find. They might find some file but specially some registry leftover. They might also find cookies, they should be removed but you shouldn't be alarmed by them. The tools like ATF cleaner and CCleaner remove all the cookies also. QUOTE I've been reviewing firewalls, per your request. I found the bleedingcomputer article very informative. I'm having trouble translating the marketing hype at the different websites to figure out which of the features each of the free products each provides. If you have any specific recommendations on a firewall, that would be great. If not, I will continue to review them to try and pick the best one. I don't have any recommendation and you don't need a complicated firewall. Any of those firewall will do. QUOTE As far as Java goes, it seems like I've been prompted for Java updates in the past, so I'm guessing that some of my applications require it. If we can figure out how to get the latest Java installed, that would be my preference. I went to their website and searched for the error message I was getting, but didn't see anything that seemed to match my symptoms. I had hoped that the JRE 5 that I have now was better than the 1.3.1 that I had before, but from your posts, it sounds like it still has security holes. Java update prompt doesn't necessarily means you need Java installed. You get the prompt when Java is installed and running at startup with windows even if you never use it. On some computer Java some other software are preinstalled. It doesn't mean you need them. I have all kinds of editors (documents, photos, music, etc.) and none of them need a stand alone Java. Specially for graphic work you need Java. QUOTE I've noticed that my Start menu defaults have changed. I figured it would be better to wait until we were done before I change anything back. Should I start setting those back yet, or should I continue to wait? Running some tools and programs restore the default setting because sometimes malware alters those settings. You may change the setting as you like. QUOTE One other thing to mention, as it seems we're starting to get close to the end. There are 3 separate accounts on my computer. We've done most everything so far from my personal account. It's seemed like most of the things we've worked on have been focusing on the computer as a whole. Is there anything specific we need to do with the other 2 accounts that would not have been handled with the tools we've used so far? The fixes covered mostly all accounts. We don't need to do anything else. However, if you noticed anything weird about the current or other accounts in the coming days, even after closing the topic you may send me a PM and I will reopen the the topic. Let me know once more if you wanted to install Java. We don't have to wait for firwall to do that. This post has been edited by farbar: Dec 10 2008, 06:15 AM -------------------- This is a voluntary free service. However, if you would like to donate click on |
|
|
|
|
Dec 16 2008, 10:40 PM
Post
#38
|
|
|
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378 |
Farbar,
Sorry this has taken so long. I had to catch up on a few things. RealVNC did not show up in Add/Remove Programs and I couldn't find an Uninstall application, so I removed it by removing the RealVNC directory under Program Files and removing the executable shortcuts. I uninstalled JRE 5 Update 17. I haven't had any problems yet. If I do (e.g. in a few weeks), should I just post back to this topic, or is there some better way to contact you. You mentioned a PM in your prior post. What's that and how do I do it? I fixed my Start menu and reset my Screen Saver. I decided to install Sunbelt/Kerio as my firewall. The website talks about the free version, but the only download link is for a 30-day free trial of the full version. Do you know if that's the same thing? I submitted a question to their Support, so hopefully I'll have an answer tomorrow. What do we need to do next? Thanks again! |
|
|
|
|
Dec 17 2008, 02:40 AM
Post
#39
|
|
|
Bleeping Curious Group: HJT Team Posts: 6,868 Joined: 8-December 07 From: The Netherlands Member No.: 175,240 |
QUOTE I uninstalled JRE 5 Update 17. I haven't had any problems yet. If I do (e.g. in a few weeks), should I just post back to this topic, or is there some better way to contact you. You mentioned a PM in your prior post. What's that and how do I do it? To send a PM click on farbar above my avatar and select Send Personal Message. From there it should be easy. QUOTE I decided to install Sunbelt/Kerio as my firewall. The website talks about the free version, but the only download link is for a 30-day free trial of the full version. Do you know if that's the same thing? I submitted a question to their Support, so hopefully I'll have an answer tomorrow. After 30-day trial it will revert back to the "free version" functionality and that is all you need.
Please tell me if you have any question before we close the topic. -------------------- This is a voluntary free service. However, if you would like to donate click on |
|
|
|
|
Dec 17 2008, 08:23 PM
Post
#40
|
|
|
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378 |
OK, I've got the Sunbelt Firewall installed. There wasn't any application-specific setup, so I presume it's going to block all the right things by default. Do I need to start it up, configure it, or do anything else?
I removed ComboFix, RSIT and pretty much everything else that had been added to my desktop. I noticed that I had a backups folder there that looks like it may have been created when I ran either HijackThis or RSIT. It has 2 backup files in it. Should I get rid of this as well? Should I also uninstall Malwarebytes' AntiMalware? I loaded Windows Defender as part of the generic troubleshooting recommended by Bleepingcomputer. Should I leave that installed and running? Are there any special settings I should check? I read somewhere that you shouldn't have multiple AntiVirus tools running, and I wanted to make sure that this wouldn't conflict with my AVG AntiVirus Resident Shield. I haven't installed XP SP3 yet (I've been waiting for my company to approve it). Does that put me at any additional risk? I am loading the rest of the Windows Updates regularly. I have AVG AntiVirus running with a nightly scan scheduled. Once a week I go in and remove any Warnings (cookies) that AVG finds. I also run AdAware weekly. Besides my question above about Windows Defender, is there anything else I should be doing? Thanks again for everything! |
|
|
|
|
Dec 18 2008, 01:53 AM
Post
#41
|
|
|
Bleeping Curious Group: HJT Team Posts: 6,868 Joined: 8-December 07 From: The Netherlands Member No.: 175,240 |
QUOTE OK, I've got the Sunbelt Firewall installed. There wasn't any application-specific setup, so I presume it's going to block all the right things by default. Do I need to start it up, configure it, or do anything else? It is the check point on your computer to control the internet traffic. It is handy to play with the firewall and to read the user manual. You should know how to set it up according to your need. After the initial phase of getting to know how to use it and have configured what applications you are going to allow to connect to internet, you just leave it as it does its job without the need for a lot of attention. QUOTE I removed ComboFix, RSIT and pretty much everything else that had been added to my desktop. I noticed that I had a backups folder there that looks like it may have been created when I ran either HijackThis or RSIT. It has 2 backup files in it. Should I get rid of this as well? Should I also uninstall Malwarebytes' AntiMalware? They are Hijackthis backup folders. You may remove them. You may keep Malwarebytes' AntiMalware. It puts no burden on the system. Update it from time to time and run it when you suspect something is going on. Along with AV it is good to have it. QUOTE I loaded Windows Defender as part of the generic troubleshooting recommended by Bleepingcomputer. Should I leave that installed and running? Are there any special settings I should check? I read somewhere that you shouldn't have multiple AntiVirus tools running, and I wanted to make sure that this wouldn't conflict with my AVG AntiVirus Resident Shield. IMO Windows Defender is not an effective malware fighter. Windows defender is no AntiVirus, it is anti-spyware. The rule of thumb:One AntiVirus with real-time protection, one firewall (other than Windows firewall) an one antispyware with real-time protection. Any additional anti-malware shouldn't be running. You might have two or three antispyware but they should not be running at the same time and should be set not to start with windows. QUOTE I have AVG AntiVirus running with a nightly scan scheduled. Once a week I go in and remove any Warnings (cookies) that AVG finds. I also run AdAware weekly. Besides my question above about Windows Defender, is there anything else I should be doing? Optional: Install Javacools© SpywareBlaster SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. What you need is updating it once in 2-3 weeks and enabling the restriction. You can find more information and a download link here. And you are welcome. Let me know when you have read this, then I close the topic. -------------------- This is a voluntary free service. However, if you would like to donate click on |
|
|
|
|
Dec 20 2008, 05:09 AM
Post
#42
|
|
|
Bleeping Curious Group: HJT Team Posts: 6,868 Joined: 8-December 07 From: The Netherlands Member No.: 175,240 |
If there is no more questions we can close the topic.
-------------------- This is a voluntary free service. However, if you would like to donate click on |
|
|
|
|
Dec 20 2008, 02:42 PM
Post
#43
|
|
|
Member Group: Members Posts: 29 Joined: 27-November 08 Member No.: 261,378 |
I have installed SpywareBlaster as well. Everything appears to be working correctly.
Thanks for everything!!! Please feel free to close this topic. |
|
|
|
|
Dec 20 2008, 04:36 PM
Post
#44
|
|
|
Bleeping Curious Group: HJT Team Posts: 6,868 Joined: 8-December 07 From: The Netherlands Member No.: 175,240 |
Glad I could help.
This thread will now be closed. If you need this topic reopened, please send me a PM and I will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic. -------------------- This is a voluntary free service. However, if you would like to donate click on |
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 8th November 2009 - 05:15 AM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.