Windows Antivirus Pro

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Forum Rules

When posting your problem, do not run and post a ComboFix log. ComboFix is a tool that should only be run under the supervision of someone who has been trained in its use. Using it on your own can cause problems with your computer. Any posts containing CF Logs will be ignored.

To receive help, you should instead provide a detailed description of your problem, detailed word-for-word error messages that you are receiving, screenshots of strange behaviour, and your operating system. This information is much more useful to our helpers than a ComboFix log.

If you have not received help after three days, please post a link to your topic HERE.

Page 1 of 1

You cannot start a new topic
You cannot reply to this topic

Windows Antivirus Pro

#1 Poltergeist

New Member

Group: Members
Posts: 10
Joined: 04-November 09

Posted 19 November 2009 - 12:52 PM

Hello people.

A computer at work totally unprotected (!) except by the XP firewall became infected back in August (!) with Windows Antivirus Pro. I followed the tutorial given on this site: http://www.bleepingcomputer.com/virus-remo...s-antivirus-pro

However, although the first bit of the procedure, downloading Fixtm.reg and merging it with the data in the registry, worked, so that I was able to use the Windows Task Manager, the process called Windows Antivirus Pro.exe was simply not in the processes list. The process svchast.exe was there and I did terminate it. However, I cannot open MBAM, previously installed on the computer, or indeed any other program (a window just momentarily opens and then closes). Yet Windows Antivirus Pro is very active, telling me that any site I go to has infected my computer and constantly offering me the wonderful opportunity to purchase this 'antivirus' program.

Any help much appreciated, but I should tell you that I am quite ignorant of computers!

Poltergeist.

#2 boopme

To Insanity and Beyond

Group: Global Moderator
Posts: 46,295
Joined: 10-September 04
Gender:Male
Location:NJ USA

Posted 19 November 2009 - 04:35 PM

Hello please run RKill and then MBAM.
Please download Rkill by Grinler and save it to your desktop.

Link 2

Link 3

Link 4

Double-click on the Rkill desktop icon to run the tool.
If using Vista, right-click on it and Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
If the tool does not run from any of the links provided, please let me know.

You will need to run the application again if rebooting the computer occurs along the way.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

How do I get help? Who is helping me?
Staying Updated Calendar of Updates.
For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....
Become a BleepingComputer fan: Facebook

#3 Poltergeist

New Member

Group: Members
Posts: 10
Joined: 04-November 09

Posted 20 November 2009 - 04:21 PM

Many thanks for your help, boopme. I'm off work for some days but will try your suggestions when I get back.

Poltergeist.

#4 boopme

To Insanity and Beyond

Group: Global Moderator
Posts: 46,295
Joined: 10-September 04
Gender:Male
Location:NJ USA

Posted 20 November 2009 - 06:49 PM

Ok I'll clean that up and await your logs when you return., If you can in the meantime disconnect it from the Internet.

#5 Poltergeist

New Member

Group: Members
Posts: 10
Joined: 04-November 09

Posted 03 December 2009 - 01:02 PM

Hello, boopme.

Sorry it has taken me so long to reply. I became ill towards the end of the planned time off work and therefore ended up away from work longer than intended.

I got rid of Windows Antivirus Pro quickly and effortlessly following your directions. The first link you provided worked straight off.

Thanks, boopme - you're a star!

I am now going to try to post the two logs I got from MBAM. I say 'try' because I've never done this before and as I said in my first post, I'm pretty ignorant of the ways of computers. I say 'two logs' because first I did a quick scan (as advised) and then later did a complete one. I should also say that the date (and time) on the first one is incorrect: time and date like everything else on the computer being messed up by Windows Antivirus Pro.

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

28/04/2005 01:50:10
mbam-log-2005-04-28 (01-50-10).txt

Scan type: Quick Scan
Objects scanned: 99568
Time elapsed: 3 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 10
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 7
Files Infected: 47

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tapi.nfo (Trojan.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{f54af7de-6038-4026-8433-cc30e3f17212} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{f54af7de-6038-4026-8433-cc30e3f17212} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{f54af7de-6038-4026-8433-cc30e3f17212} (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\antippro2009_12 (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\antippro2009_12 (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\antippro2009_12 (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Windows antiVirus pro (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Win AntiVirus Pro (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Enum\Root\LEGACY_ANTIPPRO2009_12 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_USERS\S-1-5-18\SOFTWARE\Windows antiVirus pro (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe tapi.nfo beforeglav) Good: (Explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\ILHS\Start Menu\Programs\Windows AntiVirus Pro (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\SYSTEM32\dddesot.dll (Rogue.ASC-AntiSpyware) -> Delete on reboot.
C:\WINDOWS\SYSTEM32\tapi.nfo (Trojan.Agent) -> Delete on reboot.
C:\Documents and Settings\ILHS\Local Settings\Temp\B4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\svchast.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\ErrorLog.txt (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcm80.dll (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcp80.dll (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\msvcr80.dll (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\Windows Antivirus Pro.exe (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\dbsinit.exe (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\wispex.html (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\i3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\j3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\jj3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\l3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\pix.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\t2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\Thumbs.db (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\up2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w11.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\w3.jpg (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt1.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt2.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Program Files\Windows AntiVirus Pro\tmp\images\wt3.gif (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\ILHS\Start Menu\Programs\Windows AntiVirus Pro\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\Documents and Settings\ILHS\Desktop\Windows Antivirus Pro.lnk (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bennuar.old (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\bincd32.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\desot.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\onhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sonhelp.htm (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\sysnet.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp3.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\ppp4.dat (Malware.Trace) -> Quarantined and deleted successfully.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Malwarebytes' Anti-Malware 1.41
Database version: 2775
Windows 5.1.2600 Service Pack 3

02/12/2009 12:50:16
mbam-log-2009-12-02 (12-50-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 139218
Time elapsed: 16 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 18

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache (Adware.2020search) -> Quarantined and deleted successfully.

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0223603.exe (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0223605.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0223669.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0223701.exe (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0223702.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0223709.exe (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0223710.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0224718.exe (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0223713.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0224709.exe (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0224710.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0224711.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0224719.dll (Rogue.ASC-AntiSpyware) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0224720.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0224727.exe (Rogue.WindowsAntiVirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP682\A0224728.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP695\A0234900.exe (Antivirus2009) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP704\A0239887.exe (Antivirus2009) -> Quarantined and deleted successfully.

#6 boopme

To Insanity and Beyond

Group: Global Moderator
Posts: 46,295
Joined: 10-September 04
Gender:Male
Location:NJ USA

Posted 03 December 2009 - 02:02 PM

Thanks and you're welcome,we are almost done.

Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

#7 Poltergeist

New Member

Group: Members
Posts: 10
Joined: 04-November 09

Posted 04 December 2009 - 12:47 PM

OK, back again, boopme.

I updated MBAM (in fact, got a new version of it as well as updating) and did a quick scan which found some bad stuff. Then I sent the report to MBAM and did a full scan which, as you can see from the second of the two logs, uncovered nothing. So it seems everything is peachy-dee, but I'll wait for your verdict.

Malwarebytes' Anti-Malware 1.42
Database version: 3291
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

04/12/2009 10:42:27
mbam-log-2009-12-04 (10-42-27).txt

Scan type: Quick Scan
Objects scanned: 112036
Time elapsed: 4 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\dynamic toolbar (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT (Adware.2020search) -> Quarantined and deleted successfully.
C:\Program Files\dynamic toolbar\EIRCOMT\Cache (Adware.2020search) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\dynamic toolbar\EIRCOMT\Cache\T19281.tmp (Adware.2020search) -> Quarantined and deleted successfully.

*****************************************************************************************************************************************************************************************************

Malwarebytes' Anti-Malware 1.42
Database version: 3291
Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

04/12/2009 11:03:37
mbam-log-2009-12-04 (11-03-37).txt

Scan type: Full Scan (C:\|)
Objects scanned: 150166
Time elapsed: 16 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 boopme

To Insanity and Beyond

Group: Global Moderator
Posts: 46,295
Joined: 10-September 04
Gender:Male
Location:NJ USA

Posted 04 December 2009 - 03:32 PM

Well looks great to me!! If there are no more issues on that end then...
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:

Go to Start > Programs > Accessories > System Tools and click "System Restore".
Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

Then use Disk Cleanup to remove all but the most recently created Restore Point.
Go to Start > Run and type: Cleanmgr
Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
Click the "More Options" tab, then click the "Clean up" button under System Restore.
Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
Click Yes, then click Ok.
Click Yes again when prompted with "Are you sure you want to perform these actions?"
Disk Cleanup will remove the files and close automatically.

Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

#9 Poltergeist

New Member

Group: Members
Posts: 10
Joined: 04-November 09

Posted 04 December 2009 - 04:02 PM

OK, boopme, I'll do as you say, create a new restore point and run Disk Cleanup and with any luck you won't hear from me again on this subject. Thank you very much for your help...and now I'm going to toddle off down the road to the pub.

Poltergeist

This post has been edited by Poltergeist: 04 December 2009 - 04:03 PM

#10 boopme

To Insanity and Beyond

Group: Global Moderator
Posts: 46,295
Joined: 10-September 04
Gender:Male
Location:NJ USA

Posted 04 December 2009 - 04:28 PM

You're most welcome,as new malware is getting stronger and harder to remove, please take a moment to read quietman7's excellent prevention tips in post 6 here
Click >>>> Tips to protect yourself against malware:

You can always stop by on pizza nite :thumbsup: