BleepingComputer.com: I think I have some kind of anti virus probelm

Hi,

Re-installing chrome has fixed that problem so thanks again.

The word thing happened at the same time my pc got infected. I don't have a cd for it to re-install but I can probably get one. It's not then end of the world with Word to be honest.

Thanks again for all your time. So do you think the problem is pretty much sorted now?

charlie

Yep, probably best to reinstall Word.

If no other problems, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis

• Double-click OTL.exe.
  
• Click the CleanUp! button.
  
• Select Yes when the
  Begin cleanup Process?
  prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes, if not delete it by yourself.

Note: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.


Download and run Secunia Personal Software Inspector (PSI) and fix its findings.


Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.


Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade

Hi

I thought I'd mention just before we move on to the next step that I visited a website today and a new tab upended up that looked like windows telling me


Windows security online performing free scan

The page at 7eb3e5e.com says:
Windows security has found critical process activity on your system and will perform fast online scan of system files.

I forgot to mention that this comes up every now and then.

Also If I'm using chrome do I need internet explorer? And I have Microsoft Office though I never use it. Would it be better to just remove it?

Thanks

Charlie

in fact re-installing chrome has not fixed the problem. It seems to only happen when I go onto FB. If it's nothing serious then it's no problem, I can live with it.

Thanks

Charlie

Hi,

Download aswMBR to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan.

On completion of the scan click save log, save it to your desktop and post in your next reply.

here you go

aswMBR version 0.9.5.256 Copyright© 2011 AVAST Software
Run date: 2011-05-24 16:45:38
-----------------------------
16:45:38.922 OS Version: Windows x64 5.2.3790 Service Pack 2
16:45:38.922 Number of processors: 4 586 0xF0B
16:45:38.922 ComputerName: USER-4E9016F98D UserName: Administrator
16:45:40.485 Initialize success
16:45:42.813 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006c
16:45:42.829 Disk 0 Vendor: MAXTOR_STM3500630AS 3.AAE Size: 476940MB BusType: 3
16:45:42.829 Disk 0 MBR read successfully
16:45:42.829 Disk 0 MBR scan
16:45:42.829 Disk 0 Windows XP default MBR code
16:45:42.829 Service scanning
16:45:43.657 Disk 0 trace - called modules:
16:45:43.657 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys nvata64.sys hal.dll
16:45:43.657 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffadf9cbd6060]
16:45:43.657 3 CLASSPNP.SYS[fffffadf9059a8c9] -> nt!IofCallDriver -> \Device\0000006d[0xfffffadf9baede60]
16:45:43.657 5 ACPI.sys[fffffadf907a9e69] -> nt!IofCallDriver -> \Device\0000006c[0xfffffadf9baed060]
16:45:43.657 Scan finished successfully
16:46:00.391 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\MBR.dat"
16:46:00.391 The log file has been saved successfully to "C:\Documents and Settings\Administrator\Desktop\aswMBR.txt"

cheers

charlie

Hi,

Answering questions in your previous post.

Quote

Some programs use Internet Explorer components on background. So yes, you should keep IE updated even if you didn't use it for browsing.

Quote

If you don't use it then likely better to uninstall it.

Quote

Does this happen on some specific sites?

Quote

Please do a complete manual uninstall for the previous version first and then reinstall the latest one.

Ok cool no problem.


Sorry I was getting confused about Office (I do use it)

I've manually removed chrome, seems fine again thanks very much.

I think it is certain websites now that you mention it so I'll just stay clear of those thanks.

Should I move onto the next step? Thanks for your patience.

charlie

Hi,

Yes, please see those steps in my "final steps" post. It's important to make sure system is fully updated.

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.