Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ie keeps crashing


  • Please log in to reply
6 replies to this topic

#1 donnie

donnie

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 05 February 2005 - 02:01 AM

ive run spybot, spyware blaster and del domaines, right now ther are no 015's listed, but every time i reboot i get a slew of them, i need help, please.

Logfile of HijackThis v1.99.0
Scan saved at 1:52:25 AM, on 2/5/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\SYSTEM\SDKFU32.EXE
C:\WINDOWS\APPZA32.EXE
C:\WINDOWS\SYSTEM\APPPP32.EXE
C:\WINDOWS\SYSTEM\SYSDS.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\PROGRAM FILES\MICROSOFT HARDWARE\MOUSE\POINT32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\REAL\REALPLAYER\REALPLAY.EXE
C:\WINDOWS\TEMP\B100.TMP.EXE
C:\WINDOWS\D3QY.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\WINDOWS\SYSTEM\APPPP32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\SDKFU32.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\vqoml.dll/sp.html#28129
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\vqoml.dll/sp.html#28129
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system\vqoml.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\vqoml.dll/sp.html#28129
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\vqoml.dll/sp.html#28129
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system\vqoml.dll/sp.html#28129
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {62AD18D3-C547-2D83-CC5E-FB41D08A4A94} - C:\WINDOWS\MFCGG32.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [B100.TMP] C:\WINDOWS\TEMP\B100.TMP.exe 1 28129
O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe
O4 - HKLM\..\Run: [D3QY.EXE] C:\WINDOWS\D3QY.EXE
O4 - HKLM\..\Run: [B100.TMP.EXE] C:\WINDOWS\TEMP\B100.TMP.EXE 3 28129
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKLM\..\RunServices: [SYSDS.EXE] C:\WINDOWS\SYSTEM\SYSDS.EXE
O4 - HKLM\..\RunServices: [APPPP32.EXE] C:\WINDOWS\SYSTEM\APPPP32.EXE
O4 - HKLM\..\RunServices: [APPZA32.EXE] C:\WINDOWS\APPZA32.EXE
O4 - HKLM\..\RunServices: [SDKFU32.EXE] C:\WINDOWS\SYSTEM\SDKFU32.EXE
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll
O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhtml:file://C:\foo.mht!http://vparivalka.com/G7/chm10.chm::/ieloader.exe
O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\tusixene.exe

BC AdBot (Login to Remove)

 


#2 daveai

daveai

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 05 February 2005 - 02:09 PM

Thanks for sending the HJT log.

You have an infection called CWS About:Blank, which will take several messages to fix.

Here are the first insructions:

This is a variant of CoolWebSearch that redirects your homepage to about:blank. It also installs a malicious service that prevents it from being fixed. We need to eliminate that service.
  • Obtain list of irregular services:
  • Please download ServiceFilter.
  • Unzip ServiceFilter.zip to a convenient folder like C:\ServiceFilter.
  • Navigate to where you unzipped it and double-click on ServiceFilter.vbs.
  • If you have an active anti-virus it might prevent the script from starting. Please allow the script to run.
  • It will open a text file (POST_THIS.TXT) that lists all of the irregular services.
  • Press Ctrl + A simultaneously to select all of the text.
  • Copy and paste the whole thing into your next post.
  • A copy of POST_THIS.TXT is saved to where ServiceFilter.vbs was saved just in case you accidentally close out of it.
When you reply, please send a fresh HijackThis log along with the Post_This.txt info.

Then, do not reboot until you hear from me.

Thanks
daveai
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous

#3 donnie

donnie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 05 February 2005 - 11:12 PM

hey daveai, thanks for taking up my cause, i tried to open the file service filter but said it only works for xp and 2000, i take it to mean it doesnt work for windows ME

#4 daveai

daveai

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 06 February 2005 - 12:03 AM

I'm back. Sorry for the earlier confusion.

You have a severe infection called About Blank. To remove this infection you need to download several small free programs and follow the directions very carefully. During the fix you also can have no contact with the internet AND must also keep Internet Explorer closed ot the infection will be reinstalled.

I am first going to ask you to download the programs to clean with and then have you disconnect from the internet and use the programs to clean your computer.


Please copy and paste this entire set of instructions into Wordpad (Start>Programs>Accessories>Wordpad) so that you have them available when disconnected from the internet You may also want to print them.


Step#1 - Show All Hidden Filesr

We need to make sure all hidden files are showing so please:
* Open My Computer.
* Select the View menu and click Folder Options.
* Select the View Tab.
* In the Hidden files section select Show all files.
* Click OK.



Step#2 - CWShredder For use Later

1. Please Download the most recent version of CWShredder, from CWSInstall.exe

2. Check for Updates



Step#3 - Ad-Aware SE For use Later

1. Download and Install Ad-Aware SE, keeping the default options. However, some of the settings will need to be changed before your first scan

2.Close ALL windows except Ad-Aware SE

3. Click on the‘world’ icon at the top right of the Ad-Aware SE window and let AdAware SE update the reference list for the adware and malware.

4. Once the update is finished click on the ‘Gear’ icon (second from the left at the top of the window) to access the preferences/settings window

1) In the ‘General’ window make sure the following are selected in green:
*Automatically save log-file
*Automatically quarantine objects prior to removal
*Safe Mode (always request confirmation)

Under Definitions:
*Prompt to udate outdated definitions - set the number of days

2) Click on the ‘Scanning’ button on the left and select in green :

Under Driver, Folders & Files:
*Scan Within Archives

Under Select drives & folders to scan -
*choose all hard drives

Under Memory & Registry: all green
*Scan Active Processes
*Scan Registry
*Deep Scan Registry
*Scan my IE favorites for banned URL’s
*Scan my Hosts file

3) Click on the ‘Advanced’ button on the left and select in green:

Under Shell Integration:
*Move deleted files to recycle bin

Under Logfile Detail Level: (all green)
*include addtional object information
*DESELECT - include negligible objects information
*include environment information

Under Alternate Data Streams:
*Don't log streams smaller than 0 bytes
*Don't log ADS with the following names: CA_INOCULATEIT

4) Click the ‘Tweak’ button and select in green:

Under the ‘Scanning Engine’:
*Unload recognized processes during scanning
*Scan registry for all users instead of current user only

Under the ‘Cleaning Engine’:
*Let Windows remove files in use at next reboot

Under the Log Files:
*Include basic Ad-aware SE settings in logfile
*Include additional Ad-aware SE settings in logfile
*Please do not check or make green: Include Module list in logfile

5. Click on ‘Proceed’ to save the settings.




Step#4 - About Buster For use Later

1. Please download About:Buster from here: http://tools.zerosrealm.com/AboutBuster.zip.

2. Once it is downloaded extract it to c:\aboutbuster.



Disconnect from the internet and disconnect your cable or phone line so there is no chance of contacting the internet until you are ready.



Step#5 - Fixing With CWShredder

1. CLOSE ALL WINDOWS except CWShredder

2. Run the program by clicking 'fix' and letting it fix all CWS remnants.

3. REBOOT to finish the removal and clear memory.


Step#6 - Fixing With Ad-Aware SE

1. Click ‘Start’

*Choose:'Perform Full System Scan'
*DESELECT "Search for negligible risk entries", as negligible risk entries (MRU's) are not considered to be a threat.

2. Click ‘Next’ and Ad-Aware SE will scan your hard drive(s) with the options you have selected and clean automatically.

3. If Ad-Aware SE finds bad entries, you will receive a list of what it found in the window

4. Save the log file when it asks and then click ‘finish’

5. REBOOT to complete the removal of what Ad-Aware SE found


Step#7 - Fixing With About Buster

1. Navigate to the c:\aboutbuster directory and

2. double-click on aboutbuster.exe When the tool is open press the OK button

3. Press the Start button, then the OK button, and then finally the Yes button. It will start scanning your computer for files.

If it asks if you would like to do a second scan, allow it to do so.

4. Post the log file in your next reply


Step#8 - Stop Malware Running Processes

Please use CTRL-ALT-DEL to open the Task Manager and in the Processes list please END TASK on [u]all occurances
of the following files:


C:\WINDOWS\SYSTEM\SDKFU32.EXE
C:\WINDOWS\SYSTEM\SDKFU32.EXE

C:\WINDOWS\APPZA32.EXE

C:\WINDOWS\SYSTEM\APPPP32.EXE
C:\WINDOWS\SYSTEM\APPPP32.EXE

C:\WINDOWS\TEMP\B100.TMP.EXE

C:\WINDOWS\D3QY.EXE


Step#9 - Fixing With HijackThis

1. Scan again with HijackThis (ALL WINDOWS CLOSED EXCEPT HJT)

2. Put a check mark beside each of the following entries in the HJT window

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\vqoml.dll/sp.html#28129

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\vqoml.dll/sp.html#
28129


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system
\vqoml.dll/sp.html#28129

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system\vqoml.dll/sp.html#
28129

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system\vqoml.dll/sp.html#
28129

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system
\vqoml.dll/sp.html#28129

R3 - Default URLSearchHook is missing

O2 - BHO: Class - {62AD18D3-C547-2D83-CC5E-FB41D08A4A94} - C:\WINDOWS\MFCGG32.DLL

O4 - HKLM\..\Run: [B100.TMP] C:\WINDOWS\TEMP\B100.TMP.exe 1 28129

O4 - HKLM\..\Run: [sais] c:\program files\180solutions\sais.exe

O4 - HKLM\..\Run: [D3QY.EXE] C:\WINDOWS\D3QY.EXE

O4 - HKLM\..\Run: [B100.TMP.EXE] C:\WINDOWS\TEMP\B100.TMP.EXE 3 28129

O4 - HKLM\..\RunServices: [SYSDS.EXE] C:\WINDOWS\SYSTEM\SYSDS.EXE

O4 - HKLM\..\RunServices: [APPPP32.EXE] C:\WINDOWS\SYSTEM\APPPP32.EXE

O4 - HKLM\..\RunServices: [APPZA32.EXE] C:\WINDOWS\APPZA32.EXE

O4 - HKLM\..\RunServices: [SDKFU32.EXE] C:\WINDOWS\SYSTEM\SDKFU32.EXE

O16 - DPF: {10003000-1000-0000-1000-000000000000} - ms-its:mhxxl:file://C:\foo.mht!
http://vparivalka.com/G7/chm10.chm::/ieloader.exe

O16 - DPF: {10000000-1000-0000-1000-000000000000} - file://C:\Program Files\Internet Explorer\tusixene.exe


3. Click 'fix checked

4. REBOOT to finish removing the entries into SAFE MODE by pressing F8 repeatedly while booting up

5. In Safe Mode DELETE the following files:


C:\WINDOWS\MFCGG32.DLL <-- this file

C:\WINDOWS\D3QY.EXE <-- this file

C:\WINDOWS\APPZA32.EXE <-- this file

C:\WINDOWS\D3QY.EXE <-- this file


C:\WINDOWS\system\vqoml.dll <-- this file

C:\WINDOWS\SYSTEM\SYSDS.EXE <-- this file

C:\WINDOWS\SYSTEM\APPPP32.EXE <-- this file


C:\WINDOWS\SYSTEM\SDKFU32.EXE <-- this file


c:\program files\180solutions\ <-- this folder

C:\WINDOWS\TEMP\B100.TMP.exe <-- this file


6. REBOOT into normal mode


Step#10 - Cleanup

1.Make sure that all Internet Temp files are gone, by checking the folders that the Temporary Internet Files and Temp files are stored in. To do so use Control Panel > Internet Options(or right click the IE icon on the desktop and choose Properties). Click Delete Files on the General Tab - place a check in the Delete all offline content box, then 'Clear History' and then press OK

2.Double Check the following folders to make sure they are empty:
C:\WINDOWS\Profiles\your account\Temporary Internet Files
Delete all the files in (and any subfolders of) the C:\Windows\Temp\ folder (do not delete the TEMP folder just the contents)

3. Empty your Recycle Bin


Step#11 - Clean Your Favourites Folder

This infection puts many undesirable links in your Favourites folder so you will want to clean that manually by checking all of your entries. (the added entries should be obvious)


**Reconnect to the Internet Now and Finish With an Online AV Scan and a HijackThis log**


Step#12 - Complete an Online AntiVirus Scan

Run an online antivirus scan at:

Trend Micro Online AV

Reboot


Step#13 - Scan With HijackThis

7. please SCAN again with HJT and

8. POST a new log file here in this thread using 'Add Reply' for the next set of instructions.


Good Luck!
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous

#5 donnie

donnie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 06 February 2005 - 02:11 AM

:thumbsup:

#6 donnie

donnie
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:08:44 AM

Posted 06 February 2005 - 02:13 AM

:thumbsup: hey what do you think?

although i think i might have accidentaly deleted something i might have needed, because my search browser for aol no longer works, but other than that take a look.

Logfile of HijackThis v1.99.0
Scan saved at 2:05:38 AM, on 2/6/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\SSDPSRV.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\NORTON ANTIVIRUS\NAVAPW32.EXE
C:\WINDOWS\SYSTEM\HPZTSB04.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\FINDFAST.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\PROGRAM FILES\MICROSOFT OFFICE\OFFICE\OSA.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\AOLTRAY.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\PROGRAM FILES\AMERICA ONLINE 7.0\WAOL.EXE
C:\WINDOWS\SYSTEM\TAPISRV.EXE
C:\WINDOWS\SYSTEM\RNAAPP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS.EXE

O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [NAV DefAlert] C:\PROGRA~1\NORTON~1\DEFALERT.EXE
O4 - HKLM\..\Run: [Norton Auto-Protect] C:\PROGRA~1\NORTON~1\NAVAPW32.EXE /LOADQUIET
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\SYSTEM\hpztsb04.exe
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.exe
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: America Online 7.0 Tray Icon.lnk = C:\Program Files\America Online 7.0\aoltray.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM\Shdocvw.dll

#7 daveai

daveai

  • Members
  • 266 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 06 February 2005 - 12:13 PM

Thanks

Okay...the About:Blank infection is knocked down.

And, there is no malware showng in the HijackThis log at this time.


Your IE is way out of date, which will be a sure ticket to re-infection if not corrected. So...Download Internet Explorer 6 Service Pack 1.

Then, start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there to ensure you are uptodate on critical security patches.


Next, let's get your system better protected, and then we can work through any remaining issues (such as AOL).

Please review these general prevention steps to keep one's computer clean and secure. You have already taken a few of the steps, but it never hurts to take a quick look :thumbsup:

I strongly recommend you implement the programs mentioned in Step #2 because of this:

Since you ran DelDomains earlier, it is important to note that since the Restricted Domains are deleted by this fix, SpywareBlaster protection must be re-enabled. Spybot's Immunize feature must be used again, and you will also have to re-install IE-SpyAd if installed.


1 -- Be sure you update your anti-virus software at least once a week. There are several very good free programs available. Grinler offers an outstanding overview at Virus, Spyware, and Malware Protection and Removal Resources

2 -- To reduce re-infection potential for malware in the future, I strongly recommend installing three free programs: SpywareBlaster, SpywareGuard, and IE/Spyad.

3 -- Use AdAware SE and Spybot S&D to regularly to scan your system.

4 -- Continue to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.

5 -- I strongly recommend that you consider using a Firewall. Just by using a Firewall in its default configuration can lower your risk greatly. Check out what Lawrence Abrams has to say at Understanding and Using Firewalls

An excellent overview is: So how did I get infected in the first place?. Be sure to visit the browser test link at the end of the article to really see how secure your system is!!


Then...create a fresh HijackThis log, and send it back, along with some more details about the AOL problem.

Thanks
daveai
"Applying computer technology is simply finding the right wrench to pound in the correct screw." Anonymous




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users