Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

B.whataboutadog And A A.adoginhespen


  • Please log in to reply
11 replies to this topic

#1 jde68

jde68

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 07 January 2008 - 09:24 PM

I know you guys have solved this one before. I am not sure how to proceed. Can someone walk me through this? Your help is very much appreciated

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 AM

Posted 07 January 2008 - 10:36 PM

Download FindAWF.exe by noahdfear and save to your desktop.
  • Double-click on FindAWF.exe to run.
  • Select option #1 - Scan for bak folders by typing 1 and press 'Enter'.
  • When complete, it will open a text file in notepad called AWF.txt which will automatically be saved to your desktop.
  • Copy and paste the contents of the awf.txt file in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 jde68

jde68
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 07 January 2008 - 11:49 PM

Here is the content of the awf.txt file


Find AWF report by noahdfear 2006
Version 1.40

The current date is: Mon 01/07/2008
The current time is: 22:42:59.01


bak folders found
~~~~~~~~~~~


Directory of C:\HP\BIN\BAK

0 File(s) 0 bytes

Directory of C:\HP\KBD\BAK

07/06/2001 11:56 PM 61,440 KBD.EXE
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\COLOREAL\BAK

11/26/2002 08:14 PM 131,072 coloreal.exe
1 File(s) 131,072 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

02/23/2006 02:45 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/23/2006 12:58 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

05/19/2005 05:23 PM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\WINDOWS\SYSTEM\BAK

01/06/2008 05:58 PM 183 hpsysdrv.DAT
05/07/1998 07:04 PM 52,736 hpsysdrv.exe
2 File(s) 52,919 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

10/16/2002 09:05 AM 114,688 hkcmd.exe
1 File(s) 114,688 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

12/02/2003 04:11 PM 54,296 ccApp.exe
12/02/2003 04:11 PM 58,392 ccRegVfy.exe
2 File(s) 112,688 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

04/17/2002 08:42 PM 69,632 hpgs2wnd.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\UNIBLUE\SPEEDU~1\BAK

12/06/2006 05:59 PM 4,820,992 SpeedUpMyPC.exe
1 File(s) 4,820,992 bytes

Directory of C:\PROGRA~1\VERITA~1\UPDATE~1\BAK

06/18/2002 10:01 AM 155,648 sgtray.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

09/11/2006 04:40 AM 218,032 ISUSPM.exe
1 File(s) 218,032 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\BAK

11/02/2004 04:59 PM 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

06/18/2002 02:11 AM 69,632 hpqcmon.exe
1 File(s) 69,632 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

05/26/2003 03:00 PM 99,840 E_S4I2G1.EXE
1 File(s) 99,840 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

27660 Oct 3 2007 "C:\hp\KBD\KBD.EXE"
61440 Jul 6 2001 "C:\hp\KBD\bak\KBD.EXE"
27660 Oct 3 2007 "C:\Program Files\Coloreal\coloreal.exe"
131072 Nov 26 2002 "C:\Program Files\Coloreal\bak\coloreal.exe"
27660 Oct 3 2007 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Feb 23 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
27660 Oct 3 2007 "C:\Program Files\QuickTime\qttask.exe"
155648 Apr 23 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
27660 Oct 3 2007 "C:\Program Files\SymNetDrv\SNDMon.exe"
100056 May 19 2005 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
250 Jan 9 2007 "C:\WINDOWS\system\hpsysdrv.dat"
183 Jan 6 2008 "C:\WINDOWS\system\bak\hpsysdrv.DAT"
27660 Oct 3 2007 "C:\WINDOWS\system\hpsysdrv.exe"
52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
27660 Oct 3 2007 "C:\WINDOWS\system32\hkcmd.exe"
114688 Oct 16 2002 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 Oct 16 2002 "C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\hkcmd.exe"
27660 Oct 3 2007 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
54296 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
27660 Oct 3 2007 "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
58392 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe"
27660 Oct 3 2007 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
27660 Oct 3 2007 "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe"
4820992 Dec 6 2006 "C:\Program Files\Uniblue\SpeedUpMyPC\bak\SpeedUpMyPC.exe"
27660 Oct 3 2007 "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe"
155648 Jun 18 2002 "C:\Program Files\VERITAS Software\Update Manager\bak\sgtray.exe"
27660 Oct 3 2007 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
27660 Oct 3 2007 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
27660 Oct 3 2007 "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
27660 Oct 3 2007 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
69632 Jun 18 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
99840 May 26 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx5400097f\E_S4I2G1.EXE"
99840 May 26 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I2G1.EXE"


end of report

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 AM

Posted 08 January 2008 - 07:59 AM

Double-click the FindAWF icon once again.
  • If a "Security Alert" shows, allow the program to run.
  • As instructed, press any key to continue.
  • Select option #2 - Restore files from bak folders by typing 2 and press 'Enter'.
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of files in the quote box into the text file:

"C:\hp\KBD\bak\KBD.EXE"
"C:\Program Files\Coloreal\bak\coloreal.exe"
"C:\Program Files\iTunes\bak\iTunesHelper.exe"
"C:\Program Files\QuickTime\bak\qttask.exe"
"C:\Program Files\SymNetDrv\bak\SNDMon.exe"
"C:\WINDOWS\system\bak\hpsysdrv.DAT"
"C:\WINDOWS\system\bak\hpsysdrv.exe"
"C:\WINDOWS\system32\bak\hkcmd.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
"C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe"
"C:\Program Files\Uniblue\SpeedUpMyPC\bak\SpeedUpMyPC.exe"
"C:\Program Files\VERITAS Software\Update Manager\bak\sgtray.exe"
"C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
"C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
"C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
"C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I2G1.EXE"

  • Close the text file and click Yes to save the changes. Once files.txt is saved, FindAWF does the following:
    • It attempts to terminate the process represented by each filename on the list (if running).
    • Deletes the rogue file from the parent folder (if present).
    • Copies the original file to the parent folder.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 jde68

jde68
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 09 January 2008 - 12:16 AM

Here is the new text:

Find AWF report by noahdfear 2006
Version 1.40
Option 2 run successfully

The current date is: Tue 01/08/2008
The current time is: 22:24:33.45


bak folders found
~~~~~~~~~~~


Directory of C:\HP\BIN\BAK

0 File(s) 0 bytes

Directory of C:\HP\KBD\BAK

07/06/2001 11:56 PM 61,440 KBD.EXE
1 File(s) 61,440 bytes

Directory of C:\PROGRA~1\COLOREAL\BAK

11/26/2002 08:14 PM 131,072 coloreal.exe
1 File(s) 131,072 bytes

Directory of C:\PROGRA~1\ITUNES\BAK

02/23/2006 02:45 PM 278,528 iTunesHelper.exe
1 File(s) 278,528 bytes

Directory of C:\PROGRA~1\QUICKT~1\BAK

04/23/2006 12:58 PM 155,648 qttask.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\SYMNET~1\BAK

05/19/2005 05:23 PM 100,056 SNDMon.exe
1 File(s) 100,056 bytes

Directory of C:\WINDOWS\SYSTEM\BAK

01/06/2008 05:58 PM 183 hpsysdrv.DAT
05/07/1998 07:04 PM 52,736 hpsysdrv.exe
2 File(s) 52,919 bytes

Directory of C:\WINDOWS\SYSTEM32\BAK

10/16/2002 09:05 AM 114,688 hkcmd.exe
1 File(s) 114,688 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\BAK

12/02/2003 04:11 PM 54,296 ccApp.exe
12/02/2003 04:11 PM 58,392 ccRegVfy.exe
2 File(s) 112,688 bytes

Directory of C:\PROGRA~1\HEWLET~1\HPSHAR~1\BAK

04/17/2002 08:42 PM 69,632 hpgs2wnd.exe
1 File(s) 69,632 bytes

Directory of C:\PROGRA~1\UNIBLUE\SPEEDU~1\BAK

12/06/2006 05:59 PM 4,820,992 SpeedUpMyPC.exe
1 File(s) 4,820,992 bytes

Directory of C:\PROGRA~1\VERITA~1\UPDATE~1\BAK

06/18/2002 10:01 AM 155,648 sgtray.exe
1 File(s) 155,648 bytes

Directory of C:\PROGRA~1\ADOBE\ACROBA~2.0\READER\BAK

03/30/2006 03:45 PM 313,472 AdobeUpdateManager.exe
1 File(s) 313,472 bytes

Directory of C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\BAK

09/11/2006 04:40 AM 218,032 ISUSPM.exe
1 File(s) 218,032 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\BAK

11/02/2004 04:59 PM 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes

Directory of C:\PROGRA~1\HEWLET~1\DIGITA~1\UNLOAD\BAK

06/18/2002 02:11 AM 69,632 hpqcmon.exe
1 File(s) 69,632 bytes

Directory of C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\BAK

05/26/2003 03:00 PM 99,840 E_S4I2G1.EXE
1 File(s) 99,840 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

61440 Jul 6 2001 "C:\hp\KBD\KBD.EXE"
61440 Jul 6 2001 "C:\hp\KBD\bak\KBD.EXE"
131072 Nov 26 2002 "C:\Program Files\Coloreal\coloreal.exe"
131072 Nov 26 2002 "C:\Program Files\Coloreal\bak\coloreal.exe"
278528 Feb 23 2006 "C:\Program Files\iTunes\iTunesHelper.exe"
278528 Feb 23 2006 "C:\Program Files\iTunes\bak\iTunesHelper.exe"
155648 Apr 23 2006 "C:\Program Files\QuickTime\qttask.exe"
155648 Apr 23 2006 "C:\Program Files\QuickTime\bak\qttask.exe"
100056 May 19 2005 "C:\Program Files\SymNetDrv\SNDMon.exe"
100056 May 19 2005 "C:\Program Files\SymNetDrv\bak\SNDMon.exe"
183 Jan 6 2008 "C:\WINDOWS\system\hpsysdrv.DAT"
183 Jan 6 2008 "C:\WINDOWS\system\bak\hpsysdrv.DAT"
52736 May 7 1998 "C:\WINDOWS\system\hpsysdrv.exe"
52736 May 7 1998 "C:\WINDOWS\system\bak\hpsysdrv.exe"
114688 Oct 16 2002 "C:\WINDOWS\system32\hkcmd.exe"
114688 Oct 16 2002 "C:\WINDOWS\system32\bak\hkcmd.exe"
114688 Oct 16 2002 "C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\hkcmd.exe"
54296 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
54296 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccApp.exe"
58392 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
58392 Dec 2 2003 "C:\Program Files\Common Files\Symantec Shared\bak\ccRegVfy.exe"
27660 Oct 3 2007 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe"
69632 Apr 17 2002 "C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak\hpgs2wnd.exe"
4820992 Dec 6 2006 "C:\Program Files\Uniblue\SpeedUpMyPC\SpeedUpMyPC.exe"
4820992 Dec 6 2006 "C:\Program Files\Uniblue\SpeedUpMyPC\bak\SpeedUpMyPC.exe"
155648 Jun 18 2002 "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe"
155648 Jun 18 2002 "C:\Program Files\VERITAS Software\Update Manager\bak\sgtray.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe"
313472 Mar 30 2006 "C:\Program Files\Adobe\Acrobat 7.0\Reader\bak\AdobeUpdateManager.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe"
218032 Sep 11 2006 "C:\Program Files\Common Files\InstallShield\UpdateService\bak\ISUSPM.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"
69632 Jun 18 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe"
69632 Jun 18 2002 "C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak\hpqcmon.exe"
99840 May 26 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\E_S4I2G1.EXE"
99840 May 26 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\epsonstylus_cx5400097f\E_S4I2G1.EXE"
99840 May 26 2003 "C:\WINDOWS\system32\spool\drivers\w32x86\3\bak\E_S4I2G1.EXE"


end of report

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 AM

Posted 09 January 2008 - 09:06 AM

Double-click the FindAWF icon once again.
  • Select option #3 - Remove bak folders by typing 3 and press 'Enter'.
  • A text file named files.txt will then open.
  • Click below the line and copy/paste the following list of folders in the quote box into the text file:

C:\hp\KBD\bak
C:\Program Files\Coloreal\bak
C:\Program Files\iTunes\bak
C:\Program Files\QuickTime\bak
C:\Program Files\SymNetDrv\bak
C:\WINDOWS\system\bak
C:\WINDOWS\system32\bak
C:\Program Files\Common Files\Symantec Shared\bak
C:\Program Files\Hewlett-Packard\HP Share-to-Web\bak
C:\Program Files\Uniblue\SpeedUpMyPC\bak
C:\Program Files\VERITAS Software\Update Manager\bak
C:\Program Files\Adobe\Acrobat 7.0\Reader\bak
C:\Program Files\Common Files\InstallShield\UpdateService\bak
C:\Program Files\Common Files\Symantec Shared\Security Center\bak\
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\bak
C:\WINDOWS\system32\spool\drivers\w32x86\3\bak

  • Close the text file and click Yes to save the changes.
  • When done, it automatically runs a new scan and opens a new log.
  • Please copy/paste the contents of the new awf.txt log in your reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 jde68

jde68
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 09 January 2008 - 08:38 PM

The next text file:



Find AWF report by noahdfear 2006
Version 1.40
Option 3 run successfully

The current date is: Wed 01/09/2008
The current time is: 20:21:44.39


bak folders found
~~~~~~~~~~~



Directory of C:\HP\BIN\BAK

0 File(s) 0 bytes

Directory of C:\PROGRA~1\COMMON~1\SYMANT~1\SECURI~1\BAK

11/02/2004 04:59 PM 218,240 UsrPrmpt.exe
1 File(s) 218,240 bytes


Duplicate files of bak directory contents
~~~~~~~~~~~~~~~~~~~~~~~

218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
218240 Nov 2 2004 "C:\Program Files\Common Files\Symantec Shared\Security Center\bak\UsrPrmpt.exe"


end of report

Edited by jde68, 09 January 2008 - 08:39 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 AM

Posted 10 January 2008 - 08:38 AM

Open Windows Explorer, navigate to and delete the following bak folder:
C:\Program Files\Common Files\Symantec Shared\Security Center\bak <- this folder

Double-click the FindAWF icon once again.
  • Select option #4 - Reset domain zones by typing 4 and press 'Enter'.
  • You will receive a warning to reset domain zones.
  • Press 1 then press 'Enter'.
  • After resetting the domain zones, the program will return to the main menu.
  • Use the following option: Press E then 'Enter' to EXIT.
  • Note: If you had manually added any sites in the trusted zones, they will need to be re-inserted.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 jde68

jde68
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 10 January 2008 - 04:25 PM

Done...Are we fixed?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 AM

Posted 11 January 2008 - 12:07 AM

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "OK".
  • Click the "More Options" Tab.
  • Click "Clean Up" in the System Restore section to remove all previous restore points except the newly created one.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 jde68

jde68
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:09:05 AM

Posted 11 January 2008 - 09:52 AM

Done...Thanks for all of your help so far. How do I prevent this from happening again? As a rule I don't visit high risk sites or download music peer-to-peer. And what is a bak file? Do we have anything left to do?

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:05 AM

Posted 11 January 2008 - 01:51 PM

A .bak file is a backup of another file using the .bak file extension.
This infection involves replacing legitimate program files with a copy of itself in the original folder and moving the legitimate program's file into a 'bak' folder created by the malware. bak is short for backup.

To protect yourself against malware and reduce the potential for re-infection, be sure to read:
"Simple and easy ways to keep your computer safe".
"How did I get infected?, With steps so it does not happen again!".
"Best Practices - Internet Safety for 2008".
"Hardening Windows Security - Part 1".
"Hardening Windows Security - Part 2".
"IE Recommended Minimal Security Settings".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users