Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected With Trojan Horse Dowloader.delf.12.an


  • Please log in to reply
8 replies to this topic

#1 MtrE

MtrE

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 08 May 2008 - 04:04 AM

Hi,

Thanks in advance for your help!!

It's probably already 2 months that I have this infection, and I have tried alot. From combofix, virusscanners (multiple), antispyware/adware (multiple), to all others (vundofix, smitfraud, virturmonde, etc). In the beginning I was infected by all sorts of crap (spyware and other trojans), due to my girlfriend downloading a crack for an old game!?!! My computer was instantly crippled, it was one big mess.

However, I was able to get rid of most of them, but this one is a tough one!! It's trojan horse downloader.delf.12.AN. It triggers my AVG virusscanner with every (internet) explorer startup, it's driving me crazy because I can't get rid of it :) !!

Maybe I'm almost there, nonetheless I am stuck and I need your help :thumbsup: ;

attached are the DSS log and the log of AVG virusscan from a couple days ago. I also have a combofix log as I already have run this a couple of times, but as adviced I did not yet attached it.

I hope you can help, it will highly be appreciated!

Miche;

Attached Files

  • Attached File  main.txt   12.23KB   35 downloads
  • Attached File  avg.txt   21.99KB   41 downloads


BC AdBot (Login to Remove)

 


#2 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 22 May 2008 - 08:57 AM

Mtre

Sorry for the delay.

Post the most recent Combofix log you have. It must be less than 30 days old.

And post it as a reply and not as an attachment please.
Posted Image
Microsoft MVP - Windows Security

#3 MtrE

MtrE
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 22 May 2008 - 11:14 AM

Hi Bamajim,

Thanks for your help!

Here is the combofix log from two days ago: (I didn't install anything in the mean time)

ComboFix 08-05-19.4 - Michel 2008-05-20 16:44:41.3 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.269 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Michel\Bureaublad\ComboFix.exe
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!
.

(((((((((((((((((((( Bestanden Gemaakt van 2008-04-20 to 2008-05-20 ))))))))))))))))))))))))))))))
.

2008-05-19 00:24 . 2008-05-19 00:24 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-14 19:52 . 2008-05-14 19:52 <DIR> d--hs---- C:\FOUND.001
2008-05-09 16:16 . 2008-05-09 16:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-09 16:06 . 2008-05-09 16:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-08 18:33 . 2008-05-08 18:33 <DIR> d-------- C:\Documents and Settings\Michel\Application Data\Symantec
2008-05-08 18:17 . 2008-02-02 18:04 215,144 -ra------ C:\WINDOWS\pw32a.dll
2008-05-08 18:11 . 2008-05-09 14:47 3,200 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-08 17:52 . 2008-01-19 19:31 109,360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-05-08 17:52 . 2008-01-19 19:31 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-05-08 17:50 . 2008-05-08 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 15:13 . 2008-05-08 15:13 <DIR> d-------- C:\Program Files\DNA
2008-05-08 15:13 . 2008-05-08 15:13 <DIR> d-------- C:\Program Files\BitTorrent
2008-05-08 15:13 . 2008-05-08 15:13 <DIR> d-------- C:\Documents and Settings\Michel\Application Data\DNA
2008-05-08 15:13 . 2008-05-08 15:13 <DIR> d-------- C:\Documents and Settings\Michel\Application Data\BitTorrent
2008-05-08 14:58 . 2008-05-08 14:58 <DIR> d--hs---- C:\FOUND.000
2008-05-08 11:55 . 2008-05-08 11:55 <DIR> d-------- C:\Program Files\Promanent
2008-05-06 22:33 . 2008-05-06 22:33 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-06 22:22 . 2008-05-06 22:22 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-06 22:22 . 2008-05-06 22:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-06 22:21 . 2008-05-06 22:21 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-06 22:21 . 2008-05-06 22:21 <DIR> d-------- C:\Program Files\AVG
2008-05-06 22:21 . 2008-05-06 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-06 22:21 . 2008-05-06 22:21 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-02 16:23 . 2008-05-02 16:23 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-02 16:23 . 2008-05-02 16:23 <DIR> d-------- C:\Documents and Settings\Michel\Application Data\Malwarebytes
2008-05-02 16:23 . 2008-05-02 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 17:28 --------- d-----w C:\Program Files\PDFCreator
2008-04-07 14:39 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 14:38 --------- d-----w C:\Program Files\Windows Live
2008-04-07 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 15:44 --------- d-----w C:\Program Files\Winamp
2008-04-02 15:44 --------- d-----w C:\Documents and Settings\Michel\Application Data\Winamp
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-04 14:32 98,048 ----a-w C:\WINDOWS\system32\ipro.dll
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:52 282,624 ----a-w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:39 45,568 ----a-w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:39 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B07C4626-916B-44A8-9A94-202CB73EDD75}]
2008-03-04 16:32 98048 --a------ C:\WINDOWS\system32\ipro.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:03 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 15:13 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-06 22:21 1177368]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-05-14 15:55:05 1528880]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"RunStartupScriptSync"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R0 bmwlkhxb;bmwlkhxb;C:\WINDOWS\system32\drivers\htpdxvas.dat []
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-06 22:21]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-06 22:21]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-06 22:21]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-06 22:22]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-20 16:47:07
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bmwlkhxb]
"ImagePath"="system32\drivers\htpdxvas.dat"
.
Voltooingstijd: 2008-05-20 16:47:54
ComboFix2.txt 2008-05-09 18:30:00
ComboFix-quarantined-files.txt 2008-05-20 14:47:50

Pre-Run: 15,513,993,216 bytes beschikbaar
Post-Run: 15,523,823,616 bytes beschikbaar

117 --- E O F --- 2008-05-20 08:25:02


Let me know, thanks.

Michel

#4 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 22 May 2008 - 11:45 AM

MtrE

You are most welcome

1. Open NotePad (not wordpad). Copy and paste the following into Notepad (not the word code)
File::
C:\WINDOWS\system32\ipro.dll
C:\WINDOWS\system32\drivers\htpdxvas.dat

Driver::
bmwlkhxb

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B07C4626-916B-44A8-9A94-202CB73EDD75}]
[-HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bmwlkhxb]
Save the File as CFScript(exactly as shown no spaces) ->> Save it to your Desktop

Using the Image as a reference, drag CFScript into ComboFix.exe

Posted ImageYou will be prompted to run Combofix again, Do so
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
2. Rerun Hijackthis and post a fresh Hijackthis log as well
Posted Image
Microsoft MVP - Windows Security

#5 MtrE

MtrE
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 22 May 2008 - 12:37 PM

Ahh, AVG is silent... much better :thumbsup:

Here is the combofix log

ComboFix 08-05-21.2 - Michel 2008-05-22 19:24:01.4 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1043.18.241 [GMT 2:00]
Gestart vanuit: C:\Documents and Settings\Michel\Bureaublad\ComboFix.exe
Command switches used :: C:\Documents and Settings\Michel\Bureaublad\CFScript.txt
* Nieuw herstelpunt werd aangemaakt

WAARSCHUWING - DE RECOVERY CONSOLE IS NIET OP DIT SYSTEEM GEINSTALLEERD !!

FILE ::
C:\WINDOWS\system32\drivers\htpdxvas.dat
C:\WINDOWS\system32\ipro.dll
.

(((((((((((((((((((((((((((((((((( Andere Verwijderingen )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\htpdxvas.dat
C:\WINDOWS\system32\ipro.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BMWLKHXB
-------\Service_bmwlkhxb


(((((((((((((((((((( Bestanden Gemaakt van 2008-04-22 to 2008-05-22 ))))))))))))))))))))))))))))))
.

2008-05-19 00:24 . 2008-05-19 00:24 <DIR> d-------- C:\WINDOWS\system32\NtmsData
2008-05-14 19:52 . 2008-05-14 19:52 <DIR> d--hs---- C:\FOUND.001
2008-05-09 16:16 . 2008-05-09 16:16 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-05-09 16:06 . 2008-05-09 16:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-05-08 18:33 . 2008-05-08 18:33 <DIR> d-------- C:\Documents and Settings\Michel\Application Data\Symantec
2008-05-08 18:17 . 2008-02-02 18:04 215,144 -ra------ C:\WINDOWS\pw32a.dll
2008-05-08 18:11 . 2008-05-09 14:47 3,200 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-05-08 17:52 . 2008-01-19 19:31 109,360 --a------ C:\WINDOWS\system32\GEARAspi.dll
2008-05-08 17:52 . 2008-01-19 19:31 15,664 --a------ C:\WINDOWS\system32\drivers\GEARAspiWDM.sys
2008-05-08 17:50 . 2008-05-08 17:50 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Symantec
2008-05-08 15:13 . 2008-05-08 15:13 <DIR> d-------- C:\Program Files\DNA
2008-05-08 15:13 . 2008-05-08 15:13 <DIR> d-------- C:\Program Files\BitTorrent
2008-05-08 15:13 . 2008-05-08 15:13 <DIR> d-------- C:\Documents and Settings\Michel\Application Data\DNA
2008-05-08 15:13 . 2008-05-08 15:13 <DIR> d-------- C:\Documents and Settings\Michel\Application Data\BitTorrent
2008-05-08 14:58 . 2008-05-08 14:58 <DIR> d--hs---- C:\FOUND.000
2008-05-08 11:55 . 2008-05-08 11:55 <DIR> d-------- C:\Program Files\Promanent
2008-05-06 22:33 . 2008-05-06 22:33 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-06 22:22 . 2008-05-06 22:22 75,272 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-05-06 22:22 . 2008-05-06 22:22 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-06 22:21 . 2008-05-06 22:21 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-06 22:21 . 2008-05-06 22:21 <DIR> d-------- C:\Program Files\AVG
2008-05-06 22:21 . 2008-05-06 22:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2008-05-06 22:21 . 2008-05-06 22:21 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-02 16:23 . 2008-05-02 16:23 <DIR> d-------- C:\Program Files\Common Files\Download Manager
2008-05-02 16:23 . 2008-05-02 16:23 <DIR> d-------- C:\Documents and Settings\Michel\Application Data\Malwarebytes
2008-05-02 16:23 . 2008-05-02 16:23 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes

.
((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-15 17:28 --------- d-----w C:\Program Files\PDFCreator
2008-04-07 14:39 --------- d-sh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-07 14:38 --------- d-----w C:\Program Files\Windows Live
2008-04-07 14:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 15:44 --------- d-----w C:\Program Files\Winamp
2008-04-02 15:44 --------- d-----w C:\Documents and Settings\Michel\Application Data\Winamp
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\mswstr10.dll
2008-03-25 04:51 621,344 ----a-w C:\WINDOWS\system32\dllcache\mswstr10.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\msjint40.dll
2008-03-25 04:51 183,072 ----a-w C:\WINDOWS\system32\dllcache\msjint40.dll
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-20 08:10 1,845,376 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
.

((((((((((((((((((((((((((((( snapshot@2008-05-20_16.47.32,21 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((((((( Reg Opstartpunten )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Nota* lege verwijzingen & legitieme standaard verwijzingen worden niet getoond

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-03 23:03 15360]
"BitTorrent DNA"="C:\Program Files\DNA\btdna.exe" [2008-05-08 15:13 289088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 12:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 12:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 12:22 86016]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-05-06 22:21 1177368]

C:\Documents and Settings\All Users\Menu Start\Programma's\Opstarten\
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\vpngui.exe [2007-05-14 15:55:05 1528880]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=

R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-06 22:21]
R2 avg8emc;AVG8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-05-06 22:21]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-06 22:21]
R2 AvgTdiX;AVG8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-05-06 22:22]

.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-22 19:30:35
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scannen van verborgen processen ...

scannen van verborgen autostart items ...

scannen van verborgen bestanden ...

Scan succesvol afgerond
verborgen bestanden: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\PROGRAM FILES\CISCO SYSTEMS\VPN CLIENT\CVPND.EXE
C:\WINDOWS\SYSTEM32\NVSVC32.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
.
**************************************************************************
.
Voltooingstijd: 2008-05-22 19:32:47 - machine was rebooted [Michel]
ComboFix3.txt 2008-05-09 18:30:00
ComboFix-quarantined-files.txt 2008-05-22 17:32:44
ComboFix2.txt 2008-05-20 14:47:56

Pre-Run: 16,855,793,664 bytes beschikbaar
Post-Run: 16,822,829,056 bytes beschikbaar

130 --- E O F --- 2008-05-20 08:25:02


And here is the hijackthis log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:33:56, on 22-5-2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgrsx.exe
C:\Documents and Settings\Michel\Bureaublad\Anti meuk\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Koppelingen
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\vpngui.exe
O8 - Extra context menu item: E&xporteren naar Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 3302 bytes


What do you think, finally clean :) ... Thanks!!

#6 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 22 May 2008 - 01:06 PM

MtrE

What do you think, finally clean ... Thanks!!

Looks good, but I would like one more look, just to be sure. When you are dealing with "hidden" infections, like the one you had, they tend to hide other things as well.

Run an online virus scan called Kaspersky from HERE.1. Click on "Kaspersky Online Scanner"
2. A new smaller window will pop up. Press on "Accept". After reading the contents.
3. Now Kaspersky will update the anti-virus database. Let it run.
4. Click on "Next"->>"Scan Settings", and make sure the database is set to "extended". And check both the scan options. Then click OK.
5. Then click on "My Computer". And the scan will start.
6. When the scan is complete Select "Save error report as"
Then in the file name just type in kaspersky
Under "save as type" select text .txt
Save it to your Desktop.
Copy and post the results of the Kaspersky Online scan
Posted Image
Microsoft MVP - Windows Security

#7 MtrE

MtrE
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 22 May 2008 - 04:22 PM

I was a bit too early I think, what a crap... :)


-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, May 22, 2008 11:18:04 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 22/05/2008
Kaspersky Anti-Virus database records: 795505
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 50975
Number of viruses found: 9
Number of infected objects: 35
Number of suspicious objects: 0
Duration of the scan process: 01:48:51

Infected Object Name / Virus Name / Last Action
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip/gos43.tmp Infected: Trojan.Win32.Dialer.yz skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack1.zip/findfast.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack2.zip/printer.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack3.zip/spoolvs.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack3.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack4.zip/shell.exe Infected: Trojan.Win32.Qhost.aes skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeCrack4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll.zip/iifgg.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip/dahqfaac.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumondegeneric1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh2.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll1.zip/iifgg.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll2.zip/iifgg.dll_old Infected: not-a-virus:AdWare.Win32.Virtumonde.imh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\VirtumondeDll2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh7.zip/wowfx.dll Infected: Trojan.Win32.Qhost.abh skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinQhostabh7.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NNCMGRS.zip/32sys.exe Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\NNCMGRS.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\avg8\emc\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgrs.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgwd.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avgcore.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\avg8\Log\avglng.log Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Michel\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Michel\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Geschiedenis\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Geschiedenis\History.IE5\MSHist012008052220080523\index.dat Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Microsoft\Windows Live Contacts\micheltroost@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Microsoft\Windows Live Contacts\micheltroost@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Identities\{93984D3A-178B-4AE8-A781-338D42DE129B}\Microsoft\Outlook Express\Verzonden items.dbx/[From "" <>][Date Mon, 23 Sep 2002 18:34:18 +0200]/UNNAMED/blond.zip/blond.exe Infected: Trojan-IM.Win32.Gertex skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Identities\{93984D3A-178B-4AE8-A781-338D42DE129B}\Microsoft\Outlook Express\Verzonden items.dbx/[From " <>][Date Mon, 23 Sep 2002 18:34:18 +0200]/UNNAMED/blond.zip Infected: Trojan-IM.Win32.Gertex skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Identities\{93984D3A-178B-4AE8-A781-338D42DE129B}\Microsoft\Outlook Express\Verzonden items.dbx/[From "" <>][Date Mon, 23 Sep 2002 18:34:18 +0200]/UNNAMED Infected: Trojan-IM.Win32.Gertex skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Identities\{93984D3A-178B-4AE8-A781-338D42DE129B}\Microsoft\Outlook Express\Verzonden items.dbx MailMSOutlook5: infected - 3 skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Mozilla\Firefox\Profiles\k5iwj9b5.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Mozilla\Firefox\Profiles\k5iwj9b5.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Mozilla\Firefox\Profiles\k5iwj9b5.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Application Data\Mozilla\Firefox\Profiles\k5iwj9b5.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Temp\~DFB6CC.tmp Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Temp\~DFB6D3.tmp Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Temp\~DFBD09.tmp Object is locked skipped
C:\Documents and Settings\Michel\Local Settings\Temp\~DFBD14.tmp Object is locked skipped
C:\Documents and Settings\Michel\Bureaublad\Anti meuk\SmitfraudFix.exe/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Michel\Bureaublad\Anti meuk\SmitfraudFix.exe RAR: infected - 1 skipped
C:\Documents and Settings\Michel\Bureaublad\Anti meuk\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Michel\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Michel\Application Data\Mozilla\Firefox\Profiles\k5iwj9b5.default\history.dat Object is locked skipped
C:\Documents and Settings\Michel\Application Data\Mozilla\Firefox\Profiles\k5iwj9b5.default\cert8.db Object is locked skipped
C:\Documents and Settings\Michel\Application Data\Mozilla\Firefox\Profiles\k5iwj9b5.default\key3.db Object is locked skipped
C:\Documents and Settings\Michel\Application Data\Mozilla\Firefox\Profiles\k5iwj9b5.default\parent.lock Object is locked skipped
C:\Documents and Settings\Michel\Application Data\Mozilla\Firefox\Profiles\k5iwj9b5.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Michel\Application Data\Mozilla\Firefox\Profiles\k5iwj9b5.default\urlclassifier2.sqlite Object is locked skipped
C:\Program Files\Mozilla Firefox\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\htpdxvas.dat.vir Infected: Rootkit.Win32.Agent.aap skipped
C:\QooBox\Quarantine\catchme2008-05-22_192611,21.zip/htpdxvas.dat Infected: Rootkit.Win32.Agent.aap skipped
C:\QooBox\Quarantine\catchme2008-05-22_192611,21.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{F6A2702B-B4A2-455A-BD35-E3653E965240}\RP11\change.log Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{F6A2702B-B4A2-455A-BD35-E3653E965240}\RP11\change.log Object is locked skipped


What now? :thumbsup:

Edited by MtrE, 23 May 2008 - 08:27 AM.


#8 bamajim

bamajim

  • Members
  • 894 posts
  • OFFLINE
  •  
  • Local time:11:53 AM

Posted 23 May 2008 - 07:54 AM

MtrE

On the contrary. Looks good, just a little clean up.

1.
Empty the deleted itemd folder in your Windows mail box.

2. Using Windows Explorer(Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate and empty (delete everything in the folder) the following folderC:\QooBox\Quarantine
You may now remove/delete/uninstall the tools we used to clean your PC
Be sure to re-enable any protection tools we disabled while cleaning your PC.

Now that your log is clean

There are some final notes:
Disable and Enable System RestoreLets create a clean System Restore point
the instructions are here
Make sure your Java is up to date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.

Updating Java:Download the latest version of
Java Runtime Environment (JRE) 6.u5.
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications".
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement".
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u5-windowsi586-p.exe to install the newest version.
Update your Anti Virus Software

Use and maintain a Firewall There is a list HEREAll of which are free
Visit Microsoft's Windows Update Site Frequently for critical updates

Backup your Important Documents and Files on a regular basisTo a disc or a USB key, not your Hardrive
You may want to read this article"So how did I get infected in the first place" by Tony Klein

surf safe
Posted Image
Microsoft MVP - Windows Security

#9 MtrE

MtrE
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:53 PM

Posted 23 May 2008 - 08:35 AM

Check!

Thanks :thumbsup: Bamajim, for your help. It is greatly appreciated!!! :)

All seems fine now, no pop-ups or AVG going nuts! The pc runs much smoother




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users