Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vista Antivirus Spyware Removal Issue


  • Please log in to reply
9 replies to this topic

#1 silverface

silverface

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brunei
  • Local time:07:07 AM

Posted 19 August 2008 - 09:04 PM

Hello,

This is my second post here, I am dealing with problem right now regarding Vista Antivirus but apparently its an spyware. After I install Malwarebytes to diagnose and clean my pc. Somehow I am having trouble connecting my pc back to internet.
I can ping an outside connection even my dns server and google as well. But its odd that whenever I launch my web browser, it always gives Page not found as a result. Can I ask a favor for anyone who can help me about this issue.

Thanks a lot and hoping to hear my inbox folder ding.

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:07 PM

Posted 20 August 2008 - 08:08 AM

Please post the results of your MBAM scan.

Launch MBAM.
Click the Logs Tab at the top.
mbam-log-7-18-2008(09-52-04).txt should show in the list. <- your dates will be different from this exampe
Click on the log name to highlight it.
Go to the bottom and click on Open.
The log should automatically open in notepad as a text file.
Go to Edit and choose Select all.
Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
Come back to this thread, click Add Reply, then right-click and choose Paste.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 silverface

silverface
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brunei
  • Local time:07:07 AM

Posted 28 August 2008 - 01:19 AM

Hi quietman7,

Thanks for the very important reply. I am out of town actually for vacation, that is why I am very late to send a reply.

Here are the Logs that MBAM generated:

1st Try:

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

10:48:23 AM 8/13/2008
mbam-log-8-13-2008 (10-48-23).txt

Scan type: Quick Scan
Objects scanned: 44913
Time elapsed: 7 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 2
Registry Data Items Infected: 14
Folders Infected: 4
Files Infected: 36

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebVideo (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\explorer (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (55274-640-7712297-23317) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (h:mm:ss tt) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowControlPanel (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowRun (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowHelp (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyDocs (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\eban.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\0.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\1.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\2.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\3.gif (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\4.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\5.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\7.exe (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sc.html (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex1.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\PCHealthCenter\sex2.ico (Trojan.Fakealert) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav.exe (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav0.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\VAV\vav1.dat (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex1.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sex2.ico (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vav.cpl (Rogue.VistaAntivirus2008) -> Quarantined and deleted successfully.
C:\WINDOWS\iexplorer.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Favorites\Error Cleaner.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Favorites\Privacy Protector.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Favorites\Spyware&Malware Protection.url (Rogue.Link) -> Quarantined and deleted successfully.

2nd Try:

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 5.1.2600 Service Pack 2

1:00:25 PM 8/28/2008
mbam-log-8-28-2008 (13-00-25).txt

Scan type: Full Scan (C:\|)
Objects scanned: 109319
Time elapsed: 44 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 1
Folders Infected: 2
Files Infected: 6

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
C:\WINDOWS\privacy_danger (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\privacy_danger\index.htm (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\capt.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\danger.jpg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\down.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\privacy_danger\images\spacer.gif (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.

---- Nothing follows ----

Many thanks quietman7, Your so kind and helpful. Wish you all the best Dude.

Kind regards,

silverface

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:07 PM

Posted 28 August 2008 - 07:36 AM

Your MBAM log indicates you are using an older version of MBAM with an outdated database. Please download and install the most current version of MBAM from here. If you encounter any problems while downloading the updates, manually download the updates and just double-click on mbam-rules.exe to install.

Perform a new Quick Scan in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 silverface

silverface
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brunei
  • Local time:07:07 AM

Posted 28 August 2008 - 09:19 PM

Hello Sir,

Thanks for providing me the links of updated MBAM software.

Here are the New Logs generated by MBAM:

Malwarebytes' Anti-Malware 1.25
Database version: 1088
Windows 5.1.2600 Service Pack 2

10:01:41 AM 8/29/2008
mbam-log-08-29-2008 (10-01-41).txt

Scan type: Full Scan (C:\|)
Objects scanned: 119706
Time elapsed: 46 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 4
Registry Values Infected: 6
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 9

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\tfnslopk.dll (Trojan.FakeAlert) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\tdssdata (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\tdss (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{790d1f3b-697d-4996-9380-dde6d6bc2769} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win353.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win354.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win355.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win356.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\win357.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\tfnslopk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\tdssl.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdsslog.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssmain.dll (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssinit.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\tdssservers.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\tfnslopk.dll (Trojan.FakeAlert) -> Delete on reboot.
C:\WINDOWS\lnvegaow.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\GAY PORN.url (Rogue.Link) -> Quarantined and deleted successfully.
C:\Documents and Settings\User\Desktop\MASTURBATION VIDS.url (Rogue.Link) -> Quarantined and deleted successfully.

--- Nothing Follows ---

I still cannot browse internet after having installed and run the updated version of MBAM.

Wish you could help me Sir.

Many thanks and wish you all the luck.


Regards,

silverface

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:07 PM

Posted 28 August 2008 - 09:55 PM

There are no shortcuts or guarantees when it comes to malware removal. Sometimes it takes several efforts with different or the same tools to do the job. Even then, with some types of malware infections, the task can be arduous. Some infections are difficult to remove completely because of their morphing characteristics which allows the malware to regenerate itself. Sometimes another piece of malware which has not been detected protects other files (which have been detected) so they cannot be permanently deleted.

In your case, you have a serious infection. Several of the identified files were related to a nasty rootkit component. Rootkits and backdoor Trojans are very dangerous because they use advanced techniques (backdoors) as a means of accessing a computer system that bypasses security mechanisms and steal sensitive information which they send back to the hacker. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. Remote attackers use backdoor Trojans and rootkits as part of an exploit to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

Although the rootkit was identified and removed, your PC has likely been compromised and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume that because this malware has been removed the computer is now secure. In some instances an infection may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Please read:

• "When should I re-format? How should I reinstall?"
• "Help: I Got Hacked. Now What Do I Do?"
• "Where to draw the line? When to recommend a format and reinstall?"

Should you decide not to follow that advice, we will do our best to help clean the computer of any infections but we cannot guarantee it to be trustworthy or that the removal will be successful. If you wish to proceed, disinfection will probably require the use of more powerful tools than we recommend in this forum. Before that can be done you will need you to create and post a hijackthis log.

Please read the pinned topic titled "Preparation Guide For Use Before Posting A Hijackthis Log". If you cannot complete a step, then skip it and continue with the next. In Step 9 there are instructions for downloading the HijackThis Installer and creating a log. This is an automatic setup version which will install the program in the proper location.

When you have done that, post your log in the HijackThis Logs and Malware Removal forum, NOT here, for assistance by the HJT Team Experts. A member of the Team will walk you through, step by step, on how to clean your computer. If you post your log back in this thread, the response from the HJT Team will be delayed because your post will have to be moved. This means it will fall in line behind any others posted that same day.

Start a new topic, give it a relevant title and post your log along with a brief description of your problem, a summary of any anti-malware tools you have used and a summary of any steps that you have performed on your own. An expert will analyze your log and reply with instructions advising you what to fix. After doing this, we would appreciate if you post a link to your log back here so we know that your getting help from the HJT Team.

Please be patient. It may take a while to get a response because the HJT Team members are very busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT "bump" your post or make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.

If after 5 days you still have received no response, then post a link to your HJT log in the thread titled "Haven't Had A Reply In Five Days?".
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 silverface

silverface
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brunei
  • Local time:07:07 AM

Posted 29 August 2008 - 01:15 AM

Hello Sir,

All I can say is I'm grateful I joined this forum site. And of course, to you Sir. As what you have given me as an advise, your very Professional. I am very thankful Sir.

With the first recommendation Sir that you gave, I think its best to wipe my drive clean since serious infections occurred already in my pc.

Should any issue arise after formatting the said pc, Sir I would ask a favor again with your guidance under this topic.

Once again Sir, many thanks. And more power to Bleeping Computer.com.

Best regards,

silverface

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:07 PM

Posted 29 August 2008 - 06:31 AM

That's the decision I would have made if this were my system.

Some types of malware can result in a system so badly damaged that a Repair Install will NOT help!. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Starting over by wiping your drive, reformatting, and performing a clean install of the OS removes everything and is the safest action.

In case you need help with this, please review "How to partition and format a hard disk in Windows XP".

These links include step by step instructions:
"Clean Install Windows XP".
"Reformat & Clean Install Windows".
"XP Clean Install Interactive Setup".

Reformatting a hard disk deletes all data. You can back up all your important documents, data files and photos. The safest practice is not to backup any autorun.ini or .exe files because they may be infected. Some types of malware can infect .exe files. Other types may disguise itself by adding and hiding an extension to the existing extension of a file so be sure you take a close look at the full name. After reformatting, as a precaution, make sure you scan these files with your anti-virus prior to copying them back to any partition on your hard drive. Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Also see "How to keep your Windows XP activation after clean install"

If you need additional assistance with reformatting, you can start a new topic in the Windows XP Home and Professional forum.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 silverface

silverface
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Brunei
  • Local time:07:07 AM

Posted 31 August 2008 - 11:10 PM

Thanks so much for the help and advice Sir.

Bst rgds,

silverface

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,116 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:07 PM

Posted 01 September 2008 - 06:48 AM

You're welcome.

For Tips to protect yourself against malware and reduce the potential for re-infection, be sure to read:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Best Practices - Internet Safety for 2008".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser".

• Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Safe surfing and have a malware free day.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users