Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unsure if I have been infected with Perfect Defender 2009


  • Please log in to reply
14 replies to this topic

#1 samoyed

samoyed

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 08 December 2008 - 02:20 AM

HI,

Today for some unexplained reason, Firefox browser shut down on its own then Windows restarted on its own.

After that, Windows Firewall detected Trojon.Zlob.G and asked if I want to enable protection.
I clicked Enable Protection.
Then Firefox browser opened and brought me to Perfect Defender 2009 website.

I thought it was odd so I quickly shut down Firefox browser. However the cycle repeats.

The cycle repeats.

So I ran a full scan using Malwarebytes Anti Malware but it found nothing.

A friend recommended I install Super AntiSpyware as he believes this program to be very powerful.

Additional Information:

I use
1) AVG Antivirus 8 (free version)
2) Spyware Blaster 4.1
3) Lavasoft Ad-aware 2008
4) Spybot Search & Destroy 1.4
5) Firefox 3 (rarely use IE)

Please kindly advise. Thank You.

Edited by samoyed, 08 December 2008 - 02:21 AM.


BC AdBot (Login to Remove)

 


#2 master131

master131

  • Members
  • 366 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Melbourne, Australia
  • Local time:04:33 AM

Posted 08 December 2008 - 03:22 AM

Please use the following link on how to remove Perfect Defender 2009:
http://www.bleepingcomputer.com/malware-re...t-defender-2009
Windows Firewall shoudn't detect any viruses. That is very odd. It might be the virus pretending to say you have a virus by faking Windows Firewall found a virus when it's a virus.

#3 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 08 December 2008 - 03:38 AM

Please use the following link on how to remove Perfect Defender 2009:
http://www.bleepingcomputer.com/malware-re...t-defender-2009
Windows Firewall shoudn't detect any viruses. That is very odd. It might be the virus pretending to say you have a virus by faking Windows Firewall found a virus when it's a virus.


Hi master131,

I did a scan using Malwarebytes but it found nothing.

What else can I do?

#4 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 10 December 2008 - 02:03 AM

update

I updated everything then went to safe mode and performed a full scan.
This time it found fake.alerts
I managed to remove them with Malwarebytes

So far so good.

Thanks.

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 PM

Posted 10 December 2008 - 11:05 AM

Please post the results of your MBAM scan for review.

To retrieve the MBAM scan log information, launch MBAB.
• Click the Logs Tab at the top.
mbam-log-2008-10-12(13-35-16).txt should show in the list. <- your dates will be different from this exampe
• Click on the log name to highlight it.
• Go to the bottom and click on Open.
• The log should automatically open in notepad as a text file.
• Go to Edit and choose Select all.
• Go back to Edit and choose Copy or right-click on the highlighted text and choose copy from there.
• Come back to this thread, click Add Reply, then right-click and choose Paste.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#6 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 11 December 2008 - 07:34 PM

Hi quietman7,

Pls se log below. Thanks.


Malwarebytes' Anti-Malware 1.31
Database version: 1474
Windows 5.1.2600 Service Pack 3

12/8/2008 9:00:41 PM
mbam-log-2008-12-08 (21-00-41).txt

Scan type: Full Scan (C:\|D:\|G:\|)
Objects scanned: 133817
Time elapsed: 1 hour(s), 36 minute(s), 32 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smax4 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Adelene\Application Data\Google\kjzna1562565.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#7 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 PM

Posted 11 December 2008 - 10:07 PM

Rescan again with MBAM (Quick Scan) in normal mode and check all items found for removal. Don't forgot to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

Please print out and follow these instructions: "How to use SDFix". <- for Windows 2000/XP ONLY!
When using this tool, you must use the Administrator's account or an account with "Administrative rights"
  • Disconnect from the Internet and temporarily disable your anti-virus, script blocking and any real time protection programs before performing a scan.
  • Please be patient as the scan may take up to 20 minutes to complete.
  • When the process is complete, the SDFix report log will open in Notepad and automatically be saved in the SDFix folder as Report.txt.
  • If SDFix is unable to run after rebooting from Safe Mode, run SDFix in either Mode, and type F, then press Enter for it to finish the final stage and produce the report.
  • The SDFix report log (Report.txt) will open in Notepad and automatically be saved in the SDFix folder.
  • Please copy and paste the contents of Report.txt in your next reply.
  • Be sure to re-enable you anti-virus and and other security programs before connecting to the Internet.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#8 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 12 December 2008 - 08:52 PM

Hi quietman7,

Pls see 2 logs below (Kindly note I have some questions at the end of the logs):

Malwarebytes' Anti-Malware 1.31
Database version: 1495
Windows 5.1.2600 Service Pack 3

12/13/2008 10:54:55 AM
mbam-log-2008-12-13 (10-54-55).txt

Scan type: Quick Scan
Objects scanned: 62111
Time elapsed: 9 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



SDFix: Version 1.240
Run by Samoyed on Sat 12/13/2008 at 11:18 AM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

No Trojan Files Found






Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-13 11:28:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"="C:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe:*:Enabled:BlueSoleil"
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"="C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\\Program Files\\BitComet\\BitComet.exe"="C:\\Program Files\\BitComet\\BitComet.exe:*:Enabled:BitComet - a BitTorrent Client"
"C:\\Program Files\\Palm\\HOTSYNC.EXE"="C:\\Program Files\\Palm\\HOTSYNC.EXE:*:Enabled:HotSyncr Manager Application"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\NextUp-Acapela\\bin\\acatel_srv.exe"="C:\\Program Files\\NextUp-Acapela\\bin\\acatel_srv.exe:*:Disabled:Acapela Telecom HQ TTS Server"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Pennytel\\Pennytel.exe"="C:\\Program Files\\Pennytel\\Pennytel.exe:*:Enabled:Pennytel"
"C:\\WINDOWS\\system32\\javaw.exe"="C:\\WINDOWS\\system32\\javaw.exe:*:Enabled:Java™ Platform SE binary"
"C:\\WINDOWS\\system32\\dpvsetup.exe"="C:\\WINDOWS\\system32\\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\\WINDOWS\\system32\\rundll32.exe"="C:\\WINDOWS\\system32\\rundll32.exe:*:Enabled:Run a DLL as an App"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"="C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"="C:\\Program Files\\AVG\\AVG8\\avgupd.exe:*:Enabled:avgupd.exe"
"C:\\WINDOWS\\system32\\sessmgr.exe"="C:\\WINDOWS\\system32\\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Disabled:Remote Assistance - Windows Messenger and Voice"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Disabled:iTunes"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files :



Files with Hidden Attributes :

Wed 22 Oct 2008 949,072 A.SHR --- "C:\Program Files\File Scanner Library (Spybot - Search & Destroy)\advcheck.dll"
Wed 22 Oct 2008 962,896 A.SHR --- "C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)\Tools.dll"
Mon 15 Sep 2008 1,562,960 A.SHR --- "C:\Program Files\SDHelper (Spybot - Search & Destroy)\SDHelper.dll"
Thu 14 Aug 2008 1,429,840 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
Wed 30 Jul 2008 4,891,984 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
Mon 18 Aug 2008 1,832,272 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
Tue 16 Sep 2008 1,833,296 A.SHR --- "C:\Program Files\TeaTimer (Spybot - Search & Destroy)\TeaTimer.exe"
Wed 14 May 2008 4,348 ..SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Mon 27 Oct 2008 7,824,960 A..H. --- "C:\Program Files\Google\Picasa3\setup.exe"
Mon 11 Dec 2006 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"

Finished!


QUESTIONS:
1) After SDfix completed its work, Spybot pop up and said it has detected an impt registry that has been changed. Pls see
http://www.flickr.com/photos/24304239@N05/...092103/sizes/o/.

Should I allow or deny change?


2) Whats the HKEY stuff that I see in the logs?


Thank You so much for your help
. :thumbsup:

#9 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 PM

Posted 13 December 2008 - 09:30 AM

Is this a single screenshot or two separate ones you put side by side?

The one on the left shows a registry change (delection) of a startup key but does not indicate what key was deleted. On the right Spybot indicates a bad file (system32.exe) has a blank entry under the Startup Item/Name field. If the two are related, then it appears Spybot wants permission to allow the delection of that registry key which you should allow.

HKEY is related to keys in the Windows registry.

Lets do another scan to see if we find anything else that MBAM may have missed.

Please download ATF Cleaner by Atribune & save it to your desktop. DO NOT use yet.
alternate download link

Please download and install SUPERAntiSpyware Free
  • Double-click SUPERAntiSypware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the "General and Startup" tab, and under Start-up Options, make sure "Start SUPERAntiSpyware when Windows starts" box is unchecked.
  • Click the "Scanning Control" tab, and under Scanner Options, make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen and exit the program.
  • Do not run a scan just yet.
Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Double-click ATF-Cleaner.exe to run the program.
  • Under Main "Select Files to Delete" choose: Select All.
  • Click the Empty Selected button.
  • If you use Firefox browser click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera browser click Opera at the top and choose: Select All
  • Click the Empty Selected button.
    If you would like to keep your saved passwords, please click No at the prompt.
  • Click Exit on the Main menu to close the program.
Note: On Vista, "Windows Temp" is disabled. To empty "Windows Temp" ATF-Cleaner must be "Run as an Administrator".

Scan with SUPERAntiSpyware as follows:
  • Launch the program and back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan and click "Next".
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes" and reboot normally.
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#10 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 15 December 2008 - 02:23 AM

Hi quietman7,

The screenshot on the left appeared first. Then, I had clicked on INFO and the 2nd screen shot on the right appeared.

I have since allow the change.

I have performed ATF CLeaner and SuperAntiSpyware.

Please see log from SuperAntiSPyware:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 12/15/2008 at 04:46 PM

Application Version : 3.9.1008

Core Rules Database Version : 3674
Trace Rules Database Version: 1653

Scan type : Complete Scan
Total Scan Time : 03:36:05

Memory items scanned : 227
Memory threats detected : 0
Registry items scanned : 8410
Registry threats detected : 0
File items scanned : 69675
File threats detected : 17

Adware.Tracking Cookie
C:\Documents and Settings\Adelene\Cookies\adelene@ads.bleepingcomputer[2].txt
C:\Documents and Settings\Adelene\Cookies\adelene@media-toolbar[1].txt
C:\Documents and Settings\Adelene\Cookies\adelene@freecorder.media-toolbar[2].txt
C:\Documents and Settings\Adelene\Cookies\adelene@xiti[1].txt
C:\Documents and Settings\Adelene\Cookies\adelene@ads.hairboutique[1].txt
C:\Documents and Settings\Adelene\Cookies\adelene@richmedia.yahoo[4].txt
C:\Documents and Settings\Adelene\Cookies\adelene@cgi-bin[1].txt
C:\Documents and Settings\Adelene\Cookies\adelene@mediaplazza[1].txt
C:\Documents and Settings\Adelene\Cookies\adelene@media.licenseacquisition[2].txt
C:\Documents and Settings\Adelene\Cookies\adelene@content.licenseacquisition[2].txt
C:\Documents and Settings\Adelene\Cookies\adelene@hardwarezone.us.intellitxt[1].txt
C:\Documents and Settings\Adelene\Cookies\adelene@yadro[1].txt
C:\Documents and Settings\Adelene\Cookies\adelene@revsci[2].txt
C:\Documents and Settings\Adelene\Cookies\adelene@media.sensis.com[2].txt
C:\Documents and Settings\Adelene\Cookies\adelene@richmedia.yahoo[1].txt
C:\Documents and Settings\Adelene\Cookies\adelene@richmedia.yahoo[2].txt
C:\Documents and Settings\Adelene\Cookies\adelene@statsserver.contensis.co[1].txt


QUESTION:
My other laptop has a similar problem. Can I use the same steps in this thread and apply on my other laptop?

Many Thanks.

#11 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 PM

Posted 15 December 2008 - 07:26 AM

How is your computer running now? Any more reports/signs of infection?

My other laptop has a similar problem. Can I use the same steps in this thread

What OS (Win 2K, XPsp1, XPsp2, Vista) are you using?
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#12 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 15 December 2008 - 08:18 PM

Hi quietman7,

Thanks. So far no report/signs of infection.
However I did note that the laptop is now noisier than b4. I will monitor.

The other laptop: XP Home Edition Version 2002 Service Pack 3

Thanks once again. :thumbsup:

#13 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 PM

Posted 16 December 2008 - 08:37 AM

You're welcome.

If there are no more problems or signs of infection, you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Tips to protect yourself against malware and reduce the potential for re-infection:
• "Simple and easy ways to keep your computer safe".
• "How did I get infected?, With steps so it does not happen again!".
• "Hardening Windows Security - Part 1 & Part 2".
• "IE Recommended Minimal Security Settings" - "How to Secure Your Web Browser".

• Avoid gaming sites, underground web pages, pirated software, crack sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#14 samoyed

samoyed
  • Topic Starter

  • Members
  • 195 posts
  • OFFLINE
  •  
  • Local time:03:03 AM

Posted 16 December 2008 - 06:44 PM

ThAnK YoU!!! :thumbsup:

#15 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,588 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:01:33 PM

Posted 17 December 2008 - 07:53 AM

:thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users