Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am i STILL infected with Virtumonde?


  • Please log in to reply
12 replies to this topic

#1 Magey

Magey

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 16 December 2008 - 07:42 PM

After browsing these forums for a while, and downloading Malwarebytes and many other anti-spywares, i THINK i was finally able to remove Virtumonde. Now that i run Malwarebytes it doesn't find any Virtumonde, nor does SpyBot S&D. Although, when scanning with SpyBot S&D, on the bottom, i see S&D scanning Virtumonde.dLL. My question is, am i still infected? I don't seem to be getting any more pop-ups. If so, how do i get rid of it?

I am running on Compaq Presarrio, AMD Athlon 64. ( Don't know much about my computer)
Windows XP.
512 mb RAM :thumbsup:
200 GB Hard Disk.
I used MalwareBytes, SpyBot S&D, SUPERantivirus, and VundoFix.

As i said before, none of them detect any more Virtumonde. But when SpyBot S&D scans, it goes through various files like Virtumonde.dll and Virtumonde.sci and many others but i didn't get the exact names. Am i still infected? Any help is greatly appreciated.
Thanks in Advance.

EDIT: Umm, just so you know, i don't have any antivirus, and will get it from now on, just if you will please, tell me which ones to get, and ones that don't use much ram, because as you can see, i only have 512mb ram, thanks.
I currently have SUPERantispyware, Spybot S&D, and Malewarebytes on my computer (ALL FREE EDITIONS), do i need anything else(Only free stuff please)? Please also tell me if anyone of those run in the background, killing virus's or spywares once they get in contact. Thanks.
~Magey

Edited by Magey, 16 December 2008 - 07:52 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:41 PM

Posted 16 December 2008 - 11:08 PM

Hello and welcome... all your scans come up with 0's now as in clean? Perhaps spybot is looking thru it's Quarantine files or those of the other apps. Empty any quarantines or virus vaults. Please update malwarebyes and run one more quick scan. Post that log thanks.
Go here to the BC freeware list and install ANTIVIR.
http://www.bleepingcomputer.com/forums/topic3616.html

Then run that scan also. Tell us what you see.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Magey

Magey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 17 December 2008 - 06:14 PM

Thank you for your reply boopme.
Yes, all my scans with Malwarebytes and SpyBot S&D come clean.

After i updated Malwarebyte, i got 0 malware, here is the log:

Malwarebytes' Anti-Malware 1.31
Database version: 1512
Windows 5.1.2600 Service Pack 2

12/17/2008 6:10:52 PM
mbam-log-2008-12-17 (18-10-52).txt

Scan type: Quick Scan
Objects scanned: 52270
Time elapsed: 4 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Log for ANTIVIR:

Avira AntiVir Personal

Report file date: Wednesday, December 17, 2008 17:29

Scanning for 1099136 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: USER

Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 20/11/29 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 20/11/29 14:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 21/05/29 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 08/06/29 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 21/05/29 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/29 17:30:36
ANTIVIR1.VDF : 7.1.0.197 1170432 Bytes 09/12/29 22:26:21
ANTIVIR2.VDF : 7.1.0.230 156160 Bytes 16/12/29 22:26:23
ANTIVIR3.VDF : 7.1.0.249 184320 Bytes 19/12/29 22:26:26
Engineversion : 8.2.0.45
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/29 16:05:56
AESCRIPT.DLL : 8.1.1.19 336252 Bytes 19/12/29 22:26:43
AESCN.DLL : 8.1.1.5 123251 Bytes 09/11/29 21:06:41
AERDL.DLL : 8.1.1.3 438645 Bytes 06/11/29 19:58:38
AEPACK.DLL : 8.1.3.4 393591 Bytes 13/11/29 15:41:39
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 19/12/29 22:26:41
AEHEUR.DLL : 8.1.0.75 1524087 Bytes 19/12/29 22:26:39
AEHELP.DLL : 8.1.2.0 119159 Bytes 19/12/29 22:26:31
AEGEN.DLL : 8.1.1.8 323956 Bytes 19/12/29 22:26:30
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/29 16:05:56
AECORE.DLL : 8.1.5.2 172405 Bytes 19/12/29 22:26:27
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/29 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 06/07/29 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 11/05/29 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 28/07/29 18:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 04/05/29 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 05/02/29 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 08/06/29 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 14/01/29 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 08/06/29 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 17/01/29 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 08/06/29 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 23/06/29 19:34:37

Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: Wednesday, December 17, 2008 17:29

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'aolsoftware.exe' - '1' Module(s) have been scanned
Scan process 'aim6.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned
Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'ViewpointService.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'RichVideo.exe' - '1' Module(s) have been scanned
Scan process 'HPZipm12.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'FolderSizeSvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
35 processes with 35 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: The device is not ready.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!

Starting to scan the registry.
The registry was scanned ( '54' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\FT117X53\pldr7[1].htm
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] A backup was created as '49ad7e8e.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\LKDC11AX\pldr7[1].htm
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49ad7e97.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\Boolat Games\TravelAgency\TravelAgency.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49aa80de.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\Copy of CyberLink\PowerDirector Express\5.0\MyTitles\MyTitles.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '499d80e6.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\Copy of JVC\Copy of JVC.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49b980dc.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\Copy of My Pictures\Copy of My Pictures.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '4809ff1d.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\Copy of My Received Files\Copy of My Received Files.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49b980de.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\Copy of My Scans\Copy of My Scans.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49b980dd.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\Copy of My Scans\Softwares\Softwares.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49af80dd.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\CyberLink\PowerDirector Express\5.0\MyTitles\MyTitles.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '499d80e8.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\JVC\JVC.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '498c80c5.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\LimeWire\Incomplete\Incomplete.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49ac80dd.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\LimeWire\Saved\love lock down electronicremix CD quality.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '49bf80e0.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\LimeWire\Saved\love lock down electronicremix.mp3
[DETECTION] Contains recognition pattern of the EXP/ASF.GetCodec.Gen exploit
[NOTE] The file was moved to '480e0781.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\LimeWire\Saved\Saved.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49bf80d3.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\My Music\Nokia Music Manager\Ne-Yo\www.DJMVP.net\www.DJMVP.net`.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49c080e9.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\My Music\Nokia Music Manager\Unknown Artist\Unknown Album\Unknown Album.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49b480e1.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\My Received Files\My Received Files.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '496980ec.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\My Scans\My Scans.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '496980ed.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\My Scans\2008-09 (Sep)\2008-09 (Sep).exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '497980a4.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\My Scans\Softwares\Softwares.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49af80e4.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\songs\songs.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49b780e6.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\WebCam Center\Capture\20080809\20080809.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '497980ac.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\WebCam Center\Capture\20080819\20080819.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '48cb0fad.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\WebCam Center\Capture\20080829\20080829.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '497980ad.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\WebCam Center\Capture\20081112\20081112.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '48cb0fae.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\WebCam Center\Capture\20081113\20081113.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '497980af.qua'!
C:\Documents and Settings\XPPRESP3\My Documents\wsdl\wsdl.exe
[DETECTION] Contains recognition pattern of the WORM/Brontok.A.2.B worm
[NOTE] The file was moved to '49ad80f1.qua'!
C:\WINDOWS\system32\fohajifu.dll.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b18560.qua'!
C:\WINDOWS\system32\kopuwiro.dll.tmp
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b98567.qua'!
C:\WINDOWS\system32\sopikahu.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b98578.qua'!
C:\WINDOWS\system32\tzlljd.dll
[DETECTION] Is the TR/Agent.arvq Trojan
[NOTE] The file was moved to '49b58586.qua'!
C:\WINDOWS\system32\uawaowae.dll
[DETECTION] Is the TR/Agent.arvq Trojan
[NOTE] The file was moved to '49c0856d.qua'!
C:\WINDOWS\system32\wogipute.dll
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '49b08580.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\TMP61.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '4999856a.qua'!
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temp\TMPB.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] The file was moved to '482b0a6b.qua'!


End of the scan: Wednesday, December 17, 2008 18:03
Used time: 33:56 Minute(s)

The scan has been done completely.

5782 Scanning directories
315330 Files were scanned
36 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
36 files were moved to quarantine
0 files were renamed
1 Files cannot be scanned
315293 Files not concerned
3351 Archives were scanned
5 Warnings
36 Notes
-----------------------------------------
Ill keep Avira, as it looks like a good antivirus.

EDIT:
After updating and running SUPERantispyware, i found Adware.Vundo Variant and Rogue.Component/Trace (Also found Adware.Tracking Cookie, but i don't think thats harmful), here is the log:

SUPERAntiSpyware Scan Log

http://www.superantispyware.com

Generated 12/17/2008 at 06:52 PM

Application Version : 4.22.1014

Core Rules Database Version : 3677
Trace Rules Database Version: 1656

Scan type : Quick Scan
Total Scan Time : 00:13:55

Memory items scanned : 419
Memory threats detected : 0
Registry items scanned : 444
Registry threats detected : 3
File items scanned : 5274
File threats detected : 5

Adware.Vundo Variant
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73259091-9574-4ED8-A40F-7F65AFC28634}
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{73259091-9574-4ED8-A40F-7F65AFC28634}

Adware.Tracking Cookie
C:\Documents and Settings\XPPRESP3\Cookies\xppresp3@atdmt[1].txt
C:\Documents and Settings\XPPRESP3\Cookies\xppresp3@trafficmp[1].txt
C:\Documents and Settings\XPPRESP3\Cookies\xppresp3@cache.trafficmp[1].txt
C:\Documents and Settings\XPPRESP3\Cookies\xppresp3@advertising[1].txt
C:\Documents and Settings\XPPRESP3\Cookies\xppresp3@at.atwola[1].txt

Rogue.Component/Trace
HKU\S-1-5-21-790525478-682003330-725345543-1001\Software\Microsoft\CS41275

Edited by Magey, 17 December 2008 - 07:04 PM.


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:41 PM

Posted 17 December 2008 - 07:51 PM

Hi again Magey, I trust things are much improved now. As you have seen you do need an antivirus prgram. I also use the AntiVir,MBam and SAS setup. I have added SpywareBlater also. It is on that page too. Remeber to update all these apps weekly and before running scans.
I also have to ask do you have the Windows firewall enabled?
Do you suspect anymore problems now?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Magey

Magey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 17 December 2008 - 08:22 PM

I highly doubt that i have Windows firewall enabled, please tell me how i can check or turn it on.
And, i do not suspect anymore problems now. Although, i have a question, do i always have to let AntiVir run in the background? Or can i just have it on my computer and use it on demand.
Thanks.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:41 PM

Posted 17 December 2008 - 08:53 PM

Hiya Magey
I would keep AntiVir ON and Update it weekly. It's almost like tech suicide too be openly exposed in today Internet. Are you concerned about your PC's performance with it running?

To enable Windows Firewall, follow these steps:
Click Start.
Click Run.
Type Firewall.cpl, and then click OK.
On the General tab, click On (recommended).
Click OK.


Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

If we don't communicate again Merry Christmas !

Edited by boopme, 17 December 2008 - 08:54 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Magey

Magey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 17 December 2008 - 09:24 PM

Yes, i am concerned about my PC's performance with AntiVir running in the background.
I had firewall off, but now i have it on.
And i have created a new restore point and deleted the old ones, thanks.

If you don't respond, Happy Holidays to you, and the Bleepingcomputer.com staff, they are very kind and nice people.

#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:41 PM

Posted 17 December 2008 - 09:43 PM

Thank you !!
Are you concerned about slowness?
How much RAM is installed?

Right-click the My Computer icon, and select Properties from the menu that appears.
Step3Look under the General tab where it gives you information about the size of the hard drive and what operating system you use to find the amount of RAM in megabytes (MB) or Gigabytes (GB).


EDIT: I meant to ask earlier. PLease also check and if needed Defragment your Hard drive. This may take several hours if it hasn't been done in a while. But it is necessary.
You can start it and let it run while you sleep. Just turn the monitor off.

Open My Computer.
Right-click the local disk volume (usually C:\) that you want to defragment, and then click Properties.
On the Tools tab, click Defragment Now.
Click Defragment.

Edited by boopme, 17 December 2008 - 10:06 PM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 Magey

Magey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 18 December 2008 - 07:53 PM

Yes i am concerned about slowness. But to be completely honest, my computer runs rather fast, its just, that it makes hissing noises when doing lots of work, or when the cpu usage is high, which is annoying. Also that, my dad knows nothing about the computer, and when he opens up the computer, he wants his things to open up very quickly, and if he says Avira open up right when the computer opens up, hes gonna start asking me stupid questions and what not, so i just try to avoid that. .
It says 512mb ram is installed, but when i right click my computer, it says 448mb of ram. I got 200gb hard drive and i use Windows XP as an OS.

When i tried to defragment, with the degfragmenter, it says that there is no need to defragment, so i just left it like that.

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:41 PM

Posted 19 December 2008 - 12:31 AM

OK, yes this PC is in good shape,it didn't even need defragging. I can only say that if you remove the AV you have approximately like one hour till you will probably start being infected again. I will look into the set up of Avira and see if we can reinstall it so that it will just run and not pop up. I'm not sure we can with the free version.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 Magey

Magey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 22 December 2008 - 05:09 PM

Alright well, i got Nod32, because i heard its good and doesn't take much of your computer RAM. And i also got Comodo firewall. Everything seems to be going fine. Thanks a lot man.

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:09:41 PM

Posted 22 December 2008 - 08:50 PM

That sounds real good,glad to have been of help.

You may want to cosider adding another 512 Ram to that machine for a better ride.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 Magey

Magey
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:41 PM

Posted 22 December 2008 - 09:41 PM

Alright thanks, ill look into that.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users