Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer locking up... Rogue file?


  • This topic is locked This topic is locked
7 replies to this topic

#1 wbhendrickson

wbhendrickson

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 26 May 2005 - 10:20 AM

I have recently had trouble with my Windows 98 desktop locking up when trying to do mundane tasks, such as open word documents or move around the internet. My work around has been to Ctrl-Alt-Del the non-responding program and start over. When I Ctrl-Alt-Del, I notice that my system tray icons in the lower right corner are reduced from the normal six to just two, the speaker volume icon and the McAfee AV icon. The Ctrl-Alt-Del is only successful in solving the problem half the time. Otherwise I must do a complete shutdown and restart.

When I did my last Ctrl-Alt-Del, I noticed an item in the task box I've never seen before. It's "F1cre3d4." When I end tasked that item, my computer returned to normal operation. I then did a check of the start tab in msconfig and I see that "Windows/System/F1cre3d4.exe" was displayed and checked. I unchecked it.

When I checked my Windows/system files after doing so, there were two files shown: "F1cre3d4.ini" and F1cre3d4.exe". I was able to delete the .ini file (now in my recycle bin in case I must restore it), but the .exe file could not be deleted as it was "in use by Windows."

What is this file, what does it do, and what are your recommendations? I have an active ant-virus program and I also regularly use Adaware, Spybot, and Spyware Blaster.

Thank you.

BC AdBot (Login to Remove)

 


#2 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 AM

Posted 26 May 2005 - 09:44 PM

Hi wbhendrickson and welcome to the BC forums. We need a complete HijackThis (HJT) log file to be able to analyze what is happening on your computer. If you do not have a copy of HijackThis or do not have the latest version (1.99.1) then download it from here: HijackThis_sfx.exe
Double-click on the file you just downloaded and click on the UnZip button to install the program. It will be installed to the C:\Program Files\HijackThis\ folder by default.

Turn MsConfig off and boot normally. Start HijackThis and click the Do a system scan and save a log button to perform a scan and create a log file. When the scan is complete, Notepad will open up with the log file in it. While in Notepad, press Ctrl-A to select all text and then Ctrl-C to copy the text to the clipboard.

POST the log in this thread using the Add Reply button. Click in the data-entry window and press Ctrl-V to paste the log into the window. Add any other comments which you believe might be helpful in our analysis. and click the Add Reply button.

I will review your log when it comes in.


DO NOT MAKE ANY CHANGES OR CLICK "FIX CHECKED" UNTIL I CHECK THE LOG, AS SOME OF THE FILES ARE LEGIT AND VITAL TO THE FUNCTION OF YOUR COMPUTER

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#3 wbhendrickson

wbhendrickson
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 26 May 2005 - 09:57 PM

Here you go...

Logfile of HijackThis v1.99.1
Scan saved at 7:53:23 PM, on 5/26/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\PROGRAM FILES\PALM PILOT\HOTSYNC.EXE
C:\PROGRAM FILES\AZUREBAY\AZUREBAY SCREEN SAVER\WPCHANGER.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\OUTLOOK EXPRESS\MSIMN.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.centurytel.net/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [EnsoniqMixer] starter.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\MCAFEE.COM\AGENT\McUpdate.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm Pilot\HOTSYNC.EXE
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O4 - User Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O4 - User Startup: HotSync Manager.lnk = C:\Program Files\Palm Pilot\HOTSYNC.EXE
O4 - User Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\INSTANT MESSENGER\AIM.EXE
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: eCrew Delta Technology V14180 - http://ecrew.delta-air.com/eCrew14180.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static...h/weblaunch.cab
O16 - DPF: eCrew Delta Technology V14200 - http://ecrew.delta-air.com/eCrew14200.cab
O16 - DPF: eCrew Delta Technology V14210 - http://ecrew.delta-air.com/eCrew14210.cab



Thanks, wbh

#4 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 AM

Posted 27 May 2005 - 11:35 AM

Hi wbhendrickson. I only see 1 item that needs to be fixed in the log due to a file missing so let's do that.

Start HijackThis and click the Scan button to perform a scan. Look for the following items and click in the checkbox in front of each item to select it:O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_11_0.DLL (file missing)
Now close ALL open windows except HijackThis and click the Fix Checked button to finish the repair.

You might also want to perform some routine cleanup maintenance. Download CCleaner and install it.
Start CCleaner and click on the Run Cleaner button in the lower right-hand corner. When it is finished close CCleaner.

Now let's run a couple of online virus scans. Please run at least 2 of the following on-line virus scans:Trend Micro Housecall
BitDefender On-Line Virus Scan
Panda ActiveScan
eTrust Antivirus Web Scanner
Make sure that you choose "fix" or "clean" or 'auto-clean".

As for the file you found, there is no information on that so it is most likely bad. You can submit it at Jottiis.

Jotti Malware submission

Go to the Jotti's malware scan page and use the buttons at the top of the page to browse to this file(s) on your hard drive to submit for a scan:full path to the F1cre3d4.exe file
Several scanning engines will be used to check the file for any threats. If it comes up as infected delete it. If you have problems deleting it then boot to Safe Mode and delete it.

Cheers.

OT

Edited by OldTimer, 27 May 2005 - 11:37 AM.

I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#5 wbhendrickson

wbhendrickson
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 02 June 2005 - 02:27 PM

Thanks for those instructions. Here's the latest:
1. I fixed the designated HJT log item.
2. I ran CCleaner and many files were deleted.
3. Of the 4 online scans suggested, I ran Trend Micro and Panda. Trend Micro found only two games in 26,000 or so files. Panda however scanned a total of over 340,000 files and found 23 adware/spyware items. The Trend Micro scan took about 3-4 hours. The Panda scan took almost 10 hours!
4. Jottis determined that the F1cre3d4.exe file was a ShopAtHome agent. I was able to delete it without going to the safe mode.
5. I also ran "autoruns" and was able to disable a few unneeded startup items. (I tried to disable the startup item SB PCI 64 Mixer icon from my system tray (C:\Windows\starter.exe) as I don't need it, but each time I boot up the icon returns to the system tray. I assume there is nothing else I can do on that one?)
6. Of the 23 adware/spyware items discovered by Panda, I was able to delete 17 of them easily. The 6 I could not delete or even find are the following:
- Adware/SaveNow - Location: Windows Registry
- Adware/Sidefind - Location: Windows Registry
- Adware/WildTangent - Location: Windows Registry
- Adware/SearchRelevancy - Location: Windows Registry
- Spyware/YourSiteBar - Location: C:\Windows\Downloaded Program Files\YSBactivex.???
- Spyware/YourSiteBar - Location: C:\Windows\Downloaded Program Files\ysbactivex.inf

A computer search ("Find files or folders") for each of these 6 items (4 adware, 2 spyware) turns up nothing.

A note about WildTangent: A WildTangent Web Driver is listed in my Add/Remove Programs list. Also, Spybot S & D does highlight WildTangent during its scans. The first time I ran Spybot, I quarantined WildTangent. However my computer then did not run well. I had Spybot reinstate WildTangent and my computer went back to normal. Since then I have ignored doing anything with WildTangent when I do my Spybot scans. It seems like the "least harm" approach.

With regard to the ysbactivex.inf file: The location is clearly highlighted by Panda but there is no such file in that location. It does look Panda has highlighted the same file twice, once as YSBactivex.??? and once as ysbactivex.inf.

Any ideas on how to delete these last 6 items?

And lastly, my latest Hijack This log. Thank you!

WBH


Logfile of HijackThis v1.99.1
Scan saved at 11:51:10 AM, on 6/2/05
Platform: Windows 98 Gold (Win9x 4.10.1998)
MSIE: Internet Explorer v5.50 SP1 (5.50.4522.1800)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSRTE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\GWHOTKEY.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHLD.EXE
C:\PROGRAM FILES\MCAFEE.COM\AGENT\MCAGENT.EXE
C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSESCN.EXE
C:\WINDOWS\STARTER.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOSTART.EXE
C:\PROGRAM FILES\PALM PILOT\HOTSYNC.EXE
C:\PROGRAM FILES\AZUREBAY\AZUREBAY SCREEN SAVER\WPCHANGER.EXE
C:\PROGRAM FILES\HP OFFICEJET SERIES 600\BIN\HPOJVDIX.EXE
C:\WINDOWS\SYSTEM\HPOMLCH.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACK THIS\HIJACKTHIS.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://community.centurytel.net/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - C:\PROGRAM FILES\MCAFEE.COM\VSO\MCVSSHL.DLL
O4 - HKLM\..\Run: [ScanRegistry] c:\windows\scanregw.exe /autorun
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [Multi-function Keyboard] GWHotKey.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\MCAFEE.COM\VSO\MCMNHDLR.EXE" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "C:\PROGRA~1\MCAFEE.COM\VSO\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\MCAFEE.COM\AGENT\mcagent.exe
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [McVsRte] C:\PROGRA~1\MCAFEE.COM\VSO\mcvsrte.exe /embedding
O4 - Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O4 - Startup: HotSync Manager.lnk = C:\Program Files\Palm Pilot\HOTSYNC.EXE
O4 - Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O4 - User Startup: HP OfficeJet Series 600 StartUp.lnk = C:\Program Files\HP OfficeJet Series 600\bin\HPOstart.exe
O4 - User Startup: HotSync Manager.lnk = C:\Program Files\Palm Pilot\HOTSYNC.EXE
O4 - User Startup: Wallpaper Changer.lnk = C:\Program Files\AzureBay\AzureBay Screen Saver\WPChanger.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\INSTANT MESSENGER\AIM.EXE
O12 - Plugin for .wav: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mid: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .mov: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .swf: C:\Program Files\Netscape\Communicator\Program\PLUGINS\npswf32.dll
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O12 - Plugin for .au: C:\PROGRA~1\INTERN~1\PLUGINS\npqtplugin.dll
O12 - Plugin for .: C:\PROGRA~1\INTERN~1\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://start.earthlink.net
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {9A57B18E-2F5D-11D5-8997-00104BD12D94} (compid Class) - https://support.gateway.com/support/serialharvest/gwCID.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite.net/d.../ITDetector.cab
O16 - DPF: eCrew Delta Technology V14180 - http://ecrew.delta-air.com/eCrew14180.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=34738&clcid=0x409
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://support.gateway.com/eSupport/static...h/weblaunch.cab
O16 - DPF: eCrew Delta Technology V14200 - http://ecrew.delta-air.com/eCrew14200.cab
O16 - DPF: eCrew Delta Technology V14210 - http://ecrew.delta-air.com/eCrew14210.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab

#6 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 AM

Posted 02 June 2005 - 03:05 PM

Hi wbhendrickson. Your log is clean. In regards to the 6 items you list, the 1st 4 are registry entries and so there will be no files to find. I would run AdAware and see what it says about them (see the link below). The other 2 files appear to be various files downloaded by websites that are visited. If the option is set to have Internet Explorer clean up when it is closed then they have already been deleted.

We have a couple of last steps to perform and then you're all set.

First, let's reset your hidden/system files and folders. System files are hidden for a reason and we don't want to have them openly available and susceptible to accidental deletion.
  • Open My Computer.
  • Select the View menu and click Folder Options.
  • Select the View tab.
  • In the Hidden files section unselect Show all files.
  • Click OK.
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programs:
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:and a good antivirus application like the one you are currently using. It is critical to have both a firewall and antivirus to protect your system and to keep them updated.

To keep your operating system up to date visit monthly. And to keep your system clean run these free malware scanners
weekly, and be aware of what emails you open and websites you visit.

To learn more about how to protect yourself while on the internet read this article by Tony Klien: So how did I get infected in the first place?

Have a safe and happy computing day!

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image

#7 wbhendrickson

wbhendrickson
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:04:10 AM

Posted 08 June 2005 - 12:28 AM

Great!

Note the following:
- IE now set to delete Temporary Internet Files after closing
- System files now hidden
- Currently use spywareblaster
- Currently have firewall (via ISP)
- Currently have McAfee AV
- Currently use AdAware and Spybot S & D regularly


Thank you very much,

wbh

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:05:10 AM

Posted 08 June 2005 - 05:02 PM

You're very welcome wbhendrickson. I'm glad that we could help.

Now that your issues have been resolved I will close this topic. If you need it reopened for this same issue then please PM me. If you have any new issues in the future then please start a new topic.

Cheers.

Keep on computing!

OT :thumbsup:
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users