Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

The (xp)police have taken over my computer and won't let me out!


  • Please log in to reply
11 replies to this topic

#1 Cat&Fiddle

Cat&Fiddle

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 16 February 2009 - 03:34 AM

Hi All -

I*'m new to this, so have patience....

I was surfing, it was dinnertime, I got called, was impatient, clicking down a bunch of windows, and 'mis-clicked'... I knew it as soon as I did it, but that was too late. Wasn't sure what I had done, though. Finished logging out. Ate. Came back, logged in - and found out my own computer was being held hostage to my buying some worthless software! I was p-------d!.

an MSCONFIG and unselected the xppolice startup found there. Rebooted. Didn't work. Tried to bring up the Windows Task Manager, but got a message saying the administrator had made it unavailable (& I'm the administrator, too!!!) (not really a surprise, but still, very irritating!!)

Tried going into safe mode (as Administrator), and deleting anything that came up in a search of C:\ & D:\ on 'police'.

Went into the registry and did the same thing (exporting the keys deleted, first - just in case).

Logged on as me - and there it was, soon as I tried to browse - no change!!

I rebooted into SAFE MODE WITH NETWORKING and googled xppolice and found this site. In SAFE MODE, I have no email and didn't want to set it up. Rebooted as me. Xppolice allowed me access to my e-mail, so I was able to receive your messeges so I could register.

Found a list of files that when removed was supposed to remove the police - didn't work. Here they are, FYI:
- AVCoreFn.dll
- Core.dll
? setup.dat (?C:\WINDOWS\Prefetch\SETUP.DAT-183D7A8D.pf)
- xppolice.exe
- ceva_dll.cvd
- ceva_emu.cvd
- ceva_vfs.cvd
- ceva_vfs.ivd
- cevakrnl.cvd
- cevakrnl.ivd
- cevakrnl.rvd
- cookie.cvd
- cran.cvd
- cran.ivd
- e_spyw.cvd
- e_spyw.ivd
- emalware.ivd
- gvmscripts.cvd
- hpe.cvd
- java.cvd
- mdx_97.cvd
- mdx_97.ivd
- mdx_w95.cvd
- mdx_x95.cvd
- mdx_xf.cvd
- mobmalware.cvd
- na.cvd
- nelf.cvd
- regarch.cvd
- regscan.cvd
- rup.cvd
- sdx.cvd
- sdx.ivd
- unpack.cvd
- unpack.ivd
- vb0.dat
- vb1.dat
- vb2.dat
- ve.cvd
- ve.ivd
- vedata.cvd
alert.wav
click.wav
fire.wav
XP Police Antivirus.LNK

Delete XP Police Antivirus registry entries:

- HKEY_CURRENT_USER\Software\XP Police Antivirus

NOTE: The '- ' in front of each one was my way of tracking which ones I had searched for and which I needed to still look for. The '? " indicates I found something, but not willling to delete it out of hand.

Rebooted as me - still there. So here I am. Any thoughts?

P.S. - Just in case I wasn't clear, in order to communicate with y'all, I must be in SAFE MODE WITH NETWORKING. To communicate with the 'police', I must be in 'regular/normal' mode. All this means I must reboot to switch from one mode to the other.

c&F -

BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:28 PM

Posted 16 February 2009 - 09:21 AM

Please download Malwarebytes Anti-Malware (v1.34) and save it to your desktop.
alternate download link 1
alternate download link 2
If you have a previous version of MBAM, remove it via Add/Remove Programs and download a fresh copy.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself.
  • Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. Alternatively, you can update through MBAM's interface from a clean computer, copy the definitions (rules.ref) located in C:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware from that system to a usb stick or CD and then copy it to the infected machine.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you after scanning with MBAM. Please temporarily disable such programs or permit them to allow the changes. Click this link to see a list of programs that should be disabled.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 Cat&Fiddle

Cat&Fiddle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 17 February 2009 - 05:17 PM

Well, I'm back ...

Mr. Quietman, you may be often quiet, or even a lot, but when you are not quiet, it behoves one to pay attention!!!

I followed your instructions and ended up with a log file. I am using an Explorer window generated out of my 'normal' bootup - which means the stormtroopers (xppolice) are gone!!!! Hurrah!!!

Your final instruction was to place the log-file here, so it follows this:

Malwarebytes' Anti-Malware 1.34
Database version: 1771
Windows 5.1.2600 Service Pack 2

2/17/2009 2:42:23 PM
mbam-log-2009-02-17 (14-42-23).txt

Scan type: Quick Scan
Objects scanned: 93426
Time elapsed: 5 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\winapp.winsafe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{16406580-14ce-4441-b904-ad56cc8064ca} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{967a494a-6aec-4555-9caf-fa6eb00acf91} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9692be2f-eb8f-49d9-a11c-c24c1ef734d5} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{b6b571fb-b71d-449c-ad70-82e966328795} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b6b571fb-b71d-449c-ad70-82e966328795} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b6b571fb-b71d-449c-ad70-82e966328795} (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\winapp.winsafe.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XP Police Antivirus (Rogue.XP-Police-Antivirus) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autochk (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\iehost.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\autochk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\NetworkService\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\protect.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\ChkDisk.lnk (Trojan.FakeAlert) -> Quarantined and deleted successfully.

------------------------------------------------------------------ END --------------------------------------

I'm assuming you wanted to look at it for any number of reasons which (I'm thinking) include the following:

To insure there are no 'loose ends'



(perhaps)To determine if my 'setup' is adequate or not and how it could be improved.



I have become painfully aware that I am under-protectred, perhaps some advice in that area



Even if I'm wrong, what you have helped me with, I consider a lifesaver - not to mention enormous amounts of time ... (did I mention my life?). Anyway - thanks. Thanks a whole bunch!!

Well, I'm off to join the rest of the Little Piggys and get on to that market in the sky .....

Thanks again.

CatnFiddle

#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:28 PM

Posted 18 February 2009 - 11:24 AM

Now rescan again with MBAM but this time perform a Full Scan in normal mode and check all items found for removal. Don't forgot to check for database updates through the program's interface (preferable way) before scanning and to reboot afterwards. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. When done, click the Logs tab and copy/paste the contents of the new report in your next reply.

I will give you prevention tips when we are done cleaning up your machine.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#5 Cat&Fiddle

Cat&Fiddle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 18 February 2009 - 02:32 PM

Good Morning All -

So, Quietman7 (does that imply that you have 6 predecessors?), I finished the second scan (in a normal bootup). The logfile follows:

Malwarebytes' Anti-Malware 1.34
Database version: 1775
Windows 5.1.2600 Service Pack 2

2/18/2009 12:12:42 PM
mbam-log-2009-02-18 (12-12-42).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 145358
Time elapsed: 27 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1104\A0067081.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1104\A0067083.dll (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1104\A0067084.exe (Rogue.XPPoliceAntivirus) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F845E3DB-F751-4BE4-A620-64F2CA1BFB5F}\RP1105\A0069217.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

------------------------------------------------ END ------------------------------------------

This System Volume Information, is that on the hard drive? Boy those little buggers sure know how to hide - eh?

Well, Thanks again. Now I can fiddle again ....!

ta ta,
CatnFiddle

#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:28 PM

Posted 18 February 2009 - 03:01 PM

The infected RP***\A00*****.exe/.dll file(s) identified by your scan are in the System Volume Information Folder (SVI) which is a part of System Restore. This is the feature that allows you to store and set points in time to roll back your computer to a clean working state. The SVI folder is protected by permissions that only allow the system to have access and is hidden by default (unless Windows is reconfigured to show it) on the root of every drive, partition or volume including most external drives, and some USB flash drives. By design System Restore runs in the background and will automatically create a new restore point every 24 hours (system checkpoints). Restore points can also be manually created by the user at any time.

In addition to System Restore points, the SVI folder is where XP stores other important information such as:
  • Registry configuration information for application, user, and operating system settings.
  • Windows File Protection files in the dllscache folder.
  • COM+ Database; Windows Management Instrumentation Database.
  • IIS Metabase configuration.
  • Content Indexing Service databases for fast file searches.
  • Information used by the Volume Shadow Copy Service (also known as "Volume Snapshot") so you can back up files on a live system.
  • Files with extensions listed in the Monitored File Extensions list and Local Profiles.
The SVI folder also stores other important information such as:
  • Distributed Link Tracking Service databases used to automatically repair and maintain links, such as Shell Shortcuts and OLE links, to files on NTFS volumes. This service stores maintenance information in a file called Tracking.log.
  • Efs0.log files created by the Encrypting File System (EFS) generated during the encryption and decryption process.
  • Drivetable.txt which holds the System Restore drive letters list, and stores other configuration information such as System Restore space allocation information for each drive.
  • Sr-reg.txt which contains the System Restore registry settings.
  • Rstrlog.txt which contains the restore log file for the last completed restore.
  • Fifo.log which contains the FIFO (first in first out) restore points if there are any.
  • Rp.log or SP-RP.log which contains the list of restore points (name/type/time).
  • SR-chglog.log which contains the change log of file operations on each drive for all restore points.
  • SR-filelist.log which contains a list of all the files that were collected by Srdiag.exe

System Restore will back up the good as well as the bad files so when malware is present on the system it gets included in any restore points as an A00***** file. When you scan your system with anti-virus or anti-malware tools, they may detect and place these files in quarantine. When a security program quarantines a file, that file is essentially disabled and prevented from causing any harm to your system. The quarantined file is safely held there and no longer a threat. Thereafter, you can then delete it at any time.

If the anti-virus or anti-malware tool cannot move the files to quarantine, they sometimes can reinfect your system if you accidentally use an old restore point. To remove these file(s), the easiest thing to do is Create a New Restore Point to enable your computer to "roll-back" to a clean working state and use Disk Cleanup to remove all but the most recent restore point.

If the anti-virus or anti-malware tool was able to move the files, I still recommend creating a new restore point and using disk cleanup (if there are no further signs of infection) as the last step after removing malware from an infected computer.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 Cat&Fiddle

Cat&Fiddle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 19 February 2009 - 11:00 AM

Goodday all !

Quietman7 - wow. What an explanation! THANKS!! Some of that went over my head, some I already knew, some I knew enough to understand some of your explanation (ha!), in total, I now have a whole bunch more questions to ask ... but will have to come later, and probably in a different forum.

About my computer, I thought I was almost all done, but ... when I began doing your latest instructions, the most curious thing happened. When I went to create the custom restore point, I got partially into creating it's name and my computer froze up - PARTIALLY!!????

By that, I mean I could type away, but nothing more was written! The mouse seemed to work fine, in that when I 'moused over' buttons, etc, they reacted. Other windows reacted similarly. Finally, I killed the window in which I was attempting to create the restore point and started another one. Same behavior, except that I couldn't even get the name started at all.

I started Notebook, to make some notes, and the machine wouldn't write there either - no matter how much I typed. So, I rebooted. Same problem. Probably irrationally, I ran Malwarebytes' Anti-Malware program again, thinking (something) got thru the net. Nothing was found after an in-depth scan.

I shut the machine down, waited a bit, then booted back up. Everything seemed to work normally, or at least, as expected. I made the restore point, and ran Disk Cleanup. I am a bit hesitant to blindly remove 'unused files', etc, so all I did was force the removal of all the restore points except the one I just made. I rebooted again.

Thinking that the world had been washed clean and re-made, I began doing work that had been pending since all this began. I was getting ready for a trip, and wanted to carry all this latest activity to my destination to share. So I inserted my 4Gb Cruzer (which already had data stored on it) into one of the front USB slots, then without looking at the computer, inserted a USB cable (with a mini USB plug on the other end) into the other front slot, and plugged the mini into my PALM to do a synchronization (normally, done daily, but not as of late).

When I sat down at the computer, it was FROZEN - hard!!! I couldn't get the mouse to move, and Ctrl-Alt-Del woudn't respond either. So, I removed the power for awhile, then turned it back on & booted. I couldn't SEE the Cruzer in Explorer, and when I tried to synchronize the PALM (the process is initiated on the handheld), it would come back with a message saying the communication couldn't be established. I wondered if the xppolice thing had somehow destroyed some of the 'innards' of that exchange, so I removed the software (correctly) and reinstalled it. No change. I then connected my camera with a cable (it always connects right away and begins the picture download - it's very well behaved). It came back with a 'Communication Error', also!

It was late, so I shut all down and went to bed. Gotup, booted and began reading e-mail. I printed one out, and it began in the middle of the page, continued to the end of the page, and the rest of the e-mail started in the middle of the next page and finished. It should have printed all on one page.

That's when I aborted all my activities and began writing this.

Did the xppolice thing do this? Have I got 'elves'? Any ideas?

CatnFiddle

#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:28 PM

Posted 19 February 2009 - 12:30 PM

Hard to tell what the issue is without further investigation. There could have been a driver conflict between with the Cruzer and PALM. Or you may have had a USB flash drive infection. Flash (usb, pen, thumb, jump) drive infections usually involve malware that loads an autorun.inf file into the root folder of all drives (internal, external, removable). When the removable media is inserted, autorun looks for autorun.inf and automatically executes another malicious file to run on your computer. When a flash drive becomes infected, the Trojan will infect a system when the removable media is inserted if autorun has not been disabled.

Please download Flash_Disinfector by sUBs and save it to your desktop.
  • Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
  • The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
  • Hold down the Shift key when inserting the drive until Windows detects it to keep autorun.inf from executing if it is present.
  • Wait until it has finished scanning and then exit the program.
  • Reboot your computer when done.
Note: As part of its routine, Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive that was plugged in when you ran it. Do not delete this folder...Even if running this tool did not resolve the issue, it will help protect your drives from future infection by keeping the autorun file from being installed on the root drive and running other malicious files.

If that did not help, look for problem entries (colored coded symbols) in Device Manager as described here. Check for any updates that may be available for your drivers. Driver issues are a known source of conflicts that can cause stop errors and BSODs. If you need to update a driver, a convenient place to start is at DriverGuide.com. If you're not sure how to update a driver, please read How to update a Windows hardware driver and How to manage devices in Windows XP.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 Cat&Fiddle

Cat&Fiddle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 19 February 2009 - 08:24 PM

Well Quietman7 -

You've done it again! The USB cleaner worked great! Didn't even know they were infected. Not sure if they were, but after the process, everything is working much more smoothly together.

The printer problem is another issue. I deleted the printer from Control Panel/Printers..., then rebooted and reinstalled the printer. No change. I don't know of any other drivers.

Could this be a driver problem, it seems more like a setup issue? PLUS, it only happens in Outlook Express - printing the same e-mail in Word, notepad, wordpad or what-have-you works just as one might expect. It's only in Outlook Express that the page begins printing half-way down, then continues on the next page, half-way down, etc.

PLUS, this problem only began after driving the xppolice away after they (it) got their hooks into me. Prior to that, everthing was groovy!

Anymore ideas?

#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:28 PM

Posted 19 February 2009 - 10:35 PM

The printer problem is another issue. I deleted the printer from Control Panel/Printers..., then rebooted and reinstalled the printer. No change. I don't know of any other drivers. Could this be a driver problem,

Sounds like it could be. Start a new topic in the Hardware forum for further assistance with this issue.

Tips to protect yourself against malware and reduce the potential for re-infection:Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users. The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications. Read P2P Software User Advisories and Risks of File-Sharing Technology.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. To learn more about this risk, please read:If using Windows Vista, please refer to:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 Cat&Fiddle

Cat&Fiddle
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:28 PM

Posted 20 February 2009 - 01:15 AM

OK Quietman7 -

With the exception of the printer issue, all things seem to be copacetic. For that, I have only you to thank - so, THANKS!!!

Also, thanks for taking an interest in us "newbies" & "neophytes".

I will follow your HINTS and absorb as much of the information you have shoveled my way as I can. Keep up the good work.

ta-ta,

CatnFiddle

#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,766 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:28 PM

Posted 20 February 2009 - 09:30 AM

You're welcome. :thumbsup:
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users