Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I had multiple threats from Trojans and Worms.


  • Please log in to reply
13 replies to this topic

#1 destruct_tsugs

destruct_tsugs

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 17 July 2009 - 01:54 AM

Hi All,

My name is John August and I'm from the Philippines. I'm not sure if I'm am making this post correctly, but do advice me of my mistake.

Anyway I am using an HP 2133 Mini with a Windows XP SP2 (already updated to SP3), I used to run an AVG8.5 Antivirus. We are using a LAN in our office. My PC was free from viruses until someone plugged in a flash drive without scanning it and it infected my PC with Trojan.Win32.FlyStudio.II. I only noticed it when I was just staring at the screen when suddenly a window popped up with gibberish or Chinese (not really sure) so I closed it right away and disconnected from the internet, ran a scan from my AVG and it found 2 viruses (I forgot exactly which) and it was quarantined. However my after rebooting AVG warned me about infections again from the same virus. I thought I was going to need to reformat however I dont have an external CD-ROM so I had to find other ways of trying to fix the problem. I downloaded a Kaspersky Antivirus 9.0.0.459 2010 and it found alot of infections of Trojan.Win32.FlyStudio.II. That was only the beginning. After fixing the problem, yesterday Kaspersky warned me that one of the PCs connected to our network was sending me a virus, Worm.Win32.AutoIt.pl and then Trojan.Win32.Refroso.anx, and then Packed.Win32.Krap.l.

The Refroso and the Studio were deleted by Kaspersky, it also found malware HackTool.Win32.Kiser.be, however was only disinfected, and the Krap was quarantined, a file planted by one of the viruses made a file 931EDB.exe in my startup files but was cleaned by Kaspersky.

After the cleanup I was advised by Kaspersky that I need to restart the PC but when I did, my PC advised me that my IE8 needed to be shut down because of some error, and that I needed to check my DEP (Data Execution Prevention), when I did there was a Windows and hn.exe that needed to be selected for DEP.

The hn.exe was hiding in my recovery or restore folder and it did something to my csrss.exe, when I rebooted some scripts were being run and was still preventing my IE from opening so I did the DEP as was instructed by my PC help.

I downloded windows defender however it wasnt able to detect anything but when I used Live OneCare it said something about 3 Severe Issues and such but basically it didn't even tell me what the problems were and if they were fixed.

I would like to know if my PC is ok or if there are any suprises hidden in my files. I hope I have described my problem so that any of you guys can help me.

Thanks,

John August

BC AdBot (Login to Remove)

 


#2 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 AM

Posted 17 July 2009 - 11:47 AM

Hello and welcome to Bleeping Computer

Please subscribe to your topic so that you will be notified as soon as I post a reply, instead of you having to check the topic all of the time. This will allow you to get an email notification when I reply.

To subscribe, go to your topic, and at the top right hand corner by your first post, click the Options button and then click Track this topic. The bullet the immediate notification bubble. Then press submit.



Lets take a look with Malwarebytes

Please download Malwarebytes' Anti-Malware from here:
Malwarebytes
Please rename the file BEFORE downloading to zztoy.exe instead of mbam-setup.exe

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

Double Click zztoy.exe to install the application.
* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Full Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy&Paste the entire MBAM report (even if it does not find anything) in your next reply

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


If Malwarebytes won't install or run

Some types of malware will disable MBAM and other security tools. If MBAM will not install, try renaming it. Right-click on the mbam-setup.exe file and change the .exe extension to .bat, .com, .pif, or .scr and then double-click on it to run.

If after installation, MBAM will not run, open the Malwarebytes' Anti-Malware folder in Program Files, right-click on mbam.exe and change the .exe as noted above. Then double-click on it to run.
Computer Pro

#3 destruct_tsugs

destruct_tsugs
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 17 July 2009 - 12:10 PM

Hi there, thanks for the quick reply.

I tried the link for Malwarebytes' Anti-Malware and it led me to CNET, however it says the the page I requested could not be found. I really don't trust other websites right now, but since I asked for your help, I'm going to trust you, could you possibly give me another link to try. I know I could look it up with a search engine but as I said, I'm kind of paranoid about it.

Thanks again,

John August

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 17 July 2009 - 12:12 PM

Next Please install RootRepeal
Note: Vista users ,, right click on desktop icon and select "Run as Administrator."

Go HERE, and download RootRepeal.zip to your Desktop.
Tutorial with images ,if needed >> L@@K.
Unzip that,(7-zip tool if needed) and then click RootRepeal.exe to open the scanner.
Next click on the Report tab, now click on Scan. A Window will open asking what to include in the scan. Check all of the below and then click OK.

Drivers
Files
Processes
SSDT
Stealth Objects
Hidden Services


Now you'll be asked which drive to scan. Check C: and click OK again and the scan will start. Please be patient as the scan runs. When the scan has finished, click on Save Report.
Name the log RootRepeal.txt and save it to your Documents folder (it should automatically save it there).
Please copy and paste that into your next reply.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 Computer Pro

Computer Pro

  • Members
  • 2,448 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:03 AM

Posted 17 July 2009 - 12:13 PM

I'm sorry that link must be down at this time. Please try to download from here instead and then follow my previous directions.

Please download from here: Malwarebytes. Download the free version

Edited by Computer Pro, 17 July 2009 - 12:26 PM.

Computer Pro

#6 destruct_tsugs

destruct_tsugs
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 17 July 2009 - 12:41 PM

I'm really starting to like this website, help comes in really fast! :thumbsup: :flowers:

My internet is kinda slow right now and nearly 2AM here, I'm not sure if the thunderstorms are affecting my internet but I'm going to have to try later in the morning.

Question though: Should I do both the RootRepeal and MBAM for my next reply?


Thanks again guys for the quick responses.

John August

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 17 July 2009 - 12:48 PM

Helo i posted the rootrepeal as there is a good probability that the infection you have will block MBAm no matter where it comes from.. You can rn either first.. I posted it as you will be running it anyway.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 destruct_tsugs

destruct_tsugs
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 17 July 2009 - 09:44 PM

Hello again, I was able to download the RootRepeal however I still have trouble accessing the download screen for MBAM, I'll try downloading that later, as per you r instructions regarding RootRepeal, here goes:

By the way please advise me if after reading this if it is still recommended that I run MBAM.

ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/07/18 10:32
Program Version: Version 1.3.2.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xF4999000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7A35000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA84E9000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: c:\documents and settings\antivirus\local settings\temp\~dfa686.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\antivirus\local settings\temp\~dfa698.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\antivirus\local settings\temp\~dfa95c.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\antivirus\local settings\temp\~dfb223.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\antivirus\local settings\temp\~dfb22f.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\antivirus\local settings\temp\~dfe170.tmp
Status: Allocation size mismatch (API: 16384, Raw: 0)

Path: c:\documents and settings\all users\application data\kaspersky lab\avp9\bases\cache\av486.tmp
Status: Allocation size mismatch (API: 15089664, Raw: 0)

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.4.crwl
Status: Allocation size mismatch (API: 4096, Raw: 576)

SSDT
-------------------
#: 011 Function Name: NtAdjustPrivilegesToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0e36e

#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0ea86

#: 031 Function Name: NtConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0f60c

#: 035 Function Name: NtCreateEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0fb40

#: 037 Function Name: NtCreateFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0ed78

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0d460

#: 043 Function Name: NtCreateMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0fa18

#: 044 Function Name: NtCreateNamedPipeFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0cd0a

#: 046 Function Name: NtCreatePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0f8d4

#: 050 Function Name: NtCreateSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0e102

#: 051 Function Name: NtCreateSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0fc72

#: 052 Function Name: NtCreateSymbolicLinkObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e1140e

#: 053 Function Name: NtCreateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0e886

#: 056 Function Name: NtCreateWaitablePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0f976

#: 063 Function Name: NtDeleteKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0da20

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0dcf8

#: 066 Function Name: NtDeviceIoControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0f21c

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e11980

#: 071 Function Name: NtEnumerateKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0de3a

#: 073 Function Name: NtEnumerateValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0dee4

#: 084 Function Name: NtFsControlFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0f016

#: 097 Function Name: NtLoadDriver
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e10ea6

#: 098 Function Name: NtLoadKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0d43c

#: 099 Function Name: NtLoadKey2
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0d44e

#: 111 Function Name: NtNotifyChangeKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0e030

#: 114 Function Name: NtOpenEvent
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0fbe2

#: 116 Function Name: NtOpenFile
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0eb08

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0d604

#: 120 Function Name: NtOpenMutant
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0fab0

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0e56e

#: 125 Function Name: NtOpenSection
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e11438

#: 126 Function Name: NtOpenSemaphore
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0fd14

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0e492

#: 160 Function Name: NtQueryKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0df8e

#: 161 Function Name: NtQueryMultipleValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0dbb6

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0d8bc

#: 180 Function Name: NtQueueApcThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e11128

#: 192 Function Name: NtRenameKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0db34

#: 193 Function Name: NtReplaceKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0d0c2

#: 194 Function Name: NtReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e1009e

#: 195 Function Name: NtReplyWaitReceivePort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0ff64

#: 200 Function Name: NtRequestWaitReplyPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e10c30

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0d224

#: 206 Function Name: NtResumeThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e11860

#: 207 Function Name: NtSaveKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0cec4

#: 210 Function Name: NtSecureConnectPort
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0f312

#: 213 Function Name: NtSetContextThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0e984

#: 230 Function Name: NtSetInformationToken
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e105f2

#: 237 Function Name: NtSetSecurityObject
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e10fa0

#: 240 Function Name: NtSetSystemInformation
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e114c2

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0d744

#: 253 Function Name: NtSuspendProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e115a6

#: 254 Function Name: NtSuspendThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e116d2

#: 255 Function Name: NtSystemDebugControl
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e10dd2

#: 257 Function Name: NtTerminateProcess
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0e6ea

#: 258 Function Name: NtTerminateThread
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0e63c

#: 277 Function Name: NtWriteVirtualMemory
Status: Hooked by "C:\WINDOWS\system32\DRIVERS\klif.sys" at address 0xf4e0e7c8

==EOF==

#9 destruct_tsugs

destruct_tsugs
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 17 July 2009 - 09:51 PM

By the way, did I paste the right report? I followed the instructions as advised but while I was playing around with the program when I click on other tabs aside from Report, like Processes theres information there that is/wasn't included in the report I pasted above....Do I need to include those as well?

#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 17 July 2009 - 10:18 PM

I would like you to run DrWeb next..

Before we start fixing anything you should print out these instructions or copy them to a NotePad file so they will be accessible. Some steps will require you to disconnect from the Internet or use Safe Mode and you will not have access to this page.

Please download Dr.Web CureIt and save it to your desktop. DO NOT perform a scan yet.
alternate download link
Note: The file will be randomly named (i.e. 5mkuvc4z.exe).

Reboot your computer in "Safe Mode" using the F8 method. To do this, restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly. A menu will appear with several options. Use the arrow keys to navigate and select the option to run Windows in "Safe Mode".

Scan with Dr.Web CureIt as follows:
  • Double-click on the randomly named file to open the program and click Start. (There is no need to update if you just downloaded the most current version
  • Read the Virus check by DrWeb scanner prompt and click Ok where asked to Start scan now? Allow the setup.exe to load if asked by any of your security programs.
  • The Express scan will automatically begin.
    (This is a short scan of files currently running in memory, boot sectors, and targeted folders).
  • If prompted to dowload the Full version Free Trial, ignore and click the X to close the window.
  • If an infected object is found, you will be prompted to move anything that cannot be cured. Click Yes to All. (This will move any detected files to the C:\Documents and Settings\userprofile\DoctorWeb\Quarantine folder if they can't be cured)
  • After the Express Scan is finished, put a check next to Complete scan to scan all local disks and removable media.
  • In the top menu, click Settings > Change settings, and uncheck "Heuristic analysis" under the "Scanning" tab, then click Apply, Ok.
  • Back at the main window, click the green arrow "Start Scanning" button on the right under the Dr.Web logo.
  • Please be patient as this scan could take a long time to complete.
  • When the scan has finished, a message will be displayed at the bottom indicating if any viruses were found.
  • Click Select All, then choose Cure > Move incurable.
  • In the top menu, click file and choose save report list.
  • Save the DrWeb.csv report to your desktop.
  • Exit Dr.Web Cureit when done.
  • Important! Reboot your computer because it could be possible that files in use will be moved/deleted during reboot.
  • After reboot, post the contents of the log from Dr.Web in your next reply. (You can use Notepad to open the DrWeb.cvs report)

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#11 destruct_tsugs

destruct_tsugs
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 18 July 2009 - 08:09 AM

Whew!! After 8hours adn 37minutes, finally the scan ended. Heres the report:

A0020824.exe\winrar.exe;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP54\A0020824.exe;Win32.HLLW.Autoruner.6428;;
A0020824.exe;C:\System Volume Information\_restore{A80475B6-CF6D-4B3A-BD21-B16C67DB5304}\RP54;Archive contains infected objects;Moved.;


So there is still something left, Kaspersky nor Windows Defender or Live OneCare didn't see this. By the way I uninstalled OneCare because it slows down my PC on startup due to MsMpEng.exe eating up alot of my CPU memory. This remaining infection was only moved to the quarantine.

So what do I do next?

#12 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 18 July 2009 - 10:34 AM

Hi ,the file in quarantine is good there,it can no longer harm the PC.. How is it eunning now? Any infection signs.. redirects,excessive slowdows.?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#13 destruct_tsugs

destruct_tsugs
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 18 July 2009 - 02:54 PM

So far so good, everythings ok.

By the way, I only have the trial Kaspersky 2010, I'm not sure if I can have it licensed but if not, would Avira or Avast be ok?

And if I still have problems do I just post it on this same thread?

And oh, thanks by the way.

#14 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,492 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:03 AM

Posted 20 July 2009 - 01:03 PM

Yes I use Avira.. I like it..
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users