Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Check my log file please


  • This topic is locked This topic is locked
9 replies to this topic

#1 bigjohn

bigjohn

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:06:31 PM

Posted 09 September 2005 - 08:18 AM

G'day
I had problems with Global toolbar early in the week. I re installed the C drive image, but I would like you to check this log to make sure it's clean.

Logfile of HijackThis v1.99.1
Scan saved at 11:00:25 PM, on 9/9/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINXP\System32\oodag.exe
C:\Program Files\Registry Defragmentation\RegManServ.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\wanmpsvc.exe
C:\WINXP\htpatch.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\AOL 7.0d\waol.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\K-Lite\khancer.exe
C:\Program Files\K-Lite\kazaa.core
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file)
O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)
O4 - HKLM\..\Run: [HTpatch] C:\WINXP\htpatch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_38-1.dll' missing
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123755015359
O17 - HKLM\System\CCS\Services\Tcpip\..\{942FF9F3-8E4A-426F-A120-5725374222ED}: NameServer = 202.67.65.134
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINXP\System32\oodag.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINXP\wanmpsvc.exe

Thank you
John

BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:31 AM

Posted 11 September 2005 - 03:26 PM

Welcome to the BleepingComputer forum. We are currently studying your log and will have instructions for you shortly. Thank you for your patience.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:31 AM

Posted 11 September 2005 - 05:15 PM

We have some work to do.

Step 1

Please go to add/remove programs and uninstall NewdotNet. If you don't have that option or if you have difficulties then please follow the instructions on this site

Step 2

Please download Lspfix.
  • Extract(unzip) it to its own folder.
  • Disconnect from the internet.
  • Close all browser windows.
  • Run LSPFix.
  • Click the "I know what I'm doing" button.
  • In the left hand pane, highlight all instances of newdotnet6_38-1.dll (and nothing else). Note: If you just want to fix a broken chain, and the problem DLL has already been removed for some other reason, you can just click the Finish button. LSP-Fix will automatically fix the LSP chain.
  • Move them to the "Remove" pane by clicking the >> button
  • Click Finish
  • Reboot to complete the process.
If needed, read the tutorial on Using LSP-Fix to remove LSP Spyware & Hijackers

Step 3

You really need to update WINDOWS XP.with Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click HERE.

Please do not install Service Pack 2 because some hijacks interfere with the installation of Service Pack 2. When we're finished cleaning your computer we highly recommend installing SP2. Click HERE
-or-
It's a very large download, so if you're on dial-up, order a free CD HERE

Step 4

To help prevent further infection, please download and install SpywareBlaster SpywareBlaster will help to:
  • prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software.
  • block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
  • restrict the actions of potentially unwanted sites in Internet Explorer.
Step 5

Please download and install Ewido Security Suite v3.5
If Ewido finds something that you KNOW is legitimate (watch for alerts that have the word "Heuristic" in them - these may actually be false positives) select "none" as the action. DO NOT check "Perform action with all infections." If you are unsure of an entry, select "none" for the time being.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch Ewido by double-clicking the "e" icon on your desktop.
  • The program will now go to the main screen.
  • When you run Ewido for the first time, you will get a warning "Database could not be found!". Click OK.
  • You will need to update Ewido to the latest definition files.
    • On the left hand side of the main screen click Update.
    • Then click on "Start Update".
    • The update will begin and a progress bar will show the updates being installed. If you are having problems with the updater, use Update Ewido
    • After the update finishes, the status bar at the bottom will display "Update successful"
  • After the updates are installed do the following:
    • Click on Scanner and select "Settings"
    • Under the bottom section "What to Scan?" select "Scan every file"
    • Select "OK" and you will return to scanning options
    • Click on "Complete System Scan" [This can take a while to complete so please be patient]
    • While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then UNCHECK "Perform action on all infections" and click "OK". Note: You will have to watch the scan all the way through and delete items manually
  • After the scan has completed, Ewido will create a report.
  • There will be a button located on the bottom of the screen named "Save report". Click "Save report" [to your desktop] and post it in your next response.
  • Exit Ewido Security Suite when done.
Ewido offers a FREE 14 day full working trial. After the 14 day trial the only option that will be disabled is the "real-time" scanning which we did not install anyway and the automatic updating. You will have to do the updating manually by clicking on the “update button” and then “start update”.

Step 6

Please go to the following web addresses and download Cleanup HERE CleanUp! is a powerful and easy-to-use application that removes temporary files created while surfing the web, empties the Recycle Bin, deletes files from your temporary folders and more. Do not run it yet.
*IMPORTANT NOTE*
CleanUp deletes EVERYTHING out of your temp/temporary folders; it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Step 7

We need to disable your Microsoft AntiSpyware Real-time Protection as it may interfere with the fixes that we need to make.
  • Right-click on the Microsoft Anti-Spyware tray icon by your clock (it's the one with the red and yellow bulls-eye).
  • Click on "Security Agents Status".
  • Click on "Disable real-time protection".
Next, open Microsoft Anti-Spyware.
  • Click on the Options menu, then Settings.
  • Select "Real Time Protection" from the left column.
  • Uncheck "Enable (MSAS) Security Agents" and "Enable real-time spyware threat protection".
  • Click the Save button.
Finally, Right-click on the MSAS tray icon, select "Shutdown Microsoft Antispyware", and click "Yes" in the dialog that comes up.

After all of the fixes are complete it is very important that you enable Real-time Protection again.

Step 8

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HiJackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts
5) Restart your computer.
You can enable TeaTimer once your system is clean.

Step 9

If this is not your ISP, have HiJackThis fix it.

O17 - HKLM\System\CCS\Services\Tcpip\..\{942FF9F3-8E4A-426F-A120-5725374222ED}: NameServer = 202.67.65.134

You may want to print out this page. Make sure to work through the fixes in the order it is mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) Do not worry if they are not there:

NewDotNet

Kazaa Lite
if you choose to do the optional fix

Use 'ctrl' + 'alt' + 'del' (Three keys together) to get task manager. Find these processes and 'end task' them.
OR]
Use the process viewer in Hijackthis, Open the Misc Tools Section then Open Process Manager, find these programs and “kill process” the following running processes (Do not worry if they are not there)


khancer.exe if you choose to do the optional fix

These two running processes indicate that you have or have had Kazaa. Follow the directions “if you choose to do the optional fix”.

C:\Program Files\K-Lite\khancer.exe

C:\Program Files\K-Lite\kazaa.core


You are using Kazaa. This is not technically malware by itself, but it installs malware in order to run properly and it opens the door for every other nasty program you can think of. I strongly recommend that you remove it. Read this article for alternatives that will provide some of the same function without the garbage. P2P Networking is a totally useless Kazaa add-on, and it's been reported to be responsible for serious system slowdowns.
(AdAware and Spybot S&D will remove traces of Kazaa after uninstalling program and deleting folder.)

Let’s address the HijackThis fixes.

Please run HijackThis and click "Scan." Place checks next to the following entries (make sure not to miss any):

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

O2 - BHO: (no name) - {c900b400-cdfe-11d3-976a-00e02913a9e0} - (no file)

O2 - BHO: (no name) - {D80C4E21-C346-4E21-8E64-20746AA20AEB} - (no file)

O3 - Toolbar: (no name) - {5AA06644-BC46-4220-A460-47A6EB47C96D} - (no file)

O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm

O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINXP\web\related.htm


Close all browsers and other windows except for HijackThis, and click "Fix Checked" to have HijackThis fix the entries you checked.

Then Reboot to safe mode. If you don’t know how to boot in safe mode, there is a tutorial HERE .
NOTE: To avoid the risk of any of the files or folders not being found due to their having the 'Hidden' attribute, first make sure that in Folder Options > View hidden and operating system files are set to show:
http://www.xtra.co.nz/help/0,,4155-1916458,00.html
Or items 8 & 9 from this link :
http://www.russelltexas.com/malware/faqhijackthis.htm

Using Windows Explorer, locate the following files/folders, and DELETE them (Do not worry if they are not there):

Search for and delete these folders:

C:\Program Files\K-Lite which contains khancer.exe and kazaa.core if you choose to do the optional fix

c:\program files\newdotnet which may contain \newdotnet6_38-1.dll

Search for and delete these files :

C:\WINXP\web\related.htm

Step 10

Let’s run Cleanup to ensure no malware is hiding in temporary folders and for general computer cleanup to free space on your computer.

Step 11

After updating to Service Pack 1a, please run HijackThis again and post a fresh log and the log from Ewido, just so I can make sure that all the malware was deleted according to plan
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#4 bigjohn

bigjohn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:06:31 PM

Posted 12 September 2005 - 12:38 AM

Thank you suebaby41 for your answer. I am trying to safe boot and I have sent this post asking for help.

http://www.bleepingcomputer.com/forums/Can...ode-t30206.html
I will keep get back to you as soon as I've done some work on it.
Q: Do I have to get rid of Klite? My son uses it a lot.
Thank you
John

#5 bigjohn

bigjohn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:06:31 PM

Posted 12 September 2005 - 11:49 AM

G'day all from Down-Under

Here are my log files attached and zipped. I did everything you asked me to do except I could not boot in safe mode. I'm only hopping it worked I'm normal mode.
Q: Why did Nod32, MS antispy. and Spybot not detected anything. I also have a Hosts file that I update regularly. By the way. Ewido gave me a message: No hosts file was detected.
suebaby41, I am very grateful to you for your help.
Regards
John

#6 bigjohn

bigjohn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:06:31 PM

Posted 12 September 2005 - 12:02 PM

G'day all from Down-Under

Here are my log files attached and zipped. I did everything you asked me to do except I could not boot in safe mode. . I'm only hopping it worked I'm normal mode. Also I haven't installed SP2.
Q: Why did Nod32, MS antispy. and Spybot not detected anything. I also have a Hosts file that I update regularly. By the way. Ewido gave me a message: No hosts file was detected.
suebaby41, I am very grateful to you for your help.
Regards
John
I cannot send attacments. I don't know how, so here are the filesdecompressed.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:22:49 AM, 9/13/2005
+ Report-Checksum: FBC887BC

+ Scan result:

No infected objects found.


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 2:24:27 AM, on 9/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINXP\System32\oodag.exe
C:\Program Files\Registry Defragmentation\RegManServ.exe
C:\WINXP\System32\svchost.exe
C:\WINXP\wanmpsvc.exe
C:\WINXP\Explorer.EXE
C:\WINXP\htpatch.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\HJT\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O4 - HKLM\..\Run: [HTpatch] C:\WINXP\htpatch.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [jv16PT - Privacy Protector] C:\Program Files\jv16 PowerTools 2005\jv16PT.exe -ExecTask "C:\Program Files\jv16 PowerTools 2005\Tasks\_PrivacyProtector\Task.jvb"
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINXP\System32\Shdocvw.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1123755015359
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINXP\System32\oodag.exe
O23 - Service: Registry Management Service (RegManServ) - Unknown owner - C:\Program Files\Registry Defragmentation\RegManServ.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINXP\wanmpsvc.exe

I'm going to bed now
Bye

#7 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:31 AM

Posted 12 September 2005 - 03:30 PM

It is your decision about KLite. I wanted to give you the information about alternatives.

Good job!

Your log appears to be clean. Please advise me of any problems you still have.

A Firewall is an essential part of computer security and you do not appear to have one running on your system. It is important that you have a firewall in addition to the Windows SP2 firewall. There are a few available for free that have excellent reputations:
Zone ALarm Free Firewall
Kerio Free Firewall

Please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to disable and enable system restore here:
    Managing Windows Millennium System Restore

    or
    Windows XP System Restore Guide
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it asks you if you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use IE-SPYAD Add another level of protection to your Internet Explorer browser by blocking certain sites that are known to contain malware. IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. IE-SPYAD may be found HERE
  • Update your Anti Virus Software - It is imperative that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software, then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I cannot stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit Microsoft’s Windows Update regularly. This will ensure your computer has the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • You should scan your computer with Spybot S&D on a regular basis just as you would an anti- virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should scan your computer with Ad-Aware as well as Spybot S&D and your anti-virus program on a regular basis. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Use the hosts file:
    Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional.
    Download it HERE. Make sure you read the instructions on how to install the hosts file. There is a good tutorial HERE If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button on the task bar at the bottom of your screen
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then double-click it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok..
  • Use an alternative instant messenger program.Trillian and Miranda-Im These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
  • Please read Tony Klein's excellent article: How I got Infected in the First Place
  • Please read Understanding Spyware, Browser Hijackers, and Dialers
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow these steps and your potential for being infected again will reduce dramatically.

Good luck! :thumbsup:
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#8 bigjohn

bigjohn
  • Topic Starter

  • Members
  • 40 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sydney Australia
  • Local time:06:31 PM

Posted 13 September 2005 - 03:49 AM

G'day
Thank you for your highly professional help. I am very impressed and grateful. I will follow all the instructions you have given me. I will also make an image of the HDD , now that I know the HDD is Clean, and keep a few copies of it. It is always easier to re install the drive image than to do all that cleaning again.
Keep up the good work
Kind Regards
John

Edited by bigjohn, 13 September 2005 - 03:55 AM.


#9 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:31 AM

Posted 13 September 2005 - 09:10 AM

You are welcome. I am glad we could help. :thumbsup:
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#10 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:04:31 AM

Posted 13 September 2005 - 09:11 AM

Since your problem appears to be resolved, this thread will now be closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users