Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo remnants maybe but not sure


  • This topic is locked This topic is locked
15 replies to this topic

#1 herofallenvillain

herofallenvillain

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 16 April 2010 - 04:10 AM

Hi my names Josh, and I posted a previous topic attempting to speed up my older computer... Topic referenced is here: http://www.bleepingcomputer.com/forums/t/309328/is-my-computer-infected-or-just-old-and-slow/ ~ OB
(titled "Is my computer infected or just old"
However, I'm certain there is SOMETHING reaking havok on my system!
Nothing seems consistant in the problems however(other than sluggishness).
Sometimes it seems to randomly free up where it SHOULD be bogged and works fine, and other times it all but fully locks up on the smallest of tasks! (though it USUALLY doesn't fully freeze)
I understand I have limited RAM resulting in general slow speeds, but my speed problems are anything but consistant!

I've run dozens of (different)anitware scans, and cleared off several things to the point where nothing much comes up. Including an online ESET scan directed by Quietman7, finding nothing but adware. I'm at my wits end on what to do, and cannot reinstall windows as I didn't receive the CD from the store (a mistake I'll never make again!).

Everytime I think I've removed the culprit, disaster strikes again!
I've used Mcafee, Spyware Doctor, AVG & various other antiware software ending with using COMODO, assisted with Malware Bytes, SUPERAntiSpyware (used as scanners, not "realtime protection" as to avoid the warned conflicting software cases)

I also use CCleaner, Smart Defrag, TFC by OldTimer what seems to be more than I use this cursed bucket of sparks. I'm wondering if I've removed the infection(noteably Vundo) and despite being removed has already terrorized/corrupted something on my computer.

Some of my problems seem to relate to internet browsers, I use IE & FireFox, and they seem to swap back in forth torturing me while the other acts fine ><
For example I was using IE mostly but then it became sluggish to insane extents! So I started using FF...now all my FF setings have gone wack, not displaying many things, yet they work in IE and I cannot find any setings specific to FF that make the differance. As such I started using IE again!....now IE has black bars running across the top menus >< Yet the mouseovers still display file/edit/etc and the home/fav/etc icons show through.

I understand I'm supposed to use DDS but I can't get it to run sad.gif
I've tried both extensions of it, the dds.scr cancels out the dos screen immediately after it's displayed, where the other opens, shows it's info and seems to scan, but after a few minutes just closes DOS and offers no reports or anything else!

I also encoutered problems with GMER, but managed to finish scan(at least I think as I ran it twice ending at same place despite giving no notice to being finished in ANY way). (for the info, yes I followed diredtions exactly including disabling the CD emulation via Defogger, as well as disconnected from internet(by unplugging cable) to safely shutdown ALL protection programs(COMODO) completly.
While running scan I recieved 3 pop ups...
1 ) Microsoft feeds syncronizer encountered problem and needs to close
2 ) Windows Defender Line Command encountered problem and needs to close
& 3 ) dwwin.exe failed to initialize properly (0xc000142)
afterwards, I was able to save the log, but then the computer became unresponsive, from what I know it seemed to be explorer.exe acting up as the computer wasn't froze but the taskbar was completely unresponsive, resulting in a forced shutdown sad.gif
upon restart encountered a ...
Checking File System with a 3 rowed blue screen ...stating
one or more of your disks needs to be checked for consistancy....
proceding to use CHKDSK to check Files, Indexes, security descriptors & USN journal.

Being I am unable to use DSS I'm going to substitute it with HiJackThis to offer some info...
I'll be more than glad to use the DDS if someone can help me get it working!
I also have ComboFix yet due to warnings from this site, I haven't touched it!
well atm this is the bulk of "symptoms" that I can think of!
As I explained before though all the problems seem EXTREMELY inconsistant!

Please help ><
Thank you in advance for any help I may recieve in this matter^^

NOTE: I am attaching the GMER log as it's too long to post here!

DRIVEN PLUM crazy.gif
-------------------------------------------HIJACKTHIS---------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:18:01 AM, on 4/16/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\Program Files\My Lockbox\mylbx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.com/g/sidepanel.html?Ch...DTP&M=T3504
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O3 - Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
O4 - HKLM\..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe"
O4 - HKLM\..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKLM\..\Run: [mylbx] C:\Program Files\My Lockbox\mylbx.exe /a
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{73140434-83A9-46E0-889D-CA2C3524225C}: NameServer = 156.154.70.22,156.154.71.22
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: awtqoNGW - awtqoNGW.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe (file missing)
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - C:\WINDOWS\system32\fsproflt.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Pure Networks Platform Service (nmservice) - Cisco Systems, Inc. - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Cisco Systems, Inc. - (no file)

--
End of file - 4504 bytes


-------------------------------------GMER-----------------------------------------
See attachment

I seem to have resolved the IE "black bar" problem...
in control panel/administrative tools/services under themes...
set to manual from automatic startup!

Attached Files

  • Attached File  ark.log   269.18KB   5 downloads

Edited by Orange Blossom, 17 April 2010 - 11:06 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:50 AM

Posted 19 April 2010 - 07:48 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 25 April 2010 - 03:54 PM

Sorry, Something came up and I've been away from the house. sad.gif
I will be monitoring this thread closely in the next few days.
I hope this hasn't ruined me getting help...
Perhaps it better to close the thread completely and post a new one altogether?

Sorry again for the inconvenience, and thank you for you help^^

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:50 AM

Posted 25 April 2010 - 04:53 PM

No, we can still take this on if you're ready.

What you have is Vundo or Virtumonde and Quietman7 knows exactly how to remove it but can't use certain tools in the other forum.


Please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#5 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 25 April 2010 - 05:51 PM

Wow, windows is eating combofix when I rename it comfix.exe ????
I put it on the desktop and it's fine, but when I rename it, it turns into the window icon(expected) then a moment later simply disappears?
I tried a few times to "catch it" before it disappears...with no luck sad.gif

Is there something I'm missing?

BTW, hi, and thanks for being so quick to reply^^
You guys are pretty impressive! I also must applaud your vigilance in fighting back to protect our online community! This is an excellent service that is often greatly under-appreciated!

Edited by herofallenvillain, 25 April 2010 - 06:32 PM.


#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:50 AM

Posted 25 April 2010 - 05:56 PM

It may be malware and it may be a non-disabled security program. Check they are disabled please.

Please download exeHelper to your desktop.
Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of exehelperlog.txt (Will be created in the directory where you ran exeHelper.com, and should open at the end of the scan)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


Next

Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • Please post the resulting log in your next reply.


Finally download and run Combofix - instructions repeated below

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Comfix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Posted Image
m0le is a proud member of UNITE

#7 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 25 April 2010 - 07:32 PM

OK I got them to work^^

I'll attach them to this post.

Any idea why the .exe's were being deleted? Is this some anti-ware program protection or malware at work?

...and wow Vundo sounds nasty, I can definitely see that being the problem. Hard to say with the variants, but would explain the inconsistency^^, as well as the "deterioration" I've experienced. I thought it might be Vundo because I know I've removed it(or parts) before...I believe it was MSEssentials that picked that one up. Don't know if that helps though...

Perhaps it WAS removed but has left "it's mark" behind sad.gif

Attached Files



#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:50 AM

Posted 26 April 2010 - 12:06 PM

Nothing removed that is Vundo but that's okay.

Please run MBAM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.
Posted Image
m0le is a proud member of UNITE

#9 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 26 April 2010 - 03:36 PM

OK, I ran a COMODO scan last night, finding nothing important, I'm running MB atm...
I highly doubt there's anything on my ExHD, but I'll plug it in anyway, just to be thorough XD
As my comp is naturally slower, and I have the 500Gb ExHD being scanned, it'll likely take a while...but it should be done sometime tonight^^

Is there anyway of telling if Vundo(or something else) has infected/altered/tore up any existing files?
It seemed that's most of what the exehelper & rkill were doing(fixing/restoring files), but I'm just checkin.
I'm tryin to do everything I can to help this poor computer!

#10 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:50 AM

Posted 26 April 2010 - 03:58 PM

We always have the option of repairing files (and we probably should smile.gif) but let's check that you're clean first.
Posted Image
m0le is a proud member of UNITE

#11 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 26 April 2010 - 07:27 PM

OK, MB detected absolutely nothing^^
The only other thing I can think of is SUPERAnti-Spyware picks up a few files that might be false positives (mainly DLLs), but I'm not sure so I leave them alone...
I'm running the SAS scan again atm, to see if it's definition updates might catch something new...
I can post that log later tonight if you want^^

[btw how did I get to member? thought I was noob lmao]




---------------------------
OK I'm editing this post to give the log for SUPERAnti-Spyware.
I figured it couldn't hurt to post it^^

Attached Files


Edited by herofallenvillain, 26 April 2010 - 11:50 PM.


#12 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:50 AM

Posted 27 April 2010 - 03:47 PM

You have to post a few times to become member I think.

The SAS scan shows some other malware, these are not serious so MBAM probably doesn't look for them.

I think the PC is clean now. We should try and repair the PC next.


Please run this system repairer

We need to run a system file check.

Go to the Run box on the Start Menu and type in:

sfc /scannow

Press Enter

More info on this process can be found here.

Please post back to let me know if that went okay.



We are going to run chkdsk which will verify and repair the file system

Step One: Click Windows, type chkdsk

Step Two: Right click the chkdsk.exe file and right-click the mouse

Step Three: Choose Run as Adminstrator

Step Four: Run the chkdsk utility by typing in the following command:

chkdsk c: /f /r

NOTE: The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

Step Five: A reboot is normally required for the chkdsk program to lock the disk and run correctly (this is typical on machines that have only one volume), so simply restart the computer and chkdsk will run automatically. When it's finished, (This process can take quite a while depending on the size of your disk, etc.), it will boot back to normal Windows.

On Rebooting the PC you will see the disk being checked.

This process will take, on average, about an hour.

Posted Image
m0le is a proud member of UNITE

#13 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 27 April 2010 - 10:11 PM

Ok it's done.

Is there anything else?

Well thanx man, I really appreciate it^^

Hey one other thing? I have a website and I was gunna add a "security & software section" and offer people good programs that they can use like MalwareBytes, etc (no not the special things like HiJack This or ComboFix XD) just the basics to help people be aware of what to use and how to try to keep their system safe^^

Anyway, 2 things...
First do you think anyone would have a problem if I added a link to bleepingcomputer.com and if so who I could talk to to get it approved^^
Second, what lineup of software would you personally recommend? Freeware, if possible, but payed if you think it's worth it.

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:12:50 AM

Posted 28 April 2010 - 04:19 PM

One more set of instructions after the answers to your questions.

QUOTE
First do you think anyone would have a problem if I added a link to bleepingcomputer.com and if so who I could talk to to get it approved^^


I don't think linking to Bleeping is a problem. I would PM Grinler, the boss, and request it.


QUOTE
Second, what lineup of software would you personally recommend? Freeware, if possible, but payed if you think it's worth it.


Personally, I run free Avast and Superantispyware with MBAM for quick checks when malware is suspected. A third party firewall from Comodo is also a necessity. With paid software you are okay with a renowned company so McAfee, Kaspersky, Norton, ESET all do the trick. They are all professional companies with analysers working on new infections all the time.

There is a list in the link just before my sign-off below for you to find all those and more.

Finally....


You're clean. Good stuff! thumbup2.gif

Let's do some clearing up

Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between "Combofix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it herofallenvillain, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#15 herofallenvillain

herofallenvillain
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 29 April 2010 - 11:23 PM

Hooray^^

I appreciate your suggestions, info & links and have requested the link usage inquired earlier.

Thanks, yet again for all the help received from you personally(M0le) as well as through the bleepingcomputer.com staff!

Cheers indeed my friend!

Edited by herofallenvillain, 29 April 2010 - 11:24 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users