Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


Google Search Redirect & W32/Alureon.A Infection

  • This topic is locked This topic is locked
4 replies to this topic

#1 roseleigh


  • Members
  • 2 posts
  • Local time:04:42 AM

Posted 11 May 2010 - 03:19 PM

Dear Bleeping Computer
I have a problem for where Google Searches are redirected to various shopping websites. When I right click on the Google search a window opens & eventually a shopping website opens – there appears to be a range of websites eg when searching for ‘chess for kids’ it produces:






Some of the redirects go through a website with a partial address of ‘8560.123bounce’. If I close the new
window & click on the search result again it eventually goes to the correct website.

I use Norton 360 v4 which has not picked up any virus / malware. MS Windows Anti Malware Removal tool identified
Virus W32/Alureon.A but could not remove it. I have tried Malwarebytes, Spybot Search & Destroy, Spydoctor,
Superantispyware, CWS Shredder. These have each picked up & removed a handful of adware items. But a scan
with MS Windows Live Safety Scanner still picks up Virus W32/Alureon.A. Norton 360 v4 still does not pick up

I do not know whether the Google redirect & Virus W32/Alureon.A are related or two separate problems. I really
need help to identify the causes of these problems & remove them from my PC. Any help would be really
appreciated. The DDS.txt is below & the other logs are attached.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Joe McElhinney at 21:34:17.29 on 10/05/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2038.1283 [GMT 1:00]

AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Norton 360 *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: Norton 360 *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Norton 360\AddOns\Norton AddOn Pack\Engine\\ccProxy.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Norton 360\Engine\\ccSvcHst.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Norton 360\Engine\\ccSvcHst.exe
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Joe McElhinney\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bbc.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uWindow Title = Microsoft Internet Explorer
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mSearch Page = hxxp://www.google.com
uInternet Connection Wizard,ShellNext = hxxp://www.google.co.uk/ig/dell?hl=en&client=dell-inc&channel=uk
mSearchAssistant = hxxp://www.google.com
mWinlogon: Shell=Explorer.exe,
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton 360\engine\\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton 360\engine\\IPSBHO.DLL
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton 360\engine\\coIEPlg.dll
TB: &Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {FE54FA40-D68C-11D2-98FA-00C0F0318AFE} - No File
uRun: [SetDefaultMIDI] MIDIDef.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe
mRun: [MBMon] Rundll32 CTMBHA.DLL,MBMon
mRun: [SpeedTouch USB Diagnostics] "c:\program files\thomson\speedtouch usb\Dragdiag.exe" /icon
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [CTSysVol] c:\program files\creative\sbaudigy\surround mixer\CTSysVol.exe /r
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [mmtask] c:\program files\musicmatch\musicmatch jukebox\mmtask.exe
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [VoiceCenter] "c:\program files\creative\voicecenter\AndreaVC.exe" /tray
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\joemce~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoViewOnDrive = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
Trusted Zone: microsoft.com\update
Trusted Zone: tesco.net\memberservices
Trusted Zone: tesco.net\register
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/3/9/8/398422c0-8d3e-40e1-a617-af65a72a0465/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} - hxxps://www-secure.symantec.com/techsupp/asa/ss/sa/sa_cabs/tgctlsr.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab
DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} - hxxps://webdl.symantec.com/activex/symdlmgr.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153856969421
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
TCP: {A063B5A8-4420-46FB-9E55-A00E2541D338} =
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

=============== Created Last 30 ================

2010-05-10 20:30:42 0 ----a-w- c:\documents and settings\joe mcelhinney\defogger_reenable
2010-05-09 15:05:12 0 d--h--w- c:\windows\PIF
2010-05-09 08:35:11 4623 ----a-w- C:\logfile
2010-05-08 15:13:43 0 d-----w- c:\program files\Bleeping Computer
2010-05-06 20:01:19 0 d-----w- c:\program files\Sysinternals
2010-05-03 20:59:29 0 d-----w- c:\program files\trend micro
2010-05-02 09:27:28 10370 ----a-w- c:\windows\system32\LexFiles.ulf
2010-05-02 09:26:09 0 d-----w- c:\program files\Dell Photo AIO Printer 924
2010-05-02 09:24:49 0 d-----w- C:\Temp
2010-05-01 22:41:13 0 d-----w- c:\docume~1\joemce~1\applic~1\Tific
2010-05-01 13:20:36 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-01 13:20:26 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-01 13:20:26 0 d-----w- c:\docume~1\joemce~1\applic~1\SUPERAntiSpyware.com
2010-05-01 13:19:26 0 d-----w- c:\program files\common files\Wise Installation Wizard
2010-05-01 11:27:22 96512 ----a-w- c:\windows\system32\drivers\dwkfeuud.sys
2010-04-30 20:48:43 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2010-04-30 20:48:26 0 d-----w- c:\program files\Panda Security
2010-04-30 06:24:41 7636 ----a-w- c:\windows\DCEBOOT.CFG
2010-04-30 06:24:41 10752 ----a-w- c:\windows\DCEBoot.exe
2010-04-29 18:07:14 157712 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-04-25 20:46:26 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-04-25 20:46:25 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-04-25 20:46:12 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-04-25 20:46:12 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-04-25 20:46:12 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-04-25 20:46:12 207792 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-04-25 20:46:01 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-04-25 20:46:01 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-04-25 20:45:32 0 d-----w- c:\program files\Spyware Doctor
2010-04-25 20:45:32 0 d-----w- c:\program files\common files\PC Tools
2010-04-25 20:45:32 0 d-----w- c:\docume~1\joemce~1\applic~1\PC Tools
2010-04-25 20:45:32 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-04-25 17:31:07 0 d-----w- c:\program files\MS Windows Anti-Malware
2010-04-25 17:23:02 0 d-----w- c:\docume~1\joemce~1\applic~1\Malwarebytes
2010-04-25 17:22:36 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-25 17:22:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-25 17:22:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-25 17:22:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-24 20:06:34 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-04-24 20:06:34 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-04-24 15:24:07 96512 ----a-w- c:\windows\system32\drivers\tghmbskg.sys
2010-04-24 10:29:57 96512 ----a-w- c:\windows\system32\drivers\baoehnbq.sys
2010-04-24 06:29:01 96512 ----a-w- c:\windows\system32\drivers\dmdnwmos.sys
2010-04-14 19:10:46 0 d-----r- c:\program files\Norton Support
2010-04-13 22:17:23 96512 ----a-w- c:\windows\system32\drivers\qidrcbhk.sys
2010-04-13 21:11:35 0 d-----w- c:\windows\system32\MpEngineStore
2010-04-12 21:43:58 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-04-12 21:43:58 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-04-12 21:43:58 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL
2010-04-12 21:43:58 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-04-12 21:43:57 0 d-----w- c:\program files\Symantec
2010-04-12 21:42:44 0 d-----w- c:\windows\system32\drivers\N360
2010-04-12 21:42:36 0 d-----w- c:\program files\Norton 360
2010-04-12 21:28:28 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton
2010-04-12 21:28:07 0 d-----w- c:\program files\NortonInstaller
2010-04-12 21:28:07 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

==================== Find3M ====================

2010-05-06 20:12:55 1345520 ----a-w- c:\windows\system32\CTMBHA.DLL
2010-04-12 21:43:47 26600 ----a-r- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-12 21:43:37 107368 ----a-r- c:\windows\system32\GEARAspi.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\dllcache\vbscript.dll
2010-02-25 10:54:36 11070976 ----a-w- c:\windows\system32\dllcache\ieframe.dll
2010-02-24 13:11:07 455680 ------w- c:\windows\system32\dllcache\mrxsmb.sys
2010-02-24 09:54:25 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-02-16 04:50:23 64000 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-02-12 10:03:03 293376 ------w- c:\windows\system32\browserchoice.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2010-02-12 04:33:11 100864 ------w- c:\windows\system32\dllcache\6to4svc.dll
2010-02-11 12:02:15 226880 ------w- c:\windows\system32\dllcache\tcpip6.sys
2006-07-18 18:47:29 56 --sh--r- c:\windows\system32\19CB331196.sys
2006-07-18 18:47:56 88 --sh--r- c:\windows\system32\961133CB19.sys
2006-07-18 18:47:56 4184 --sha-w- c:\windows\system32\KGyGaAvL.sys
2010-01-04 22:46:03 48640 --sha-r- c:\windows\system32\morec.dll
2008-05-20 02:07:23 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008052020080521\index.dat
2009-09-06 20:16:35 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009083120090901\index.dat
2009-09-06 20:16:35 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009090120090902\index.dat
2009-09-06 20:16:35 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009090620090907\index.dat
2009-11-26 18:19:20 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009110220091109\index.dat
2009-12-10 22:50:20 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009112320091130\index.dat
2009-11-26 18:19:20 16384 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009112620091127\index.dat

============= FINISH: 21:35:48.82 ===============

Attached Files

Edited by Orange Blossom, 11 May 2010 - 06:22 PM.
Deactivate links. ~ OB

BC AdBot (Login to Remove)


#2 sempai



  • Malware Response Team
  • 5,288 posts
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:42 AM

Posted 12 May 2010 - 06:47 AM

Hello and welcome to Bleeping Computer. smile.gif

*Please Subscribe to this Thread to get immediate notification of replies. See HERE

*It is important not to make any further changes or run any other tools/updates unless instructed to. This may hinder the cleaning process of your machine.

*Please be patient, all Bleeping Computer helpers are volunteers and have lives outside this forum.

*You must reply within 5 days otherwise this topic will be closed.


One or more of the identified infections is a Rootkit/backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterward. Let me know what you decide to do.


You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 

#3 roseleigh

  • Topic Starter

  • Members
  • 2 posts
  • Local time:04:42 AM

Posted 13 May 2010 - 02:48 PM

Thanks for your advice. At the moment I think that I will go for the reformat option. Can we close this off for the moment

#4 sempai



  • Malware Response Team
  • 5,288 posts
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:42 AM

Posted 14 May 2010 - 04:43 AM


That's a good choice. thumbup2.gif

To prevent this things from happening again please read some prevention methods below:

Please take the time to read below to secure your machine and take the necessary steps to keep it Clean smile.gif
How to prevent Malware: by miekiemoes
How to increase PC speed: by miekiemoes

Visit Microsoft's Windows Update Site Frequently
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Make sure your applications have all of their updates
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Install SpywareBlaster
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
A tutorial on installing & using this product can be found here:
Using SpywareBlaster to protect your computer from Spyware and Malware

Practice Safe Internet
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
  1. If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
  2. If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
  3. If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
  4. If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article: Foistware, And how to avoid it.
    There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
  5. Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
  6. Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
  7. When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
  8. Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
  9. Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
  10. DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.



You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 

#5 sempai



  • Malware Response Team
  • 5,288 posts
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:42 AM

Posted 18 May 2010 - 09:52 AM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If your the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.


You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users