Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Win.32.Papras" and "Win32.Trojan...Mufanom", missing %user%\appdata folder they were found in


  • This topic is locked This topic is locked
10 replies to this topic

#1 craigerz

craigerz

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 08 September 2010 - 06:32 AM

Hi all!

I was having browser issues (significantly slower than usual, was being re-directed to other sites during Google searches) and ran Ad-Aware Free. Ad-Aware found and quarantined 2 malware it said were a "high" threat level. They were:
Win32.Backdoor.Papras
Win32.TrojanDownloader.Mufanom

My question now is: How do I safely remove them from my computer? How do I know when I'm no longer infected?

Here's the full description of them + their location from the Ad-Aware LogFile: (I can provide the full Ad-Aware Log if you need it.)
Quarantined items:
Description: C:\Users\Liz\AppData\Local\Temp\ setup.exe Family Name: Win32.TrojanDownloader.Mufanom Engine: 1 Clean status: Success Item ID: 4513031 Family ID: 682430 MD5: e7efb17ef9b30bdd6c71d31e19543a48
Description: C:\Users\Liz\AppData\Local\Temp\bitsfpmp.dll Family Name: Win32.Backdoor.Papras Engine: 1 Clean status: Success Item ID: 4388993 Family ID: 2338923 MD5: 0a9e249abaec4d742a944b2d6f884550

Some other symptoms (I realize not all may be related):
- I can no longer "see" my C:\Users\Liz\AppData\ folder when I'm in C:\Users\Liz\. I have to manually search for it.
- I am being redirected when I do a Google search to incorrect websites when I click on a search result link. One of the URL's that comes up frequently (I've inserted a space after the first character so no one accidentally clicks the hyperlink) is h ttp://7search.com/scripts/validation/v1/validate.aspx?x=TuU3EdSLWzvk2mx2njJPuA%3d%3d_T4usHVjg%2bFUWtkCMNoyQEDPDDTo2HlbN1OrV90LFYRyYiExk4ls3uowyKzV1wSgxJP54oGu4t%2fUPH%2fJWaZRi5Icl7JE%2fCU%2fFmfkNoADMGEimDUN7tMw9twMGrPlvlUio1hc1QDqHsP3RMMP%2fmpkeFhVn6HLN%2f9YB75JBFFwVy7N301UQ7yW0pEFesZGG8P75b0F60d1FSO9uzT1J1Ka7BkE5TD5kVjjb5JDoMZ48KGJaFaA0YtmD1C%2bdX9Etw4uHsCvDJE%2fCP386kNC%2fPvR4frjVCUyoUt2zbmfJ91SMBnkVmaLLvmSqaJ89NNC4fcY%2buEw48C4rxrcwP%2b44piyFvE5NSfTdP8ohi4JitAr9z%2f6%2bEuIExfnyUBJNXg%2fAvAYNTibeBNhEkpyboAnDMhAComYkJlYJtN0rjCsvV9%2bE9Nc%3d

The DDS logfile is attached.

I downloaded and tried to run Gmer, but it comes up with error messages. When I start it, I get " C:\windows\system32\config\system: The system cannot find the file specified. " The following boxes that this site asks me to check off are not check-off-able, they are grayed out: System, Sections, Devices, Modules, Processes, Threads, Libraries.
I run the scan anyways, and I get the following message:

C:\windows\system32\config\system: The process cannot access the file because it is being used by another process. The scan still runs, but nothing is found.

It's crummy that we're in a world where people create things like this, but it's really awesome to know there are people out there who give their time, knowledge, and effort to help.

I'm not a total computer-whiz, but I'll try my best!

Thanks a billion!
Liz

Attached Files

  • Attached File  DDS.txt   24.96KB   4 downloads


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 13 September 2010 - 06:30 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.

Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting.

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    ahcix86.sys
    KR10N.sys
    nvstor32
    ahcix86s.sys
    nvrd32.sys
    user32.dll
    ws2_32.dll
    /md5stop
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new OTL log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 craigerz

craigerz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 14 September 2010 - 06:36 AM

Hello!

Thanks for replying! Here's the situation as it stands currently:

- I'm no longer getting web-page redirects to incorrect/spam links online.
- I still can't "see" my C:\Users\Liz\AppData\ folder when I'm in C:\Users\Liz\. I have to type in the full command in Run to access it. (Not sure if this is b/c bugs were within folders in this folder and they were quarantined by Ad-Aware?)
- When I start up my computer, a message box pops up that says the dll file bitsfpmp.dll can't be found. (I know it's one of the bugs I've got, and I know it's been quarantined by Ad-Aware, but I don't know what's telling my computer to look for it on start-up, eep!)

I've attached the OTL files, no problem with those.

When I run GMER, I get the same messages and result as before: When I start it, I get " C:\windows\system32\config\system: The system cannot find the file specified. " The following boxes that this site asks me to check off are not check-off-able, they are grayed out: System, Sections, Devices, Modules, Processes, Threads, Libraries.
I run the scan anyways, and I get the following message:
C:\windows\system32\config\system: The process cannot access the file because it is being used by another process. I'm unsure what else is/could be accessing it. The scan still runs, but a box pops up at the end that says "GMER hasn't found any system modification."

Thanks so much for your help!
-Liz

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 14 September 2010 - 05:37 PM

Hello, craigerz.

My bad, I shouldn't have had you run GMER...you have a 64 bit system. No worries then, as the things it can detect can't operate in 64bit systems anyway.

I do see some malware installed.



Step 1

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.



Step 2


AppData is a hidden folder. One of your security scans may have set your computer to not display hidden files. It's recommended to leave them hidden so you don't accidentally delete important system files.



Step 3

Please download MBRCheck by ad_13 and save it to your desktop.

Double-click to run. A window will pop up. If it says 'non-standard' or 'infected' MBR code detected, please type 3 for Exit for now and press Enter.

It will save a logfile on your desktop that starts with MBR, then has the date, etc. Please copy and paste the contents of that log in your reply.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 craigerz

craigerz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 16 September 2010 - 06:13 AM

Hi etavares! Thanks so much for the quick help smile.gif

Here's my MBAM log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4624

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

2010/09/15 22:40:49
mbam-log-2010-09-15 (22-40-49).txt

Scan type: Quick scan
Objects scanned: 142679
Time elapsed: 3 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Liz\AppData\Local\Temp\ click3r.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\Liz\AppData\Local\Temp\exe1.exe (Trojan.Downloader) -> Quarantined and deleted successfully.


Aaand here's the MBR log:


MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 64-bit
Base Board Manufacturer: Sony Corporation
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: Sony Corporation
System Product Name: VPCCW19FX
Logical Drives Mask: 0x00000074

Kernel Drivers (total 171):
0x03218000 \SystemRoot\system32\ntoskrnl.exe
0x037F4000 \SystemRoot\system32\hal.dll
0x00BA7000 \SystemRoot\system32\kdcom.dll
0x00C43000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C87000 \SystemRoot\system32\PSHED.dll
0x00C9B000 \SystemRoot\system32\CLFS.SYS
0x00CF9000 \SystemRoot\system32\CI.dll
0x00E2E000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00ED2000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00EE1000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x00F38000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x00F41000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x00F4B000 \SystemRoot\system32\DRIVERS\pci.sys
0x00F7E000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x00F8B000 \SystemRoot\System32\drivers\partmgr.sys
0x00FA0000 \SystemRoot\system32\DRIVERS\compbatt.sys
0x00FA9000 \SystemRoot\system32\DRIVERS\BATTC.SYS
0x00FB5000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x01014000 \SystemRoot\System32\drivers\volmgrx.sys
0x01070000 \SystemRoot\System32\drivers\mountmgr.sys
0x0108A000 \SystemRoot\system32\DRIVERS\iaStor.sys
0x011A6000 \SystemRoot\system32\DRIVERS\atapi.sys
0x011AF000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x011D9000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x012FF000 \SystemRoot\system32\drivers\fltmgr.sys
0x0134B000 \SystemRoot\system32\drivers\fileinfo.sys
0x0135F000 \SystemRoot\system32\DRIVERS\Lbd.sys
0x01374000 \SystemRoot\System32\Drivers\PxHlpa64.sys
0x01448000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01380000 \SystemRoot\System32\Drivers\msrpc.sys
0x01400000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01200000 \SystemRoot\System32\Drivers\cng.sys
0x0141A000 \SystemRoot\System32\drivers\pcw.sys
0x0142B000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01692000 \SystemRoot\system32\drivers\ndis.sys
0x01784000 \SystemRoot\system32\drivers\NETIO.SYS
0x01600000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x01803000 \SystemRoot\System32\drivers\tcpip.sys
0x0162B000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01273000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x01675000 \SystemRoot\System32\Drivers\spldr.sys
0x012BF000 \SystemRoot\System32\drivers\rdyboost.sys
0x0167D000 \SystemRoot\System32\Drivers\mup.sys
0x017E4000 \SystemRoot\System32\drivers\hwpolicy.sys
0x00DB9000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x013DE000 \SystemRoot\system32\DRIVERS\disk.sys
0x00FCA000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x02D56000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x02D80000 \SystemRoot\System32\Drivers\Null.SYS
0x02D89000 \SystemRoot\System32\Drivers\Beep.SYS
0x02D90000 \SystemRoot\System32\drivers\vga.sys
0x02D9E000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x02DC3000 \SystemRoot\System32\drivers\watchdog.sys
0x02DD3000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x02DDC000 \SystemRoot\system32\drivers\rdpencdd.sys
0x02DE5000 \SystemRoot\system32\drivers\rdprefmp.sys
0x02DEE000 \SystemRoot\System32\Drivers\Msfs.SYS
0x02C00000 \SystemRoot\System32\Drivers\Npfs.SYS
0x00E00000 \SystemRoot\system32\DRIVERS\tdx.sys
0x02C11000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x03A00000 \SystemRoot\system32\drivers\afd.sys
0x03A8A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x03ACF000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x03AD8000 \SystemRoot\system32\DRIVERS\pacer.sys
0x03AFE000 \SystemRoot\system32\DRIVERS\vwififlt.sys
0x03B14000 \SystemRoot\system32\DRIVERS\netbios.sys
0x03B23000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x03B3E000 \SystemRoot\system32\DRIVERS\termdd.sys
0x03B52000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x03BA3000 \SystemRoot\system32\drivers\nsiproxy.sys
0x03BAF000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x03BBA000 \SystemRoot\System32\drivers\discache.sys
0x03BC9000 \SystemRoot\System32\Drivers\dfsc.sys
0x03BE7000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x00C00000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x048D9000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x053FD000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x03CAF000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x03DA3000 \SystemRoot\System32\drivers\dxgmms1.sys
0x03C00000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x03C24000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x03C31000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x03C87000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04800000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x03E11000 \SystemRoot\system32\DRIVERS\netw5v64.sys
0x0434C000 \SystemRoot\system32\DRIVERS\sdbus.sys
0x0436C000 \SystemRoot\system32\DRIVERS\rimssne64.sys
0x0438C000 \SystemRoot\system32\DRIVERS\1394ohci.sys
0x043CA000 \SystemRoot\system32\DRIVERS\risdsne64.sys
0x043E2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0x03E00000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x04864000 \SystemRoot\system32\DRIVERS\SynTP.sys
0x03E0F000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x03C98000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x03CA7000 \SystemRoot\system32\DRIVERS\SFEP.sys
0x03DE9000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x03DF6000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0x048AD000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x03CAA000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0x048C3000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x048D3000 \SystemRoot\system32\DRIVERS\wacomvhid.sys
0x011E4000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x02C1E000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x048D6000 \SystemRoot\system32\DRIVERS\WacomVKHid.sys
0x00C26000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x056F7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x0571B000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x05727000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x05756000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x05771000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x05792000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x057AC000 \SystemRoot\system32\DRIVERS\swenum.sys
0x057AE000 \SystemRoot\system32\DRIVERS\ks.sys
0x05600000 \SystemRoot\system32\DRIVERS\umbus.sys
0x05612000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x0566C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x05679000 \SystemRoot\system32\DRIVERS\wacommousefilter.sys
0x05681000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x0568F000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x056A4000 \SystemRoot\system32\drivers\nvhda64v.sys
0x092F2000 \SystemRoot\system32\drivers\portcls.sys
0x0932F000 \SystemRoot\system32\drivers\drmk.sys
0x09351000 \SystemRoot\system32\drivers\ksthunk.sys
0x0941D000 \SystemRoot\system32\drivers\RTKVHD64.sys
0x09357000 \SystemRoot\system32\DRIVERS\udfs.sys
0x095D9000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x093AB000 \SystemRoot\System32\Drivers\usbvideo.sys
0x095F6000 \SystemRoot\system32\DRIVERS\ArcSoftKsUFilter.sys
0x09400000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x0940E000 \SystemRoot\system32\DRIVERS\NuidFltr.sys
0x093D9000 \SystemRoot\System32\Drivers\crashdmp.sys
0x02C27000 \SystemRoot\System32\Drivers\dump_iaStor.sys
0x093E7000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x09200000 \SystemRoot\System32\Drivers\BTHUSB.sys
0x09218000 \SystemRoot\System32\Drivers\bthport.sys
0x00060000 \SystemRoot\System32\win32k.sys
0x092A4000 \SystemRoot\System32\drivers\Dxapi.sys
0x092B0000 \SystemRoot\system32\DRIVERS\monitor.sys
0x005B0000 \SystemRoot\System32\TSDDD.dll
0x006A0000 \SystemRoot\System32\cdd.dll
0x00910000 \SystemRoot\System32\ATMFD.DLL
0x092BE000 \SystemRoot\system32\DRIVERS\rfcomm.sys
0x056BC000 \SystemRoot\system32\DRIVERS\BthEnum.sys
0x056CC000 \SystemRoot\system32\DRIVERS\bthpan.sys
0x0264C000 \SystemRoot\system32\drivers\btwavdt.sys
0x026C7000 \SystemRoot\system32\drivers\btwaudio.sys
0x0274D000 \SystemRoot\system32\DRIVERS\btwl2cap.sys
0x02759000 \SystemRoot\system32\DRIVERS\btwrchid.sys
0x0275D000 \SystemRoot\system32\drivers\luafv.sys
0x02780000 \SystemRoot\system32\drivers\WudfPf.sys
0x027A1000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02834000 \SystemRoot\system32\DRIVERS\nwifi.sys
0x02887000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0x0289A000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x028B2000 \SystemRoot\system32\drivers\HTTP.sys
0x0297A000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02998000 \SystemRoot\System32\drivers\mpsdrv.sys
0x029B0000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x02A7F000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x02ACD000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x02AF0000 \SystemRoot\system32\drivers\peauth.sys
0x02B96000 \??\C:\Windows\system32\drivers\regi.sys
0x02B9E000 \SystemRoot\System32\Drivers\secdrv.SYS
0x02BA9000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x02BD6000 \SystemRoot\System32\drivers\tcpipreg.sys
0x02A00000 \SystemRoot\System32\DRIVERS\srv2.sys
0x03811000 \SystemRoot\System32\DRIVERS\srv.sys
0x038A7000 \SystemRoot\system32\DRIVERS\WUDFRd.sys
0x76D00000 \Windows\System32\ntdll.dll
0x47F20000 \Windows\System32\smss.exe
0xFF020000 \Windows\System32\apisetschema.dll

Processes (total 86):
0 System Idle Process
4 System
288 C:\Windows\System32\smss.exe
488 csrss.exe
552 C:\Windows\System32\wininit.exe
576 csrss.exe
612 C:\Windows\System32\services.exe
624 C:\Windows\System32\lsass.exe
632 C:\Windows\System32\lsm.exe
748 C:\Windows\System32\svchost.exe
812 C:\Windows\System32\nvvsvc.exe
852 C:\Windows\System32\svchost.exe
920 C:\Windows\System32\svchost.exe
952 C:\Windows\System32\svchost.exe
992 C:\Windows\System32\svchost.exe
416 C:\Windows\System32\audiodg.exe
508 C:\Windows\System32\svchost.exe
868 C:\Windows\System32\svchost.exe
1040 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\winlogon.exe
1308 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
1384 C:\Windows\System32\nvvsvc.exe
1392 C:\Windows\System32\wisptis.exe
1420 C:\Windows\System32\spoolsv.exe
1468 C:\Windows\System32\svchost.exe
1604 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
1636 C:\Program Files (x86)\Bonjour\mDNSResponder.exe
1668 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
1820 C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
1844 C:\Program Files\Microsoft LifeCam\MSCamS64.exe
1968 C:\Windows\System32\svchost.exe
2000 C:\Windows\System32\Wacom_Tablet.exe
1064 C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
1880 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
1236 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
2088 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
2116 dllhost.exe
2128 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
2228 C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
2460 C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
2588 C:\Windows\System32\svchost.exe
2712 WUDFHost.exe
2828 C:\Windows\System32\svchost.exe
2920 C:\Windows\System32\taskhost.exe
2984 C:\Windows\System32\dwm.exe
3020 C:\Windows\System32\wisptis.exe
3028 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2200 C:\Windows\explorer.exe
2500 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
3256 unsecapp.exe
3448 WmiPrvSE.exe
3504 C:\Windows\System32\rundll32.exe
3536 C:\Windows\System32\WTablet\Wacom_TabletUser.exe
3564 C:\Windows\System32\Wacom_Tablet.exe
3704 C:\Windows\System32\taskeng.exe
3740 C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
3932 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
3940 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
3956 C:\Program Files (x86)\Skype\Phone\Skype.exe
4016 C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
3004 C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
3204 C:\Program Files (x86)\Java\jre6\bin\jusched.exe
3552 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
3228 C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
1172 C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
4120 C:\Windows\System32\SearchIndexer.exe
4468 C:\Program Files\Windows Media Player\wmpnetwk.exe
4804 C:\Windows\System32\svchost.exe
3280 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
4636 C:\Program Files\Sony\VAIO Care\VCsystray.exe
4416 C:\Program Files\Java\jre6\bin\jusched.exe
2516 C:\Program Files\Sony\VAIO Power Management\SPMService.exe
1552 C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
3804 C:\Windows\System32\svchost.exe
4448 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
4832 C:\Windows\System32\wuauclt.exe
1448 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
2080 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
4332 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
2884 taskhost.exe
1440 C:\Windows\System32\SearchProtocolHost.exe
4564 C:\Windows\System32\SearchFilterHost.exe
3464 dllhost.exe
1496 dllhost.exe
1856 C:\Users\Liz\Downloads\MBRCheck.exe
2804 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000002`a9a00000 (NTFS)

PhysicalDrive0 Model Number: FUJITSUMJA2500BHG1, Rev: 0041001A

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 2008 MBR code detected
SHA1: 8DF43F2BDE2D9451948FA14B5279969C777A7979


Done!

Hope I'm all clear.... Let me know smile.gif Thanks again, you guys are a life saver!!

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 16 September 2010 - 06:23 PM

Hello, craigerz.


Step 1


Are you still getting the bitsfpmp.dll error on startup? I didn't see a reference to it in your logs.



Step 2

Install ERUNT
This tool will create a complete backup of your registry. After every reboot, a new backup is created to ensure we have a safety net after each step. Do not delete these backups until we are finished.
  • Please download erunt-setup.exe to your desktop.
  • Double click erunt-setup.exe. Follow the prompts and allow ERUNT to be installed with the settings at default. If you do not want a Desktop icon, feel free to uncheck that. When asked if you want to create an ERUNT entry in the startup folder, answer Yes. You can delete the installation file after use.
  • Erunt will open when the installation is finished. Check all items to be backed up in the default location and click OK.

The automatic part won't work with Vista or W7. Please backup manually using ERUNT with the following instructions:
  1. Please locate the ERUNT icon on the desktop. If it is not there, click Start and type ERUNT into the search box.
  2. Right click the ERUNT icon in the desktop or the Start menu, and select Run as Administrator
  3. Click OK at the first message box.
  4. Ensure the checkboxes for both "system registry" and "current user registry" are checked. Leave the default save location in there.
  5. Click OK.
  6. Click Yes to create the new folder.
  7. You'll get a window saying "registry backup complete" once it's done. Click OK. If you get an error message, please STOP here and let me know. Do not proceed with any additional instructions until you check back with me.



Step 3


Do these files mean anyhting to you? Malware often hides with unicode names. If you don't know what these are, I would like to remove them.

[2010/09/14 07:01:14 | 006,150,144 | ---- | M] ()(C:\Users\Liz\Documents\???.anki) -- C:\Users\Liz\Documents\たんご.anki
[2010/09/13 15:16:48 | 000,083,072 | ---- | C] ()(C:\Users\Liz\Documents\???.anki-journal) -- C:\Users\Liz\Documents\たんご.anki-journal
[2010/08/31 21:50:24 | 000,011,264 | ---- | M] ()(C:\Users\Liz\Documents\??.xls) -- C:\Users\Liz\Documents\多読.xls
[2010/08/22 22:08:53 | 000,000,000 | ---D | M](C:\Users\Liz\Documents\???.media) -- C:\Users\Liz\Documents\たんご.media
[2010/07/28 07:52:45 | 000,011,264 | ---- | C] ()(C:\Users\Liz\Documents\??.xls) -- C:\Users\Liz\Documents\多読.xls
[2010/07/23 08:09:47 | 000,011,776 | ---- | M] ()(C:\Users\Public\Documents\??.xls) -- C:\Users\Public\Documents\多読.xls
[2010/07/23 08:09:46 | 000,011,776 | ---- | C] ()(C:\Users\Public\Documents\??.xls) -- C:\Users\Public\Documents\多読.xls
[2010/02/22 21:22:56 | 000,000,000 | ---D | C](C:\Users\Liz\Documents\???.media) -- C:\Users\Liz\Documents\たんご.media
[2009/12/25 15:37:28 | 006,150,144 | ---- | C] ()(C:\Users\Liz\Documents\???.anki) -- C:\Users\Liz\Documents\たんご.anki




Step 4

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 21 and save it to your desktop.
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)...allows end-users to run Java applications".
  • Click the "Download JRE" button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u21-windows-i586-p.exe to install the newest version.



Step 5

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.

We need run an OTL Script
  1. Please download OTL from one of the following mirrors if you do not still have it.
  2. Save it to your desktop.
  3. Double click on the icon on your desktop.
  4. Paste the following code under the Custom Scans/Fixes box at the bottom. Do not include the word "Code".
    CODE
    :files
    C:\Users\Liz\AppData\Local\Pnuru.dat
    C:\Users\Liz\AppData\Local\Qwerikehejonuqu.bin
    C:\Users\Liz\Documents\StudyIdeas.odt
    C:\Users\Liz\AppData\Local\Tempm.vbs
    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
    O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\SysWow64\mctadmin.exe File not found
    O18:[b]64bit:[/b] - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:[b]64bit:[/b] - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - Reg Error: Key error. File not found
    O18:[b]64bit:[/b] - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
    O18:[b]64bit:[/b] - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
    O18:[b]64bit:[/b] - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
    O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
    :Commands
    [EmptyTemp]
  5. Click the Run Fix button at the top.
  6. let the program run unhindered and reboot when it is done.
  7. You will get a log when it is done, please post that in your reply.
  8. Please then create a new OTL report....
  9. Click the "Scan All Users" checkbox.
  10. Push the button.
  11. A report will open, copy and paste it in a reply here.



Step 6

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply.

Note: Kaspersky online scan may take time to complete, please be patient.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 craigerz

craigerz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 20 September 2010 - 06:42 AM

Thanks so much! Here's how it went:

Step 1: Nope, no more bitsfpmp.dll error at start up.

Step 2: ERUNT went smoothly.

Step 3: I'm familiar with all of those files, they're related to programs I use every day.

Step 4: Java updated, no problems.

Step 5: OTL log
All processes killed
========== FILES ==========
C:\Users\Liz\AppData\Local\Pnuru.dat moved successfully.
C:\Users\Liz\AppData\Local\Qwerikehejonuqu.bin moved successfully.
C:\Users\Liz\Documents\StudyIdeas.odt moved successfully.
C:\Users\Liz\AppData\Local\Tempm.vbs moved successfully.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: ADMINI~1
->Temp folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 41620 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Liz
->Temp folder emptied: 394567551 bytes
->Temporary Internet Files folder emptied: 21071074 bytes
->Java cache emptied: 44929280 bytes
->FireFox cache emptied: 73988455 bytes
->Google Chrome cache emptied: 172813100 bytes
->Flash cache emptied: 84261 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8660052 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50467 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 757 bytes
RecycleBin emptied: 11271613 bytes

Total Files Cleaned = 694.00 mb


OTL by OldTimer - Version 3.2.12.0 log created on 09172010_092617

Files\Folders moved on Reboot...
C:\Users\Liz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Step 6: The Kapersky website didn't have a log because nothing came up.

That's it. How's it looking?

Thanks again! -Liz

#8 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 20 September 2010 - 05:32 PM

Hello, craigerz.

It's looking ok to me. One more update. If everything is going well on your end, we can clean up our mess after this.

Your Adobe Reader software is out of date and has known security holes. Please launch it, go to Help --> Check for Updates and let it update the main program if needed. Updates the languages and/or dictionaries is optional.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#9 craigerz

craigerz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:07:10 AM

Posted 22 September 2010 - 08:35 AM

Awesome!

Adobe Reader updated, no problems.

Time to clean up?

Thanks again! -Liz


#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 22 September 2010 - 05:20 PM

Hello, craigerz.

Yes, time to clean up!


Ok, good news. Your log appears clean. Let's clean up our mess. If your computer is running well; please do the steps listed below. At the end, I've also listed a few completely optional things you can do to further secure your computer. Safe surfing!



Step 1

Next, we need to remove the other tools we have used.
  • Please download OTC by OldTimer and save it to you desktop
  • If that link doesn't work, try this one.
  • Doubleclick the icon to start the program.
  • Then, click the big button.
  • You will get a prompt saying Begin Cleanup Process. Click Yes.
  • Restart your computer when prompted.



Step 2

We need to purge your system restore so malware is not accidently restored. First, let's create a new restore point.
  1. Go to Start and type in SystemsPropertiesProtection and run that program.
  2. Select the System Protection tab.
  3. Press Create.
  4. Give the restore point a name and press create.
  5. You'll see it work, then say that it was created sucessfully.


Now, we need to remove the old, infected points using DiskCleanup.
  1. Click on Start --> My Computer
  2. Right-click on C: and select Properties.
  3. Click on Disk Cleanup.
  4. Double-click Files from all users on this computer.
  5. Click on More Options tab and press Clean Up... under System Restore and Shadow Copies.
  6. Click OK.
  7. You'll get a couple of prompts asking if you're sure you want do to this, select Yes for them.
  8. Disk cleanup will remove those restore points and close itself.

If you ran Defogger and disabled your emulator, please don't forget to run it again and reenable it. See the instructions here to do so.


Optional Items

Please take the time to read below to secure your machine and take the necessary steps to keep it that way.


System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance. If you are running Windows Vista or Windows 7, please right-click on the icon, and select "Run As Administrator"; otherwise it won't work.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware

Protect yourself from malicious sites

The HOSTS file can protect you from connecting to bad sites. See The Hosts File and what it can do for you for more background.

Please download HostMan. It safeguards you with a regularly updated Hosts-file that blocks dangerous sites from opening. This adds another bit of safety while surfing the Internet. For installlation and setting up, follow these steps:
  1. Double-click the Downloaded installer and install the tool to a location of your choice
  2. Via the Startmenu, navigate to HostsMan and run the program.
    1. Click "Hosts" in the menu
    2. Click "Manage Updates" in the submenu
    3. Out of the three, select atleast one of the three (I have MVPS Host as my main one)
    4. Click "Add Update." After that you will only need to click on the following button to retrieve updates:
  3. Click the X to exit the program.
  4. Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.


Keep Windows Up to Date
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Use a Firewall

I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls

Install an AntiSpyware Program

A highly recommended AntiSpyware program isMalwarebytes Anti-Malware. You can download the free version..

Installing this program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.

Update all these programs regularly
Make sure you update all your programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

Good luck!

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:10 AM

Posted 27 September 2010 - 05:58 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. smile.gif

If you are the topic starter, and need this topic reopened, please contact me via PM with the address of this thread.

Everyone else please begin a new topic.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users