Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Alureon.H


  • Please log in to reply
7 replies to this topic

#1 CVR88

CVR88

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 12 September 2010 - 09:08 PM

Windows Live OneCare detected alureon.h and is unable to remove it. Windows malicious software removal tool says that it only removes part of it. svchost.exe uses massive amounts of memory. After running for about an hour I can't load a web page or open any programs. The computer restarted itself out of nowhere 4 time while creating the GMER log.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 15:02:49.60 on Sun 09/12/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_17
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.766.232 [GMT -7:00]

AV: Windows Live OneCare *On-access scanning enabled* (Updated) {427ADFC3-B354-4A51-BE34-A9D4218E45C4}
FW: Windows Live OneCare Firewall *enabled* {A3899D22-27E6-4A7E-AE4E-2C106646DAAB}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\Program Files\Qwest\Quickcare\bin\sprtsvc.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Qwest\Quickcare\bin\tgsrvc.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>;*.local
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - No File
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: TwcToolbarBhoApp Class: {aa1f9ddb-e605-4ba6-81d4-e427dee012ad} - c:\windows\system32\TwcToolbarBho.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: The Weather Channel Toolbar: {2e5e800e-6ac0-411e-940a-369530a35e43} - c:\windows\system32\TwcToolbarIe7.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: {119DBEDA-9C41-4F97-94B4-B6BCD01133CF} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Dell AIO Printer A940] "c:\program files\dell aio printer a940\dlbabmgr.exe"
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2E5E800E-6AC0-411E-940A-369530A35E43} - {A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB}
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/9/b/d/9bdc68ef-6a9f-4505-8fb8-d0d2d160e512/LegitCheckControl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} - hxxp://www.driveragent.com/files/driveragent.cab
Filter: text/html - {fd00486a-1941-4855-be48-80aeb5f56391} -
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2010-2-5 26120]
R2 sprtlisten;SupportSoft Listener Service;c:\program files\common files\supportsoft\bin\sprtlisten.exe [2008-1-8 1213728]
R2 sprtsvc_quickcare;SupportSoft Sprocket Service (quickcare);c:\program files\qwest\quickcare\bin\sprtsvc.exe [2010-5-27 206120]
R2 tgsrvc_quickcare;SupportSoft Repair Service (quickcare);c:\program files\qwest\quickcare\bin\tgsrvc.exe [2010-5-27 185640]
R3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-11-24 53168]
S0 gseetoch;gseetoch;c:\windows\system32\drivers\rpbn.sys --> c:\windows\system32\drivers\rpbn.sys [?]
S1 MpKsl1f428fbc;MpKsl1f428fbc;\??\c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{ce68440e-a158-4c32-8d13-7d4f9d443be3}\mpksl1f428fbc.sys --> c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{ce68440e-a158-4c32-8d13-7d4f9d443be3}\MpKsl1f428fbc.sys [?]
S1 MpKsl3d7e4beb;MpKsl3d7e4beb;\??\c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{aee063cd-ef22-4a26-b28e-b7e5de776956}\mpksl3d7e4beb.sys --> c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{aee063cd-ef22-4a26-b28e-b7e5de776956}\MpKsl3d7e4beb.sys [?]
S1 MpKsl567d1e79;MpKsl567d1e79;\??\c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{dd98c757-d10b-44a2-9296-5bfd4bab0464}\mpksl567d1e79.sys --> c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{dd98c757-d10b-44a2-9296-5bfd4bab0464}\MpKsl567d1e79.sys [?]
S1 MpKsl6c2194d9;MpKsl6c2194d9;\??\c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{aee063cd-ef22-4a26-b28e-b7e5de776956}\mpksl6c2194d9.sys --> c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{aee063cd-ef22-4a26-b28e-b7e5de776956}\MpKsl6c2194d9.sys [?]
S1 MpKsl7aea94a8;MpKsl7aea94a8;\??\c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{43ebeaa7-53f5-4dba-b010-e4cf81726812}\mpksl7aea94a8.sys --> c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{43ebeaa7-53f5-4dba-b010-e4cf81726812}\MpKsl7aea94a8.sys [?]
S1 MpKsled666038;MpKsled666038;\??\c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{26b6c944-196b-40a2-958a-6356ca77b5ca}\mpksled666038.sys --> c:\documents and settings\all users\application data\microsoft\onecare protection\definition updates\{26b6c944-196b-40a2-958a-6356ca77b5ca}\MpKsled666038.sys [?]
S1 oreans32;oreans32;\??\c:\windows\system32\drivers\oreans32.sys --> c:\windows\system32\drivers\oreans32.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-16 135664]
S3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\drivers\fw220.sys --> c:\windows\system32\drivers\fw220.sys [?]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]

=============== Created Last 30 ================

2010-09-12 22:00:38 0 ----a-w- c:\documents and settings\owner\defogger_reenable
2010-09-12 06:17:09 0 d-----w- C:\cmdcons
2010-09-12 06:06:19 77312 ----a-w- c:\windows\MBR.exe
2010-09-12 06:06:18 256512 ----a-w- c:\windows\PEV.exe
2010-09-12 06:06:17 98816 ----a-w- c:\windows\sed.exe
2010-09-12 06:06:17 161792 ----a-w- c:\windows\SWREG.exe
2010-09-12 06:04:20 0 d-s---w- C:\ComboFix
2010-09-12 01:55:55 0 d-----w- c:\windows\system32\MpEngineStore
2010-09-12 01:54:12 0 d-----w- C:\c48e21aef99574ef6087130557
2010-09-07 22:10:45 0 d-----w- c:\program files\iPod
2010-09-07 21:51:33 0 d-----w- c:\program files\Bonjour
2010-09-01 20:42:40 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-09-01 20:41:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-01 20:41:50 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-01 20:41:45 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-01 20:41:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-08-31 22:19:26 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-07-28 01:44:10 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-28 01:44:10 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-28 01:44:10 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-28 01:44:10 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-25 05:47:48 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_zumbus_01009.Wdf
2010-07-25 05:47:46 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-07-25 01:51:55 13632 ----a-w- c:\windows\system32\drivers\omci.sys
2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
2010-06-24 12:15:28 832512 ----a-w- c:\windows\system32\wininet.dll
2010-06-24 12:15:26 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-06-24 12:15:26 17408 ----a-w- c:\windows\system32\corpol.dll
2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
2008-09-27 06:07:24 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092620080927\index.dat

============= FINISH: 15:06:11.93 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:36 PM

Posted 18 September 2010 - 07:40 AM

hi CVR88,

Your log is a few days old. If you still need help simply reply back.

How Can I Reduce My Risk to Malware?


#3 CVR88

CVR88
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 20 September 2010 - 06:26 PM

QUOTE(shelf life @ Sep 18 2010, 05:40 AM) View Post
hi CVR88,

Your log is a few days old. If you still need help simply reply back.


Thanks. Any help would be greatly appreciated. I would've responded sooner but I basically keep the computer off now. It's almost useless.

#4 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:36 PM

Posted 21 September 2010 - 07:53 PM

QUOTE
I basically keep the computer off now

Thats the best thing you can do until its clean.

We will start with TDSSkiller;

Please download TDSS Killer.exe and save it to your desktop
Double click to launch the utility. After it initializes click the start scan button.

Once the scan completes you can click the continue button.

"The utility will automatically select an action (Cure or Delete) for known malcious objects. A suspicious object will be skipped by default."

"After clicking Next, the utility applies selected actions and outputs the result."

"A reboot might require after disinfection."

A report will be found in your Root drive Local Disk (C:) as TDSSKiller.2.4.2.1_09.08.2010_17.32.21_log.txt (name, version, date, time)
Please post the log report

Next you can get combofix. There is a guide to read first. read through the guide and then apply the directions on your own machine. Post the log.

Guide to using Combofix


How Can I Reduce My Risk to Malware?


#5 CVR88

CVR88
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 24 September 2010 - 08:54 PM

This is my dads computer and I forgot to tell him to leave it alone. He doesn't really know much about computers. I've been out of town for a few days and when I returned he had some cyberdefender thing downloaded which seemed to make things worse. I couldn't even access the internet for a while. Finally got everything going. Followed all instructions.

Here's the logs. As requested.

Attached Files



#6 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:36 PM

Posted 25 September 2010 - 06:21 AM

hi,


QUOTE
some cyberdefender thing downloaded

Some malware once on a machine can download/install more malware.

Looks like TDSSkiller worked. Lets check malwarebytes for updates and scan with it.

click the MBAM icon on your desktop. Once the program has loaded, click the Update tab, then check for updates. Select Scanner tab, Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click **Remove Selected.**

**A restart of your computer most likely will be required to remove some items. If prompted please chose yes to restart your computer.**

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

How Can I Reduce My Risk to Malware?


#7 CVR88

CVR88
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:36 PM

Posted 27 September 2010 - 10:41 PM

Everything is running perfect. Seems to be back to normal.

Attached Files


Edited by CVR88, 27 September 2010 - 10:42 PM.


#8 shelf life

shelf life

  • Malware Response Team
  • 2,653 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:09:36 PM

Posted 28 September 2010 - 03:46 PM

hi,

ok good. I would look in the add/remove programs panel and uninstall the Vuze Remote Toolbar.
you and delete the Tdsskiller icon from the desktop. You can remove combofix like this:

Start>run and type in combofix /uninstall
click ok or enter
note the space after the x and before the /

You can make a new restore point also. the how and why:

One of the features of Windows XP,Vista and Windows7 is the System Restore option, however if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore point)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore points on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

happy safe surfing

How Can I Reduce My Risk to Malware?





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users