Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Winfixer Adware Popup


  • This topic is locked This topic is locked
5 replies to this topic

#1 pennywise177

pennywise177

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 13 November 2005 - 09:28 PM

Like many I've been annoyed with those winfixer popups for weeks. I ran ad-aware SE until there were no more infected files detected. I then ran spy-bot search and destroy and removed all infected files followed by AVG. The Bit defender online scan got rid of the remaining infected files. McAfee Stinger came up clean. How do I know if Winfixer is completely removed or not as it is incredibly annoying. Here is my HiJackthis logfile. Thanks.

Logfile of HijackThis v1.99.1
Scan saved at 8:19:54 PM, on 11/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\M-Audio Ozone\OZTask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\system32\gebca.dll
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Program Files\M-Audio Ozone\OZTask.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://E:\components\Liquid.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128477400716
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: gebca - C:\WINDOWS\system32\gebca.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ozone Installer (OzoneInstallerService) - Nemesis - C:\Program Files\M-Audio Ozone\Install\Ozinst.exe

BC AdBot (Login to Remove)

 


#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:49 AM

Posted 14 November 2005 - 06:13 AM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David

#3 pennywise177

pennywise177
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 14 November 2005 - 06:51 PM

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):

  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Then reboot your computer - IMPORTANT
Then post a new HJT log

David



Thanks for your help David. Here are the results of the Spy Sweeper Scan.


********
5:21 PM: | Start of Session, Monday, November 14, 2005 |
5:21 PM: Spy Sweeper started
5:21 PM: Sweep initiated using definitions version 572
5:21 PM: Starting Memory Sweep
5:21 PM: Found Adware: virtumonde
5:21 PM: Detected running threat: C:\WINDOWS\system32\gebca.dll (ID = 77)
5:23 PM: Memory Sweep Complete, Elapsed Time: 00:02:13
5:23 PM: Starting Registry Sweep
5:23 PM: Found Adware: blazefind
5:23 PM: HKLM\software\classes\winctladx.installer\ (3 subtraces) (ID = 104503)
5:23 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\windows\downloaded program files\bridge.dll (ID = 104541)
5:23 PM: HKCR\winctladx.installer\ (3 subtraces) (ID = 104569)
5:23 PM: Found Trojan Horse: jeem
5:23 PM: HKLM\software\microsoft\windows\currentversion\welcome\ || cv093 (ID = 129327)
5:23 PM: HKLM\software\microsoft\windows\currentversion\welcome\ || idc3 (ID = 129328)
5:23 PM: Found Adware: searchrelevancy
5:23 PM: HKLM\software\searchrelevancy\ (3 subtraces) (ID = 141300)
5:23 PM: Found Adware: drsnsrch hijacker
5:23 PM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
5:23 PM: HKLM\software\classes\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 646384)
5:23 PM: HKCR\msevents.msevents\ (5 subtraces) (ID = 749130)
5:23 PM: HKCR\msevents.msevents.1\ (3 subtraces) (ID = 749136)
5:23 PM: HKCR\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (12 subtraces) (ID = 749140)
5:23 PM: HKLM\software\classes\msevents.msevents\ (5 subtraces) (ID = 749153)
5:23 PM: HKLM\software\classes\msevents.msevents.1\ (3 subtraces) (ID = 749157)
5:23 PM: HKLM\software\microsoft\windows\currentversion\explorer\browser helper objects\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (ID = 749160)
5:23 PM: HKLM\software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\ (12 subtraces) (ID = 749166)
5:23 PM: HKLM\software\classes\clsid\{827dc836-dd9f-4a68-a602-5812eb50a834}\progid\ (1 subtraces) (ID = 749172)
5:23 PM: Found Adware: drsnsrch.com hijack
5:23 PM: HKU\S-1-5-21-1626698440-826052484-4170483429-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
5:23 PM: Found Adware: ist slotchbar
5:23 PM: HKU\S-1-5-21-1626698440-826052484-4170483429-1003\software\slotchbar\ (ID = 141843)
5:23 PM: HKU\S-1-5-21-1626698440-826052484-4170483429-1003\software\dsrch\ (11 subtraces) (ID = 509156)
5:23 PM: Registry Sweep Complete, Elapsed Time:00:00:12
5:23 PM: Starting Cookie Sweep
5:23 PM: Found Spy Cookie: yieldmanager cookie
5:23 PM: owner@ad.yieldmanager[1].txt (ID = 3751)
5:23 PM: Found Spy Cookie: adknowledge cookie
5:23 PM: owner@adknowledge[1].txt (ID = 2072)
5:23 PM: Found Spy Cookie: adserver cookie
5:23 PM: owner@adserver[2].txt (ID = 2141)
5:23 PM: Found Spy Cookie: belnk cookie
5:23 PM: owner@ath.belnk[2].txt (ID = 2293)
5:23 PM: owner@belnk[2].txt (ID = 2292)
5:23 PM: owner@dist.belnk[1].txt (ID = 2293)
5:23 PM: Found Spy Cookie: realmedia cookie
5:23 PM: owner@realmedia[1].txt (ID = 3235)
5:23 PM: Found Spy Cookie: statcounter cookie
5:23 PM: owner@statcounter[2].txt (ID = 3447)
5:23 PM: Cookie Sweep Complete, Elapsed Time: 00:00:03
5:23 PM: Starting File Sweep
5:25 PM: winctladx.dll (ID = 51514)
5:33 PM: Found Adware: gain-supported software
5:33 PM: gatoruninstaller_gator.log (ID = 61417)
5:33 PM: gatoruninstaller_gator_u.log (ID = 61418)
5:33 PM: gatorpdpsetup.log (ID = 61399)
5:33 PM: Found Adware: ezsearchbar
5:33 PM: addr_var.ini (ID = 60329)
5:33 PM: birth_var.ini (ID = 60332)
5:33 PM: city_var.ini (ID = 60333)
5:33 PM: name_var.ini (ID = 60352)
5:33 PM: name_gender.ini (ID = 60351)
5:33 PM: states.ini (ID = 60360)
5:33 PM: zip_var.ini (ID = 60362)
5:33 PM: phone_var.ini (ID = 60353)
5:34 PM: Found Adware: ipinsight
5:34 PM: ipinsigt.inf (ID = 64282)
5:35 PM: bundle.inf (ID = 61287)
5:35 PM: gstartup.lnk (ID = 61450)
5:35 PM: about gain.lnk (ID = 61269)
5:35 PM: gain website.url (ID = 61373)
5:37 PM: File Sweep Complete, Elapsed Time: 00:14:17
5:37 PM: Full Sweep has completed. Elapsed time 00:16:48
5:37 PM: Traces Found: 124
5:38 PM: Removal process initiated
5:39 PM: Quarantining All Traces: virtumonde
5:39 PM: virtumonde is in use. It will be removed on reboot.
5:39 PM: C:\WINDOWS\system32\gebca.dll is in use. It will be removed on reboot.
5:39 PM: Quarantining All Traces: blazefind
5:39 PM: Quarantining All Traces: gain-supported software
5:39 PM: Quarantining All Traces: ist slotchbar
5:39 PM: Quarantining All Traces: jeem
5:39 PM: Quarantining All Traces: drsnsrch hijacker
5:39 PM: Quarantining All Traces: drsnsrch.com hijack
5:39 PM: Quarantining All Traces: ezsearchbar
5:39 PM: Quarantining All Traces: ipinsight
5:39 PM: Quarantining All Traces: searchrelevancy
5:39 PM: Quarantining All Traces: adknowledge cookie
5:39 PM: Quarantining All Traces: adserver cookie
5:39 PM: Quarantining All Traces: belnk cookie
5:39 PM: Quarantining All Traces: realmedia cookie
5:39 PM: Quarantining All Traces: statcounter cookie
5:39 PM: Quarantining All Traces: yieldmanager cookie
5:39 PM: Warning: Launched explorer.exe
5:39 PM: Warning: Quarantine process could not restart Explorer.
5:40 PM: Removal process completed. Elapsed time 00:01:29
********
5:20 PM: | Start of Session, Monday, November 14, 2005 |
5:20 PM: Spy Sweeper started
5:20 PM: Your spyware definitions have been updated.
5:21 PM: | End of Session, Monday, November 14, 2005 |


************************************************************************

And here is the HijackThis Log

Logfile of HijackThis v1.99.1
Scan saved at 5:48:29 PM, on 11/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
C:\Program Files\M-Audio Ozone\OZTask.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Unzipped\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://us10.hpwis.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://srch-us10.hpwis.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\gnotify.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [BackupNotify] c:\Program Files\HP\Digital Imaging\bin\backupnotify.exe
O4 - Global Startup: M-Audio Ozone Control Panel Launcher.lnk = C:\Program Files\M-Audio Ozone\OZTask.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {3CA1D406-30D8-4DBC-8EE6-0E2C05F78864} - (no file) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://E:\components\Liquid.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1128477400716
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Ozone Installer (OzoneInstallerService) - Nemesis - C:\Program Files\M-Audio Ozone\Install\Ozinst.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:49 AM

Posted 15 November 2005 - 04:32 AM

Has the pop-up stopped?

David

#5 pennywise177

pennywise177
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:04:49 AM

Posted 15 November 2005 - 04:36 PM

Yes, the pop-ups have finally stopped. Thanks for your help!!!

Tom

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:11:49 AM

Posted 16 November 2005 - 11:53 AM

This is my normal post for when you are clear - which you now are - or seem to be. Please advise of any problems you still have :-

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.
    You can find instructions on how to disable and re-enable system restore here:
    Managing Windows Millennium System Restore
    or
    Windows XP System Restore Guide
    re-enable system restore with instructions from tutorial above
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialise and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs:
    Computer Safety On line - Anti-Virus
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Computer Safety On line - Software Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here:
    Instructions for - Spybot S & D and Ad-aware
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here:
    Computer Safety on line - Anti-Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Due to the fact that this topic has thankfully been resolved, I will close this thread. :thumbsup:

If you want to thread to be re-opened at any point ? please PM me or any other staff with a link to it!

If anyone else is reading this with a similar problem that you would like help with, please post it in a new thread in the security section!


:flowers: David :trumpet:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users