Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Had antimalware doctor virus, now CPU 100 - help!!


  • Please log in to reply
14 replies to this topic

#1 Derialc

Derialc

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 07 October 2010 - 07:00 PM

Hi,
I hope you can help me. I am running a 5 year old Dell pc with XP. It has a fairly high memory capacity but I can't remember the exact specs now.
During the summer my speakers have been sporadically playing various ads and an Internet explorer window would open. (I generally use Opera) In the task manager I discovered the process iexplorer.exe running. As soon as I ended the process the ads would stop, although the process would re-establish itself within minutes. I ran prevx which didn't seem to make any difference but as the ads did not really affect the running of the computer I didn't take the problem any further.
Last week however I left the room for a few minutes and came back to find a pop-up window from Antimalware Doctor open on screen saying my computer is infected and telling me to buy their software. Since then the speed of my computer has been seriously affected. It can take at least 30 minutes for a Word doc to open! I closed the window and followed the instructions on this site to remove the program. Part of the instructions involved running a full malwarebytes scan. The scan ran for over 3 days after which I had to abort it as I urgently needed to download some files from computer and it was unable to do both tasks at once. Over the 3 days it found 56 infected files which it removed. I then ran a quick scan and it found and removed another 10 infected files. However the speed of my computer has not improved.
On Sunday I began running a full system Norton scan. It has been running since then and is still only scanning the Documents and Settings folder. I have noticed since Sunday that my CPU usage is permanently at 100%.
Thank you for taking the time to read this and I appreciate any help or advice you can give,
Regards,
Claire.
Incidentally the ads are still playing over my speakers but they have also been affected by the new problem and there is now a few seconds of silence between each syllable of the words!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 PM

Posted 07 October 2010 - 08:36 PM

Hello and welcome ,let's give this a shot. Shut down everything else.

Reboot into Safe Mode with Networking
How to enter safe mode(XP)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


>>>> Download this file and doubleclick on it to run it. Allow the information to be merged with the registry.

RKill....

Download and Run RKill
  • Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

    Link 1
    Link 2
    Link 3
    Link 4

  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Do not reboot your computer after running rkill as the malware programs will start again. Or if rebooting is required run it again.


If you continue having problems running rkill.com, you can download iExplore.exe or eXplorer.exe, which are renamed copies of rkill.com, and try them instead.



Next run Superantisypware (SAS):

Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download them from here. Double-click on the hyperlink for Download Installer and save SASDEFINITIONS.EXE to your desktop. Then double-click on SASDEFINITIONS.EXE to install the definitions.)
  • In the Main Menu, click the Preferences... button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.
If you have a problem downloading, installing or getting SAS to run, try downloading and using the SUPERAntiSpyware Portable Scanner instead. Save the randomly named file (i.e. SAS_1710895.COM) to a usb drive or CD and transfer to the infected computer. Then double-click on it to launch and scan. The file is randomly named to help keep malware from blocking the scanner.

Reboot to Normal Mode
Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 08 October 2010 - 01:50 AM

Thank you for the quick reply! I will try that as soon as I get home from work this evening. Just wanted to mention that I had a quick look at the computer before I left this morning and there are now 5 windows open saying that "Internet Explorer has encountered a virus and must shut down". This is despite the fact that IE wasn't running at the time and hadn't been run since August... Not sure if that's relevant but thought I should mention it.
Thanks again!

#4 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 08 October 2010 - 01:52 AM

Sorry, that should have said "Internet Explorer has encountered a problem and must shut down", not a "virus".

#5 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 PM

Posted 08 October 2010 - 03:51 PM

Ok, but the other issues do sound like malware and may be contibuting to the closure of IE.
Please run those scans
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#6 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 October 2010 - 11:22 AM

Hi,
Sorry for the delay in replying, I have been very busy this weekend and was unable to tackle the computer until now.
I restarted in Safe Mode with Networking and then clicked on the link you specified which led me here
http://download.bleepingcomputer.com/reg/a...2010/FixExe.reg
However there is no link on the page for me to double click on...
This is what the page says:

Windows Registry Editor Version 5.00

[-HKEY_CURRENT_USER\Software\Classes\.exe\shell\open\command]

[-HKEY_CURRENT_USER\Software\Classes\secfile\shell\open\command]

[-HKEY_CLASSES_ROOT\.exe\shell\open\command]

[HKEY_CLASSES_ROOT\.exe]
@="exefile"
"Content Type"="application/x-msdownload"

[-HKEY_CLASSES_ROOT\secfile]

Any advice?!

#7 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 October 2010 - 11:25 AM

PS When you say to disable antimalware software does this include Norton? Thanks.

#8 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 10 October 2010 - 11:31 AM

Realised I was opening the link instead of downloading it so have now run the regfix...

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 PM

Posted 10 October 2010 - 02:35 PM

OK, yes it's a download.. If possible to disable Norton do that or else just run the rest.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 11 October 2010 - 09:53 AM

Had to run the SuperAntiSpyware twice. The first time it ran a window opened saying Windows Explorer had encountered a problem and must close. I ignored the window but during the removal stage I clicked on it accidentally and the computer shut down and went a blue screen (cannot remember what the screen said sorry...). the second time I ran the software the same window popped up again but I was more careful and did not click on it and the viruses were quarantined and removed. I will now reboot into normal mode and run Malwarebytes.

Here is the log of my second SuperAntiSpyware Scan:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 10/11/2010 at 04:30 AM

Application Version : 4.44.1000

Core Rules Database Version : 5662
Trace Rules Database Version: 3474

Scan type : Complete Scan
Total Scan Time : 05:18:08

Memory items scanned : 274
Memory threats detected : 1
Registry items scanned : 10160
Registry threats detected : 68
File items scanned : 367894
File threats detected : 183

Trojan.Agent/Gen-Falcomp[Cont]
C:\WINDOWS\SYSTEM32\DLO58.DLL
C:\WINDOWS\SYSTEM32\DLO58.DLL
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D6612D3A-F5BD-453B-8F96-3BDB33C123AB}
HKCR\CLSID\{D6612D3A-F5BD-453B-8F96-3BDB33C123AB}
HKCR\CLSID\{D6612D3A-F5BD-453B-8F96-3BDB33C123AB}
HKCR\CLSID\{D6612D3A-F5BD-453B-8F96-3BDB33C123AB}#Version
HKCR\CLSID\{D6612D3A-F5BD-453B-8F96-3BDB33C123AB}#Flags
HKCR\CLSID\{D6612D3A-F5BD-453B-8F96-3BDB33C123AB}\InprocServer32
HKCR\CLSID\{D6612D3A-F5BD-453B-8F96-3BDB33C123AB}\InprocServer32#ThreadingModel
HKCR\CLSID\{D6612D3A-F5BD-453B-8F96-3BDB33C123AB}\ProgID
HKCR\Atrgqncx
HKCR\Atrgqncx\CLSID
HKLM\System\ControlSet001\Services\sepmfxtv
HKLM\System\ControlSet001\Enum\Root\LEGACY_sepmfxtv
HKLM\System\CurrentControlSet\Services\sepmfxtv
HKLM\System\CurrentControlSet\Enum\Root\LEGACY_sepmfxtv

Trojan.Agent/Gen-Virut
[IAAnotif] C:\PROGRAM FILES\INTEL\INTEL APPLICATION ACCELERATOR\IAANOTIF.EXE
C:\PROGRAM FILES\INTEL\INTEL APPLICATION ACCELERATOR\IAANOTIF.EXE
[IntelMeM] C:\PROGRAM FILES\INTEL\MODEM EVENT MONITOR\INTELMEM.EXE
C:\PROGRAM FILES\INTEL\MODEM EVENT MONITOR\INTELMEM.EXE
[CTHelper] C:\WINDOWS\SYSTEM32\CTHELPER.EXE
C:\WINDOWS\SYSTEM32\CTHELPER.EXE
[UpdReg] C:\WINDOWS\UPDREG.EXE
C:\WINDOWS\UPDREG.EXE
[DMXLauncher] C:\PROGRAM FILES\DELL\MEDIA EXPERIENCE\DMXLAUNCHER.EXE
C:\PROGRAM FILES\DELL\MEDIA EXPERIENCE\DMXLAUNCHER.EXE
[ISUSScheduler] C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
C:\PROGRAM FILES\COMMON FILES\INSTALLSHIELD\UPDATESERVICE\ISSCH.EXE
[WService] C:\WINDOWS\SYSTEM32\WSERVICE.EXE
C:\WINDOWS\SYSTEM32\WSERVICE.EXE
[HP Software Update] C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE
[TkBellExe] C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
C:\PROGRAM FILES\COMMON FILES\REAL\UPDATE_OB\REALSCHED.EXE
[SunJavaUpdateSched] C:\PROGRAM FILES\JAVA\JRE6\BIN\JUSCHED.EXE
C:\PROGRAM FILES\JAVA\JRE6\BIN\JUSCHED.EXE
[QuickTime Task] C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE
[SearchSettings] C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGS.EXE
C:\PROGRAM FILES\SEARCH SETTINGS\SEARCHSETTINGS.EXE
[WorksFUD] C:\PROGRAM FILES\MICROSOFT WORKS\WKFUD.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKFUD.EXE
[Microsoft Works Update Detection] C:\PROGRAM FILES\MICROSOFT WORKS\WKDETECT.EXE
C:\PROGRAM FILES\MICROSOFT WORKS\WKDETECT.EXE
[iTunesHelper] C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
C:\PROGRAM FILES\ITUNES\ITUNESHELPER.EXE
[DVD43] C:\PROGRAM FILES\DVD REGION+CSS FREE\DVDREGIONFREE.EXE
C:\PROGRAM FILES\DVD REGION+CSS FREE\DVDREGIONFREE.EXE
[CTDVDDET] C:\PROGRAM FILES\CREATIVE\SBAUDIGY2ZS\DVDAUDIO\CTDVDDET.EXE
C:\PROGRAM FILES\CREATIVE\SBAUDIGY2ZS\DVDAUDIO\CTDVDDET.EXE
[BuildBU] C:\DELL\BLDBUBG.EXE
C:\DELL\BLDBUBG.EXE
HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\CTDVDDET.EXE
C:\WINDOWS\FONTS\EO15U1BG7.COM
C:\WINDOWS\TEMP\HVCK\SETUP.EXE
C:\WINDOWS\Prefetch\ISSCH.EXE-3AC1D446.pf
C:\WINDOWS\Prefetch\REALSCHED.EXE-0948A6AF.pf

Adware.HBHelper
HKLM\Software\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\InprocServer32#ThreadingModel
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\ProgID
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\TypeLib
HKCR\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}\VersionIndependentProgID
HKCR\URLSearchHook.ToolbarURLSearchHook.1
HKCR\URLSearchHook.ToolbarURLSearchHook.1\CLSID
HKCR\URLSearchHook.ToolbarURLSearchHook
HKCR\URLSearchHook.ToolbarURLSearchHook\CLSID
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\0\win32
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\FLAGS
HKCR\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}\1.0\HELPDIR
C:\PROGRAM FILES\FAST BROWSER SEARCH\IE\TBHELPER.DLL

Adware.Tracking Cookie
C:\Documents and Settings\ClaireD\Cookies\claired@usenext[1].txt
C:\Documents and Settings\ClaireD\Cookies\system@zedo[2].txt
C:\Documents and Settings\ClaireD\Cookies\claired@ads.pubmatic[1].txt
C:\Documents and Settings\ClaireD\Cookies\system@ad.yieldmanager[1].txt
C:\Documents and Settings\ClaireD\Cookies\claired@yahooadserving[1].txt
C:\Documents and Settings\ClaireD\Cookies\claired@traffictrack[1].txt
C:\Documents and Settings\ClaireD\Cookies\claired@www.usenext[2].txt
C:\Documents and Settings\ClaireD\Cookies\claired@ads.gamesbannernet[1].txt
C:\Documents and Settings\ClaireD\Cookies\claired@adinterax[2].txt
C:\Documents and Settings\ClaireD\Cookies\claired@ad.adc-serv[2].txt
C:\Documents and Settings\ClaireD\Cookies\claired@usenext[2].txt
C:\Documents and Settings\ClaireD\Cookies\system@yieldmanager[2].txt
C:\Documents and Settings\ClaireD\Cookies\claired@apmebf[1].txt
C:\Documents and Settings\ClaireD\Cookies\claired@ads.ctasnet[1].txt
C:\Documents and Settings\ClaireD\Cookies\system@adecn[2].txt
C:\Documents and Settings\ClaireD\Cookies\system@apmebf[1].txt
C:\Documents and Settings\ClaireD\Cookies\claired@webmasterplan[2].txt
C:\Documents and Settings\ClaireD\Cookies\claired@zanox[2].txt
C:\Documents and Settings\ClaireD\Cookies\claired@zanox-affiliate[1].txt
acvs.mediaonenetwork.net [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
atdmt.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
cdn.insights.gravity.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
cdn4.specificclick.net [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
cdn5.specificclick.net [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
content.oddcast.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
core.insightexpressai.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
ec.atdmt.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
ia.media-imdb.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
insight.randomhouse.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
m.uk.2mdn.net [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
m1.2mdn.net [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
m1.emea.2mdn.net [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
media.khou.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
media.mtvnservices.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
media.resulthost.org [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
media.scanscout.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
media.tattomedia.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
media01.kyte.tv [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
media1.break.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
media1.clubpenguin.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
msnbcmedia.msn.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
multimedia.timeslive.co.za [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
objects.tremormedia.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
oddcast.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
richmedia247.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
s0.2mdn.net [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
static.2mdn.net [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
tracking.onefeed.co.uk [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
tracksimple.s3.amazonaws.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
www.soundclick.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
yo.static.presidiomedia.com [ C:\Documents and Settings\ClaireD\Application Data\Macromedia\Flash Player\#SharedObjects\E5GUQPAF ]
uk.sitestat.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
uk.sitestat.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.chitika.net [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.sitestat.kpn-is.nl [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.sitestat.kpn-is.nl [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.www.spafinder.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.toseeka.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.toseeka.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.unlimfind.info [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.fr.sitestat.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.int.sitestat.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.spafinder.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.fr.sitestat.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.keywordmax.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.mtrcs.bizrate.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.kanoodle.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.inkandmedialtd.co.uk [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.focalex.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.focalex.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.focalex.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.focalex.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.findwhat.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.findlegalforms.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.uk.sitestat.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wfkiohcjohp.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wfmyenc5eko.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wfkouhdjwfo.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wjmiolcjcho.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wglikgajsdo.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.clickertraining.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.bizrate.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wjnyupcpodp.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wfloqmdjieq.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6whkoqnajego.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wfkoupdpsdo.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wjmyandpado.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.clickerpets.stores.yahoo.net [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wjny-1gazig.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wgkokmajobp.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.centrica.usertracking.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.e-2dj6wjlygicjwco.stats.esomniture.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
advertising.sheknows.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
stat.aldi.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.adinterax.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
tracking.hearthstoneonline.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
.imrworldwide.com [ C:\Documents and Settings\ClaireD\Application Data\Mozilla\Firefox\Profiles\3eykwll4.default\cookies.sqlite ]
media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\3DGCXNW2 ]
stat.easydate.biz [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\3DGCXNW2 ]
C:\Documents and Settings\LocalService\Cookies\system@ad.adserver01[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ad.zanox[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adbrite[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adecn[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.christianpost[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.ctasnet[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.e-planning[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.gamesbannernet[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.pointroll[2].txt
C:\Documents and Settings\LocalService\Cookies\system@ads.raasnet[2].txt
C:\Documents and Settings\LocalService\Cookies\system@adtech[1].txt
C:\Documents and Settings\LocalService\Cookies\system@adxpose[1].txt
C:\Documents and Settings\LocalService\Cookies\system@americanheart.122.2o7[1].txt
C:\Documents and Settings\LocalService\Cookies\system@apmebf[1].txt
C:\Documents and Settings\LocalService\Cookies\system@atdmt[2].txt
C:\Documents and Settings\LocalService\Cookies\system@avazutracking[2].txt
C:\Documents and Settings\LocalService\Cookies\system@azjmp[2].txt
C:\Documents and Settings\LocalService\Cookies\system@bluestreak[1].txt
C:\Documents and Settings\LocalService\Cookies\system@bs.serving-sys[2].txt
C:\Documents and Settings\LocalService\Cookies\system@click2go[1].txt
C:\Documents and Settings\LocalService\Cookies\system@clicksor[2].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[2].txt
C:\Documents and Settings\LocalService\Cookies\system@content.yieldmanager[3].txt
C:\Documents and Settings\LocalService\Cookies\system@doubleclick[1].txt
C:\Documents and Settings\LocalService\Cookies\system@eas.apm.emediate[1].txt
C:\Documents and Settings\LocalService\Cookies\system@ehg-bbbsorg.hitbox[1].txt
C:\Documents and Settings\LocalService\Cookies\system@eyewonder[1].txt
C:\Documents and Settings\LocalService\Cookies\system@fastclick[2].txt
C:\Documents and Settings\LocalService\Cookies\system@fidelity.rotator.hadj7.adjuggler[1].txt
C:\Documents and Settings\LocalService\Cookies\system@harrenmedianetwork[1].txt
C:\Documents and Settings\LocalService\Cookies\system@hitbox[2].txt
C:\Documents and Settings\LocalService\Cookies\system@jumbamediagroup[1].txt
C:\Documents and Settings\LocalService\Cookies\system@linksynergy[2].txt
C:\Documents and Settings\LocalService\Cookies\system@media6degrees[2].txt
C:\Documents and Settings\LocalService\Cookies\system@mediaplex[1].txt
C:\Documents and Settings\LocalService\Cookies\system@myroitracking[1].txt
C:\Documents and Settings\LocalService\Cookies\system@mywebsearch[2].txt
C:\Documents and Settings\LocalService\Cookies\system@pointroll[2].txt
C:\Documents and Settings\LocalService\Cookies\system@popularscreensavers[1].txt
C:\Documents and Settings\LocalService\Cookies\system@revsci[2].txt
C:\Documents and Settings\LocalService\Cookies\system@rotator.adjuggler[2].txt
C:\Documents and Settings\LocalService\Cookies\system@server.cpmstar[2].txt
C:\Documents and Settings\LocalService\Cookies\system@serving-sys[1].txt
C:\Documents and Settings\LocalService\Cookies\system@seth.avazutracking[2].txt
C:\Documents and Settings\LocalService\Cookies\system@tradedoubler[1].txt
C:\Documents and Settings\LocalService\Cookies\system@www.omgtracking[2].txt
C:\Documents and Settings\LocalService\Cookies\system@xm.xtendmedia[2].txt
C:\Documents and Settings\LocalService\Cookies\system@zanox[1].txt
C:\Documents and Settings\LocalService\Cookies\system@zbox.zanox[1].txt
C:\Documents and Settings\LocalService\Cookies\system@zedo[1].txt
media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H4WNWLUB ]
s0.2mdn.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H4WNWLUB ]
stat.easydate.biz [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H4WNWLUB ]
www.bannerconnect.net [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\H4WNWLUB ]

Browser Hijacker.Deskbar
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\0\win32
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\FLAGS
HKCR\TypeLib\{77AA25E8-6083-4949-A831-9CB11861DC10}\1.0\HELPDIR
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\ProxyStubClsid32
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib
HKCR\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}\TypeLib#Version
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\ProxyStubClsid32
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib
HKCR\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}\TypeLib#Version

Trojan.DNSChanger-Codec
HKU\S-1-5-21-4253741507-441719910-121809632-1006\Software\uninstall

Rogue.AntiMalwareDoctor
C:\Documents and Settings\ClaireD\Application Data\0572AF6E7EB3AE6ABE87476ACF88B947

Trojan.Agent/Gen
C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\Y7BIFAMA.EXE
C:\WINDOWS\TEMP\HKI10523.EXE

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 PM

Posted 11 October 2010 - 10:02 AM

Uggghh!! Looks like you installed a poisoned codec..Trojan.Agent/Gen-Virut

This is really a bad one. I have to make an unhappy reply.

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, and opens a back door that compromises your computer. Using this backdoor, a remote attacker can access and instruct the infected computer to download and execute more malicious files.

-- Note: As with most malware infections, the threat name may be different depending on the anti-virus or anti-malware program which detected it. Each security vendor uses their own naming conventions to identify various types of malware.With this particular infection, the safest solution and only sure way to remove it effectively is to reformat and reinstall the OS.

Why? According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Other variants of virut can even penetrate and infect .exe files within compressed files (.zip, .cab, rar). The Virux and Win32/Virut.17408 variants are an even more complex file infectors which can embed an iframe into the body of web-related files and infect script files (.php, .asp, .htm, .html, .xml). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair and in some instances can disable Windows File Protection. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable. The longer virut remains on a computer, the more critical system files will become infected and corrupt so the degree of damage can vary.

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.

CA Virus detail of W32/Virut

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutVirut is commonly spread via a flash drive (usb, pen, thumb, jump) infection using RUNDLL32.EXE and other malicious files. It is often contracted by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and a major source of system infection.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

However, the CA Security Advisor Research Blog have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

Since virut is not effectively disinfectable, your best option is to perform a full reformat as there is no guarantee this infection can be completely removed. In most instances it may have caused so much damage to your system files that it cannot be completely cleaned or repaired. In many cases the infected files (which can number in the thousands) cannot be deleted and anti-malware scanners cannot disinfect them properly. Security vendors that claim to be able to remove file infectors cannot guarantee that all traces of it will be removed as they may not find all the remnants. If something goes awry during the malware removal process there is always a risk the computer may become unstable or unbootable and you could loose access to all your data.

Further, your machine has likely been compromised by the backdoor Trojan and there is no way to be sure the computer can ever be trusted again. It is dangerous and incorrect to assume the computer is secure even if your anti-virus reports that the malware appears to have been removed.

Many experts in the security community believe that once infected with this type of malware, the best course of action is to reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:

Whenever a system has been compromised by a backdoor payload, it is impossible to know if or how much the backdoor has been used to affect your system...There are only a few ways to return a compromised system to a confident security configuration. These include:
• Reimaging the system
• Restoring the entire system using a full system backup from before the backdoor infection
• Reformatting and reinstalling the system

Backdoors and What They Mean to You

This is what Jesper M. Johansson at Microsoft TechNet has to say: Help: I Got Hacked. Now What Do I Do?.

The only way to clean a compromised system is to flatten and rebuild. That’s right. If you have a system that has been completely compromised, the only thing you can do is to flatten the system (reformat the system disk) and rebuild it from scratch (reinstall Windows and your applications).


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#12 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 11 October 2010 - 10:35 AM

Oh dear, that's not what I wanted to hear... Would you recommend that I do not try any further removal softwares like malwarebytes in case I damage the computer further? I rebooted in normal mode and the computer is no different. Still extremely slow with pop up windows about different applications that need to close. Took nearly 20 mins for malwarebytes to open... I haven't run it yet. Should I do so?

Also, I have a lot of files and photos on my computer which I would need to (if possible) download to an external hard drive before I reformat the drive... Is this safe? Do I risk bringing the Trojans with me? Can I back up all types of files and what is the best way to do so? In safe mode?

Thanks again for your help.

PS I am typing this on someone else's computer as my Internet won't open in normal mode...

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 PM

Posted 11 October 2010 - 10:51 AM

Sorry, I don't like this one either. Running tools now is really an excercise in futility. It may help a bit to get your backup easier but as you see in the log you posted itwill keep attacking exe files and won't stop.
Photos and most music are are usually safe

Let me post our quietman7's info on reformatting.

Caution: If you are considering backing up data and reformatting, keep in mind, with a Virut infection, there is always a chance of backed up data reinfecting your system. If the data is that important to you, then you can try to salvage some of it but there is no guarantee so be forewarned that you may have to start over again afterwards if reinfected by attempting to recover your data. Only back up your important documents, personal data files, photos to a CD or DVD drive, not a flash drive or external hard drive as they may become compromised in the process. The safest practice is not to backup any executable files (*.exe), screensavers (*.scr), autorun (.ini) or script files (.php, .asp, .htm, .html, .xml ) files because they may be infected by malware. Avoid backing up compressed files (.zip, .cab, .rar) that have executables inside them as some types of malware can penetrate compressed files and infect the .exe files within them. Other types of malware may even disguise itself by hiding a file extension or adding to the existing extension as shown here (click Figure 1 to enlarge) so be sure you look closely at the full file name. If you cannot see the file extension, you may need to reconfigure Windows to show file name extensions. Then make sure you scan the backed up data with your anti-virus prior to to copying it back to your hard drive.

If your CD/DVD drive is unusable, another word of caution if you are considering backing up to an external usb hard drive as your only alternative. External drives are more susceptible to infection and can become compromised in the process of backing up data. I'm not saying you should not try using such devices but I want to make you aware of all your options and associated risks so you can make an informed decision if its worth that risk.Again, do not back up any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

If you're not sure how to reformat or need help with reformatting, please review:These links include step-by-step instructions with screenshots:Vista users can refer to these instructions:Don't forget you will have to go to Microsoft Update and apply all Windows security patches after reformatting.

Note: If you're using an IBM, Sony, HP, Compaq or Dell machine, you may not have an original XP CD Disk. By policy Microsoft no longer allows OEM manufactures to include the original Windows XP CD-ROM on computers sold with Windows preinstalled. Instead, most computers manufactured and sold by OEM vendors come with a vendor-specific Recovery Disk or Recovery Partition for performing a clean "factory restore" that will reformat your hard drive, remove all data and restore the computer to the state it was in when you first purchased it. See Technology Advisory Recovery Media. If the recovery partition has become infected, you will need to contact the manufacturer, explain what happened and ask them to send full recovery disks to use instead..

If you need additional assistance with reformatting or partitioning, you can start a new topic in the Operating Systems Subforums forum.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 Derialc

Derialc
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:01:28 AM

Posted 11 October 2010 - 11:09 AM

Thanks for that. How about uploading files and photos to an online storage facility? Is this considered a safe/successful option?

#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,416 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:08:28 PM

Posted 11 October 2010 - 11:15 AM

I think that would be oK.. Remember...do not back up any files with the following file extensions: exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users