Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

a good old google search hijacker with pop up fun


  • This topic is locked This topic is locked
10 replies to this topic

#1 sweezy f baby

sweezy f baby

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 18 April 2011 - 08:27 AM

OK, ad-aware found this sucker once, and it, clamwin and spybot s&d were all run, but it still has my system... so i've come to seek assistance from the best.

this is the nasty Win32.TrojanDownloader.WMAGetCodec help me, oh wise ones.


-sorry for being a jag and not reading the how to guide... been several years since i've been here.

Edited by sweezy f baby, 18 April 2011 - 08:49 AM.


BC AdBot (Login to Remove)

 


#2 sweezy f baby

sweezy f baby
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 18 April 2011 - 08:40 AM

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Frank Swaney at 9:37:46.29 on Mon 04/18/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2259 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Wave Systems Corp\Common\DataServer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\NTRU Cryptosystems\NTRU Hybrid TSS v1.05\bin\tcsd_win32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\stsystra.exe
C:\WINDOWS\twain_32\DELL\MFP1125\Monitor\Stsmon.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\PROGRA~1\RINGCE~1\EXTREM~1\RCUI.exe
C:\PROGRA~1\RINGCE~1\EXTREM~1\RCHotKey.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Memeo\AutoSync\MemeoAutoSync.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Frank Swaney\My Documents\Downloads\dds.scr
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer provided by MSN & Bing
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [RCUI] "c:\progra~1\ringce~1\extrem~1\RCUI.exe"
uRun: [RCHotKey] "c:\progra~1\ringce~1\extrem~1\RCHotKey.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [MFPMonitor] c:\windows\twain_32\dell\mfp1125\monitor\Stsmon.exe
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Memeo AutoBackup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent
mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent
StartupFolder: c:\docume~1\franks~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - c:\program files\bodog poker\BPGame.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\franks~1\applic~1\mozilla\firefox\profiles\cs2y5f9v.default\
FF - plugin: c:\documents and settings\frank swaney\application data\mozilla\firefox\profiles\cs2y5f9v.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2011-4-16 64512]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [2010-11-19 21664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2011-4-1 1753048]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2008-11-7 25824]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-1-29 100456]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-4-16 136176]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [2010-7-29 25112]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2011-4-1 15232]
S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\frank swaney\application data\nvidia\hwaccess.sys --> c:\documents and settings\frank swaney\application data\nvidia\HWAccess.sys [?]
.
=============== Created Last 30 ================
.
2011-04-17 18:37:56 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-17 18:37:56 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2011-04-16 23:14:14 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-16 23:14:14 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-16 22:54:11 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-16 22:53:44 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-16 22:53:33 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-04-16 22:53:33 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-04-16 22:53:33 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-04-16 22:53:33 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-04-16 22:53:33 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-04-16 22:53:33 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-04-16 22:53:33 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-04-16 22:53:33 117760 ------w- c:\windows\system32\prntvpt.dll
2011-04-16 22:53:33 -------- d-----w- C:\bb5ddb686b3cbafce9b8fada
2011-04-16 21:44:12 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-16 19:50:40 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-16 19:50:34 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-16 19:50:10 -------- d-----w- c:\docume~1\franks~1\locals~1\applic~1\Sunbelt Software
2011-04-16 19:46:25 -------- d-----w- c:\docume~1\franks~1\locals~1\applic~1\Google
2011-04-16 19:46:20 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-16 19:45:53 -------- d-----w- c:\program files\Lavasoft
2011-04-16 06:32:23 -------- d-----w- c:\program files\Bodog Poker
2011-04-16 06:11:27 -------- d-----w- c:\program files\Bodog Casino
.
==================== Find3M ====================
.
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 12:27:00 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 12:27:00 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 12:27:00 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-23 12:27:00 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 12:27:00 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 12:27:00 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 12:27:00 2292678 ----a-w- c:\windows\system32\nvdata.bin
2011-02-23 12:27:00 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 12:27:00 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 12:27:00 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-23 12:27:00 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ------w- c:\windows\system32\html.iec
2011-02-17 12:32:12 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56:39 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33:55 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33:55 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: Maxtor_6L080M0 rev.BANC1G10 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-e
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8A51DECC]<<
_asm { PUSH EBP; MOV EBP, ESP; SUB ESP, 0x1c; PUSH EBX; PUSH ESI; MOV DWORD [EBP-0x4], 0xb4854879; SUB DWORD [EBP-0x4], 0xb4854135; PUSH EDI; CALL 0xffffffffffffdf2c; }
1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8A66DAB8]
3 CLASSPNP[0xB8108FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A415148]
[0x8A4D12B8] -> IRP_MJ_CREATE -> 0x8A51DECC
kernel: MBR read successfully
_asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; STI ; PUSH AX; POP ES; PUSH AX; POP DS; CLD ; MOV SI, 0x7c1b; MOV DI, 0x61b; PUSH AX; PUSH DI; MOV CX, 0x1e5; REP MOVSB ; RETF ; MOV BP, 0x7be; MOV CL, 0x4; CMP [BP+0x0], CH; JL 0x2e; JNZ 0x3a; }
detected disk devices:
\Device\Ide\IdeDeviceP1T0L0-e -> \??\IDE#DiskMaxtor_6L080M0__________________________BANC1G10#324c4a304548484d20202020324c4a304548484d#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8A51DAF1
user & kernel MBR OK
sectors 156249998 (+143): user != kernel
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 9:38:39.98 ===============

Attached Files


Edited by sweezy f baby, 18 April 2011 - 08:48 AM.


#3 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 18 April 2011 - 09:12 AM

:welcome: to BC!

Logs, yay!
We're set to start then.

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#4 sweezy f baby

sweezy f baby
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 18 April 2011 - 09:53 AM

you rock.

ComboFix 11-04-17.03 - Frank Swaney 04/18/2011 10:42:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2828 [GMT -4:00]
Running from: c:\documents and settings\Frank Swaney\My Documents\Downloads\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Frank Swaney\WINDOWS
c:\windows\jestertb.dll
.
Infected copy of c:\windows\system32\drivers\imapi.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2011-03-18 to 2011-04-18 )))))))))))))))))))))))))))))))
.
.
2011-04-17 18:37 . 2011-04-18 09:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-04-17 18:37 . 2011-04-17 18:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-04-16 23:14 . 2011-04-16 23:14 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin
2011-04-16 23:14 . 2011-04-16 23:14 1 ----a-w- c:\windows\system32\nvdrssel.bin
2011-04-16 22:54 . 2011-04-16 22:54 -------- d-----w- c:\windows\system32\XPSViewer
2011-04-16 22:54 . 2011-04-16 22:54 -------- d-----w- c:\program files\MSBuild
2011-04-16 22:54 . 2011-04-16 22:54 -------- d-----w- c:\program files\Reference Assemblies
2011-04-16 22:53 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-04-16 22:53 . 2011-04-16 22:53 -------- d-----w- C:\bb5ddb686b3cbafce9b8fada
2011-04-16 22:53 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-04-16 22:53 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-04-16 22:53 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-04-16 22:53 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-04-16 22:53 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-04-16 22:53 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-04-16 22:53 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-04-16 22:53 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-04-16 21:44 . 2011-04-07 07:59 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-16 19:51 . 2011-04-16 19:51 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2011-04-16 19:50 . 2011-04-01 07:22 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-04-16 19:50 . 2011-04-16 19:50 -------- dc----w- c:\windows\system32\DRVSTORE
2011-04-16 19:50 . 2011-04-16 19:50 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-04-16 19:50 . 2011-04-16 19:50 -------- d-----w- c:\documents and settings\Frank Swaney\Local Settings\Application Data\Sunbelt Software
2011-04-16 19:46 . 2011-04-16 19:46 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2011-04-16 19:46 . 2011-04-16 22:08 -------- d-----w- c:\documents and settings\Frank Swaney\Local Settings\Application Data\Google
2011-04-16 19:46 . 2011-04-16 19:47 -------- d-----w- c:\program files\Google
2011-04-16 19:46 . 2011-04-16 19:46 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{6A395471-4AA3-4072-AE1B-9B69A97AD164}
2011-04-16 19:45 . 2011-04-16 19:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-04-16 19:45 . 2011-04-16 19:45 -------- d-----w- c:\program files\Lavasoft
2011-04-16 06:32 . 2011-04-16 06:32 -------- d-----w- c:\program files\Bodog Poker
2011-04-16 06:11 . 2011-04-16 06:19 -------- d-----w- c:\program files\Bodog Casino
2011-04-15 18:15 . 2011-04-15 18:15 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-03-20 19:40 . 2011-03-20 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-07 05:33 . 2010-11-19 20:34 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37 . 2010-11-19 19:23 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21 . 2010-11-19 19:23 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-23 12:27 . 2011-02-23 12:27 61440 ----a-w- c:\windows\system32\OpenCL.dll
2011-02-23 12:27 . 2011-02-23 12:27 4980736 ----a-w- c:\windows\system32\nvcuda.dll
2011-02-23 12:27 . 2011-02-23 12:27 2916968 ----a-w- c:\windows\system32\nvcuvid.dll
2011-02-23 12:27 . 2011-02-23 12:27 2251368 ----a-w- c:\windows\system32\nvcuvenc.dll
2011-02-23 12:27 . 2011-02-23 12:27 1958400 ----a-w- c:\windows\system32\nvapi.dll
2011-02-23 12:27 . 2011-02-23 12:27 14671872 ----a-w- c:\windows\system32\nvoglnt.dll
2011-02-23 12:27 . 2011-02-23 12:27 13004800 ----a-w- c:\windows\system32\nvcompiler.dll
2011-02-23 12:27 . 2011-01-29 08:09 941160 ----a-w- c:\windows\system32\nvdispco322090.dll
2011-02-23 12:27 . 2011-01-29 08:09 837736 ----a-w- c:\windows\system32\nvgenco322040.dll
2011-02-23 12:27 . 2010-11-19 21:39 9888384 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
2011-02-23 12:27 . 2010-11-19 21:39 6398720 ----a-w- c:\windows\system32\nv4_disp.dll
2011-02-22 23:06 . 2010-11-19 19:23 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06 . 2010-11-19 19:23 43520 ------w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06 . 2010-11-19 19:23 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41 . 2010-11-19 19:23 385024 ------w- c:\windows\system32\html.iec
2011-02-17 13:18 . 2010-11-19 19:23 455936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-02-17 13:18 . 2010-11-19 19:23 357888 ----a-w- c:\windows\system32\drivers\srv.sys
2011-02-17 12:32 . 2010-11-28 11:00 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2011-02-15 12:56 . 2010-11-19 19:23 290432 ----a-w- c:\windows\system32\atmfd.dll
2011-02-09 13:53 . 2010-11-19 19:23 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2010-11-19 19:23 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-08 13:33 . 2010-11-19 19:23 978944 ----a-w- c:\windows\system32\mfc42.dll
2011-02-08 13:33 . 2010-11-19 19:23 974848 ----a-w- c:\windows\system32\mfc42u.dll
2011-02-02 07:58 . 2010-11-19 20:33 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2010-11-19 20:33 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2010-11-19 19:23 439296 ----a-w- c:\windows\system32\shimgvw.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RCUI"="c:\progra~1\RINGCE~1\EXTREM~1\RCUI.exe" [2010-10-19 500992]
"RCHotKey"="c:\progra~1\RINGCE~1\EXTREM~1\RCHotKey.exe" [2010-10-19 38144]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]
"MFPMonitor"="c:\windows\twain_32\DELL\MFP1125\Monitor\Stsmon.exe" [2007-08-08 2002944]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2011-02-15 86016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-09-16 1164584]
"Memeo AutoBackup"="c:\program files\Memeo\AutoBackup\MemeoLauncher2.exe" [2008-11-07 144608]
"Memeo AutoSync"="c:\program files\Memeo\AutoSync\MemeoLauncher2.exe" [2009-05-29 144608]
.
c:\documents and settings\Frank Swaney\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SUPERAntiSpyware"=c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe"
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\RingCentral\\eXtreme Fax\\RCUI.exe"=
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [4/16/2011 3:50 PM 64512]
R0 stmtpm;STM TPM Service;c:\windows\system32\drivers\stm_tpm.sys [11/19/2010 5:42 PM 21664]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/1/2011 3:22 AM 1753048]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackup\MemeoBackgroundService.exe [11/7/2008 3:38 PM 25824]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [1/29/2011 3:58 AM 100456]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [4/16/2011 3:46 PM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\drivers\ivusb.sys [7/29/2010 1:25 AM 25112]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [4/1/2011 3:22 AM 15232]
S3 NVIDIAHWAccess;NVIDIAHWAccess;\??\c:\documents and settings\Frank Swaney\Application Data\NVIDIA\HWAccess.sys --> c:\documents and settings\Frank Swaney\Application Data\NVIDIA\HWAccess.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-18 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-01 13:34]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 19:46]
.
2011-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-04-16 19:46]
.
.
------- Supplementary Scan -------
.
DPF: {01025D1C-BB03-4369-8344-732CD0DCCCF0} - hxxp://www.geforce.com/services_toolkit/ShimGen/1.1.28.1/GPU_Reader.cab
FF - ProfilePath - c:\documents and settings\Frank Swaney\Application Data\Mozilla\Firefox\Profiles\cs2y5f9v.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adobe DLM (powered by getPlus®): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-18 10:49
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(724)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\documents and settings\Frank Swaney\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Frank Swaney\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\documents and settings\Frank Swaney\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
.
Completion time: 2011-04-18 10:51:13
ComboFix-quarantined-files.txt 2011-04-18 14:51
.
Pre-Run: 38,860,791,808 bytes free
Post-Run: 39,420,428,288 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 43EA29243781020116910F1C0C020A50

#5 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 18 April 2011 - 11:11 AM

Let's follow up with a couple of scans for leftovers.

Step 1.
MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Step 2.
ESET Online Scanner:

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Step 3.
Things I would like to see in your reply:

  • The content of the log from MBAM in step 1.
  • The content of the log from EOS in step 2.
  • Information on how the computer is running after those steps.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#6 sweezy f baby

sweezy f baby
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 18 April 2011 - 12:29 PM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6390

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

4/18/2011 12:28:16 PM
mbam-log-2011-04-18 (12-28-16).txt

Scan type: Quick scan
Objects scanned: 152802
Time elapsed: 1 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=f2334a34afe44c4484bc2d420252e112
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-04-18 05:06:56
# local_time=2011-04-18 01:06:56 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=2817 16777215 100 100 0 5248789 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=48336
# found=4
# cleaned=4
# scan_time=1937
C:\Documents and Settings\Frank Swaney\Application Data\Sun\Java\Deployment\cache\6.0\12\3cc664c-590e70af Java/TrojanDownloader.OpenStream.NBS trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Documents and Settings\Frank Swaney\Application Data\Sun\Java\Deployment\cache\6.0\40\7bb34ee8-20df28fd a variant of Win32/Olmarik.ASN trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\imapi.sys.vir Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{5B682AE7-3785-49D0-935B-93D0B6A9CA89}\RP155\A0004868.sys Win32/Olmarik.ZC trojan (cleaned - quarantined) 00000000000000000000000000000000 C

#7 sweezy f baby

sweezy f baby
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 18 April 2011 - 12:48 PM

working like a charm. no hijack, speed normal.

#8 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 18 April 2011 - 01:03 PM

Let's wrap this up then.


Hey there, sweezy f baby !

OK! Well done, your log is clean again! :thumbsup:

Time for some housekeeping.

Step 1.
Clean up:

What we need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.

First:
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.
    Posted Image

Second:
  • Download OTC to your desktop and run it
  • Click Yes to beginning the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Now delete any tools/logs that is left over after you ran OTC.


Step 2.
Prevention:

OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.

First:
Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. NOT supported for use in 9x or ME

Upgrading Java :
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 24 .
  • Click the JDK 6 Update 24 (JDK or JRE) "Download JRE" button to the right.
  • Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation ( jre-6u24-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u24-windows-i586.exe and select "Run as an Administrator.")
[/list]

Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vulnerable. It is best if you have these set to download automatically.

Automatic Updates for Windows
  • Click Start.
  • Select Settings and then Control Panel.
  • Select Automatic Updates.
  • Click Automatic (recommended)
  • Choose a day and a time when you know the computer will be on and connected to the Internet.
  • Click Apply then OK.


Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.

Anti Spyware
  • SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
  • SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
.
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.


Fourth:
Next lets look at Firewalls. These help to prevent unauthorized access both to and from the Internet or your local network. A firewall is considered a first line of defense in protecting private information. Below are two free firewalls to choose from, if you do not already have one. Note: You only need one firewall one your system.

Personal Firewalls
Fifth:
On to personal Anti Virus programs.

One AV is a must have! But never more than one, as this can and will cause conflicts and false readings. I have listed three free AV's below which are as good as any paid subscription AV, as long as you allow them to update themselves.

Anti Virus Programs
Sixth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):

Instant Messengers
Lastly:
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.


I will keep this log open for the next couple of days, so if you have any further problems post another reply here.

OK, all the best, and stay safe!

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#9 sweezy f baby

sweezy f baby
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:07:52 PM

Posted 18 April 2011 - 01:29 PM

updated java and windows, ran cleanups.

for anti-spyware, i use ad-aware and spybot s&d ---good enough? i've always loved both programs

for AV-- i like clam AV, i'm a big open source supporter--- i am behind a router and use windows built in firewall (good enough?)

i use IM through my gmail....


i got infected because my roommate is a jackass and downloads music from several sources indescriminately. problem was PEBKAC. he has been banned from my desktop.

cpu-wsie, i'm better off than 90-95% of people out there, but i haven't ke[t up on malware removal because i haven't had a problem since my brother in law gunked up my old desktop in 2004.

i think I'm set, ;et me know if any of my choices are out-moded. i appreciate the help, and on payday, plan on throwin ya alittle donation...

thanks again!

#10 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 18 April 2011 - 01:54 PM

he has been banned from my desktop

Good call.

Being behind a router reliefs the strain on the firewall in the computer a bit. Which firewall to use is a matter of opinion. Depending on what settings you what to be able to do. If you are comfortable with the built in fw in winXP then use it.

Regarding security programs.
I haven't tried those myself, but they look OK. To compare products http://www.av-comparatives.org/en/comparativesreviews/detection-test is a good site.

I would suggest you keep MBAM updated and do a quick scan regularly.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image


#11 heir

heir

  • Malware Response Team
  • 763 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:52 AM

Posted 23 April 2011 - 02:04 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Please do not PM me asking for support. Post on the forums instead.
Please post the final results, good or bad. We like to know!
Posted Image
Unified Network of Instructors and Trained Eliminators
My help is always free, but if you want to donate to help me continue my fight against malware then click Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users