Nicely done !
I have some final words for you.All Clean
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean STEP 1 UPDATING TASKS
Your Adobe Reader
is out of date
Older versions may have vulnerabilities that malware can use to infect your system.Adobe tops Kaspersky Lab's list for top ten PC vulnerabilities...read the following article:http://www.zdnet.com/blog/btl/adobe-tops-kaspersky-labs-list-for-top-ten-pc-vulnerabilities/49093?tag=mantle_skin%3Bcontent
Please download Adobe Reader X
to your PC's desktop.
* Uninstall Adobe Reader 7.0.8
=> Control Panel
> Add/Remove Programs
* Install the new downloaded updated software.
Note: Note that the McAfee Security scan is prechecked. You may wish to uncheck it before downloading.
Note: Adobe Reader X
is a large program and if you prefer a smaller program you can get Foxit Reader 4 x
instead.Foxit Reader 4x
offer 5 levels of security
. Click Me for more information
When installing FoxitReader, be carefull not to install anything to do with AskBar.Upgrading Java
is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java
components and upgrade the application. NOT supported for use in 9x or MEUpgrading Java
Visit Microsoft's Windows Update Site Frequently
- Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 25 .
- Click the JDK 6 Update 25 (JDK or JRE) "Download JRE" button to the right.
- Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
- Click on Continue.
- Click on the link to download Windows Offline Installation ( jre-6u25-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
- Close any programs you may have running - especially your web browser.
- Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java. (Java™ 6 Update 24 and J2SE Runtime Environment 5.0 Update 6)
- Check any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button.
- Repeat as many times as necessary to remove each Java version.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u25-windows-i586.exe and select "Run as an Administrator.")
It is important that you visit Windows Update
This will ensure your computer has always the latest security updates available installed on your computer.
If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
You can check these by scanning with Secunia Software Inspector
.STEP 2 CLEANUP1. Uninstall Combofix
2. To remove all of the tools we used and the files and folders they created, please do the following:
- The following will implement some cleanup procedures as well as reset System Restore points:
- Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
- ComboFix /Uninstall
on your desktop.
In the upper right click CleanUp
This will delete OTL
and will clean up after it.Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually. 3. Clean the java cache:
To Clear the Java Runtime Environment (JRE) cache
, do this:
- Click Start > Settings > Control Panel.
- Double-click the Java icon.
-The Java Control Panel appears.
- Click "Settings" under Temporary Internet Files.
-The Temporary Files Settings dialog box appears.
- Click "Delete Files".
-The Delete Temporary Files dialog box appears.
-There are three options on this window to clear the cache.
- Delete Files
- View Applications
- View Applets
- Click "OK" on Delete Temporary Files window.
-Note: This deletes all the Downloaded Applications and Applets from the cache.
- Click "OK" on Temporary Files Settings window.
- Close the Java Control Panel.
You can also view these instructions along with screenshots here
.STEP 3 SECURITY ADVICESChange all your passwords !
Since your computer was infected with a MBR rootkit
for peace of mind, I would however advise you that all your passwords be changed immediately !! (just in case).Keep your antivirus software turned on and up-to-date
Practice Safe Internet
- Make sure your antivirus software is turned on and up-to-date.
- New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
- You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
- You should scan your computer with an AntiSpyware program (Malwarebytes' Anti-Malware) on a regular basis just as you would an antivirus software. Be sure to check for and download any definition updates prior to performing a scan.
One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will. Below are a list of simple precautions to take to keep your computer clean and running securely:
Don't use pirated software !!!
- If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
- If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
- If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
- If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
Foistware, And how to avoid it.
There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. For a list of these types of programs we recommend you visit this link: Rogue/Suspect Anti-Spyware Products & Web Sites
- Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you. We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake.
- Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
- When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
- Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
- Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site.
- DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications.
Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems.
So my advice is - stay away from them!Create an image of your system
It is always a good idea to do a backup of all important files just in case something happens it.
Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
The download link is here => http://www.macrium.com/reflectfree.asp
The tutorials can be found here => http://www.macrium.com/tutorial.asp
Be sure to read the tutorial first. Follow this list and your potential for being infected again will reduce dramatically.STEP 4 IMPROVE YOUR PC PERFORMANCEUse Disk Cleanup to delete files you no longer need and reclaim storage space on your computer.
Open Disk Cleanup by clicking the Start
button, clicking All Programs
, clicking Accessories
, clicking System Tools
, and then clicking Disk Cleanup
If the Disk Cleanup: Drive Selection
dialog box appears, select the hard disk drive that you want to clean up, and then click OK
Click the Disk Cleanup
tab, and then select the check boxes for the files you want to delete.
When you finish selecting the files you want to delete, click OK
, and then click Delete files
to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.
[color="#FF0000"]You can use Disk Defragmenter to rearrange files and unused space on your hard disk so that programs run faster
Please Open Disk Defragmenter
by clicking the Start
button, clicking All Programs
, clicking Accessories
, clicking System Tools
, and then clicking Disk Defragmenter
Select the drive you want to Defragment
(the drive where Windows is installed
Click Defragment Now
.Use MSConfig to disable any processes that you do not want running in the background of the computer.
Please type msconfig
in the start menu, then hit enter
Go to the startup
tab and then uncheck any programs that you don't need to load with Windows.
Click the "Apply
" button and click "OK
" to close the MSCONFIG window.
Restart your computer to save the changes you made to the Startup. You might have a popup window when you log on. This is typical. Just click ok. You can also make the popup window not come up anymore by checking the box there.
The programs you removed will no longer automatically launch once Windows starts up.
Safe Surfing !
Edited by B-boy/StyLe/, 01 June 2011 - 09:01 PM.