Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Virus Protection programs were WIPED OUT


  • This topic is locked This topic is locked
36 replies to this topic

#1 EILEENNOLA

EILEENNOLA

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:03:12 AM

Posted 05 October 2011 - 06:00 PM

I'm typing this on someone else's computer b/c I just wrote a LONG explanation of what is wrong and I lost it because it couldn't find the server. I am literally crying, I'm so frustrated.

In a nutshell, 5 days ago, I had Trend Micro and Superantispyware free edition. Like an idiot, I wasn't paying attention and opened an attachment from a colleague that had a HIGH SPAM warning. After that, both Trend Micro and Superantisypare were wiped out. (My Trend Micro subscription expired 2 days after this.) I uninstalled and reinstalled Superantispyware and the icon disappeared from my computer.

BC instructed me to run a Security Check and MiniToolBox and that's it. I could NOT download Malewarebytes' Anti-Malware and GMER.

I followed the instructions for posting a new thread and was able to back up with the Colbain(SP) and save the Attach.txt file and the DDS.txt file. But they're on my computer, not this one.

I can Google a little bit but mostly I get pop ups, redirected pages to ads and their links, or "congratulations, you've won...." message boxes.

Today, I couldn't get on bleepingcomputer.com. and I tried no less than 20 times. Every single time I hit the link, it would redirect me to an ad page, or it couldn't find the server, or it would load and load and nothing would happen. I tried every BP link, not just the official web site. In fact, when I used any type of computer jargon, like "virus, redirect, etc." it ALWAYS redirects me to an ad page.

This probably isn't correct procedure, but would someone please help me by reading the 1st post that I made in the other forum I was in and maybe that cal help you understand my problems? (As you can see, I had problems with the most basic instructions. I am a complete novice and only know about these programs and this computer jargon b/c I am reiterating it from BC experts.)

http://www.bleepingcomputer.com/forums/topic421150.html/page__st__15__gopid__2431004#entry2431004 Moderator note. Member received initial assistance at that topic and was referred to this forum. ~ OB


Thank you very much. I could just throw my computer across the room, I'm so frustrated and feel violated. 5 days ago this problem was just annoying but now it seems as this virus or whatever it is is taking over my computer. -eileen

Edited by Orange Blossom, 05 October 2011 - 10:23 PM.


BC AdBot (Login to Remove)

 


#2 EILEENNOLA

EILEENNOLA
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:03:12 AM

Posted 06 October 2011 - 12:47 PM

I am on my computer now. I am able to log on to BC sporadically. Sometimes I can't Google anything but then the virus subsides and I can.

Can anyone help me? Thanks, -eileen

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:12 AM

Posted 10 October 2011 - 06:05 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/422066 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,926 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 AM

Posted 11 October 2011 - 01:58 AM

Hi, if you still need help, please let me know if you can create the requested logs. If you cannot post them, use pastebin.com and post the link to the uploads.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 EILEENNOLA

EILEENNOLA
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:03:12 AM

Posted 11 October 2011 - 03:56 PM

Thanks, Elise but I cannot download anything! I read the Preparation Guide and disabled the CD Emulation (Defogger) successfully, which is the only thing I was able to do

I don't know if I have a 64 bit version of Windows, but I do see that I have "version 5.1, Service Pack 3, Windows 2007.)

GMER LOG:

When I click on the GMER Download Link 1, I don't see a "File Download" prompt. The GMER download stays in a box called "DOWNLOAD" I couldn't save it in that box, so I clicked on it and got a "SECURITY DOWNLOAD" box. When I hit "RUN", I let it scan by itself. When it stopped, I unchecked the boxes as instructed. An entire scan takes place and then the screen disappears. I even tried hitting the save button before the scan was completed but whatever I do, then scan disappears after it's completed.

How do I get to the "SAVE AS" box?



DDS TOOL DOWNLOAD LINK:

I tried to download DDS.Scr and SSD.pif and several times was redirected to a "Congratulations, you've won...." or a site that reads "DDS/Infospyware" that is in Spanish. When I am able to download using the link, it stays in the 'DOWNLOAD" box and no DDS.scr icon appears on my Desptop.


I apologize, but I've been trying for 2 hours to follow all instructions and I can't do this. I'm obviously a complete novice but I need some help. I've read the BC Preparation Guide as well as the Forum instructions and can't figure this out. When I tried to use Google to figure this out, I am almost always redirected to ad pages or "Congratulations, you won..." Thanks, -eileen


.

#6 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,926 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 AM

Posted 12 October 2011 - 12:50 AM

Can you right click the DDS download link and select "save link/target as..."? A box should then open promptin gyou to select the location where the file should be saved. Select your Desktop and click Save. Does this work?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#7 EILEENNOLA

EILEENNOLA
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:03:12 AM

Posted 12 October 2011 - 11:47 AM

Elise - I was able to do what you suggested and a "DDS" icon appeared on the screen.

When I clicked on the icon, it ran the logs but they weren't displayed in two Notepad windows. It opened in my Internet Explorer(?) - the logs are there, but I can't get them to open in a DDS.txt and Attach.txt Notepad windows.

(NOTE: Not sure if I'm using the correct technology ("Internet Explorer".) I have Firefox and what happens it that the logs immediately open. The tabs read: "file:///C:/Docu...1/Temp/dds.txt" and "file:///C:DOCU...Temp/attach.txt."

I tried to find them but I don't know how. I did try going into "My Computer" and looked in the "C:\temp" but there's nothing in there.

Can I copy and past the log? I'm such a novice, that I don't even know how to "zip" a file. I tried Googling it to learn but alas, I get redirected to computer ad pages. I am really trying to learn but if I Google a computer term, it almost always redirects to an ad page in re computers.

I'm typing fast and furious b/c I've lost posts before b/c the BC site timed out and the "server could not be found." (I am copying what I write this time, just in case I lose this post.) Thanks!! -eileen (New Orleans)

#8 EILEENNOLA

EILEENNOLA
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:03:12 AM

Posted 12 October 2011 - 12:36 PM

I looked everywhere. The tabs in Firefox (for dds.txt and attach.txt logs) are:

"file:///C:/DOCUME~1/OWNER~1.EIL/LOCALS~1/Temp/attach.txt; and

file:///C:/DOCUME~1?OWNER!1.EIL/LOCALS~1/Temp.dds.txt"

I looked everywhere - I even did a search for it. Sorry, this isn't easy for me. Thanks for your help. -eileen

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,926 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 AM

Posted 12 October 2011 - 12:52 PM

Can't you just copy/paste the text from your internet explorer window. :)

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 EILEENNOLA

EILEENNOLA
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:03:12 AM

Posted 12 October 2011 - 01:00 PM

Sorry, I thought that you guys hated copying and pasting. I can do that! Here's the dds.txt



DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22 Run by Owner at 12:56:21 on 2011-10-12 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.783 [GMT -5:00] . AV: Trend Micro Titanium Internet Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5} FW: Trend Micro Firewall Booster *Enabled* . ============== Running Processes =============== . C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\3820693409:1591231516.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\arservice.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe C:\WINDOWS\system32\lxeacoms.exe C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Intel\IntelDH\Intel® Quick Resume Technology Drivers\Elservice.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\ARPWRMSG.EXE C:\Program Files\Lexmark S300-S400 Series\lxeamon.exe C:\Program Files\Lexmark S300-S400 Series\ezprint.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Cobian Backup 8\Cobian.exe C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Cobian Backup 8\cbInterface.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\PCHEALTH\HELPCTR\Binaries\HelpCtr.exe C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://webmail.juno.com/ uInternet Settings,ProxyOverride = <local> uSearchURL,(Default) = hxxp://www.google.com/keyword/%s uURLSearchHooks: H - No File BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File TB: {5854FAC4-5BF0-47DD-B5A9-A5EA8CFF3CF4} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File uRun: [DW6] "c:\program files\the weather channel fw\desktop\DesktopWeather.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe" mRun: [lxeamon.exe] "c:\program files\lexmark s300-s400 series\lxeamon.exe" mRun: [EzPrint] "c:\program files\lexmark s300-s400 series\ezprint.exe" mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [Cobian Backup 8] "c:\program files\cobian backup 8\Cobian.exe" dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE LSP: mswsock.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab TCP: DhcpNameServer = 192.168.1.254 TCP: Interfaces\{1B38E5A5-256C-4C94-9BE8-798F2244880D} : DhcpNameServer = 192.168.1.254 Handler: junomsg - {C4D10830-379D-11d4-9B2D-00C04F1579A5} - c:\program files\juno\bin\jmsgpph.dll Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1081\TmIEPlg.dll SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\owner.eileen\application data\mozilla\firefox\profiles\a0c38fv9.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\nos\bin\np_gp.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.homepage.dontask - true . ============= SERVICES / DRIVERS =============== . R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?] R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [2011-5-23 193192] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2010-10-27 64080] R3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\drivers\A5AGU.sys [2005-7-25 348352] R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2010-11-9 341072] S2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2010-10-27 188272] S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] S3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\drivers\Athfmwdl.sys [2005-7-25 43392] . =============== Created Last 30 ================ . 2011-10-05 19:59:02 -------- d-----w- c:\program files\Cobian Backup 8 2011-10-04 16:36:48 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-10-04 16:31:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-10-04 14:32:11 7269712 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\updates\mpengine.dll 2011-09-29 15:29:13 177664 ----a-w- c:\documents and settings\owner.eileen\application data\microsoft\conhost.exe 2011-09-29 15:17:49 56200 ----a-w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{7672b0a6-10e5-4724-8fa4-deb7375ea6c2}\offreg.dll 2011-09-28 14:22:31 7269712 ------w- c:\documents and settings\all users\application data\microsoft\windows defender\definition updates\{7672b0a6-10e5-4724-8fa4-deb7375ea6c2}\mpengine.dll 2011-09-21 20:28:29 -------- d-----w- c:\program files\Zulu Gems 2011-09-15 16:04:31 5632 ----a-w- c:\windows\system32\ptpusb.dll 2011-09-15 16:04:21 159232 ----a-w- c:\windows\system32\ptpusd.dll . ==================== Find3M ==================== . 2011-09-09 09:12:13 599040 ----a-w- c:\windows\system32\crypt32.dll 2011-08-29 17:57:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-07-15 13:29:31 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys . ============= FINISH: 12:56:57.98 ===============

#11 EILEENNOLA

EILEENNOLA
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:03:12 AM

Posted 12 October 2011 - 01:02 PM

Here's the attach.txt. Both look very neat when I copied and pasted them but when I posed them, they look a mess. I don't know how you guys do this....Thanks again - eileen




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 4/14/2010 1:26:42 PM System Uptime: 10/12/2011 10:12:28 AM (2 hours ago) . Motherboard: Intel Corporation | | D945GCZ Processor: Intel® Pentium® D CPU 2.80GHz | J3E1 | 2799/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 228 GiB total, 171.981 GiB free. D: is FIXED (FAT32) - 5 GiB total, 2.114 GiB free. E: is CDROM () F: is Removable G: is Removable H: is Removable I: is Removable J: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP410: 7/14/2011 12:00:23 PM - Software Distribution Service 3.0 RP411: 7/14/2011 12:17:17 PM - Software Distribution Service 3.0 RP412: 7/15/2011 9:37:05 AM - Software Distribution Service 3.0 RP413: 7/15/2011 12:00:34 PM - Software Distribution Service 3.0 RP414: 7/15/2011 3:52:59 PM - Software Distribution Service 3.0 RP415: 7/18/2011 9:36:11 AM - System Checkpoint RP416: 7/18/2011 12:00:17 PM - Software Distribution Service 3.0 RP417: 7/19/2011 2:03:03 AM - Software Distribution Service 3.0 RP418: 7/19/2011 12:00:18 PM - Software Distribution Service 3.0 RP419: 7/19/2011 4:55:13 PM - Software Distribution Service 3.0 RP420: 7/20/2011 11:54:56 AM - Software Distribution Service 3.0 RP421: 7/21/2011 12:00:18 PM - Software Distribution Service 3.0 RP422: 7/21/2011 3:54:40 PM - Software Distribution Service 3.0 RP423: 7/22/2011 9:29:09 AM - Software Distribution Service 3.0 RP424: 7/22/2011 12:00:16 PM - Software Distribution Service 3.0 RP425: 7/22/2011 5:13:22 PM - Software Distribution Service 3.0 RP426: 7/25/2011 12:00:29 PM - Software Distribution Service 3.0 RP427: 7/25/2011 5:19:46 PM - Software Distribution Service 3.0 RP428: 7/26/2011 9:21:55 AM - Software Distribution Service 3.0 RP429: 7/26/2011 12:00:16 PM - Software Distribution Service 3.0 RP430: 7/27/2011 12:00:18 PM - Software Distribution Service 3.0 RP431: 7/27/2011 4:21:37 PM - Software Distribution Service 3.0 RP432: 7/28/2011 12:00:25 PM - Software Distribution Service 3.0 RP433: 7/28/2011 5:20:49 PM - Software Distribution Service 3.0 RP434: 7/29/2011 9:35:32 AM - Software Distribution Service 3.0 RP435: 7/29/2011 12:00:17 PM - Software Distribution Service 3.0 RP436: 7/29/2011 3:06:21 PM - Software Distribution Service 3.0 RP437: 8/1/2011 10:19:23 AM - System Checkpoint RP438: 8/1/2011 12:00:19 PM - Software Distribution Service 3.0 RP439: 8/1/2011 1:24:18 PM - Software Distribution Service 3.0 RP440: 8/2/2011 8:26:26 AM - Software Distribution Service 3.0 RP441: 8/2/2011 12:00:16 PM - Software Distribution Service 3.0 RP442: 8/2/2011 5:32:50 PM - Software Distribution Service 3.0 RP443: 8/3/2011 12:00:17 PM - Software Distribution Service 3.0 RP444: 8/3/2011 1:33:05 PM - Software Distribution Service 3.0 RP445: 8/4/2011 12:00:17 PM - Software Distribution Service 3.0 RP446: 8/4/2011 12:02:29 PM - Software Distribution Service 3.0 RP447: 8/5/2011 2:18:02 AM - Software Distribution Service 3.0 RP448: 8/5/2011 12:00:17 PM - Software Distribution Service 3.0 RP449: 8/5/2011 1:55:00 PM - Software Distribution Service 3.0 RP450: 8/8/2011 12:00:17 PM - Software Distribution Service 3.0 RP451: 8/8/2011 3:39:38 PM - Software Distribution Service 3.0 RP452: 8/9/2011 9:05:41 AM - Software Distribution Service 3.0 RP453: 8/9/2011 12:00:18 PM - Software Distribution Service 3.0 RP454: 8/10/2011 4:02:14 PM - System Checkpoint RP455: 8/11/2011 12:00:18 PM - Software Distribution Service 3.0 RP456: 8/11/2011 12:13:04 PM - Software Distribution Service 3.0 RP457: 8/12/2011 9:10:24 AM - Software Distribution Service 3.0 RP458: 8/12/2011 12:00:16 PM - Software Distribution Service 3.0 RP459: 8/12/2011 2:29:19 PM - Software Distribution Service 3.0 RP460: 8/15/2011 10:24:19 AM - System Checkpoint RP461: 8/15/2011 12:00:16 PM - Software Distribution Service 3.0 RP462: 8/16/2011 2:15:09 AM - Software Distribution Service 3.0 RP463: 8/16/2011 12:00:17 PM - Software Distribution Service 3.0 RP464: 8/16/2011 4:24:58 PM - Removed Bonjour RP465: 8/16/2011 4:30:17 PM - Removed Picture Package Music Transfer RP466: 8/16/2011 4:33:00 PM - Removed InstallIQ Updater RP467: 8/16/2011 4:36:38 PM - Software Distribution Service 3.0 RP468: 8/17/2011 1:46:30 AM - Software Distribution Service 3.0 RP469: 8/17/2011 12:00:20 PM - Software Distribution Service 3.0 RP470: 8/17/2011 4:26:33 PM - Installed Adobe Acrobat 6.0 Professional - English, Français, Deutsch RP471: 8/18/2011 12:00:17 PM - Software Distribution Service 3.0 RP472: 8/19/2011 2:26:55 AM - Software Distribution Service 3.0 RP473: 8/19/2011 10:39:50 AM - Removed Adobe Acrobat 6.0 Professional - English, Français, Deutsch RP474: 8/19/2011 12:00:17 PM - Software Distribution Service 3.0 RP475: 8/19/2011 1:15:49 PM - Software Distribution Service 3.0 RP476: 8/22/2011 10:35:04 AM - System Checkpoint RP477: 8/22/2011 12:00:16 PM - Software Distribution Service 3.0 RP478: 8/22/2011 1:07:47 PM - Software Distribution Service 3.0 RP479: 8/23/2011 9:02:39 AM - Software Distribution Service 3.0 RP480: 8/23/2011 12:00:18 PM - Software Distribution Service 3.0 RP481: 8/24/2011 12:00:18 PM - Software Distribution Service 3.0 RP482: 8/24/2011 4:23:18 PM - Software Distribution Service 3.0 RP483: 8/25/2011 12:00:17 PM - Software Distribution Service 3.0 RP484: 8/25/2011 2:49:24 PM - Software Distribution Service 3.0 RP485: 8/26/2011 9:46:21 AM - Software Distribution Service 3.0 RP486: 8/26/2011 12:00:16 PM - Software Distribution Service 3.0 RP487: 8/26/2011 5:01:07 PM - Software Distribution Service 3.0 RP488: 8/29/2011 12:00:18 PM - Software Distribution Service 3.0 RP489: 8/29/2011 2:12:47 PM - Installed Windows Media Player 10 RP490: 8/29/2011 2:17:40 PM - Software Distribution Service 3.0 RP491: 8/30/2011 1:51:59 AM - Software Distribution Service 3.0 RP492: 8/30/2011 12:00:17 PM - Software Distribution Service 3.0 RP493: 8/30/2011 12:21:10 PM - Software Distribution Service 3.0 RP494: 8/31/2011 12:00:17 PM - Software Distribution Service 3.0 RP495: 8/31/2011 4:17:45 PM - Software Distribution Service 3.0 RP496: 9/1/2011 12:00:15 PM - Software Distribution Service 3.0 RP497: 9/2/2011 1:53:15 AM - Software Distribution Service 3.0 RP498: 9/2/2011 9:20:40 AM - Software Distribution Service 3.0 RP499: 9/2/2011 12:00:28 PM - Software Distribution Service 3.0 RP500: 9/6/2011 9:19:06 AM - Software Distribution Service 3.0 RP501: 9/6/2011 9:21:49 AM - Software Distribution Service 3.0 RP502: 9/6/2011 12:00:16 PM - Software Distribution Service 3.0 RP503: 9/7/2011 12:00:17 PM - Software Distribution Service 3.0 RP504: 9/7/2011 4:54:11 PM - Software Distribution Service 3.0 RP505: 9/8/2011 12:00:17 PM - Software Distribution Service 3.0 RP506: 9/8/2011 3:26:20 PM - Software Distribution Service 3.0 RP507: 9/14/2011 9:35:49 AM - Software Distribution Service 3.0 RP508: 9/15/2011 12:06:18 PM - Software Distribution Service 3.0 RP509: 9/15/2011 12:40:23 PM - Software Distribution Service 3.0 RP510: 9/19/2011 9:31:44 AM - Software Distribution Service 3.0 RP511: 9/19/2011 12:00:16 PM - Software Distribution Service 3.0 RP512: 9/19/2011 5:03:49 PM - Software Distribution Service 3.0 RP513: 9/20/2011 9:28:01 AM - Software Distribution Service 3.0 RP514: 9/20/2011 12:00:16 PM - Software Distribution Service 3.0 RP515: 9/20/2011 2:02:44 PM - Software Distribution Service 3.0 RP516: 9/21/2011 12:00:17 PM - Software Distribution Service 3.0 RP517: 9/22/2011 12:00:17 PM - Software Distribution Service 3.0 RP518: 9/22/2011 3:54:36 PM - Software Distribution Service 3.0 RP519: 9/23/2011 9:16:46 AM - Software Distribution Service 3.0 RP520: 9/23/2011 12:00:22 PM - Software Distribution Service 3.0 RP521: 9/23/2011 2:57:49 PM - Software Distribution Service 3.0 RP522: 9/26/2011 12:00:23 PM - Software Distribution Service 3.0 RP523: 9/26/2011 5:51:06 PM - Software Distribution Service 3.0 RP524: 9/27/2011 3:01:41 PM - Software Distribution Service 3.0 RP525: 9/28/2011 9:22:25 AM - Software Distribution Service 3.0 RP526: 9/28/2011 12:00:16 PM - Software Distribution Service 3.0 RP527: 9/28/2011 4:19:21 PM - Software Distribution Service 3.0 RP528: 9/29/2011 1:36:51 PM - Software Distribution Service 3.0 RP529: 9/29/2011 1:48:12 PM - Software Distribution Service 3.0 RP530: 9/30/2011 8:55:41 AM - Software Distribution Service 3.0 RP531: 10/3/2011 9:27:38 AM - Software Distribution Service 3.0 RP532: 10/3/2011 12:00:15 PM - Software Distribution Service 3.0 RP533: 10/4/2011 9:32:05 AM - Software Distribution Service 3.0 RP534: 10/4/2011 10:57:27 AM - Software Distribution Service 3.0 RP535: 10/4/2011 12:00:18 PM - Software Distribution Service 3.0 RP536: 10/4/2011 5:42:48 PM - Software Distribution Service 3.0 RP537: 10/5/2011 9:25:24 AM - Software Distribution Service 3.0 RP538: 10/5/2011 12:00:18 PM - Software Distribution Service 3.0 RP539: 10/6/2011 9:14:00 AM - Software Distribution Service 3.0 RP540: 10/6/2011 3:00:16 PM - Software Distribution Service 3.0 RP541: 10/7/2011 9:27:57 AM - Software Distribution Service 3.0 RP542: 10/7/2011 12:43:49 PM - Software Distribution Service 3.0 RP543: 10/7/2011 2:20:01 PM - Software Distribution Service 3.0 RP544: 10/10/2011 9:19:24 AM - Software Distribution Service 3.0 RP545: 10/10/2011 12:00:17 PM - Software Distribution Service 3.0 RP546: 10/11/2011 9:22:55 AM - Software Distribution Service 3.0 RP547: 10/11/2011 1:16:04 PM - Software Distribution Service 3.0 . ==== Installed Programs ====================== . Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Reader 9.4.0 ANIO Service ANIWZCS2 Service Apple Application Support Apple Mobile Device Support Apple Software Update Browser Address Error Redirector CCleaner Cobian Backup 8 Compatibility Pack for the 2007 Office system Digital Media Reader DivX Setup DVD Solution Google Toolbar for Internet Explorer gtw_logo Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB942288-v3) Hotfix for Windows XP (KB954550-v5) Intel® Graphics Media Accelerator Driver Intel® Matrix Storage Manager Intel® PRO Network Connections Drivers Intel® Quick Resume Technology Drivers Itibiti RTC iTunes Java Auto Updater Java™ 6 Update 22 Juno Lexmark S300-S400 Series Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Automated Troubleshooting Services Shim Microsoft Away Mode Microsoft Digital Image Library 9 - Blocker Microsoft Digital Image Starter Edition 2006 Microsoft Digital Image Starter Edition 2006 Editor Microsoft Digital Image Starter Edition 2006 Library Microsoft Office XP Professional with FrontPage Microsoft Publisher 2002 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Miro ML-1200 Series Mozilla Firefox 6.0.2 (x86 en-US) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 6 Service Pack 2 (KB973686) Napster Burn Engine Nero 6 Ultra Edition Power2Go 4.0 PowerDVD QuickTime RangeBooster G WUA-2340 RealPlayer Basic Recovery Software Suite Gateway Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB898458) Security Update for Windows Internet Explorer 8 (KB2183461) Security Update for Windows Internet Explorer 8 (KB2360131) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2559049) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB911564) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB923789) SigmaTel Audio Skype™ 4.2 Soft Data Fax Modem with SmartCP Sonic Encoders Sony Picture Utility The Weather Channel Desktop 6 Trend Micro Titanium Internet Security Trend Micro™ Titanium™ Internet Security Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Windows Internet Explorer 8 (KB976662) Update for Windows Internet Explorer 8 (KB980182) Update for Windows Internet Explorer 8 (KB980302) Update for Windows XP (KB2467659) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676) Update for Windows XP (KB971029) VC80CRTRedist - 8.0.50727.6195 WebFldrs XP Windows Defender Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Internet Explorer 8 Windows Live ID Sign-in Assistant Windows Media Format Runtime Windows Media Player Firefox Plugin Windows XP Media Center Edition 2005 KB2502898 Windows XP Service Pack 3 Zulu Gems en Español . ==== Event Viewer Messages From Past Week ======== . 10/7/2011 9:28:39 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.113.1136.0). 10/7/2011 12:42:34 PM, error: Service Control Manager [7023] - The Network Location Awareness (NLA) service terminated with the following error: The specified procedure could not be found. 10/7/2011 12:42:26 PM, error: Service Control Manager [7000] - The Windows Defender service failed to start due to the following error: Access is denied. 10/7/2011 12:42:26 PM, error: Service Control Manager [7000] - The Trend Micro Solution Platform service failed to start due to the following error: Access is denied. 10/6/2011 9:14:21 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.113.874.0). 10/6/2011 3:01:25 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2416447). 10/5/2011 4:16:05 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service. 10/11/2011 9:23:29 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Windows Defender - KB915597 (Definition 1.113.1394.0). . ==== End Of File ===========================

#12 EILEENNOLA

EILEENNOLA
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:03:12 AM

Posted 12 October 2011 - 01:08 PM

P.S. My Trend Micro subscription ended 2 days after I opened the spam and my computer became infected. After I opened the infected attachment, I immediately tried to run SuperAntiSpyware (free edition) and it disappeared. I tried to download it again but I cannot download 1 virus/spyware, etc. program off of the Internet. I tried to download Hijackthis and couldn't do it.

I have a hard time getting on BC b/c my pages almost always redirect to ads. If I use my bookmarked BC, it goes through but not always.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,926 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 AM

Posted 12 October 2011 - 01:26 PM

That is not the most pleasant format to read a log, but it shows what I need to know for now. :)
Unfortunately you have a nasty rootkit infection.

BACKDOOR WARNING
------------------------------
One or more of the identified infections is known to use a backdoor.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would advice you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you decide to go through with the cleanup, please proceed with the following steps.


COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 EILEENNOLA

EILEENNOLA
  • Topic Starter

  • Members
  • 139 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:New Orleans, LA
  • Local time:03:12 AM

Posted 14 October 2011 - 01:29 PM

Elise - I panicked when I read what you wrote about my rootkit infection so I immediately went off-line and to a safe computer and changed all of my passwords. Just to be safe, I had my credit/debit cards reissued and warned my bank to note any suspicious activity.

The tech guy said the same that that you wrote: he could just clean it but something could remain completely hidden and that it was best to reformat. So he took my tower yesterday Posted Image


I researched rootkit infections and thought that I had a Level One infection and the he agreed with me. But he said that I could never be sure that my computer was 100% clean and suggested that he reformatted it. I will NEVER hit an attachment without first reading the "Re" very well. I was sloppy b/c this virus came from a colleague who was sending me something work-related that I was expecting. I just looked at her name and didn't pay attention to the "re" and clicked on the attachment.
Thank you so very much for your help and everyone here at BC. You guys have helped me in the past and I really appreciate it.
Have a nice weekend! -eileen

P.S. I noticed that you're in Romania. My sister worked as a professor at the college in Iasi but then got a different job in Bucharest. She speaks 3 languages but had a very hard time learning Romanian. It is a beautiful language - to me it sounded like Italian and French but I only speak English, so I'm no expert. I went to Bucharest to visit her and loved it. To date, it is one one the farthest place that I've traveled. I think that Argentina run a close second, but Romania was the longest trek I've flown. It took almost 24 hours and 4 planes to get there from New Orleans, Louisiana!

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,926 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:11:12 AM

Posted 14 October 2011 - 01:47 PM

The tech guy said the same that that you wrote: he could just clean it but something could remain completely hidden and that it was best to reformat. So he took my tower yesterday

This is not true; the infection can be completely cleaned, however due to the nature of the infection (the backdoor capability), a security vulnerability remains in your Windows installation, which may or may not be exploited in the future. For that reason a reformat/reinstall is recommended.

P.S. I noticed that you're in Romania. My sister worked as a professor at the college in Iasi but then got a different job in Bucharest. She speaks 3 languages but had a very hard time learning Romanian. It is a beautiful language - to me it sounded like Italian and French but I only speak English, so I'm no expert.

Its funny, because Romanian is my second language (English my third in fact :wink:). I'm not a romanian citizen, but it is indeed a beautiful country.

Please read these advices, in order to prevent reinfecting your PC:
  • Install and update the following programs regularly:
    • an outbound firewall. If you are connected to the internet through a router, you are already behind a hardware firewall and as such you do not need an extra software firewall.
      A comprehensive tutorial and a list of possible firewalls can be found here.
    • an AntiVirus Software
      It is imperative that you update your AntiVirus Software on regular basis.If you do not update your AntiVirus Software then it will not be able to catch the latest threats.
    • an Anti-Spyware program
      Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
      SUPERAntiSpyware is another good scanner with high detection and removal rates.
      Both programs are free for non commercial home use but provide a resident and do not nag if you purchase the paid versions.
    • Spyware Blaster
      A tutorial for Spywareblaster can be found here. If you wish, the commercial version provides automatic updating.
  • Keep Windows (and your other Microsoft software) up to date!
    I cannot stress how important this is enough. Often holes are found in Internet Explorer or Windows itself that require patching. Sometimes these holes will allow an attacker unrestricted access to your computer.
    Therefore, please, visit the Microsoft Update Website and follow the on screen instructions to setup Microsoft Update. Also follow the instructions to update your system. Please REBOOT and repeat this process until there are no more updates to install!!
  • Keep your other software up to date as well
    Software does not need to be made by Microsoft to be insecure. You can use the Secunia Online Software occasionally to help you check for out of date software on yourmachine.
  • Stay up to date!
    The MOST IMPORTANT part of any security setup is keeping the software up to date. Malware writers release new variants every single day. If your software updates don't keep up, then the malware will always be one step ahead. Not a good thing.
Some more links you might find of interest:
Please reply to this topic if you have read the above information. If your computer is working fine, this topic will be closed afterwards.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users