Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ransomware infection attack


  • This topic is locked This topic is locked
14 replies to this topic

#1 helly31337

helly31337

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 30 January 2013 - 08:42 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 6.0.2900.2180
Run by Ridwan at 17:36:06 on 2013-01-30
#Option MBR scan is disabled.
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.997.650 [GMT 4:00]
.
AV: ESET NOD32 Antivirus 6.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ================
.
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\AMT\atchk.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\ridwan\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: Interfaces\{A6FB910D-3409-4890-8F29-A06F8B6E219A} : NameServer = 213.42.20.20
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: igfxcui - igfxdev.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2012-6-14 121216]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2012-6-14 104736]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2012-6-14 1288104]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2013-1-26 2519040]
.
=============== Created Last 30 ================
.
2013-01-28 15:05:20 -------- d-----w- c:\documents and settings\ridwan\local settings\application data\ESET
2013-01-28 14:38:43 -------- d-----w- c:\program files\ESET
2013-01-28 14:35:41 -------- d-----w- C:\New Folder
2013-01-28 14:34:43 267032 ----a-w- C:\te94decrypt.exe
2013-01-28 06:35:53 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2013-01-28 06:35:53 21504 ----a-w- c:\windows\system32\hidserv.dll
2013-01-28 04:21:07 -------- d-----w- c:\windows\system32\LogFiles
2013-01-27 06:06:31 26496 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2013-01-27 05:07:45 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2013-01-27 05:07:45 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
.
==================== Find3M ====================
.
.
============= FINISH: 17:36:30.28 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:06 PM

Posted 03 February 2013 - 03:42 PM

Hello and welcome to BleepingComputer. I am The Dark Knight and will be assisting you. Please ask questions if anything is unclear. :welcome:

Please download to the Desktop RogueKiller (by tigzy).
  • Please quit all programs.
  • Start RogueKiller.exe.
  • Wait until Prescan has finished.
  • Click on Scan.
  • Click on Report and copy/paste the contents of the report in your next reply.

=====

Also, please download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.txt and Extras.txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

=====

In your reply please provide the contents of the following (you will need to use multiple posts and please make sure you don't cut off the bottom):
  • RogueKiller log.
  • OTL.txt.
  • Extras.txt.
How is the computer running?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#3 helly31337

helly31337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 04 February 2013 - 08:37 AM

hello sir , ive attached all the logs that you told me ..to post it ..

the only problem about my system is my files ..tht are all currpted ..i can format the computer..but my data will be vanished..the files name has been change to
orginal name of the file :
Copy of Weekly report.doc

changes to :

Copy of Weekly report.doc.DONATEAFRICA@YEAH.NET_SOS1285

im really worried , and even waited for my turn ;(

i hope ill get my files back to normal..

let me know if ive done all the procedure very well..

thanks for ur support :)

God Bless you.

Attached Files



#4 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:06 PM

Posted 04 February 2013 - 03:45 PM

Good morning helly31337,

Please post the contents of the logs, as malware writers would like nothing more than to infect the computers of helpers, such as myself. Thanks!

=====


  • Please re-run RogueKiller.
  • Click on the Delete button.
  • The report has been created on the Desktop. Please post it in your reply.

=====

Please follow these instructions to run ComboFix.exe. Please visit this webpage for download links and instructions for running this tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix (CF).

Please go here to see a list of programs that need to be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall.**

**Note 2: If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.**

Please include the C:\ComboFix.txt in your next reply for further review.

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#5 helly31337

helly31337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 05 February 2013 - 04:34 AM

RogueKiller V8.4.4 [Feb 4 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User : Ridwan [Admin rights]
Mode : Scan -- Date : 02/05/2013 13:34:13
| ARK || MBR |

Bad processes : 0

Registry Entries : 0

Particular Files / Folders:

Driver : [LOADED]

HOSTS File:
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


MBR Check:

+++++ PhysicalDrive0: ST3250310AS +++++
--- User ---
[MBR] 47cf4398c0e416d59fc4608b30328384
[BSP] f5ed90ef840251456f486cb712178700 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 40570 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 83088180 | Size: 197839 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD1600AVVS-73L2B0 +++++
--- User ---
[MBR] fd52e7f6bf6d75b6b28e4830163acd4a
[BSP] 6e5adc92767decf569fa550c8f44ecf6 : Windows XP MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 152625 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02052013_02d1334.txt >>
RKreport[1]_S_02052013_02d1334.txt

#6 helly31337

helly31337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 05 February 2013 - 04:35 AM

ComboFix 13-02-03.03 - Ridwan 02/05/2013 13:38:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.997.513 [GMT 4:00]
Running from: c:\documents and settings\Ridwan\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system\WINSPOOL.DRV
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\system volume information\_restore{F86BEFDF-97EC-4328-9EE4-C43E49EA928F}\RP17\A0001637.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-01-05 to 2013-02-05 )))))))))))))))))))))))))))))))
.
.
2013-01-28 14:35 . 2013-01-28 14:35 -------- d-----w- C:\New Folder
2013-01-28 14:34 . 2013-01-28 13:36 267032 ----a-w- C:\te94decrypt.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"atchk"="c:\program files\Intel\AMT\atchk.exe" [2009-12-01 401408]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-06-22 1044480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-08-18 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-18 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-18 141848]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-06-14 4431664]
.
c:\documents and settings\Ridwan\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2013-1-26 50688]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [6/14/2012 4:33 PM 121216]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [6/14/2012 4:34 PM 104736]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [6/14/2012 4:33 PM 1288104]
R2 UNS;Intel® Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [1/26/2013 4:19 PM 2519040]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-04 13:33 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-26 12:28]
.
2013-02-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-26 12:28]
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 213.42.20.20 195.229.241.222
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-05 13:42
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\AMT\atchksrv.exe
c:\program files\Intel\AMT\LMS.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-02-05 13:43:59 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-05 09:43
.
Pre-Run: 35,969,572,864 bytes free
Post-Run: 35,969,581,056 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - E5A0F52B0B998ACD921C471CEBE1AA05

Edited by helly31337, 05 February 2013 - 04:46 AM.


#7 helly31337

helly31337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 05 February 2013 - 04:48 AM

well ,brother as i can see there is no malware or virus on the computer ..its already been removed (maybe)

the problems with the files tht for im looking help...

please advice me to fix my files...rather then searching for malware or virus...im sorry but my whole assigment is stuck
i will be failed in my university and ill loose semister fees.

kindly help sorry if you dont like anything what ive said...


take care of ur self

God Bless you

#8 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:06 PM

Posted 05 February 2013 - 05:07 AM

Good evening helly31337. :)

So all your files are missing?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#9 helly31337

helly31337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 05 February 2013 - 08:16 AM

no my files are there with the same size , but all of them got renamed

each file end is .DONATEAFRICA@YEAH ..


i cannot view them..seems currupt or encrypt

please help me out.

#10 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:06 PM

Posted 05 February 2013 - 03:44 PM

Good morning helly31337,

Your files have been encrypted it would seem by the infection.

Please try the tool designed by Panda to fight this type of infection:

http://www.pandasecurity.com/australia/homeusers/support/card?id=1675

Did that help?

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#11 helly31337

helly31337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 06 February 2013 - 01:43 AM

Hello,


no sir its not decrypting the files , not even on advanced mode :(

please guide me to solve my problem...

thanks in advance...

taka care

#12 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:06 PM

Posted 06 February 2013 - 01:56 AM

Good evening helly31337,

You may have a new variant. It is seems very unlikely we are going to be able to fix the issue.

However, please give this tool a run:

http://tmp.emsisoft.com/fw/decrypt_SetSysLog32.zip

If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#13 helly31337

helly31337
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 10 February 2013 - 04:46 AM

hello,

 

i tried alot with all you said...

 

 

there is no way i believe now :((

 

thanks for help anways!



#14 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:06 PM

Posted 10 February 2013 - 05:16 AM

Hey helly31337,

 

My apologies. You got hit with a very nasty form of this infection.

 

Please consider using these ideas to help secure your computer.  While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection.  While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future.   :thumbup:


IMPORTANT: Please enable Automatic Updates under Start > Control Panel > Automatic Updates to ensure your Windows updates regularly. This is extremely important in ensuring you remain protected against vulnerabilities and infections. This is a crucial security measure.


As a minimum, you need at least an antivirus, firewall and some type of anti-spyware program.

Please consider installing and running the following program (there is a free version available):

SpywareBlaster
A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.


Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.  A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection.  However, it is important to run only one resident program of each type since they can conflict and become less effective.  That means only one antivirus, firewall and scanning anti-spyware program at a time.  Passive protectors, like SpywareBlaster, can be run with any of them.  

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs.  If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately.  It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information.  Ask in a security forum that you trust if you are not sure.  If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware."  Scareware programs are active infections that will pop-up on your computer and tell you that you are infected.  If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed.  It tells you to click and install it right away.  If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further.  Keeping protection updated and running resident protection can help prevent these infections.  If it happens anyway, get offline as quickly as you can.  Pull the internet connection cable or shut down the computer if you have to.  Contact someone to help by using another computer if possible.  These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.


Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative.  In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and Add-ons, like Adblock Plus and NoScript, can make it even more secure. To avoid dangerous sites Web of Trust or McAfee SiteAdvisor can be installed. Google Chrome or Opera are other good options.

Two useful programs for keeping your programs up-to-date are FileHippo or Secunia PSI. Running one of these regularly will help you obtain the latest program updates.

Please also read Tony Klein's excellent article: How did I get infected in the first place.

Hopefully these steps will help to keep you error free.  If you run into more difficulty, we will certainly do what we can to help.  :)


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image


#15 The Dark Knight

The Dark Knight

    The Magician


  • Security Colleague
  • 661 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Krypton
  • Local time:06:06 PM

Posted 10 February 2013 - 03:44 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.


If you make yourself more than just a man, if you devote yourself to an ideal...you become something else entirely. A legend, Mr. Wayne, a legend!


If I have helped you please consider donating to the Neuroscience Research Institute.


Posted Image
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users