Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups On Start Up And Every 10 Mins Thereafter


  • This topic is locked This topic is locked
6 replies to this topic

#1 Warner1281

Warner1281

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 02 April 2006 - 01:41 AM

I got infected with a virus and/or spyware/malware recently (I believe it was from the site cdcovers.cc but I'm not sure... anyway to visit that site, but keep it from puting stuff on my computer?). I thought I had taken care of it, but apparently not. Now whenever I start up my computer, I get pop-ups as windows is starting up. Once I get all the windows closed down, it starts all over again in 5-10 mins. Any help would be appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 10:36:56 PM, on 4/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\ATKKBService.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ALCMTR.EXE
C:\PROGRA~1\Keyboard\Ikeymain.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143271660276
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by Warner1281, 02 April 2006 - 02:38 AM.


BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:26 AM

Posted 02 April 2006 - 03:36 AM

Hello Warner!

Well I have some good and bad news. The good news is that your HJT log is relatively clean. You have a nice set of protection, but nothing that would be giving you these pop-ups. The bad news therefore is that there is something else on your computer that is causing them.

Firstly start a new scan with HJT and place a checkmark next to each of the following items (if present):

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Make sure your Internet Explorer is closed and click on "Fix Checked" and exit HijackThis when finished.

We are going to have to dig a little deeper to find the cause of such. In this modern day there are a large number of files that hide from conventional scanners. You said that norton was catching "hacktool.ie.exploit", so we'll see what the following picks up:

Please download and Save blacklight to your C:\ Important!!.
F-Secure Blacklight: http://www.f-secure.com/blacklight/try.shtml
Then go to start > run and copy and paste next command in the field:

C:\blbeta.exe /expert

This should open your blacklight.
click > scan then > next,
You'll see a list of all items found.
Don't choose for rename yet! I want to see the log first, because legit items can also be present there...
There must be also a log on your C:\ with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers)

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report along with a new Hijackthis log.
Please post back (in this order) with:
1) The BlackLight log
2) The Panda log
3) A new HJT log

Regards and good luck,
David

#3 Warner1281

Warner1281
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 02 April 2006 - 01:03 PM

Got rid of ALCMTR.EXE via HJT.

I don't have Norton's, so I'm not sure if yo've got me confused with someone else that you're helping out on the "hacktool.ie.exploit."

I ran Blacklight and it found nothing.

I did the Panda scan and it found a few things. All the logs are below.

PS- If it helps to pinpoint what you are looking for, before I came here, I had found something called Dh.dll that was causing some problems. I manually deleted it as well as DH.ini and it "seemed" to alleviate some problems, but not all. Perhaps it's part of a bigger virus or adware/malware that I was unaware of.

Blacklight:
04/02/06 09:56:55 [Info]: BlackLight Engine 1.0.33 initialized
04/02/06 09:56:55 [Info]: OS: 5.1 build 2600 (Service Pack 2)
04/02/06 09:56:55 [Note]: 7019 4
04/02/06 09:56:55 [Note]: 7005 0
04/02/06 09:57:02 [Note]: 7006 0
04/02/06 09:57:02 [Note]: 7022 0
04/02/06 09:57:02 [Note]: 7011 1740
04/02/06 09:57:02 [Note]: FSRAW library version 1.7.1015
04/02/06 10:09:22 [Note]: 7007 0

Panda:

Incident Status Location

Adware:adware/deskwizz Not disinfected C:\WINDOWS\SYSTEM32\ad.html
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nick\Cookies\nick@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nick\Cookies\nick@adopt.hbmediapro[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Nick\Cookies\nick@azjmp[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Nick\Cookies\nick@banners.searchingbooth[2].txt
Spyware:Cookie/Allthatsearch Not disinfected C:\Documents and Settings\Nick\Cookies\nick@BigBlue[1].txt
Spyware:Cookie/CaptNemo Not disinfected C:\Documents and Settings\Nick\Cookies\nick@CaptNemo[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nick\Cookies\nick@com[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Nick\Cookies\nick@wizzle[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Nick\Cookies\nick@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Nick\Cookies\nick@adopt.hbmediapro[1].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Nick\Cookies\nick@azjmp[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Nick\Cookies\nick@banners.searchingbooth[2].txt
Spyware:Cookie/Allthatsearch Not disinfected C:\Documents and Settings\Nick\Cookies\nick@BigBlue[1].txt
Spyware:Cookie/CaptNemo Not disinfected C:\Documents and Settings\Nick\Cookies\nick@CaptNemo[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Nick\Cookies\nick@com[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\Nick\Cookies\nick@wizzle[1].txt
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\ad.html
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\q.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\q3.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\q5.exe
Adware:Adware/DigInk Not disinfected C:\WINDOWS\system32\Setup94.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\xxx2.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\z1.exe
Virus:Trj/Downloader.AYV Not disinfected C:\WINDOWS\system32\z3.exe

HJT:
Logfile of HijackThis v1.99.1
Scan saved at 10:50:50 AM, on 4/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\Keyboard\Ikeymain.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\ATKKBService.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Cox\Applications\app\Prism.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by Cox High Speed Internet
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [iKeyWorks] C:\PROGRA~1\Keyboard\Ikeymain.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1143271660276
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by Warner1281, 02 April 2006 - 01:05 PM.


#4 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:26 AM

Posted 02 April 2006 - 01:51 PM

Hi Warner1281

Good job with the explanation. The blackLight log is encouraging and shows we aren't dealing with any rootkits. You are right, I did get confused with another thread referring to the hacktool line, silly copy and paste! It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above.

* Clean your Cache and Cookies in IE:
  • Close all instances of Outlook Express and Internet Explorer
  • Go to Control Panel > Internet Options > General tab
  • Click the "Delete Cookies" button
  • Next to it, Click the "Delete Files" button
  • When prompted, place a check in: "Delete all offline content", click OK
* Clean your Cache and Cookies in Firefox (In case you also have Firefox installed):
  • Go to Tools > Options.
  • Click Privacy in the menu on the left side of the Options window.
  • Click the Clear button located to the right of each option (History, Cookies, Cache).
  • Click OK to close the Options window
    Alternatively, you can clear all information stored while browsing by clicking Clear All.
    A confirmation dialog box will be shown before clearing the information.
* Clean other Temporary files + Recycle bin
  • Go to start > run and type: cleanmgr and click ok.
  • Let it scan your system for files to remove.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only things checked.
  • Press OK to remove them.
*Boot into Safe Mode (without networking support!)
By pressing the F8 key right when Windows starts, usually right after you hear your computer
beep when you reboot it (some versions of windows will display 'Starting Windows' with a grey progress bar)
you will be brought to a menu where you can choose to boot into safe mode.

* Using Windows Explorer, locate the following files/folders, and delete them if still present:

C:\WINDOWS\SYSTEM32\ad.html
C:\WINDOWS\system32\q.exe
C:\WINDOWS\system32\q3.exe
C:\WINDOWS\system32\q5.exe
C:\WINDOWS\system32\Setup94.exe
C:\WINDOWS\system32\xxx2.exe
C:\WINDOWS\system32\z1.exe
C:\WINDOWS\system32\z3.exe

Please reboot back to normal mode and post a new Panda log.
David

#5 Warner1281

Warner1281
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:08:26 PM

Posted 02 April 2006 - 03:23 PM

Did everything you said and then reran Panda. It says: "No viruses or other malicious software have been found!" The computer seems to be back to normal. :thumbsup: Thank you very much for your help.

My only question that remains is, since I will probably continue to visit cdcovers.cc (which is where I think this all came from), is there anyway I can set some sort of security setting specifically for that site that says nothing can be downloaded unless I right click and say "save" or "save as"? Again thank you very much for your help. You guys are an invaluable resource!

#6 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:26 AM

Posted 02 April 2006 - 04:09 PM

Hello Warner1281

The latest log is looking clean! The fact that your system got so infected in the first place shows me that you are lacking slightly in protection. Follow this list and your potential for being infected again will reduce dramatically. Also, when you visit the site you talked about, you should be more protected against the stuff it tries to put on your computer.

Now that you are clean, lets reset your system restore points please follow these simple steps in order
  • Turn off System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Clickthe System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer
  • Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Un-Check Turn off System Restore.
  • Click Apply, and then click OK.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an Anti Virus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. See this link for a listing of some on line & their stand-alone anti virus programs: hide
    Click here for more information on -> Computer Safety On line - Anti-Virus

    I would recommend Grisofts© AVG or AVAST©. As these are the more secure and better ones.
  • Update your Anti Virus Software - It is imperitive that you update your Anti virus software at least once a week (Even more if you wish). If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For an article on Firewalls and a listing of some available ones see the link below:
    Click here for more information on -> Computer Safety On line - Software Firewalls
    I would recommend ZoneAlarm© as a firewall as it's easy to use. But for a more secure firewall, Sunbelts Kerio© is the one.
  • Visit Microsoft's Windows Update Site Frequently It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Next, if they're not already present, I would recommend the download and installation of some or all of the following programs (all free), and the updating of them regularly
  • Install Spybot© - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.
    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here: Click here for more info -->Instructions for - Spybot S & D and Ad-aware
  • Install Lavasofts© Ad-Aware - Install and download Ad-Aware. You should also scan your computer with the program on a regular basis just as you would an anti virus software in conjunction with Spybot. A tutorial on installing & using this product can be found here: Click here for more info -->Instructions for - Spybot S & D and Ad-aware
  • Install Javacools© SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer and Firefox settings and that will protect you from running and downloading known malicious programs. A article on anti-malware products with links for this program and others can be found here: Click here for more info -->Computer Safety on line - Anti-Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
If you have any addition questions just ask...
David

#7 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:05:26 AM

Posted 12 April 2006 - 09:57 AM

Since this issue appears resolved, this Topic is now closed.

If you need this topic reopened, please request this by sending me
a PM with the address of the thread using the link here. This applies only to the original topic starter.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users