Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected-dont Know What With Tho :p


  • This topic is locked This topic is locked
25 replies to this topic

#1 lol@u

lol@u

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 24 June 2006 - 06:50 AM

Logfile of HijackThis v1.99.1
Scan saved at 14:08:15, on 22/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37840.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mmxF32 - mmxF32.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe



thanks for looking :thumbsup:

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:30 PM

Posted 26 June 2006 - 11:11 AM

Hello and Welcome to BC. :thumbsup:

You have/had a trojan which allows a remote intruder to gain access and control over the computer. It's a possibility that you computer may have been compromised. If you had any sensitivie information or done any transactions on this computer, I suggest you do the following:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker may get the new passords and transaction information.

======================================

Please disable Windows Defender Real Time Protection as it may interfere with the fix.

To disable Windows Defender:
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • After you uncheck this, click on the Save button
  • Close Windows Defender
Once your log is clean you can re-enable Windows Defender Real Time Protection.

====================================

Download haxfix.exe
and save it to your desktop.
  • Double click on haxfix.exe to install haxfix. (standard installation path is c:\program Files\haxfix)
  • Checkmark "Create a desktop icon"
  • Click "Next"
  • When the installation is completed, make sure that the checkmark "Launch HaxFix" is placed
  • Click "Finish"

A red "dos window" (dos box) will open with options:
1. Make logfile
2. Run auto fix
3. Run manual fix
E. Exit Haxfix
  • Select option 1. Make logfile by typing 1 and then pressing Enter
  • Haxfix will start scanning the computer. When it is finished a logfile will open: haxlog.txt > (c:\haxfix.txt)
  • Copy the contents of that logfile and paste it into this thread.


#3 lol@u

lol@u
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 27 June 2006 - 11:19 AM

Hi there i tryed running HaxFix and i received the following message.
"the NTVDM CPU has encountered an illegal instruction"
i can choose to ignore or close this, but after that it will not seem to be doing anything, this is as far as the log got.

HAXFIX logfile - by Marckie
______________
version 3.02
26/06/2006 21:33:16.46

checking for haxdoor
--------------------
checking for a3d files....


Thanks for looking :thumbsup:

#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:30 PM

Posted 27 June 2006 - 01:43 PM

Try this and see if it runs OK afterwards.1. Click Start, click Run, type c:\windows\repair, and then click OK.
2. Right-click autoexec.nt, and then click Copy.
3. Click Start, click Run, type c:\windows\system32, and then click OK.
4. Right-click anywhere in that folder, and then click Paste.
5. Right-click the Autoexect.nt file that you just copied, and then click Properties.
6. Click to select Read-Only, and then click OK


#5 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:30 PM

Posted 27 June 2006 - 09:35 PM

Or, you can try this:

If you are having XP home download and use next:
http://homepage.ntlworld.com/spencer.greys...XPHomeFiles.exe

If you are having XP Professional download and use next:
http://homepage.ntlworld.com/spencer.greys.../XPProfiles.exe

#6 lol@u

lol@u
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 28 June 2006 - 01:30 PM

no thats didnt work it allready had the file i pasted, and still doesnt make a log, plus my CPU says its working at 100%.

thanks

#7 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:30 PM

Posted 28 June 2006 - 02:31 PM

Make sure that Windows Defender is still disabled.


Scan With HijackThis and put a checkmark agains the following:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
O14 - IERESET.INF: START_PAGE_URL=http://www.tiscali.co.uk/broadband
O20 - Winlogon Notify: mmxF32 - mmxF32.dll (file missing)


Close all other browsers(including this one)/windows/email, etc, and click on fix checked.

Don't worry if you get an error message. Just continue.

Reboot and try running the Haxfix now.

Edited by amateur, 28 June 2006 - 02:35 PM.


#8 lol@u

lol@u
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 29 June 2006 - 03:14 PM

ok i have done that its still not working :thumbsup: i have done everything you have asked i assure you i have not missed anything.

thanks :flowers:

#9 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:30 PM

Posted 29 June 2006 - 03:40 PM

Can you post a fresh HijackThis log please.

#10 lol@u

lol@u
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 30 June 2006 - 08:49 AM

Logfile of HijackThis v1.99.1
Scan saved at 14:21:29, on 30/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.tiscali.co.uk/broadband
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tiscali.co.uk/broadband
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local.,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: DSLMON.lnk = C:\Program Files\SAGEM\SAGEM F@st 800-840\dslmon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://eu-housecall.trendmicro-europe.com/...ivex/hcImpl.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/promotion...canner37840.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Unknown owner - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

ok a new log :thumbsup:

#11 lol@u

lol@u
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 30 June 2006 - 08:51 AM

Posted Image

just thought id show you whats going on with HaxFix.

#12 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:30 PM

Posted 30 June 2006 - 09:06 AM

Hi,

Your log is clean now. :thumbsup:

Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 5.0 Update 7 .
You are running an old vulnerable version of Java.
  • Go to Start > Control Panel > Add/Remove Programs.
  • Search for all previous installed versions of Java. (J2SE Runtime Environment.... ) and delete them.
  • It/they should have this icon next to it/them: Posted Image
  • Then download and install the newest version. 1.5.07 from here.
Let's have couple more scans to make sure that there is nothing else hiding around.
Please download Ewido AntiMalware and install it. At the end of the installation process, leave the tick in the "Run Ewido Anti-Spyware 4.0" checkbox. Click "Finish"

When opening screen appears, click "change state" for "Resident Shield" to change state to "inactive" This is done to prevent the resident shield interfering with our attempts to fix the problems present on the pc.

Ewido will automatically update, and a toolbar message balloon will confirm that update is complete. If this doesn't happen, click Update > Start Update.

Close ALL open Windows / Programs / Folders. Please start Ewido, and run a full scan.
  • Click on Scanner
  • Click on the Settings tab.
    • Under How to act? click on Recommended Action and choose Quarantine from the popup menu.
    • Under How to scan? all boxes should be selected.
    • Under Possibly unwanted software: all boxes should be checked.
    • Under Reports: click on Automatically generate report after every scan.
    • Under What to scan? select Scan every file.
  • Click on the Scan tab.
  • Click on Complete System Scan to start the scan process.
  • Let the program scan the machine.
  • When scan has finished, at bottom of the screen click Apply all Actions.
  • Click the Save Scan Report button.
    • Click the Save Report as button.
    • Save the report to your Desktop.
  • Right-click the Ewido Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.


NOTE: Ewido scan may need up to an hour.
===========================================

Run an online scan at Panda's ActiveScan
  • Please go here and perform a full system scan. (use Internet Explorer)
  • Once you are on the Panda site click the Scan your PC button.
  • A new window will open...click the big Check Now button.
  • Enter your Country.
  • Enter your State/Province.
  • Enter your Valid Email and click send.
  • Select either Home User or Company.
  • Click the big Scan Now button.
  • If it wants to install an ActiveX component allow it.
  • It will start downloading the files it requires for the scan.
  • Click on Local Disks to start the scan.
  • Once finished, click see report, then click Save report.
NOTE: Please ignore any entry it finds and the offer to buy the program to remove the entry.
==============================

Post back the results of the Ewido and Panda scans please.

#13 lol@u

lol@u
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 30 June 2006 - 01:05 PM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:48:44 30/06/2006

+ Scan result:



C:\Program Files\Multi Theft Auto\MTAClient.exe -> Heuristic.Win32.Morphine-Crypted : Cleaned with backup (quarantined).
:mozilla.6:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned with backup (quarantined).
:mozilla.10:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.11:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.12:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.13:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.14:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.15:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.16:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.212:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.7:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.8:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.9:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\nippy\Cookies\nippy@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
:mozilla.89:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.90:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
C:\Documents and Settings\nippy\Local Settings\Temp\Cookies\nippy@burstnet[2].txt -> TrackingCookie.Burstnet : Cleaned with backup (quarantined).
:mozilla.97:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.98:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
:mozilla.148:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.149:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.150:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Comclick : Cleaned with backup (quarantined).
:mozilla.110:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Dbbsrv : Cleaned with backup (quarantined).
:mozilla.128:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Estat : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\nippy\Local Settings\Temp\Cookies\nippy@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
:mozilla.78:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup (quarantined).
:mozilla.261:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
:mozilla.271:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.272:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup (quarantined).
:mozilla.234:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
:mozilla.233:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup (quarantined).
:mozilla.50:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.51:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.52:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.53:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup (quarantined).
:mozilla.236:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.237:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Qksrv : Cleaned with backup (quarantined).
:mozilla.238:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup (quarantined).
:mozilla.126:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned with backup (quarantined).
:mozilla.264:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.265:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.266:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.267:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.268:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned with backup (quarantined).
:mozilla.100:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.101:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.102:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.103:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.104:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.105:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.106:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.107:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.108:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.109:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup (quarantined).
:mozilla.403:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.404:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.405:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Smartadserver : Cleaned with backup (quarantined).
:mozilla.273:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.274:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.275:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.276:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.277:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.278:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.279:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.280:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.281:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup (quarantined).
:mozilla.286:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.287:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
C:\Documents and Settings\nippy\Local Settings\Temp\Cookies\nippy@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup (quarantined).
:mozilla.298:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned with backup (quarantined).
:mozilla.299:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.300:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
:mozilla.301:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
:mozilla.32:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.33:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.34:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.35:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.36:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.37:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.38:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.39:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.428:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.429:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.430:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup (quarantined).
:mozilla.426:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
:mozilla.427:C:\Documents and Settings\nippy\Application Data\Mozilla\Firefox\Profiles\i8j7nvul.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).


::Report end


and the panda report: No viruses or other malicious software have been found! :thumbsup:

#14 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:30 PM

Posted 30 June 2006 - 01:19 PM

Excellent. :thumbsup: Ewido quarantined some tracking cookies. You can go ahead and delete them:

To clean the quarantine:

Open ewido Malware Removal
Select Quarantine
Highlight all items
Select Remove finally

You can also delete the Haxfix. Then, empty your recycle bin.

Disable and Enable System Restore If you are using Windows ME or XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point. Because Windows regularly sets restorepoints, it's very possible that the malware, you have removed, is still present in the System Restore. If you put Windows back to such a restorepoint, this malware will be put back, as well.

This is the only way to clean these files: (You will lose all previous restore points which are likely to be infected.) Please do this ONLY ONCE, not on a regular basis.

1. Right-click My Computer, and then click Properties.
2. On the System Restore tab, put a check mark in the 'Turn Off System Restore' check box.
3. Click OK, and then click Yes.

4. Restart the computer.
5. Repeat steps 1 - 2, this time clearing the box beside 'Turn Off System Restore', click 'OK'.

Reboot normally.

You can also find instructions on how to disable and re enable system restore here:
Windows XP System Restore Guide

And you are all set to go. But to help protect you against further infections, and also to help prevent criminals using your computer to infect other people's computers on the web, I recommend the following: (You may already have some of the items)

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

Avoid illegal sites, because that's where most malware is present.

* Don't click on links inside popups.
* Don't click on links in spam messages claiming to offer anti-spyware software; because most of these so called removers ARE spyware.
* Download free software only from sites you know and trust. Because a lot of free software can bundle other software, including spyware.

Keep your antivirus-program up-to-date and do regular scans with it. Please make sure that you have only one active antivirus program on your system.
If you haven't got an antivirus, you can download and install one of the following free ones: Make sure that you have only ONE antivirus running on your computer as more than one would cause conflict and render the computer vulnerable.

AVG Free here
AntiVir here
Avast here

It is essential to keep the anti-virus program fully updated.
IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site <http://windowsupdate.microsoft.com/> to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site <http://office.microsoft.com/officeupdate/m...g.aspx?lc=en-us> and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Keep your pestware-scanners up-to-date and do regular scans with them.

To keep your computer free of Spyware, Adware, Hijackers etc., download and install the following free pestware-scanners (if you haven't installed them already):
AdAware here
Spybot here Remember to "immunize" after each update
Windows Defender here

Install realtime pestware-scanners and keep them up-to-date.

The following free realtime pestscanners prevent a number of malware-variants from entering your computer, in the first place:

SpywareBlaster here Remember to "enable all protection" after each update.
SpywareGuard here

If you haven't got one, already, install a firewall and keep it up-to-date. Please make sure that you have only one active firewall on your system.

A firewall will prevent unauthorized contact between your computer and internet.
If there is no firewall installed on your computer, you can download and install one of the following free firewalls:
ZoneAlarm here
Kerio Personal Firewall here
Outpost here
Important: (Windows XP only) If you install a firewall, be sure to turn off the WinXP-firewall!

Test your firewall here to make sure that it's working properly

Install these programs, to make surfing with Internet Explorer safer:

A popup-blocker, f.e. Google Toolbar here: A popup-blocker prevents popup-windows from opening, when you come along a websites that uses them, during internet-surfing.

IE-SPYAD here: This utility adds a long list of known bad sites to Internet Explorer's Restricted Sites zone. This prevents those sites from executing their malicious programs on your computer.

SiteHound by Firetrust
here:

Firetrust introduces the SiteHound Toolbar - the safe way to browse the Internet. With SiteHound, when you browse the Internet, you're shown a warning page every time you go to a site which is a known scam, potentially loads viruses or spyware on to your computer, has questionable content or anything you would not consider reasonable. You are shown a warning page with information about that site. From there you can choose to enter the site or go back. SiteHound is a free add-on to Internet Explorer.
Install and use an alternative browser to surf on the internet.

Because Internet Explorer is the most-used browser on the planet, most of the hijackers, adware and spyware are made to abuse your computer thru Internet Explorer.
Here are some good alternative browsers:
Mozilla Suite here
Mozilla Firefox here
Opera here
Netscape here
Important: You can not uninstall Internet Explorer.
First of all, it's part of Windows and you'll need it to download and install Windows Updates.
Secondly, There are some sites that are only accessable with Internet Explorer, e.g. most of the Online Malware-scanners.

But above all, keep all your software UP-TO-DATE at all time!!

Also, I would recommend reading the excellent advice by Tony Klein: So how did I get infected in the first place

Happy and safe surfing. :flowers:

Please take the time to visit Malware Complaints and register your complaint.
The infection you had was Haxdoor

#15 lol@u

lol@u
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:10:30 PM

Posted 30 June 2006 - 05:25 PM

ok one quick last thing ^^ i had zonealarm on my pc having uninstalled it as its stopping the web and programs connecting now that we have gotten rid of the malwear, but there is still some zonealarm file(s) left that are stopping me connecting. can you help me get rid of it or do i need to post in a differant area??

thanks :thumbsup:




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users