Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

my hijack log


  • This topic is locked This topic is locked
15 replies to this topic

#1 guyknights

guyknights

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 07 December 2004 - 11:32 AM

here is my hijack log.
02-bho (no name)-467faeb2-5f5b-4c81-baeo-2a4752ca7f4e-c:/windows/system32/w8c654 1.dll

04-global startup:winlog-exe

020-appinit_dlls:167guepsw2toyrl.dll.dll.dll.dll.dll.dll.dll.dll.dll.......

sorry not udrd to the forum yet and this is an attachment to an earlier posting. at the complete and utter end of my tether and this is a last resort before i destroy my computer in a controlled explosion!!

BC AdBot (Login to Remove)

 


#2 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:05:04 AM

Posted 08 December 2004 - 03:38 AM

Hello guyknights,

Iím happy to undertake the review and fix of your infections but I need you to do a few things first:

Please stick to one thread in the forum. Use the add reply button at the bottom of the screen to make posts.

I cannot tell from what you have posted whether you are using the latest version of HijackThis so,
Download HijackThis from: HijackThis Download Site

Again, I cannot tell but you may be running HijackThis from a temporary folder. When run from a temporary folder, the backups HijackThis
makes may accidentally get deleted, so please put HijackThis into a permanent folder.
Full instructions on how to do this can be found here:Detailed Explanation
Brief instructions for this are:
  • To create a permanent folder:
  • Click My Computer, then C:\
  • In the menu bar, File->New->Folder.
  • That will create a folder named New Folder, which you can rename to "HJT" or "HijackThis".
  • Now you have C:\HJT\ folder.
  • Put your HijackThis.exe there
Now, run HijackThis, hit the scan button, save the log then copy and paste the full log from Notepad as a reply to this post.

#3 guyknights

guyknights
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 08 December 2004 - 07:47 AM

oh that wasnt too difficult! here is my log after following your instructions. i really appreciate all your help.

Attached Files



#4 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:05:04 AM

Posted 08 December 2004 - 08:20 AM

Pasted log from guynights attached file:

Logfile of HijackThis v1.98.2
Scan saved at 12:43:28, on 08/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\highjackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\W8C6S4~1.DLL
O4 - Global Startup: winlogin.exe
O20 - AppInit_DLLs: 167guepsw2toyrl.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

#5 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:05:04 AM

Posted 08 December 2004 - 08:42 AM

Hi guyknights,

Your log shows that you are seriously behind on Windows updates.
It is essential that you update your Windows before we continue to help you as the infections could reoccur. Go to http://www.windowsupdate.com and if it asks to install software, let it. Then click on the Scan link and let it do its thing.

When its done you will see on your left a section called critical updates. Click on that section and install everything that you can. When it prompts you to reboot, do so. Then repeat this process again until there are no more critical updates listed.

Run HijackThis and cut'n'paste a new log here. (please do not attach the log file)

#6 guyknights

guyknights
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 09 December 2004 - 04:50 AM

well i tried to download updates and it told me that it was unable to install due to error in lo key and when i contacted the person i brought the computer he said he did not have the key so it looks like i cannot get the updates. is there anything else i can do?many thanks guy.

#7 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:05:04 AM

Posted 09 December 2004 - 09:14 AM

Hi guyknights,

Before I can give you a solution to your problem I need to know exactly what Windows Update is telling you. Please either cut'n'paste the messages or note them down and post them here in your next reply. Also, can you have a close look at the System unit and see if there are any Microsoft labels on the front back or sides of the unit that have a Product key.

Once I know what we have I will be better able to advise you of how to proceed.

Edited by penmore, 09 December 2004 - 09:15 AM.


#8 guyknights

guyknights
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 10 December 2004 - 01:10 PM

hello penman hope you are well.the message from windows reads:

windows xp service pack 2 cannot install.
the product key used to install microsoft windows may not be valid.for more information about why you recieved this error message visit www.howtotell.com.

the pc is a tiny pc and there is no code on it anywhere. as the win xp is not original do you think it would be advisable to buy a valid xp programme and start from scratch? many thanks guy.

#9 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:05:04 AM

Posted 11 December 2004 - 03:18 AM

Hi guyknights,

The decision on how you proceed from here is really down to you. If you purchased the machine from a retailer then I would suspect that you have some rights under Trading Standards regarding being sold goods that is not of merchandisable quality because you are not able to bring the Operating System up-to-date. Not being able to do upgrades makes the machine virtually unusable on the Internet, as you are likely to suffer repeated malware or viral infections. If however you purchased it from a friend or private individual then I would suspect that your only recourse would be to speak to them regarding this and see if you can compromise on the cost of a new operating system.

Whichever of the above scenarios are true, you will in the long term need to have an Operating System that can be upgraded to ensure that you have the best protection against infections. There are other operating systems available that perhaps will be far less expensive than XP. If you wish to consider these you should visit this section on Bleepingcomputer and ask for advice http://www.bleepingcomputer.com/forums/f/11/linux-unix/

Because of the potential danger of an infected machine spreading more viral and malware infections to other Internet users we have agreed that it would be sensible in this case to clear the existing infections off your machine so as to give you a clean platform on which to move forward.

If you wish me to help you with this cleaning then please run HijackThis again and post a new log here for review. Please do not remove any entries from the log or use the HijackThis Ignorelist feature in the configuration menu - we need a complete log to work on.

penmore

#10 guyknights

guyknights
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 11 December 2004 - 11:49 AM

here is the new hijack log.sorry but my notepad wont let me paste the log or i am doing something wrong. thanks

Attached Files



#11 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:05:04 AM

Posted 12 December 2004 - 04:25 AM

guynights,

When you are in notepad you should right click, select all, right click, select copy. Come the this thread use the Add Reply button and right click & paste the contents into the reply box.

Logfile of HijackThis v1.98.2
Scan saved at 14:55:32, on 11/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\highjackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=9
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=9
O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\W8C6S4~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O20 - AppInit_DLLs: 167guepsw2toyrl.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll

#12 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:05:04 AM

Posted 12 December 2004 - 08:58 AM

Hi guyknights,

Lets try and rid you of this infection.

It is a good idea to print or copy these instructions because you are not able to access the Internet in Safe Mode. Please read all of the instructions before you start and ask if you are unsure about any of the steps I have asked you to do.

1. Download CWShredder from here
After you download the program, unzip it into a directory. Don't use it yet.

2. Download Ad-aware SE: here
Install it. When you get the last screen, with the "Finish" button and 3 options, uncheck those three items.
Open AdAware and click the "Check for updates now" link. Close AdAware. Don't use it yet.

3. Download System Security Suite here:System Security Suite Download & Tutorial. Unzip it to your desktop. Install the program. Don't use it yet.

4. Download the Hoster from here. Unzip the program to your desktop. Don't use it yet.

5. Copy the contents of the Quote Box below to Notepad.
Click File menu -> Save and name the file as fix.reg
Change the Save as Type to All Files
Save this file on the desktop. Don't use it yet.

REGEDIT4

[-HKEY_CLASSES_ROOT\Interface\{0D721150-AEF3-457B-B03A-5097B623CE45}]
[-HKEY_CLASSES_ROOT\Plugin6.DNSErrObj]
[-HKEY_CLASSES_ROOT\redalert.here]
[-HKEY_CLASSES_ROOT\TypeLib\{444A5674-FF85-45D4-9AE2-4199D8D70C85}]


6. Download KillBox here: KillBox. Unzip it to your desktop.

Start Killbox.exe

Select the Delete on reboot option.

Copy and paste each of the following file(s) to the address bar:

C:\WINDOWS\System32\W8C6S4~1.DLL

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\winlogin.exe

C:\WINDOWS\system32\167guepsw2toyrl.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll


After each file press the Delete button (the button that looks like a red circle with a white X in it).

A dialog box will ask if you want to delete and reboot now - on all but the last file, answer No
For the last file (or first, if only one file), answer Yes

On restart, verify that the files have been deleted.

Please reboot into SafeMode by tapping F8 key repeatedly at bootup: Starting your computer in Safe mode

7. Run HijackThis!, press Scan, and put a check mark next to all these:
  • R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://win-eto.com/sp.htm?id=9
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://win-eto.com/sp.htm?id=9
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9
  • R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://win-eto.com/hp.htm?id=9
  • R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://win-eto.com/hp.htm?id=9
  • R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://win-eto.com/sp.htm?id=9
  • O2 - BHO: (no name) - {467FAEB2-5F5B-4c81-BAE0-2A4752CA7F4E} - C:\WINDOWS\System32\W8C6S4~1.DLL
  • O20 - AppInit_DLLs: 167guepsw2toyrl.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll.dll
Optional Removes
  • O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot This is installed when RealOne is installed and is an application updater. Once installed it runs independently of RealOne Player, and it can be removed, Also you will manually have to disable this Hereís how:
  • Start RealOne Player and click on Tools then Preferences.
  • Select Automatic services in the Categories pane.
  • Then uncheck all options and then click OK.
  • You can manually update RealOne Player after removal.
Close all other windows and browsers, and press the Fix Checked button.

8. Make sure all browser windows are closed and run cwshredder.exe to start the program and click on the FIX button (not the "Scan only" button) and let it scan your computer.

9. Run AdAware, press the "Start" button, uncheck "Scan for negligible risk entries", select "Perform full system scan" and press "Next". Let AdAware remove anything it finds.

10. With all windows and browsers closed.
Clean out temporary and Temporary Internet Files.
A. Open System Security Suite.
B. In the Items to Clear tab thick:
- Internet Explorer (left pane): Cookies & Temporary files
- My Computer (right pane): Temporary files & Recycle Bin
Press the Clear Selected Items button.
Close the program.

11. Double-click on the fix.reg file you saved earlier on your desktop, and when it prompts to merge say Yes, and this will clear some registry entries left behind by the process.

12. Open Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button.

13. Locate Hoster on your desktop, press Restore Original Hosts and press OK. Exit Program. This will restore the Hosts file.

14. REBOOT normally. Run HijackThis! again and post a new log please.

#13 guyknights

guyknights
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 14 December 2004 - 01:18 PM

gfile of HijackThis v1.98.2
Scan saved at 18:12:09, on 14/12/2004
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\pavsrv51.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\PsImSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\AVENGINE.EXE
C:\Program Files\Aladdin Systems\StuffIt\stuffit.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\apvxdwin.exe
C:\Program Files\Panda Software\Panda Titanium Antivirus 2004\WebProxy.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Bob Pearce\Application Data\Aladdin Systems\StuffIt\Temp\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar.dll
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html

please find enclosed hijack this log.did all suggested.the adaware proggramme would not run and the fix reg file wouldnt open saying.cannot importfix reg:error opening the file.there may be a disc or file system error.the killbox removed the dll for the first time ever and it hasnt returned on reeboot but anyway this is the latest log.many thanks and thanks for showing me how to use notepad! really never used a computer tech skills before!

#14 penmore

penmore

    Malware Sniffer


  • Members
  • 757 posts
  • OFFLINE
  •  
  • Location:West Coast of Scotland
  • Local time:05:04 AM

Posted 15 December 2004 - 08:54 AM

Hi guyknights,

You did well working though thoses fixes. Your log looks clean given the lack of Operating Sytem updates. I would suggest that help is available in other parts of Bleepingcomputer if you want to advance your computer skills, if you want to know how to do something then just ask and somebody will try to help you. I would also suggest that if you are going to make any use of your machine on the Internet that you give some serious consideration to getting a replacement operating system that you can upgrade and have the latest protection against malware and virus infections.

I have listed below the protection measures that I would normally recommend to members with and up-to-date operating system. Please read through them and see what you can add to your existing or new operating system.

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point. You can find instructions on how to enable and reenable system restore here:Renable system restore with instructions from tutorial above.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options.
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
      • When all these settings have been made, click on the OK button.
      • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.
    See this link for a listing of some online & their stand-alone antivirus programs:Virus, Spyware, and Malware Protection and Removal Resources
  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.
    For a tutorial on Firewalls and a listing of some available ones see the link below:Understanding and Using Firewalls
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit Windows Update Site regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.
    A tutorial on installing & using this product can be found here:Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
  • Install Ad-Aware - Install and download Ad-Aware. You should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.
    A tutorial on installing & using this product can be found here:Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.
    A tutorial on installing & using this product can be found here:Using SpywareBlaster to protect your computer from Spyware and Malware
  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

#15 guyknights

guyknights
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:11:04 PM

Posted 17 December 2004 - 06:07 PM

thankyou very much for all your help.it is greatly appreciated!!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users