Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't Delete Foreign Icons From Desktop


  • This topic is locked This topic is locked
5 replies to this topic

#1 CJ421715

CJ421715

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 04 January 2007 - 04:05 PM

Hi,


I have icons on my desktop that were put there during a computer scan for viruses using CA. This is how it started:

I got an email that I wasn't sure if it was spam or not, but it told me that:

"This message has been processed by Symantec's AntiVirus Technology.

developement7.pif was infected with the malicious virus W32.Sality.U and has been deleted because the file cannot be cleaned."

So I looked up this virus and there was a process that I had to follow to do my computer scan. One of the steps was to turn off my Computer Restore. I didn't realize when I turned the system restore off that I wouldn't be able to get into ANY of the previous dates. I thought that I would only block the restore point for that day.

After I did all the process (http://www.symantec.com/security_response/writeup.jsp?docid=2006-080910-0104-99&tabid=3) that I need to do before I ran the virus scan (I use Computer Associates), I started the scan. While it was scanning, I noticed that it put some icons on my desktop. I don't know what these icons are for and I can't detete them, put them is a file, save them to a different file or email them to anyone to find out what they are. They have 0 bytes and no extension. An example of the name under the icons are: CAOPFHZO. , CADK7NRI. , CA2BS1QB. ,CA7REFP2. , CAX77E1V. , CAYNJSH8. All 39 icons start with CA and end with a "." I have even done a internet search for them and they don't exist. I tried to do a desktop cleanup, system restore for the prior day, delete through regedit, delete, and file, but none of these work because there isn't any extension so they don't show up anywhere except my desktop and everything else says they don't exist.

Sorry this is so long, but I tried to get in as much information as I could. I do need a new harddrive because this one is making weird sounds.

Can anyone help me?

I have also done everything that the people on this board has suggested (http://www.computerhope.com/cgi-bin/yabb/YaBB.cgi?num=1167599235/0) except Killbox, which I will be trying today. I cleared alot of unwanted files and some Trojan suspects, but I still can't get rid of the icons. Hijack is my last resort. Hopefully some here can help me get these off.



Logfile of HijackThis v1.99.1
Scan saved at 12:40:06 PM, on 1/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\VISION~1\ONETOU~2.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
C:\PROGRA~1\WEBCLE~1\WEBCLE~1.EXE
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe
C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\WINDOWS\vsnpstd.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HDD Health\hddhealth.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\Playlist.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
C:\Program Files\Qualcomm\Eudora Mail\Eudora.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\system32\DllHost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/outlook/health/alle...37?x=15&y=8
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: netMonior Class - {85810C93-C14C-11D5-BC4B-0050BA28E4FE} - C:\WINDOWS\System32\popkill.dll
O4 - HKLM\..\Run: [OneTouch Monitor] C:\PROGRA~1\VISION~1\ONETOU~2.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb07.exe
O4 - HKLM\..\Run: [WebCleaner] C:\PROGRA~1\WEBCLE~1\WEBCLE~1.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [CaISSDT] "C:\Program Files\CA\eTrust Internet Security Suite\caissdt.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Anti-Spam\QSP-4.0.380.0\QOELoader.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\CA\eTrust Internet Security Suite\eTrust Personal Firewall\ca.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [AdwareAlert] C:\Program Files\AdwareAlert\AdwareAlert.exe -boot
O4 - HKLM\..\Run: [SpywareBot] C:\Program Files\SpywareBot\SpywareBot.exe -boot
O4 - HKLM\..\Run: [snpstd] C:\WINDOWS\vsnpstd.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB0_0_0 -reboot 1
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [HDDHealth] C:\Program Files\HDD Health\hddhealth.exe -wl
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - C:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe (file missing)
O9 - Extra 'Tools' menuitem: Cosmi Popup Blocker - {4B3520B0-D518-4443-BA9E-2D4CE7F773C5} - C:\Program Files\Cosmi\Pop Up Ad Blocker\PopupBlock.exe (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Bodog Poker - {F47C1DB5-ED21-4dc1-853E-D1495792D4C5} - C:\Program Files\Bodog Poker\BPGame.exe (file missing)
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6B4788E2-BAE8-11D2-A1B4-00400512739B} (PWMediaSendControl Class) - http://216.249.25.152/code/PWActiveXImgCtl.CAB
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.google.com/data/en/deleon/1...n/GoogleNav.cab
O16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundl...ArcadeRdxIE.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = DorisBlack
O17 - HKLM\Software\..\Telephony: DomainName = DorisBlack
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = DorisBlack
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = DorisBlack
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\KODAK Picture Transfer Software\PTSsvc.exe
O23 - Service: VET Message Service (VETMSGNT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\VetMsg.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

BC AdBot (Login to Remove)

 


m

#2 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 08 January 2007 - 02:33 PM

Hi CJ421715 and welcome to the Bleeping Computer forums. My name is Whisperer and I will be helping you with your problem. Although I am experienced with computers, I am currently a Trainee in Malware removal and, as such, ALL of my fixes will be checked by malware experts.

I note that you have 2 firewalls installed on your computer the fist from eTrust and the second from Zone Alarm, both of these are good firewalls BUT you must not have more than one installed as they will interact with each other and consequently lessen their effectiveness. As you appear to have the full CA suite I would suggest that you remove or stop ZoneAlarm. This simple action MAY permit you to remove the troublesome icons – Left-click and hold then drag them to the Recycle bin or select and then use Shift+Delete to bypass the recycle bin. In the interim I will study your log further

If you have not done so already, please do the initial cleanup steps in the following instructions and then post a new log: Preparation Guide For Use Before Posting a HijackThis Log

I would like you to produce a list of installed programs to assist me in any cleanup.
  • To do this open your HijackThis
    • Click on Open the Misc Tools section or Config… button, depending on how you are set up.
    • If you used the Config... option then click the Misc Tools tab
    • Select Open Uninstall Manager , a list of your installed programs will be displayed.
    • Select the Save List… button and save the file to your desktop.
  • Please post a copy of this list and an up-to-date HijackThis log in your reply
GT :thumbsup:

#3 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 15 January 2007 - 01:29 PM

Hi CJ421715,

as it has been 7 days since my response to you, I assume that your problems have been resolved and I will recommend that this thread be closed.

Safe surfing

GT :thumbsup:

#4 CJ421715

CJ421715
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:07:46 PM

Posted 15 January 2007 - 06:23 PM

I did get the foreign icons removed with "Delete Invalid File" program. As far as anymore viruses, everything seems to be running fine now. You did help me to see that I have 2 firewalls running, which I did take care of. So, thanks for your help.

Doris

#5 Whisperer

Whisperer

  • Members
  • 405 posts
  • OFFLINE
  •  
  • Local time:01:46 AM

Posted 17 January 2007 - 08:50 AM

Hi Doris,

Glad that you have sorted your problem and that we were able to assist. Please find below my recommended steps to ensure that you have an adequate level of protection on your computer; you may already have some of these installed so please ignore those elements. The first of these is a clean-up of rubbish on your computer which should be done at 7 to 14 day intervals together with a defragmentation of your hard drive(s) to keep up to top speed.
  • Download CCleaner
    • Select the Download Latest Version link (top of green column) and save to your desktop
    • Right-click the ccsetup127.exe file on your desktop and select Open
    • Follow the on-screen instructions through to the Install Options page. I suggest you only retain the following 2 options
      • Add Desktop Shortcut
      • Automatically check for updates etc…
    • Click Install
      To setup CCleaner
    • Click on the CCleaner icon on your desktop.
    • From the menu on the left select Options
    • Now select Advanced. On the right remove the check against Only delete files in Windows Temp folders older than 48 hours.
    • Select Cookies. When CCleaner is run it will remove all of the cookies in the left window; if there are cookies that you wish to retain then select them and transfer them to the right window. Multiple selections can be made by holding down the Ctrl key before selecting.
    • Select Cleaner from the left menu and the Windows tab
      • Under Internet Explorer place ticks in all but the last box
      • Under Windows Explorer tick the last two only
      • Under System tick all boxes
      • There is no need to tick anything under Advanced
    • From the menu on the left click on Analyze
    • When the analysis is complete, click on Run Cleaner and OK at the next screen.
    • Close CCleaner
  • To defragment your disk(s), click the Start button and select All Programs
    • Select Accessories
    • Select System Tools and Disk Defragmenter
    • Select the disk to be defragmented and click Analyze, follow the advice received
    • NOTE: If this is the first time that you have defragmented your disk(s) it could take a long time
  • Next we make sure that any bad files in a System Restore point can not re-infect your computer by removing all old system restore points and giving you a clean restore point should you need one.
    • To reset your restore points.
      • Click the Start Menuand select All Programs
      • Choose Accessories and then System Tools
      • Scroll down to SystemRestore and select.
      • Choose Create a Restore Point then Next.
      • Name it and press Create
      • When the confirmation screen shows, the restore point has been created click Close.
    • Next go to Start Menu select Run
      • Type: cleanmgr in the new window and click OK to allow the initial process to start.
      • When the Disk Cleanup dialogue box opens go to the More Options tab and, in the System Restore area, press Clean Up. Select Yes to remove all the restore points except the one we just created
      • To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.
Preventative measures
  • Firstly Make your Internet Explorer more secure - This can be done by following these simple instructions:
    • From within Internet Explorer click on the Tools menu and then click on Options .
    • Click once on the Security tab
    • Click once on the Internet icon so it becomes highlighted.
    • Click once on the Custom Level button.
      • Change the Download signed ActiveX controls to Prompt
      • Change the Download unsigned ActiveX controls to Disable
      • Change the Initialize and script ActiveX controls not marked as safe to Disable
      • Change the Installation of desktop items to Prompt
      • Change the Launching programs and files in an IFRAME to Prompt
      • Change the Navigate sub-frames across different domains to Prompt
    • When all these settings have been made, click on the OK button.
    • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    • Next press the Apply button and then the OK to exit the Internet Properties page.
  • You might like to switch your Browser to one that is less susceptible to attack by the hackers, I personally use Firefox almost exclusively but there are still a few sites out there that insist on Internet Explorer
  • Please download the following 2 free complementary programmes. These should be run at least once every two weeks after updating.
    • Spybot S & D scans for spyware and other malicious programs. Spybot has preventative tools that stop programs from even installing on your computer. A tutorial can be found here
    • AdAware scans for known spyware on your computer. A tutorial can be found here
  • In addition I would suggest that you install the following 3 free programs, keep these updated as they are background tools
    • SpywareBlaster - will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. A tutorial can be found here
    • SpywareGuard - provides a degree of real-time protection solution against spyware that is a great addition to SpywareBlaster's protection method; it scans files before you open them and prevents execution if spyware is detected. It also features Download Protection and Browser Hijacking Protection. A tutorial can be found here
    • IE-SpyAd puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. A tutorial is available here
  • A Hosts file replaces your current HOSTS file with one containing well known ad, spyware sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer. A tutorial can be found http://www.mvps.org/winhelp2002/hosts.htm which has the MVPS Hosts File on site. Furthermore the website contains useful tips and links to other resources and utilities.
    Bluetack's Hosts File and Hosts Manager - contains most if not all the known spyware sites, sites responsible for hijacks, rogue applications etc... Download Bluetack's Hosts file here and the Hosts Manager here
  • WinPatrol - uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge. You'll be removing dangerous new programs while others download new reference files. You can read more about ithere with a download from here
  • Before adding any other Spyware Detection and Removal programs always check the Rogue Anti-Spyware List for programs known to be misleading, mistaken, or just outright "Foistware". You will find the list here
  • Windows Updates – It is very important to ensure that Internet Explorer and Windows are kept up to date with the latest critical security patches from Microsoft. Click on the Start button and select Windows Update, follow the online instructions from there.
  • On a similar vein do ensure that all of your Anti-Virus and Anti-Malware software are also kept up to date.
  • To find out more information and some excellent guide lines to follow to prevent future infections you can read this article by Lawrence Abrams
Best wishes and safe surfing

GT :thumbsup:

#6 illukka

illukka

    retar.. erm retired!


  • Security Colleague
  • 2,858 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Pits Of Hell
  • Local time:02:46 AM

Posted 17 January 2007 - 11:40 AM

as the problem here seems to be resolved this topic is now closed
to get it reopened PM a staff member with the address of this thread.
this applies to the topic starter only, everyone else with similar problems start a new topic.

glad we could help :thumbsup:

thank you Whisperer :flowers:
To Ride, Shoot Straight And Speak The Truth

a retired malware fighter/teacher/advisor




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users