Hi!!
Wow!!, I must tell you that your computer is plenty of pests, you have
spayware, adware, viruses, trojans, etc. I think that they are not so
malicious and your computer can become healthy again, but probably it
take us more than one step.
These are my instructions for you:
(Please print these instructions for reference)
First, download and install CleanUp! but do not run it yet.
Note that Cleanup! deletes EVERYTHING out of temp/temporary folders
and does not make backups:
http://www.stevengould.org/downloads/cleanup/CleanUp40.exe
Then download nailfix.zip:
http://www.noidea.us/easyfile/file.php?download=20050515010747824
Then extract with Winzip or WinRar or a similar tool the nailfix.cmd
and Process.exe directly to the desktop.
The next thing to do is to update Ewido:
·Run Ewido
·On the left hand side of the main screen click update
·Click on Start
The update will start and a progress bar will show the updates being installed.
·After the updates are installed, exit Ewido.
ALTERNATIVE METHOD FOR UPDATE:
Download the last signature installer from the following page, use the
Full database Download button, then run it to install:
http://www.ewido.net/en/download/updates/
Or use this link directly:
http://download.ewido.net/ewido-signatures-full-20050802.exe
Now go to the following page and use the three online scan tools
(free), let them fix anything that they found:
http://housecall.trendmicro.com/
Now enter the Windows Control Panel and double-click on Add/Remove Programs.
When the installed programs list appears, double-click on the entry
for "Windows AFA Internet Enhancement" if it exists and allow it to
uninstall. Do the same with "WinFixer 2005", "Webshots", and
"CasinoClient" (or CasClient). Then exit the Add/Remove Programs
screen and the Control Panel.
Now reboot into Safe Mode. You can do this by restarting your computer and
after hearing your computer beep once during startup, but before the
Windows icon appears, press F8 until a menu appears. Use your up arrow
key to highlight Safe Mode, then hit enter. Or see other options and
further instructions here:
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001052409420406?OpenDocument&src=sec_doc_nam
Once in Safe Mode, Open Cleanup! by double-clicking the icon on your
desktop (or from the Start > All Programs menu). Set the program up as
follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
-Empty Recycle Bins
-Delete Cookies
-Delete Prefetch files
-Scan local drives for temporary files
-Cleanup! All Users
*Click OK
*Press the CleanUp! button to start the program.
After you finish with Cleanup!:
·Run the Nailfix (double-click on nailfix.cmd)
·Run Ewido.
-Click on scanner
-Make sure the following boxes are checked before scanning:
º Binder
º Crypter
º Archives
-Click on Start Scan
Let the program scan the machine. While the scan is in progress you
will be prompted to clean the first infected file it finds. Choose
"clean", then put a check next to "Perform action on all infections"
in the left corner of the box so you don't have to sit and watch Ewido
the whole time. Click OK.
Once the scan has completed, there will be a button located on the
bottom of the screen named Save report:
·Click Save report
·Save the report to your desktop
·Exit Ewido
Always in safe mode run HjackThis, click Scan, and place a checkmark
ONLY to the following items (if still present):
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.iquicksearch.net/search.htm
O2 - BHO: CExtension Object - {0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -
C:\WINNT\cfgmgr52.dll (file missing)
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINNT\dsr.dll
O2 - BHO: LANBridge Class - {71D1708F-973D-4600-AF01-AD86688403AE} -
C:\WINNT\system32\hiqgryhf.dll
O4 - HKLM\..\Run: [lfgoimeu] C:\WINNT\system32\lfgoimeu.exe /setuser
O4 - HKLM\..\Run: [PSof1] C:\WINNT\system32\PSof1.exe
O4 - HKLM\..\Run: [WinTask driver] C:\WINNT\system32\wintask.exe
O4 - HKLM\..\Run: [lanbrup] C:\WINNT\system32\lanbrup.exe
O4 - HKLM\..\Run: [Sysnet] C:\DOCUME~1\TOMMYO~1\LOCALS~1\Temp\sysnet.exe
O4 - HKLM\..\Run: [winsync] C:\WINNT\System32\rbobab.exe reg_run
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [System service62] C:\WINNT\etb\pokapoka62.exe
O4 - HKLM\..\Run: [afuaeaww] C:\WINNT\system32\afuaeaww.exe /setuser
O4 - HKLM\..\Run: [exp.exe] C:\WINNT\system32\exp.exe
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0721] "C:\Documents and
Settings\administrator.ISG-RU2AQ6FX7IP\Local Settings\Temporary
Internet Files\Content.IE5\6V87GZOT\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [rF9Q3pi] dgreamci.exe
O4 - HKLM\..\Run: [WinFixer 2005] C:\Program Files\WinFixer 2005\wfx5.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [mqwi] C:\PROGRA~1\COMMON~1\mqwi\mqwim.exe
O4 - HKCU\..\Run: [aoq4RfG9i] cfgtapi.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\Launcher.exe
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} -
C:\WINNT\Downloaded Program Files\SbCIe02a.dll
O16 - DPF: symsupportutil -
https://www-secure.symantec.com/techsupp/activedata/symsupportutil.CAB
O16 - DPF: {01CA75F1-054B-4A63-9221-C6926369EC52} (HS_live Control) -
http://install.homestead.com/~site/InstallFiles/SIFiles/lpxlive/HS_live.cab
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} -
https://www.plaxo.com/down/release/PlaxoInstall.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC}
(MessengerStatsClient Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {3717DF57-0396-463D-98B7-647C7DC6898A} -
http://delivery.inet-traffic.com/inetdl.exe
O16 - DPF: {4E7BD74F-2B8D-469E-A3FA-F363B384B77D} -
http://cdn.mapquest.com/mqtoolbar/mqgold1.cab
O16 - DPF: {4E888414-DB8F-11D1-9CD9-00C04F98436A} (Microsoft.WinRep) -
https://webresponse.one.microsoft.com/oas/ActiveX/winrep.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) - http://by1fd.bay1.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} -
http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} -
http://software-dl.real.com/04eb66a9e0f610404520/netzip/RdxIE601.cab
O16 - DPF: {5D9E4B6D-CD17-4D85-99D4-6A52B394EC3B} -
http://www.webshots.com/samplers/WSDownloader.ocx
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} -
http://a1540.g.akamai.net/7/1540/52/20030530/qtinstall.info.apple.com/abarth/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI
Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6BEA1C48-1850-486C-8F58-C7354BA3165E} (Install Class) -
http://updates.lifescapeinc.com/installers/pinstall/pinstall.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} -
http://www.ofoto.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {8522F9B3-0000-0000-0000-000000000000} -
http://38.144.58.87/sex/xxxmovies.cab
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} -
http://69.56.176.76/webplugin.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} -
http://mirror.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} -
http://www.installengine.com/engine/isetup.cab
O16 - DPF: {972BB342-14A7-4660-83C1-51DDBEE171DB} -
http://www.pacimedia.com/install/pcs_0002.exe
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} -
http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} -
https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C2FCEF52-ACE9-11D3-BEBD-00105AA9B6AE} (Symantec RuFSI
Registry Information Class) -
http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} -
http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} -
http://www.symantec.com/techsupp/activedata/SymAData.dll
O16 - DPF: {D19781C5-2051-44F8-8445-DDC82933C191}
(VacPro.internazionale_ver11) -
http://advnt01.com/dialer/internazionale_ver11.CAB
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl
Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/SproutLauncher.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector
Class) - http://ax.phobos.apple.com.edgesuite.net/detection/ITDetector.cab
O16 - DPF: {DA758BB1-5F89-4465-975F-8D7179A4BCF3} -
http://messenger.zone.msn.com/binary/WoF.cab31267.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} -
http://download.games.yahoo.com/games/popcap/zuma/popcaploader_v6.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} -
http://www.symantec.com/techsupp/activedata/ActiveData.cab
O16 - DPF: {E7D2588A-7FB5-47DC-8830-832605661009} -
http://livesc02.rightnowtech.com/midwestexpress/midwestexpress/rnt/rnl/java/RntX.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} -
http://fdl.msn.com/public/chat/msnchat45.cab
(YES, THE ENTIRE O16 SECTION)
O18 - Filter: text/html - {8293D547-38DD-4325-B35A-F1817EDFA5FC} -
C:\Program Files\Cas\Client\casmf.dll
O20 - AppInit_DLLs: , ,
O23 - Service: System Event Notification service (afuaeaww) - Unknown
owner - C:\WINNT\system32\afuaeaww.exe
O23 - Service: IIs5Recycle - Unknown owner - C:\Documents and
Settings\Tommy O\Desktop\IIs5Recycle.exe (file missing)
O23 - Service: Distributed Link Tracking Client service (iuazorja) -
Unknown owner - C:\WINNT\system32\iuazorja.exe
O23 - Service: Background Intelligent Transfer Service service
(lfgoimeu) - Unknown owner - C:\WINNT\system32\lfgoimeu.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner -
C:\WINNT\svcproc.exe
After you selected ALL the above existing items click on the "Fix Checked" button.
(It continues, please be patient)
Ensure that all the files in your system are viewable:
"Help: How to Show System Files"
http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5
Find and delete (if still present) the following files:
C:\WINNT\cfgmgr52.dll
C:\WINNT\system32\hiqgryhf.dll
C:\WINNT\system32\lfgoimeu.exe /setuser
C:\WINNT\system32\PSof1.exe
C:\WINNT\system32\wintask.exe
C:\WINNT\system32\lanbrup.exe
C:\DOCUME~1\TOMMYO~1\LOCALS~1\Temp\sysnet.exe
C:\WINNT\System32\rbobab.exe
C:\WINNT\etb\pokapoka62.exe
C:\WINNT\system32\afuaeaww.exe
C:\WINNT\system32\exp.exe
C:\Documents and Settings\administrator.ISG-RU2AQ6FX7IP\Local
Settings\Temporary Internet
Files\Content.IE5\6V87GZOT\WinFixer2005ScannerInstall[1].exe
dgreamci.exe
C:\Program Files\WinFixer 2005\wfx5.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Program Files\Cas\Client\casmf.dll
C:\PROGRA~1\COMMON~1\mqwi\mqwim.exe
cfgtapi.exe
C:\Program Files\Webshots\Launcher.exe
C:\WINNT\Downloaded Program Files\SbCIe02a.dll
C:\Documents and Settings\Tommy O\Desktop\IIs5Recycle.exe
C:\WINNT\system32\iuazorja.exe
C:\WINNT\system32\lfgoimeu.exe
C:\WINNT\svcproc.exe
Also delete the following folders with their content:
C:\Program Files\WinFixer 2005\
C:\Program Files\Cas\
C:\PROGRA~1\COMMON~1\mqwi\ (C:\Program Files\Common Programs\mqwi)
C:\Program Files\Webshots\
·Reboot into normal mode (that is normally).
Once in normal mode check your computer behaviour. Then run
HijackThis, scan your computer and generate a fresh log (you must not
fix anything, after a new analysis of it I will tell you if there are
remanents to be fixed with this tool), this log must be posted here as
a request of a clarification. Also if you can post the Ewido's report
and a description of how is your computer working now.
I hope that this helps you to clean your computer. feel free to
request for further assistance if you need it or find something
difficult to do. I will gladly respond your requests.
Regards,
livioflores-ga |
Clarification of Answer by
livioflores-ga
on
03 Aug 2005 00:52 PDT
I forgot to tell you to disable the System Restore if you have it enabled:
"1. Right click the My Computer icon on the Desktop and click on Properties.
2. Click on the System Restore tab.
3. Put a check mark next to 'Turn off System Restore on All Drives'.
4. Click the 'OK' button.
5. You will be prompted to restart the computer. Click Yes.
Note: To re-enable the Restore Utility, follow steps one to five and
on step three remove the check mark next to 'Turn off System Restore
on All Drives'."
From "Disabling System Restore" at McAfee Inc.:
http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm
|
Request for Answer Clarification by
oconnell-ga
on
03 Aug 2005 23:51 PDT
Livio,
I am posting the most recent logfile below and the Ewido report. The
computer seems to be running OK. When it started I got a message
"error loading C:\winnt\cfgmgr52.dll Module could not be found."
That seemed to be the only thing that happened. I hope this worked.
It took me 13 hours.
Should I keep the Ewido on my computer? Will that help guard against
future attacks?
Tom
Logfile of HijackThis v1.99.1
Scan saved at 1:45:11 AM, on 8/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Documents and Settings\administrator.ISG-RU2AQ6FX7IP\Desktop\HijackThis.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINNT\dinst.exe
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe"
/server /startmonitor /deaf
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0721] "C:\Documents and
Settings\administrator.ISG-RU2AQ6FX7IP\Local Settings\Temporary
Internet Files\Content.IE5\6V87GZOT\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [nimowpr] c:\winnt\system32\nenprsr.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program
Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
- C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
- http://housecall60.trendmicro.com/housecall/xscan60.cab
O23 - Service: System Event Notification service (afuaeaww) - Unknown
owner - C:\WINNT\system32\afuaeaww.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -
C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Distributed Link Tracking Client service (iuazorja) -
Unknown owner - C:\WINNT\system32\iuazorja.exe (file missing)
O23 - Service: Background Intelligent Transfer Service service
(lfgoimeu) - Unknown owner - C:\WINNT\system32\lfgoimeu.exe (file
missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\Kodak EasyShare
software\bin\ptssvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:45:49 AM, 8/4/2005
+ Report-Checksum: D6F2304
+ Scan result:
C:\WINNT\AuroraHandler.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\cqe893h6.exe -> Adware.SAHA : Cleaned with backup
C:\WINNT\Downloaded Program Files\HDPlugin1101.dll -> Adware.Gator :
Cleaned with backup
C:\WINNT\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINNT\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINNT\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINNT\itmiszh.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\mibtpfse.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINNT\system32\hgkibg.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\nenprsr.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\nsk2B3.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINNT\system32\nsw3B.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINNT\system32\redit.cpl -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINNT\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl :
Cleaned with backup
C:\WINNT\system32\supdate.dll -> TrojanDownloader.Qoologic.p : Cleaned with backup
C:\WINNT\system32\VVSNInst.exe/VVSN.exe -> Adware.SaveNow : Error during cleaning
C:\WINNT\system32\wvbcjuq.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\system32\yjtverg.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINNT\visfxun.exe -> TrojanDownloader.VB.kd : Cleaned with backup
::Report End
|
Clarification of Answer by
livioflores-ga
on
04 Aug 2005 08:07 PDT
hi!!
We are pretty close, you did a very good work!!!
There are some persistant remanent pests to be fixed with HijackThis,
please do the following:
- Reboot in Safe mode
- run Hijackthis, click Scan, and place a checkmark ONLY to the following items:
O4 - HKLM\..\Run: [C:\WINNT\VCMnet11.exe] C:\WINNT\VCMnet11.exe
O4 - HKLM\..\Run: [cfgmgr52] RunDLL32.EXE C:\WINNT\cfgmgr52.dll,DllRun
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0721] "C:\Documents and
Settings\administrator.ISG-RU2AQ6FX7IP\Local Settings\Temporary
Internet Files\Content.IE5\6V87GZOT\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [nimowpr] c:\winnt\system32\nenprsr.exe r
O23 - Service: System Event Notification service (afuaeaww) - Unknown
owner - C:\WINNT\system32\afuaeaww.exe (file missing)
O23 - Service: Distributed Link Tracking Client service (iuazorja) -
Unknown owner - C:\WINNT\system32\iuazorja.exe (file missing)
O23 - Service: Background Intelligent Transfer Service service
(lfgoimeu) - Unknown owner - C:\WINNT\system32\lfgoimeu.exe (file
missing)
Then search and delete the following files:
C:\WINNT\VCMnet11.exe
C:\WINNT\cfgmgr52.dll
c:\winnt\system32\nenprsr.exe
For the next one use the search tool (at My PC window --> Search
Button --> search for *WinFixer* and delete all the files found):
C:\Documents and Settings\administrator.ISG-RU2AQ6FX7IP\Local
Settings\Temporary Internet
Files\Content.IE5\6V87GZOT\WinFixer2005ScannerInstall[1].exe
Then reboot normally, check the computer behaviour and post a fresh HJT log.
Regards,
livioflores-ga
|
Request for Answer Clarification by
oconnell-ga
on
04 Aug 2005 09:38 PDT
livio,
Here's the new log. I could not find VCMnet11.exe or nenprsr.exe. I
deleted cfgmgr52.
Also, I constantly run and update my Norton AntiVirus. How did this
infection take place? Is Norton not enough? My son uses instant
messaging a lot. Is that a primary reason?
Thanks for everything so far.
Log follows:
Logfile of HijackThis v1.99.1
Scan saved at 11:31:14 AM, on 8/4/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINNT\System32\ctfmon.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Documents and Settings\administrator.ISG-RU2AQ6FX7IP\Desktop\HijackThis.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Dinst] C:\WINNT\dinst.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe"
/server /startmonitor /deaf
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0721] "C:\Documents and
Settings\administrator.ISG-RU2AQ6FX7IP\Local Settings\Temporary
Internet Files\Content.IE5\6V87GZOT\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program
Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
- C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
- http://housecall60.trendmicro.com/housecall/xscan60.cab
O23 - Service: System Event Notification service (afuaeaww) - Unknown
owner - C:\WINNT\system32\afuaeaww.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -
C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Distributed Link Tracking Client service (iuazorja) -
Unknown owner - C:\WINNT\system32\iuazorja.exe (file missing)
O23 - Service: Background Intelligent Transfer Service service
(lfgoimeu) - Unknown owner - C:\WINNT\system32\lfgoimeu.exe (file
missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\Kodak EasyShare
software\bin\ptssvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
|
Clarification of Answer by
livioflores-ga
on
04 Aug 2005 21:04 PDT
Hi!!
You are doing very well, there is only one pest still resident in your
computer, to remove it do the following:
- Update Ewido using the update button.
- Reboot in Safe Mode
- Run Ewido and scan your computer with it, let it fix everything it finds.
- Still in Safe Mode run HJT, click the Do a system scan button and
check to fix the following (if still present):
O4 - HKLM\..\Run: [Dinst] C:\WINNT\dinst.exe
O23 - Service: Distributed Link Tracking Client service (iuazorja) -
Unknown owner - C:\WINNT\system32\iuazorja.exe (file missing)
O23 - Service: Background Intelligent Transfer Service service
(lfgoimeu) - Unknown owner - C:\WINNT\system32\lfgoimeu.exe (file
missing)
After you selected ALL the above existing items click on the "Fix Checked" button.
Now ensure that all the files in your system are viewable:
"Help: How to Show System Files"
http://www.xtra.co.nz/help/0,,4155-1916458,00.html#5
Delete C:\WINNT\dinst.exe
Reboot normally and check your computer behaviour, let me know how is
working and post a new fresh HJT log, it could be the last one!!!
Regarding to the security advices after I see your next HJT log I will
give you some advices, for example your system lacks of firewall
protection and your Windows version is not updated with the Service
Pack 2 that improves a lot the system security, but first finish to
clean it and then we will talk about this.
Regards,
livioflores-ga
|
Clarification of Answer by
livioflores-ga
on
07 Aug 2005 06:24 PDT
Hi!!
How is your computer working, still on troubles?
I want to know to give you some security advices.
Regards,
livioflores-ga
|
Request for Answer Clarification by
oconnell-ga
on
08 Aug 2005 07:42 PDT
Hi,
I was away most of the weekend. Here is the log file from today. I
did not see dinst.exe on my computer, so I couldn't delete it.
Logfile of HijackThis v1.99.1
Scan saved at 9:40:25 AM, on 8/8/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINNT\System32\ctfmon.exe
C:\WINNT\System32\CTSvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\DataViz\DvzIncMsgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\ptssvc.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\administrator.ISG-RU2AQ6FX7IP\Desktop\HijackThis.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft
IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common
Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program
Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE
C:\WINNT\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINNT\system32\NeroCheck.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe"
/server /startmonitor /deaf
O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0721] "C:\Documents and
Settings\administrator.ISG-RU2AQ6FX7IP\Local Settings\Temporary
Internet Files\Content.IE5\6V87GZOT\WinFixer2005ScannerInstall[1].exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINNT\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program
Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: DataViz Inc Messenger.lnk = C:\Program
Files\Common Files\DataViz\DvzIncMsgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft
Office\Office\OSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
- C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD}
- C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger -
{4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program
Files\Yahoo!\Messenger\yhexbmes0521.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control)
- http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload
Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O23 - Service: System Event Notification service (afuaeaww) - Unknown
owner - C:\WINNT\system32\afuaeaww.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) -
Symantec Corporation - C:\Program Files\Common Files\Symantec
Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology
Ltd - C:\WINNT\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks -
C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks -
C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. -
C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Distributed Link Tracking Client service (iuazorja) -
Unknown owner - C:\WINNT\system32\iuazorja.exe (file missing)
O23 - Service: Background Intelligent Transfer Service service
(lfgoimeu) - Unknown owner - C:\WINNT\system32\lfgoimeu.exe (file
missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) -
Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA
Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\system32\HPZipm12.exe
O23 - Service: ptssvc - KODAK - C:\Program Files\KODAK\Kodak EasyShare
software\bin\ptssvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec
Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec
Corporation - C:\Program Files\Common Files\Symantec
Shared\SNDSrvc.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot
Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation -
C:\Program Files\Common Files\Symantec Shared\Security
Center\SymWSC.exe
Thanks,
Tom
|
Clarification of Answer by
livioflores-ga
on
09 Aug 2005 00:34 PDT
hi!!
Now yes your computer seems to be clean, just do some minor (cosmetic) fixes:
Boot in safe mode --> Go to Start Menu --> Run --> type msconfig and
press Enter --> at the StartUp tab uncheck the item related to:
[NI.UWFX5LP_0001_0721] "C:\Documents and
Settings\administrator.ISG-RU2AQ6FX7IP\Local Settings\Temporary
Internet Files\Content.IE5\6V87GZOT\WinFixer2005ScannerInstall[1].exe"
Now clean out your Temp files and your Temporary Internet Files.
Please do both steps:
-- Delete Temp Files:
Click on Start and then run, and type %temp% and press the ok button.
This should open up the temp directory that your machine uses. Please
delete all files that are found there. If you get an error when
deleting a file, skip that file and delete all the others.
-- Delete Temporary Internet Files:
Now open up Internet Explorer, and click on the Tools menu and then
Internet Options. At the General tab, click on the Delete Files button
and put a checkmark in Delete offline content. Then press the OK
button. This may take quite a while, so do not be alarmed with how
long it takes.
Reboot in Normal mode. Thats all.
Regarding to your security, your operative system needs to be updated
with the service pack 2 (SP2), you must use the Windows Update feature
to do that:
http://windowsupdate.microsoft.com/
You can skip the above suggestion, but it is not recommended, see the
following page:
http://www.create.cett.msstate.edu/create/howto/Windows_Update.pdf
Also take a look here:
"Protect your PC":
http://www.microsoft.com/athome/security/protect/default.aspx
Other thing that you need is a firewall, you can use Zone Alarm, it is
free to use at home. It is easy to configure and a getting started
tutorial explains controls and alerts to get you up and running
quickly.:
http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp
One more thing that I suggest to you is to "vaccinate" your computer
against spyware and other pests, do it with SpywareBlaster:
http://www.javacoolsoftware.com/spywareblaster.html
Download it from here:
http://ct7support.com/downloads/javacool/z341a/spywareblastersetup34.exe
After installing it you must update SpywareBlaster, then use the
protection features of it, for a guidance here is a nice tutorial:
http://www.bleepingcomputer.com/forums/index.php?showtutorial=49
Other necessary tool is SpywareGuard, it provides a real-time
protection solution against spyware that is a great addition to
SpywareBlaster's protection method. It is free also:
http://www.javacoolsoftware.com/spywareguard.html
There is a tutorial here:
http://www.bleepingcomputer.com/forums/Using_SpywareGuard_to_protect_your_computer_from_Spyware__and__Hijackers-tut50.html
Remember to check for updates at least once a week for ALL your
protection software (Antivirus, Ewido, SpywareBlaster and
SpywareGuard); this will help to keep your computer clean and
protected.
Regards,
livioflores-ga
|
,
0 Comments
)