• Announcements

    • LS.Andy

      Support for other products than adaware, ad block, web protection and Web Companion   05/05/2017

      Support for the following products is handled by the Lavasoft support team: Lavasoft Tuneup Kit Lavasoft PC Optimizer Lavasoft Driver Updater Lavasoft Registry Tuner Lavasoft Privacy Toolbox Lavasoft File Shredder Lavasoft Digital Lock

      For help with these products, contact the support team here: http://www.lavasoft.com/support/supportcenter/
       
Sign in to follow this  
Followers 0
johan_b

Solution for "deep scanning the registry" problem!!!

19 posts in this topic

If Ad-aware can't deep scan your registry without stalling...

 

I have the solution!!!

I searched this forum and found a link to this "fix" program!

It seems to be some bad entries in the registry that needs to be deleted in:

 

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\*******

 

And this program fixes it! :D

 

Try one of these links:

http://downloads.subratam.org/Fixwareout.exe

http://swandog46.geekstogo.com/Fixwareout.exe

 

U have to reboot and wait for 5 min but it's worth it!

Share this post


Link to post
Share on other sites

Caution!: That is not a one-size-fits-all solution for the freezing issues. It's only one of many

 

I'm glad to hear that worked for you, however, it's only effective it you have that particular nasty which one of many that come with a rootkit which is known to cause problems with scanning because it uses stealth technology to hide the malware from Windows. It is the rootkit that causes the freezing. There are numerous other malware that come with rootkits, hence the recommendation to run a rootkit tool to find the culprit as you can see in this posted stickied at the top of this forum:

Ad-Aware Freezing Issue

http://www.lavasoftsupport.com/index.php?showtopic=783

 

There are other causes of the freezing as well, however, if you suspect a rootkit, use the rootkit finding tools posted in that link and wait for someone to interpret the results for you before taking action.

 

FixWareout is a stand alone tool written by volunteers in malware research. It is not recommended you run this tool without trained supervion as false positives are known to occur. If you delete files without knowing for sure this could cause problems with your operating system. That is the reason a log is produced and requested you post for review before taking any further aciton. Ditto for the rootkit finding tools posted. These tools will "see" legitimate files in addition to any bad files, therefore, do not delete anything without a recommendation by a trained malware/rootkit advisor

Share this post


Link to post
Share on other sites

Ok, thanks!

 

Your right, this is maybe just a solution for some....but I have tried so many things and nothing worked, so...

So far I have not found any problems after using this program...

And I have not deleted any files that was reported. It just deleted two entries that were "strange" and now I can scan again. Since I COULD scan before 2 months ago, these two entries must have been added after that somehow...anyways, thanks for a great forum!!!

Share this post


Link to post
Share on other sites

FixWareout doesn't remove the infected files, just the registry entries, so we need to deal with any infected files it found (if any)

 

Could you please run the tool once more and post the report at the end: report.txt

Copy the results back here for review, there may be more to do to ensure your computer is clean and doesn't become re-infected.

Share this post


Link to post
Share on other sites

Here is the report:

Fixwareout ver 1.003

Last edited 8/11/2006

Post this report in the forums please

 

Reg Entries that were deleted

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\1trap

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Urls\2trap

...

 

Random Runs removed from HKLM

...

 

PLEASE NOTE, There WILL be LEGITIMATE FILES LISTED. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.

 

»»»»» Searching by size/names...

* csr.exe C:\WINDOWS\System32\CSXKS.EXE

* csr.exe C:\WINDOWS\System32\{16B1B~1.EXE

 

»»»»»

Search five digit cs, dm and jb files.

This WILL/CAN also list Legit Files, Submit them at Virustotal

C:\WINDOWS\SYSTEM32\CSXKS.EXE 51 275 2006-08-15

 

Other suspects.

Directory of C:\WINDOWS\system32

{4647DD55-05EB-4C27-A278-273CF2FC643F}.exe

{16B1BE4B-F5CF-43F6-978A-28CF59229D4E}.exe

 

»»»»» Misc files.

 

»»»»» Checking for older varients covered by the Rem3 tool.

 

That's all the report said.......

Edited by johan_b

Share this post


Link to post
Share on other sites

Thanks,

 

Yes, you have some suspicious files that need looking at to see if they are part of this infection.

 

Go here to upload the files as attachments

http://www.thespykiller.co.uk/forum/index.php?board=1.0

Just press new topic (Make the subject: For CalamityJane from johan_b at LS ),

fill in a short message & then press the browse button and then navigate to & select these files on your computer, If there is more than 1 file then press the more attachments button for each extra file and browse and select etc and then when all the files are listed in the windows press the *Post* button to upload the files

 

Files to attach for upload:

 

C:\WINDOWS\System32\CSXKS.EXE

 

C:\WINDOWS\system32\{4647DD55-05EB-4C27-A278-273CF2FC643F}.exe

 

C:\WINDOWS\system32\{16B1BE4B-F5CF-43F6-978A-28CF59229D4E}.exe

 

You DO NOT need to register to start a topic or upload, anybody can upload the files

 

You will not see the files that have been uploaded as they only show to the authorized users who can download them. I will be able to collect the files from there and will reply back here to you in this topic with steps to remove it, once I determine what it is.

Share this post


Link to post
Share on other sites

LS CalamityJane, don't u think it's possible that one can remove the rootkit problem with a program, but not be able to fix the entries in regedit????? Cause in my case and "The Nephalim's" case it seems like we don't have any rootkit problems but there's still something in the registry that freezes Ad-aware... :)

Now I will do what u asked for in your latest reply, thanks for your help!

Share this post


Link to post
Share on other sites
LS CalamityJane, don't u think it's possible that one can remove the rootkit problem with a program, but not be able to fix the entries in regedit????? Cause in my case and "The Nephalim's" case it seems like we don't have any rootkit problems but there's still something in the registry that freezes Ad-aware... :huh:

Now I will do what u asked for in your latest reply, thanks for your help!

Hi johan,

 

Let's get the infected files off of there and then see how Ad-Aware scans at that point.

 

All 3 files you uploaded were infected.

 

Please delete each of these and let me know if any problems deleting them:

 

C:\WINDOWS\System32\CSXKS.EXE

 

C:\WINDOWS\system32\{4647DD55-05EB-4C27-A278-273CF2FC643F}.exe

 

C:\WINDOWS\system32\{16B1BE4B-F5CF-43F6-978A-28CF59229D4E}.exe

Share this post


Link to post
Share on other sites

Ok, now I've deleted them without a problem, all three files had the same date so they must have had something in common....do u have any idea what type of infections they were? Will I have problems after removing them? I mean, maybe they belonged to a program or something....I remember that I installed a codec some time ago that gave me some problems, I think it was a spyware trick.....it could have been those files that was giving me hell then and now we found them, thanks anyways for your help!

I'll post again if those files come back...

Share this post


Link to post
Share on other sites

Hi johan,

 

Yes, they were all related and all infected. Scan results:

 

Complete scanning result of "csxks.exe", received in VirusTotal at 10.11.2006, 23:24:02 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.25 10.11.2006 HEUR/Malware

Authentium 4.93.8 10.11.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus

Avast 4.7.892.0 10.11.2006 Win32:Agent-AVO

AVG 386 10.11.2006 no virus found

BitDefender 7.2 10.11.2006 Trojan.Downloader.Mohbpork.A

CAT-QuickHeal 8.00 10.11.2006 Trojan.DNSChanger

ClamAV devel-20060426 10.11.2006 no virus found

DrWeb 4.33 10.11.2006 Trojan.DnsChange

eTrust-InoculateIT 23.73.19 10.11.2006 no virus found

eTrust-Vet 30.3.3127 10.11.2006 Win32/Alureon!generic

Ewido 4.0 10.11.2006 Downloader.Agent.uj

Fortinet 2.82.0.0 10.11.2006 suspicious

F-Prot 3.16f 10.11.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus

F-Prot4 4.2.1.29 10.11.2006 W32/SecRisk-ProcessPatcher-based!Maximus

Ikarus 0.2.65.0 10.11.2006 no virus found

Kaspersky 4.0.2.24 10.11.2006 Trojan-Downloader.Win32.Agent.uj

McAfee 4871 10.11.2006 no virus found

Microsoft 1.1603 10.11.2006 no virus found

NOD32v2 1.1797 10.10.2006 a variant of Win32/Small.FB

Norman 5.90.23 10.11.2006 no virus found

Panda 9.0.0.4 10.11.2006 Trj/Ruins.MB

TheHacker 6.0.1.096 10.11.2006 no virus found

UNA 1.83 10.11.2006 no virus found

VBA32 3.11.1 10.11.2006 Trojan.DownLoader.10960

VirusBuster 4.3.7:9 10.11.2006 no virus found

 

Aditional Information

File size: 51275 bytes

MD5: e37012dc8559e13c407b8bfaa9451ded

SHA1: 5fde7a8dec164e84e1ce208d3c2b4f29c5b65c89

..........................

Complete scanning result of "_4647DD55-05EB-4C27-A278-273CF2FC", received in VirusTotal at 10.11.2006, 23:28:26 (CET).

 

Antivirus Version Update Result

AntiVir 7.2.0.25 10.11.2006 no virus found

Authentium 4.93.8 10.11.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus

Avast 4.7.892.0 10.11.2006 Win32:Small-BHP

AVG 386 10.11.2006 no virus found

BitDefender 7.2 10.11.2006 MemScan:Trojan.Agent.QB

CAT-QuickHeal 8.00 10.11.2006 Trojan.DNSChanger

ClamAV devel-20060426 10.11.2006 no virus found

DrWeb 4.33 10.11.2006 Trojan.DnsChange

eTrust-InoculateIT 23.73.19 10.11.2006 no virus found

eTrust-Vet 30.3.3127 10.11.2006 Win32/Alureon!generic

Ewido 4.0 10.11.2006 no virus found

Fortinet 2.82.0.0 10.11.2006 suspicious

F-Prot 3.16f 10.11.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus

F-Prot4 4.2.1.29 10.11.2006 W32/SecRisk-ProcessPatcher-based!Maximus

Ikarus 0.2.65.0 10.11.2006 no virus found

Kaspersky 4.0.2.24 10.11.2006 Trojan.Win32.Small.fb

McAfee 4871 10.11.2006 Downloader-ARR

Microsoft 1.1603 10.11.2006 no virus found

NOD32v2 1.1797 10.10.2006 a variant of Win32/Small.FB

Norman 5.90.23 10.11.2006 no virus found

Panda 9.0.0.4 10.11.2006 Trj/Ruins.MB

Sophos 4.10.0 10.05.2006 Troj/RuinDl-Gen

TheHacker 6.0.1.096 10.11.2006 no virus found

UNA 1.83 10.11.2006 no virus found

VBA32 3.11.1 10.11.2006 Trojan.Win32.Small.je

VirusBuster 4.3.7:9 10.11.2006 no virus found

 

Aditional Information

File size: 62032 bytes

MD5: 6f6db604a81736ca44c43fd0a3faf79c

SHA1: 7382258ca67e3b40552bd18fb2fe47bc6f4c7be2

............................

{16B1BE4B-F5CF-43F6-978A-28CF59229D4E}.exe

Service is stopped in this moments. Scanning of your sample has not been finalized and results has been lost. If you wish to scan it, please send it again.

 

Antivirus Version Update Result

AntiVir 7.2.0.25 10.11.2006 HEUR/Malware

Authentium 4.93.8 10.11.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus

Avast 4.7.892.0 10.11.2006 Win32:Agent-AVO

AVG 386 10.11.2006 no virus found

BitDefender 7.2 10.11.2006 Trojan.Downloader.Mohbpork.A

CAT-QuickHeal 8.00 10.11.2006 Trojan.DNSChanger

ClamAV devel-20060426 10.11.2006 no virus found

eTrust-InoculateIT 23.73.19 10.11.2006 no virus found

eTrust-Vet 30.3.3127 10.11.2006 Win32/Alureon!generic

DrWeb 4.33 10.11.2006 Trojan.DnsChange

Ewido 4.0 10.11.2006 Downloader.Agent.uj

Fortinet 2.82.0.0 10.11.2006 suspicious

F-Prot 3.16f 10.11.2006 Possibly a new variant of W32/SecRisk-ProcessPatcher-based!Maximus

F-Prot4 4.2.1.29 10.11.2006 W32/SecRisk-ProcessPatcher-based!Maximus

Ikarus 0.2.65.0 10.11.2006 no virus found

Kaspersky 4.0.2.24 10.11.2006 Trojan-Downloader.Win32.Agent.uj

McAfee 4871 10.11.2006 no virus found

Microsoft 1.1603 10.11.2006 no virus found

NOD32v2 1.1797 10.10.2006 a variant of Win32/Small.FB

Norman 5.80.02 10.11.2006 no virus found

Panda 9.0.0.4 10.11.2006 Trj/Ruins.MB

 

Aditional Information

File size: 51275 bytes

MD5: e37012dc8559e13c407b8bfaa9451ded

SHA1: 5fde7a8dec164e84e1ce208d3c2b4f29c5b65c89

............................

If you downloaded a Codec about that time it is most likely the culprit as the "fake codec" to view a video is a very common trick to get folks to download it and then they get infected. There are many, many variants and most try to install a fake Antispyware program of one sort or another with big warnings about a fake virus to further try to trick you into paying for it.

 

This is only a generic description but yours was of the same family of trojans:

 

Win32/Alureon Family

http://www3.ca.com/securityadvisor/virusin...s.aspx?ID=50214

 

You had the desktop Hijacker from that codec as described Here in our September Newsletter.

 

Yours was hidden by a rootkit, hence the need for a special tool to remove it.

 

I'd like to see a diagnostic log from this free tool please to see if there are any remaining leftovers:

A diagnostic log from this free tool called HijackThis

Instructions on creating a HijackThis Log

http://www.lavasoftsupport.com/index.php?showtopic=216

Share this post


Link to post
Share on other sites

Hi, thanks for the explanation...

I remember now that I downloaded the "emedia-codec" which was on that list of fake codecs!

Now I've learned a lesson...

Anyways, it has'nt come back after rebooting so everything seems to be fine now.

Here you have the Hijackthis-log:

 

Logfile of HijackThis v1.99.1

Scan saved at 11:58:33, on 2006-10-13

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec AntiVirus\DefWatch.exe

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Alias\Alias ImageStudio 2.0\bin\renderqueue.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\Tablet.exe

C:\Program\Sony\VAIO Event Service\VESMgr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\WINDOWS\Explorer.EXE

C:\Program\Sony\ISB Utility\ISBMgr.exe

C:\Program\Sony\VAIO Power Management\SPMgr.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\SYMANT~1\VPTray.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\QuickTime\qttask.exe

C:\Program\D-Tools\daemon.exe

C:\Program\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe

C:\Program\Sony\SONICS~1\SsAAD.exe

C:\Program\CA\eTrust Internet Security Suite\caissdt.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe

C:\Program\Winamp\winampa.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\Java\jre1.5.0_05\bin\jusched.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe

C:\Program\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

C:\Program\Delade filer\Sony Shared\GMR\GMRMan.exe

C:\Program\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program\Mozilla Firefox\firefox.exe

C:\hij\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.zonelabs.com/redirect/rout...=license_wizard

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_05\bin\ssv.dll (file missing)

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER

O4 - HKLM\..\Run: [ssAAD.exe] C:\Program\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [CaISSDT] "C:\Program\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_05\bin\jusched.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\Nero BackItUp\NBJ.exe"

O4 - Startup: Cyber-shot Viewer verktyg för mediekontroll.lnk = C:\Program\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:\Program\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe

O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe

O4 - Global Startup: ProfileReminder.lnk = C:\Program\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_05\bin\npjpi150_05.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_05\bin\npjpi150_05.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{22248F58-2BA8-408D-B24B-C950BFC13C2C}: NameServer = 85.255.113.93,85.255.112.210

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210

O17 - HKLM\System\CS1\Services\Tcpip\..\{22248F58-2BA8-408D-B24B-C950BFC13C2C}: NameServer = 85.255.113.93,85.255.112.210

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210

O17 - HKLM\System\CS2\Services\Tcpip\..\{22248F58-2BA8-408D-B24B-C950BFC13C2C}: NameServer = 85.255.113.93,85.255.112.210

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Alias ImageStudio Render Queue (renderqueue) - Unknown owner - C:\Program\Alias\Alias ImageStudio 2.0\bin\renderqueue.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program\Delade filer\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

 

Thanks again...:)

Share this post


Link to post
Share on other sites

emedia codec is one of the bad boys, indeed.

 

And, there are some "bad" entries this nasty left in your registry.

 

We need to fix those.

 

Open HijackThis and do a *system scan only*

 

When it finishes, place a checkmark next to these entries and then press the *fix checked* button

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Länkar

 

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_05\bin\ssv.dll (file missing)

 

O17 - HKLM\System\CCS\Services\Tcpip\..\{22248F58-2BA8-408D-B24B-C950BFC13C2C}: NameServer = 85.255.113.93,85.255.112.210

 

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210

 

O17 - HKLM\System\CS1\Services\Tcpip\..\{22248F58-2BA8-408D-B24B-C950BFC13C2C}: NameServer = 85.255.113.93,85.255.112.210

 

O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210

 

O17 - HKLM\System\CS2\Services\Tcpip\..\{22248F58-2BA8-408D-B24B-C950BFC13C2C}: NameServer = 85.255.113.93,85.255.112.210

 

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.113.93 85.255.112.210

 

Also, Your Sun Java is out of date and old versions left on your pc, even after updating can be vulnerable to malware exploit. Go to Start / Control Panel and look in Add/Remove programs. Remove all old versions of Sun Java.

They will appear in the "J's" something similar to (for example):

 

j2re1.4.2_05 or

 

jre1.5.0_05

 

JAVA 2 RUNTIME ENVIROMENT SE V1.4.2_03

 

JAVA 2 RUNTIME ENVIROMENT SE V.14.2_06

 

(or similar, and there may be more than one. Remove them all)

 

Then go get the latest up to date version here:

http://www.java.com/en/download/manual.jsp

 

Here's why removing old versions of Sun Java is important:

Potential Vulnerability with Sun Java auto update

http://www.dslreports.com/forum/remark,14738046

 

This is a vulnerability in that Sun Java new updated versions do not remove prior vulnerable versions. You will have to remember to do that manually whenever you update your Sun Java.

...............

When done with the above, please scan once more with Hijackthis to produce a log and post the fresh log back here for review :)

Share this post


Link to post
Share on other sites

Thanks again for your time, here's the new hjthis-log:

 

Logfile of HijackThis v1.99.1

Scan saved at 12:59:45, on 2006-10-14

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program\Symantec AntiVirus\DefWatch.exe

C:\Program\Executive Software\Diskeeper\DkService.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program\Alias\Alias ImageStudio 2.0\bin\renderqueue.exe

C:\WINDOWS\system32\svchost.exe

C:\Program\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\Tablet.exe

C:\Program\Sony\VAIO Event Service\VESMgr.exe

C:\WINDOWS\system32\ZoneLabs\vsmon.exe

C:\Program\Sony\ISB Utility\ISBMgr.exe

C:\Program\Sony\VAIO Power Management\SPMgr.exe

C:\Program\Delade filer\Symantec Shared\ccApp.exe

C:\Program\SYMANT~1\VPTray.exe

C:\Program\iTunes\iTunesHelper.exe

C:\Program\QuickTime\qttask.exe

C:\Program\D-Tools\daemon.exe

C:\Program\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe

C:\Program\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe

C:\Program\Sony\SONICS~1\SsAAD.exe

C:\Program\CA\eTrust Internet Security Suite\caissdt.exe

C:\Program\Winamp\winampa.exe

C:\Program\Zone Labs\ZoneAlarm\zlclient.exe

C:\Program\MSN Messenger\MsnMsgr.Exe

C:\Program\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe

C:\Program\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

C:\Program\Delade filer\Sony Shared\GMR\GMRMan.exe

C:\WINDOWS\system32\WTablet\TabUserW.exe

C:\Program\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

C:\Program\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe

C:\Program\iPod\bin\iPodService.exe

C:\Program\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe

C:\WINDOWS\system32\msiexec.exe

C:\hij\HijackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://redirect.zonelabs.com/redirect/rout...=license_wizard

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

O4 - HKLM\..\Run: [iSBMgr.exe] C:\Program\Sony\ISB Utility\ISBMgr.exe

O4 - HKLM\..\Run: [sonyPowerCfg] C:\Program\Sony\VAIO Power Management\SPMgr.exe

O4 - HKLM\..\Run: [VAIO Update 2] "C:\Program\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary

O4 - HKLM\..\Run: [ccApp] "C:\Program\Delade filer\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [vptray] C:\Program\SYMANT~1\VPTray.exe

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program\D-Tools\daemon.exe" -lang 1033

O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"

O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER

O4 - HKLM\..\Run: [ssAAD.exe] C:\Program\Sony\SONICS~1\SsAAD.exe

O4 - HKLM\..\Run: [CaISSDT] "C:\Program\CA\eTrust Internet Security Suite\caissdt.exe"

O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program\CA\eTrust Internet Security Suite\eTrust PestPatrol Anti-Spyware\PPActiveDetection.exe"

O4 - HKLM\..\Run: [WinampAgent] C:\Program\Winamp\winampa.exe

O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program\Zone Labs\ZoneAlarm\zlclient.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program\Java\jre1.5.0_06\bin\jusched.exe

O4 - HKCU\..\Run: [NBJ] "C:\Program\Ahead\Nero BackItUp\NBJ.exe"

O4 - Startup: Cyber-shot Viewer verktyg för mediekontroll.lnk = C:\Program\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe

O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?

O4 - Global Startup: Adobe Gamma.lnk = C:\Program\Delade filer\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: Alias SketchBook Snapshot.lnk = C:\Program\Alias\Alias SketchBook Pro 2.0\AliasSketchSnap.exe

O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe

O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe

O4 - Global Startup: ProfileReminder.lnk = C:\Program\GretagMacbeth\i1\Eye-One Match 3\ProfileReminder.exe

O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\WTablet\TabUserW.exe

O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: Convert to existing PDF - res://C:\Program\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: E&xportera till Microsoft Excel - res://C:\Program\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\npjpi150_06.dll

O9 - Extra 'Tools' menuitem: Sun Java-konsol - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program\Java\jre1.5.0_06\bin\npjpi150_06.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program\MSNMES~1\MSGRAP~1.DLL

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll

O20 - Winlogon Notify: VESWinlogon - C:\WINDOWS\SYSTEM32\VESWinlogon.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program\Delade filer\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\ccSetMgr.exe

O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program\Symantec AntiVirus\DefWatch.exe

O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program\Executive Software\Diskeeper\DkService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program\Delade filer\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPodService - Apple Computer, Inc. - C:\Program\iPod\bin\iPodService.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: Alias ImageStudio Render Queue (renderqueue) - Unknown owner - C:\Program\Alias\Alias ImageStudio 2.0\bin\renderqueue.exe

O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program\Symantec AntiVirus\SavRoam.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program\Delade filer\Sony Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program\Delade filer\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program\Delade filer\Sony Shared\AVLib\SSScsiSV.exe

O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program\Symantec AntiVirus\Rtvscan.exe

O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

O23 - Service: VAIO Event Service - Sony Corporation - C:\Program\Sony\VAIO Event Service\VESMgr.exe

O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

Share this post


Link to post
Share on other sites

Looks clear :(

 

Are you now able to scan with Ad-Aware?

Share this post


Link to post
Share on other sites

Yes, I can scan now...Thanks alot for all your knowledge!

Edited by johan_b

Share this post


Link to post
Share on other sites
Yes, I can scan now...
Hooray! :)

 

Some final cleanup and prevention recomendations follow.

 

You can go ahead and delete any special tools we used (FixWareout, etc). They won't serve a future purpose and are replaced with updated versions frequently, so the copies you have are probably already out of date and no need to keep them.

 

Do a disk cleanup. Go to Start > Run and type in the box: Cleanmgr

Wait while Windows scans your system for files to delete.

Make sure these 3 are checkmarked and press *ok* to delete them.

 

Temporary Files

Temporary Internet Files

Recycle Bin

 

Now that your PC is clean, make sure all programs are running properly and then you'll need to reset your restore point in Windows XP.......why?

 

One of the best features of Windows ME or XP is the System Restore option, however if a malware infects a computer with this operating system it can be backed up in the System Restore folder. Therefore, clearing the restore points is necessary after malware removal.

 

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

 

(winXP)

 

1. Turn off System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Put a Checkmark in the box next to "Turn off System Restore".

Click Apply, and then click OK.

 

2. Reboot.

 

3. Turn ON System Restore.

Go to Start and right-click on *My Computer*.

Click Properties.

Click the System Restore tab.

Remove the checkmark next to "Turn off System Restore".

Click Apply, and then click OK.

 

How to Turn On and Turn Off System Restore in Windows XP

http://support.microsoft.com/default.aspx?...kb;en-us;310405

......................

Ad-Aware Plus has realtime protection to prevent infections before they have a chance to a get stronghold on your PC

http://www.lavasoft.com/

 

Also, I can't stress enough the importance of having your Windows critical Security Updates. Most malware today uses exploits on unpatched systems to creep onto your system without your even doing anything but visiting an infected webpage!!

 

Watch what you download, be careful where you surf, and don't trust attachments or even links in email and Instant messages. Even if they come from a buddy, that buddy could be the one infected and it is the virus sending that link from his account. You click on it thinking he is trusted, and *boom* you're infected.

Many "Phishing" attempts are made by cleverly crafted email to look like it is coming from an "official" source (like Microsoft, or your bank, or some other provider). Don't click on links in those. Go directly to the site instead and navigate the menus - don't trust email you think came from a "safe source" unless you are expecting it! There is more in the link I will provide below, but those are the choice avenues of infection these days.

Stay far AWAY from cracks and warez sites - you're sure to get infected files there, and the same can be said for files downloaded from p2p (more than half are usually infected and probably not detectable by your current security software - the newest nasties are always released in those venues).

 

A word about shared computers and networks.

Share Your PC

http://www.microsoft.com/windowsxp/using/s...hare/intro.mspx

Not all users need to have Admin Accounts. It is much safer to have most of your users on a shared system running as Limited User accounts. That way, if there is "an accident", it will only affect one user's account and not the entire system.

 

 

Next, I highly recommend you get some extra protection to prevent future infections. Here are some things you can do and some free programs to help :).

How do I prevent Browser Hijacks and Spyware?

http://www.dslreports.com/faq/13620

 

I'm happy to see you have SP2 installed. That will address numerous security issues in your Operating System and IE

Make sure that you keep your Operating System and IE updated with the latest Critical Security Updates from Microsoft...they usually come out once a month, on the 2nd Tuesday of each month. This is the first step in malware prevention, as many nasties now take advantage of new exploits and if not patched, you are vulnerable!

Windows Update

http://update.microsoft.com/microsoftupdate/

 

And see this link for instructions on how to configure the enhanced security features in SP2:

http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

 

I also highly recommend to get the free tool, Microsoft Baseline Security Analyzer (MBSA) from Microsoft to analyze your PC security for prevention purposes.

 

MBSA Version 2.0 will scan for common system misconfigurations on Windows 2000, Windows XP, and Windows Server 2003 systems. This program will identify the system security weaknesses in your browser and operating system and provides easy instructions to correct them. This includes any missing critical Windows security updates, system vulnerabilities and your IE Browser security settings. Get the download here:

Microsoft Baseline Security Analyzer

http://www.microsoft.com/technet/security/...s/mbsahome.mspx

Choose MBSAsetup-EN.msi = (English Version) or the language appropriate for you.

 

Also visit this Free Online Scanner from Microsoft for PC Health and Safety

http://safety.live.com/site/en-US/default.htm

and Microsoft Security At Home

http://www.microsoft.com/athome/security/default.mspx

for tips to Protect your Pc, Protect yourself and Protect your Family.

Share this post


Link to post
Share on other sites

Ok...thank you so much, I'll try to do all I can not to get infected again :)

Edited by johan_b

Share this post


Link to post
Share on other sites

Since your issues seem resolved I'll go ahead and archive this topic in the "Resolved" section (read only)

 

If you should have any further issues, please feel free to post a new topic :P

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0