Avast WEBforum
Other => Viruses and worms => Topic started by: Ihatesirefef on July 13, 2012, 12:38:34 AM
-
New to the forms, I did post very detailed thread before but i dont think it went through....
I Had sirefef, I think avast got rid of most but I still keep getting alerts for:
Win:64 Sirefef A(Trj)
Win:32 Sirefef AO(Rtk)
(And just a couple times I got malicouis URL for something like:
Windows system 32 Svchhost
Both pop up at the same time, I have tried many different programs(tdsskiller,spyhunter,Malwarebytes), nothing has really worked,
Malwarebytes did dectected pup my search once, after that nothing and now each time I run a scan, It gives me the same 2 threats(Same/similar to Avasts)
Need lots of help ASAP, Not an expert at the computer, but i am ok...
Ill attach the Malwarebytes logs, one with the pup search, and one new one with the two threats...
Thanks,
-
- This needs further analysis by a malware removal specialist:
Go to this topic http://forum.avast.com/index.php?topic=53253.0 (http://forum.avast.com/index.php?topic=53253.0) for information on Logs to assist in cleaning malware. Use the information about getting and using the tools and attach the logs other logs here, not in the LOGS topic.
-
Ok I will try to the steps there, and post the logs here, thanks...
-
You're welcome.
When you have done so there might be a bit of a delay with different time zones and getting a qualified malware removal specialist to analyse the logs, so please bear with us.
-
Ok Here are the new attachments from Malwarebytes and Otl...
(Its not giving to much personal info is it?)
(Usually Malwarebytes detects 2 things this time it was one)
Edit:
aswMBR,
Froze once and then blue screened after,
This time it worked,
aswMBR had no option for the anssi encoding
-
How is your machine behaving now after doing performing the logs and the tools doing what they did?
I am going to refer you to our Certified Malware specialist, named Jeffce. He will also review your logs and give you further instructions. He will respond to you in this thread, so remember to check this thread daily.
Please do not make any further changes to your machine after you have provided the logs.
IMPORTANT: If you are on a home network, disconnect the affected machine from the network. Do not share a USB/flash drive with this affected machine. Do not use this machine unless Jeffce or another malware specialist instructs you do to malware removal instructions; use a different machine to check email, sync your phone or other devices.
Let us know if you have any questions. Thank you.
-
Hi,
Let me look these over and I will return shortly. :)
-
Ok....
**WARNING**Unfortunately one or more of the infections I have identified are Backdoor Trojans, IRCBots or other Malware capable of stealing very important information. You need to stop using all Internet Banking sites, change passwords to all sites with sensitive information from a clean computer and phone your bank to inform them that you may be a victim of identify theft. More often than not, we advise users that a full reinstallation of their Operating System is the only way to ensure that their computer will ever be 100% clean again.
Unfortunately I have found what is known as the ZeroAccess rootkit on your system. It is an especially nasty infection that can take quite some time to clean as well as may have damaged your system files itself. As a warning, during the cleaning (if you choose to do so) you may lose internet access with this computer and in the end we may need to reinstall the operating system anyway depending on the extent of the infection.
If you would like to format and reinstall your Operating System please let me know and we can assist you with that.
If you would like to continue with the cleaning, please continue with the following instructions and I will be more than happy to help. :)
----------
Please download and run ERUNT (http://www.snapfiles.com/get/erunt.html) (Emergency Recovery Utility NT). This program allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed. **Remember if you are using Windows Vista as your operating system right-click the executable and Run as Administrator.
----------
If you are running Malwarebytes 1.6 or better, please disable it for the duration of this run.
To disable Malwarebytes
- Open the scanner and select the Protection tab
- Remove the tick from "Start Protection Module with Windows" as seen below
(http://i1224.photobucket.com/albums/ee380/jeffce74/MBAM16orgreater.jpg)
Once complete continue with the instructions...
----------
Run OTL.exe
- Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL
:Services
:OTL
C:\Windows\Installer\{e76c179b-9f20-463a-014e-3b0f8e621e9b}
C:\Users\Home\AppData\Local\{e76c179b-9f20-463a-014e-3b0f8e621e9b}
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]- Then click the Run Fix button at the top
- Let the program run unhindered, reboot when it is done
- Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )
----------
Download Combofix from the link below, and save it to your desktop.
Link (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
**Note: It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.
--------------------------------------------------------------------
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here (http://forums.whatthetech.com/How_Disable_your_Security_Programs_t96260.html&pid=494216#entry494216)
--------------------------------------------------------------------
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts. When finished, it will produce a report for you.
- Please post the C:\ComboFix.txt for further review.
----------
In your next reply please attach the logs made by OTL and ComboFix. :)
-
Ok, Thanks, A couple things
I will reinstall the OS if there is a way to keep some of my files... Can you make a partion (Only have one right now) now and then put your files on it? Will that work? or an External Hard Drive?(I dont have one anyways)
SafeSurf said to disable internet on this computer and not plug any usb devices in?
:( Because I have done the opposite, :-[
Because I have plugged a couple USBs while I had the virus...
And I pretty much only use this computer, Is that ok, or does it really need to be disabled?...
I ran the Erunt once, I dont know where it put the file though...
On the OTL Do I run the deafult settings the first time?
It says "Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )" But they arent checked the first time so should I check them?
-
Hi,
If you were wanting to format you can save all of your files, music, pictures and such on a CD or thumb drive. This infection isn't one that will jump. You also can get on the internet if you want with it.
---------
Don't worry about ERUNT....I don't need to see the file. It just backed up your registry.
---------
For OTL, copy/paste the text I provided in the Code Box into the Custom Scans/Fixes section and press Run Fix. Once complete there will be a log created either immediately or after reboot. After reboot, run a Quick Scan and that will be fine. You don't need to check Purity or LOP.
Don't forget about ComboFix as well. :)
-
Ok I did those,
Side Stuff:
-(I did the the first OTL,
The second one had LOP and Purity checked I think,
So I did a 3rd one with them unchecked but they were still checked, Ill post all 3)
-I named combofix combofox
-I turned Avast back on now
-
Hi,
Good job with all of that.
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
DDS::
uStart Page = hxxp://google.ca/
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
File::
c:\windows\System32\drivers\siouwto.sys
Registry::
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WhiteSmoke Translator.lnk]
Driver::
kjgbb
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
(http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif)
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
-
Ok,
The first Time i tried windows blue screened, the second time it worked...
Is it almost gone?
-
Hi,
Yes we are looking better. Let's check to be sure nothing is left hiding in there.
Malwarebytes
I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
----------
Please run a free online scan with the ESET Online Scanner (http://www.eset.com/onlinescan/)
Note: You will need to use Internet Explorer for this scan[/i]- Tick the box next to YES, I accept the Terms of Use
- Click Start
- When asked, allow the ActiveX control to install
- Click Start
- Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
- Click Scan (This scan can take several hours, so please be patient)
- If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
- Copy and paste/or attach that log as a reply to this topic
**Note** If not threats are found there will not be a log created.
----------
Please attach the logs made by Malwarebytes and ESET.
-
Ok,
Malwarebytes was clean, :)
But ESET found some stuff, >:( :-\ :(
-
Hi,
Let's get rid of those.
- Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:
ClearJavaCache::
File::
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5TF98LG0\firstload_com[1].htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LW5ETHQ5\mx_nan_a[1].htm
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OGQQM89F\mx_nan_a[1].htm
- Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
(http://img.photobucket.com/albums/v706/ried7/CFScriptB-4.gif)
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
- ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
- When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
----------
-
Ok, Here is the log
-
Hi,
How is your system running? :)
-
Updated Post:
Seems to be running ok right now, But ill put some problems that I see below,
Avast hasn't detected anything in about 1-2 days, and before that during the fixes the alerts slowly went down,
So hopefully its gone,
Did run another Malwarebytes, didnt find anything,
Should I run another Eset?
(Or am I just paranoid that its not gone yet?)
But
"How is your system running? :)"
Is usually a good sign :)
Just two problems, Might be with all the anti viruses on my computer( Although Avast is the only one Active)
Problems:
-Windows Update, wont let me install updates: Windows Update error 80246008(Background Intelligent Transfer Service (BITS), So BITS is off or something, but when it tills me to go to services its not there...
According to Microsoft/people its "Corrupt, damaged, or otherwise missing serviceā¦"
So that may be a major problem, Hopefully its not...
- Blue Screened twice today, Once shortly after the scan, and one a few hours later,( Anytime it bluescreens, I am using it, system slows down/freezes then it blue screens)
1st one said something about APC index mismatch, other one Said nothing, just gave some errors
But hasn't blue screened after that...
Other than that computer seems normal...
-
Hi,
Windows Update, wont let me install updates: Windows Update error 80246008(Background Intelligent Transfer Service (BITS), So BITS is off or something, but when it tills me to go to services its not there...
According to Microsoft/people its "Corrupt, damaged, or otherwise missing serviceā¦"
So that may be a major problem, Hopefully its not...
Let's get a look at that...
Please download Farbar Service Scanner (http://www.bleepingcomputer.com/download/farbar-service-scanner/dl/62/) and run it on the computer with the issue.- Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
- Press "Scan".
- It will create a log (FSS.txt) in the same directory the tool is run.
- Please attach the log to your reply.
----------
-
Ok Did that,
But Avast fullscan detected Win32: Malware -gen,
In qoobox\quarantine in windows installer,
I moved it to chest,
Ran malwarebytes after didnt find anything, but ill post the Malwarebytes log anyways if you want to see it...
-
Hi,
No need to worry about that file. It was already quarantined. Let's get that Windows Update working again.
Following steps involve registry editing. Please create new restore point before proceeding!!!
Let's Set a Restore Point.- Go to Start
- Select Control Panel
- Select System
- Select the System Protection link in the left-hand task list
- Check the disk drive for which you would like to turn system restore on
- Click the "Apply" button. System Restore will now monitor and create restore points for the checked disk drive.
- Press Create button
- Type a description of the Restore Point of your choosing
- Press the Create button
- Press Finish
----------
Under my picture to the left there is a Globe.
Click on that and it will take you to my web page.
When you get there download the file BITS.reg to your Desktop.
Once it is there, double click on it and accept the prompts.
Try to run Windows Update and then run a new scan with Farbar Service Scanner and attach that log.
-
Ok, posted it
Still didnt let me update,
Still no BITS in the services that microsoft tells you to go to...
--------------------------------------
Update,
After a restart, the Bits service was there, and its letting me update, so Ill try to finish updating now...
--------------------------------------
Update,
Windows blue screened
All updates installed except:
Cumulative security update for IE9
Error 8007000D
---------------------------------------
Update,
The last update installed now,
Ill post a new FSS scan... if you want to see it...
--------------------------------------
Update,
The last last Windows update is now popping up again, and wont install now
Error 8007000D
-
Go here >> http://support.microsoft.com/kb/971058 and run the Fix It button and then let me know if you are still getting the error messages.
-
Says it fixed stuff,
But still getting the error after running the tool,
Its just that one update that wont work, all other updates worked,
Is it because of the virus that it wont work? Or did the virus damage it?
How do I know for sure, if the virus is gone, and if I still have it? or do you know from the logs?
-
I can't say whether this is a result of the infection 100%. I can say that it seems that the infection is gone however.
What is the error code you are receiving? What update will not download/install?
-
Sweet if its really gone, :)
Thank you a lot for getting rid of it,
---
Is it minor problem that its not updating or a major one?
Its the same error as before:
8007000D
-
Hi,
Read the information here >> http://blog.techprognosis.com/2011/06/18/how-to-fix-windows-7-update-error-code-8007000d.html If you are comfortable with performing this give it a try and see if that helps. :)
-
Yeah, Seems to have worked... :)
Computer seems to be running normal now,
but it did blue screen once today, Apc index mismatch,
Hopefully it wont again,
Other than that I dont see any other problems right now...
-
:D Sounds good. Let it run for today and then let me know how it is running tomorrow and if it is fine we will remove our tools.
-
The system seems to be running normal, :)
-However sometimes the computer runs very slow, sometimes the internet runs slow too...
-Other times system runs fast, same with internet,
-Sometimes system is fast and internet is slow, vice versa,
Guessing thats probably normal for a computer...?
Problems:
-It did freeze, but only once today,
-and the only consistent problem ive noticed is very slow start up, has never been that slow at start up, maybe its because of the programs?
Ill see if I can disable some start up programs and see if it makes a difference...
-
Go ahead and remove some of the startup programs on your system and see if that improves startup. :)
As for the other slowness issues, that can be cause by other reasons than malware.
-
Ok, Removed a couple start up programs,
Made a slight difference,
Still slow, but as long as there's no virus, I dont mind the start up,
--
Before Start up use to be,
Windows Welcome Screen for about 15-30s
Then popped up the backround, mouse task bars and all the icons(Without pictures), right away
Did take about a minute or two to be usable....
Now,
Windows Welcome Screen for about 45s+,
Then popped up the background,
Then the mouse,
Now the screen does nothing, I can move around the mouse, then about 30-45 Seconds later,
Task bar pops up,
Then a few secs later icons,
Then sometimes gadgets, depending if they want to load or not....
Takes about a minute or two to be usable....
--
If malware is gone, then Its ok that its slow...
-----
The only other problem I have is now Windows Blue Screens about once a day, Anytime it does now it says:
APC_INDEX_MISMATCH,
Different error codes...
Not sure if it has something to do with malware or something,
Read some stuff that it could be hardware problems, over heating or driver problems...
I think it might be that I run high temp sometimes(Usually 50ish), (Saw a spike up to65, Limit is 70)
or Drivers need updating,
I can slowly try to fix this? If its not Malware related?
-----
But the system runs normal most of the time, Do you think I should get rid of the Antivirus programs now?
-
Update:
I think Start Up is slow because Avast is slowing it down, sometimes it slows down the machine, especially when it is updating,
I dont know why but Avast was disabled when I started it once, and it started up normally,
I couldn't test it because even though I disabled Avast in startup it still started up the next time,
For the APC Index,
My Disk is Defraged, I ran the memory diagnostics tool, and updated BIOS, So ill see if it Blue Screens again,
Might be a heat problem? if it happens again?
Update, I tried Coretemp out to see computer temps, installed a couple of other programs,
So I got rid of the other 2 programs, ran malwarebytes and it found a virus >:(:
Heres the log,
Hopefully this one is completely gone?
I ran Malwarebytes again, nothing came up...
Got rid of stupid Coretemp too...
-
Hi,
I am not convinced that this is malware. With this error you are getting I think that you would be better served registering at Geeks to Go and posting a new topic here >> http://www.geekstogo.com/forum/forum/79-windows-vista-and-windows-7/ It is free to register and the techs there are fantastic! You will certainly be in good hands. When you start your new topic be sure to post the link back here so that the techs can see what we have done. Once complete come back and we can remove our tools and I can get you some good information on computer security. :)
-
Ok thanks,
But my computer hasn't froze or blue screened since the BiOS update,
So if it happens again should I make a forum there?
Or should I make one anyway?
-
So if it happens again should I make a forum there?
Yes.....since it hasn't happened lately just wait until it happens again (hopefully it won't). Give it a good run around and let me know later today.
-
Hey,
My computer has been running good for the most part,
And hasn't froze or blue-screened since the BIOS update, :)
(However, I don't think it actually updated, it just appeared too)
It did crash once, I opened some stuff including heavy apps to see if it would over heat or not...
Worked fine, but when I closed everything it crashed...
So hopefully it doesn't crash, but hasn't in the past couple days, and was probably because I was trying to overload it...
-
Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
- Save it to your Desktop.
- Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
- A Notepad document should open automatically called checkup.txt
- Please post the contents of that document.
----------
-
Ok, Here it is:
---
Results of screen317's Security Check version 0.99.43
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
avast! Internet Security
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````[/u]
Malwarebytes Anti-Malware version 1.62.0.1300
Java(TM) 6 Update 26
Java 2 Runtime Environment, SE v1.4.2_04
Java version out of Date!
Adobe Flash Player 11.3.300.265
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (14.0.1)
Google Chrome 20.0.1132.47
Google Chrome 20.0.1132.57
````````Process Check: objlist.exe by Laurent````````[/u]
AVAST Software Avast AvastSvc.exe
AVAST Software Avast afwServ.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]
---
-
Please go to Start > Control Panel > Programs and Features > remove all the Java Programs you see, now download the latest Java from the following link and install it:
http://java.com/en/download/index.jsp
----------
You have an older version of Adobe Reader. You can download the current version HERE (http://www.adobe.com/products/acrobat/readstep2.html)
You may want to consider Foxit Reader (http://www.foxitsoftware.com/downloads/index.php) instead. It may be a bit lighter on resources.
Visit their support forum
Foxit Forum (http://www.foxitsoftware.com/bbs/forumdisplay.php?f=3)
In either case you should uninstall Adobe Reader 9 first. Be sure to move any PDF documents to another folder first though.
----------
Let me know when you get this completed. :)
-
Uninstalled Java( There was 2 of them)
and Adobe,
Java now wont install on my computer....
Ill try one more time,
It just says installing then finishes and nothing happens, (Tried on Chrome twice, Then IE, IE gave me an option for Ask tool bar i said no, Then it crashed)
The 3rd time I tried it Blue Screened( Different blue screen, IQRL not equal)
It said it may have something to do with new installed Software...
-----
4th Try, everything looked good, but while installing I get the error:
Downloaded File:
C\users\home\appdata\local\temp\\fx-runtime.exe is corrupt
---
5th Try, I tried the offline downloader, It seems to have worked now...
It gave me a confirming message, and its in Programs and Features now, and uninstallible...
---
Do I need Adobe? I dont really use it too often,
-
LOL!! Crazy Java!!
Yes you should still update Adobe Reader. Out of date software is one of the major ways that infections are able to access systems.
-
Lol, Ok I will try to keep them more updated...
Adobe and Java are installed...
-
Providing there are no other malware related problems...
IT APPEARS THAT YOUR LOGS ARE NOW CLEAN :D SO LETS DO A COUPLE OF THINGS TO WRAP THIS UP!! :D
This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.
----------
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following text into the Run box as shown and click OK.
Combofix /Uninstall
(Note: There is a space between the ..X and the /U that needs to be there.)
(http://i1224.photobucket.com/albums/ee380/jeffce74/CF.jpg)
----------
Clean up with OTL:
- Right-click and Run as Administrator OTL.exe to start the program.
- Close all other programs apart from OTL as this step will require a reboot
- On the OTL main screen, press the CLEANUP button
- Say Yes to the prompt and then allow the program to reboot your computer.
----------
Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.
If you didn't already have it I would keep Malwarebytes AntiMalware though.
Here are some tips to reduce the potential for spyware infection in the future:
1. Internet Explorer. Even if you don't use it as your main browser it should be kept up-to-date because that is the browser Windows uses for updates.
Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
- Change the Download signed ActiveX controls to Prompt
- Change the Download unsigned ActiveX controls to Disable
- Change the Initialize and script ActiveX controls not marked as safe to Disable
- Change the Installation of desktop items to Prompt
- Change the Launching programs and files in an IFRAME to Prompt
- Change the Navigate sub-frames across different domains to Prompt
- When all these settings have been made, click on the OK button.
- If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
2. Enable Protected Mode in Internet Explorer. This helps Windows Vista users stay more protected from attack by running Internet Explorer with restricted privileges as well as reducing the ability to write, alter or destroy data on your system or install malicious code. To make sure this is running follow these steps:- Open Internet Explorer
- Click on Tools > Internet Options
- Press Security tab
- Select Internet zone then place check next to Enable Protected Mode if not already done
- Do the same for Local Intranet, Trusted Sites and Restricted Sites and then press Apply
- Restart Internet Explorer and in the bottom right corner of your screen you will see Protected Mode: On showing you it is enabled.
3. Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.
4. Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here[/color] (http://www.bleepingcomputer.com/forums/tutorial60.html). **There are firewalls listed in this tutorial that could be downloaded and used but I would personally only recommend using one of the following two below:
Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
5. Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.
6. WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.
7.Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)
Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.
-
:D
Thanks for all your help getting rid of this nasty virus!!!!
I dont have any Malware, or related issues at this time...
But I will make a new fourm or message if I do, Or make a forum for other questions...
Thanks Again,
;D
-
Hi Ihatesirefef,
Memorable user name, that!
Glad you got your system cleaned. +1 ;D