Avast WEBforum
Other => Viruses and worms => Topic started by: chris_s on July 28, 2011, 07:21:58 PM
-
This started a few days ago and comes and gos. It happens when i do a google search from my browser (FF) Malware bytes blocks it most of the time.
Heres the info i have right now
Redirect to, find-fast-answers.com
IP, 67.29.139.153
Type, outgoing
Port, 52309
Process, avastsvc.exe
I ran a boot time scan a few days ago and it showed nothing but will do it again now. MB found a few things a few days ago and removed them but now shows nothing. Heres what was found a few days ago.
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7286
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
7/26/2011 4:24:55 PM
mbam-log-2011-07-26 (16-24-55).txt
Scan type: Quick scan
Objects scanned: 175048
Time elapsed: 1 minute(s), 34 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{0F9E81F1-8C60-4D6E-B526-C65FBFD9CBAb} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0F9E81F1-8C60-4D6E-B526-C65FBFD9CBAB} (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
c:\Windows\System32\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-032.dll (Trojan.Tracur.Gen) -> Quarantined and deleted successfully.
Going to run boot time and MB again and report back
-
Boot time showed nothing.
-
you mean this
Redirect to, find-fast-answers.com
IP, 67.29.139.153
Type, outgoing
Port, 52309
Process, avastsvc.exe
that is from avast.....unless fake......why the MBAM protection module detect this ???
-
Full MB scan showed nothing
you mean this
Redirect to, find-fast-answers.com
IP, 67.29.139.153
Type, outgoing
Port, 52309
Process, avastsvc.exe
that is from avast.....why the MBAM protection module detect this ???
Give me a sec and ill see if the warning is the same
-
found out why ;D
This is quite normal. The reason it is showing Avast! instead of your internet browser is because Avast!, like many antivirus softwares, hooks into your browsers to scan internet traffic for infections and block malicious websites as well. The same thing happens with Kaspersky, if Kaspersky is installed and the user browses to a website on Malwarebytes' Anti-Malware's block list it will show that AVP.exe is being blocked instead of the user's internet browser.
Your system isn't compromised and you don't need to take any additional action
http://forums.malwarebytes.org/index.php?showtopic=72258
-
It isn't the process (the web shield) but the IP that MBAM is blocking.
Why it is blocking that IP is beyond me, but a search for find-fast-answers.com seems to indicate a malware infection. http://answers.yahoo.com/question/index?qid=20110726003222AAOzHKn (http://answers.yahoo.com/question/index?qid=20110726003222AAOzHKn) It doesn't have a particularly good reputation, http://www.mywot.com/en/scorecard/find-fast-answers.com (http://www.mywot.com/en/scorecard/find-fast-answers.com), but WOT isn't a great tool in this regard, just use for guidance only.
-
So should i run OTS?
-
What happened after running MBAM and removing those files and registry entries.
e.g. do those files come back ?
It won't hurt to do an OTS scan:
Unfortunately no two attacks are the same so first I will need to see what you have.
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
Note: this says attach the file (to big for copy and paste, use the Additional Options in the Reply window to attach the file.
-
What happened after running MBAM and removing those files and registry entries.
e.g. do those files come back ?
Everything was fine for a few hours then the redirect started again. Havent found any new files at all.
Also i want to add that when ever i do a scan, whether its boot time or MB, after that i dont get the redirect until after maybe 20 google searches then it starts again. The redirect isnt all the time either, maybe one in three searches.
Ill do the OTS and report
-
Mediafire link to OTS http://www.mediafire.com/?j7rd41rj5485528
-
OK, essexboy who is the malware removal specialist will be in bed now, 3:10am in the UK.
He is usually on-line around 7pm UK time.
-
No problem ;D Ill be stopping back to get this fixed and then ask some questions on how to keep this from happening again ;)
-
Hi there I can only stop this at the moment for the main user, could you run OTS again and select all users please after this fix run
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_CURRENT_USER\] > ->
YN -> HKEY_CURRENT_USER\: Main\\"XMLHTTP_UUID_Default" -> F1 81 9E 0F 60 8C 6E 4D B5 26 C6 5F BF D9 CB AB [binary data]
< FireFox Extensions [User Folders] > ->
YY -> XUL Cache -> C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{4b3df4d4-cc55-4071-9d1e-a0a325eb1ec9}
YY -> ShopToWin13 -> C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}
< Internet Explorer ToolBars [HKEY_CURRENT_USER\] > -> HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> 573779942 -> C:\Windows\SysWow64\573779942
[Custom Items]
:REG
[HKCU\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ZipFiles]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
-
Sorry about that. Forgot to select all users
Mediafire link to OTS report http://www.mediafire.com/?fsybp106q25cn4u
Will run fix now and then MBAM and report back.
-
OTS fix report
All Processes Killed
[Registry - Safe List]
Registry key HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{4b3df4d4-cc55-4071-9d1e-a0a325eb1ec9}\defaults\preferences folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{4b3df4d4-cc55-4071-9d1e-a0a325eb1ec9}\defaults folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{4b3df4d4-cc55-4071-9d1e-a0a325eb1ec9}\chrome folder moved successfully.
Folder move failed. C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{4b3df4d4-cc55-4071-9d1e-a0a325eb1ec9} scheduled to be moved on reboot.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\chrome\skin folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\chrome\content\locale folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\chrome\content folder moved successfully.
Folder move failed. C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\chrome scheduled to be moved on reboot.
Folder move failed. C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0} scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
[Files/Folders - Modified Within 30 Days]
C:\Windows\SysWow64\573779942 moved successfully.
[Custom Items]
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Main\\XMLHTTP_UUID_Default deleted successfully.
[Empty Temp Folders]
User: All Users
User: Chris
->Temp folder emptied: 2491781 bytes
->Temporary Internet Files folder emptied: 15332070 bytes
->Java cache emptied: 91269788 bytes
->FireFox cache emptied: 993852820 bytes
->Google Chrome cache emptied: 8980035 bytes
->Flash cache emptied: 3734413 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 839933 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 136282 bytes
RecycleBin emptied: 110130376 bytes
Total Files Cleaned = 1,170.00 mb
[EMPTYFLASH]
User: All Users
User: Chris
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTS Restore Point
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 07292011_143309
Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{4b3df4d4-cc55-4071-9d1e-a0a325eb1ec9} folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}\chrome folder moved successfully.
C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0} folder moved successfully.
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
-
Now for the other users - could you check for alerts/redirects on completion please
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< Internet Explorer Settings [HKEY_USERS\S-1-5-19\] > ->
YN -> HKEY_USERS\S-1-5-19\: Main\\"XMLHTTP_UUID_Default" -> F1 81 9E 0F 60 8C 6E 4D B5 26 C6 5F BF D9 CB AB [binary data]
< Internet Explorer Settings [HKEY_USERS\S-1-5-20\] > ->
YN -> HKEY_USERS\S-1-5-20\: Main\\"XMLHTTP_UUID_Default" -> F1 81 9E 0F 60 8C 6E 4D B5 26 C6 5F BF D9 CB AB [binary data]
< Internet Explorer Settings [HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\] > ->
YN -> HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\: Main\\"XMLHTTP_UUID_Default" -> F1 81 9E 0F 60 8C 6E 4D B5 26 C6 5F BF D9 CB AB [binary data]
YN -> HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\: URLSearchHooks\\"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}" [HKLM] -> C:\Program Files (x86)\uTorrentBar\tbuTo1.dll [uTorrentBar Toolbar]
YN -> HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\: "ProxyEnable" -> 0
< FireFox Settings [Prefs.js] > -> C:\Users\Chris\AppData\Roaming\Mozilla\FireFox\Profiles\nr8zccsm.default\prefs.js
YN -> browser.search.defaultengine -> "Ask.com"
< FireFox Extensions [User Folders] > ->
YY -> ShopToWin13 -> C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0}
< Internet Explorer ToolBars [HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\] > -> HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\Software\Microsoft\Internet Explorer\Toolbar\
YN -> WebBrowser\\"{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
YN -> WebBrowser\\"{D4027C7F-154A-4066-A1AD-4243D8127440}" [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
[Files/Folders - Modified Within 30 Days]
NY -> 573779942 -> C:\Windows\SysWow64\573779942
[Custom Items]
:reg
[ HKEY_USERS\S-1-5-19-3498192001-3238401358-4033018105-1001\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[ HKEY_USERS\S-1-5-20-3498192001-3238401358-4033018105-1001\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
[ HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\SOFTWARE\Microsoft\Internet Explorer\Main]
"XMLHTTP_UUID_Default"=-
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
-
MBAM report
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Database version: 7313
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
7/29/2011 3:21:25 PM
mbam-log-2011-07-29 (15-21-25).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 365634
Time elapsed: 36 minute(s), 28 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Will rerun OTS now
-
Once done let me know if that cleared it
-
OTS report
All Processes Killed
[Registry - Safe List]
Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
Registry key HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Main not found.
Registry key HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\URLSearchHooks not found.
Registry value HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable deleted successfully.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
File C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\nr8zccsm.default\extensions\{b9dbe2c0-031f-4cad-911a-f4a7381d79c0} not found.
Registry value HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}\ not found.
Registry value HKEY_USERS\S-1-5-21-3498192001-3238401358-4033018105-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
[Files/Folders - Modified Within 30 Days]
File C:\Windows\SysWow64\573779942 not found!
[Custom Items]
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\S-1-5-19-3498192001-3238401358-4033018105-1001\SOFTWARE\Microsoft\Internet Explorer\Main not found.
Registry key HKEY_LOCAL_MACHINE\S-1-5-20-3498192001-3238401358-4033018105-1001\SOFTWARE\Microsoft\Internet Explorer\Main not found.
Registry key HKEY_LOCAL_MACHINE\S-1-5-21-3498192001-3238401358-4033018105-1001\SOFTWARE\Microsoft\Internet Explorer\Main not found.
[Empty Temp Folders]
User: All Users
User: Chris
->Temp folder emptied: 149228 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 88302490 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 1536 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 84.00 mb
[EMPTYFLASH]
User: All Users
User: Chris
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0.00 mb
Restore point Set: OTS Restore Point
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 07292011_175326
Files\Folders moved on Reboot...
C:\Users\Chris\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
-
Thanks again and after i test a little ill let you know what happens
For now is there anything i should do to help stop this? Avast is up to date as well as MBAM. Is there something else i should be running?
-
Lets see if it has gone first ;D
-
No problems so far so i guess im clear.
-
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Custom Items]
:Files
ipconfig /flushdns /c
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
SPRING CLEAN
To manually create a new Restore Point
- Go to Control Panel and select System
- Select System
- On the left select System Protection and accept the warning if you get one
- Select System Protection Tab
- Select Create at the bottom
- Type in a name i.e. Clean
- Select Create
Now we can purge the infected ones
- GoStart > All programs > Accessories > system tools
- Right click Disc cleanup an select run as administrator
- Select Your main drive and accept the warning if you get one
- For a few moments the system will make some calculations
- Select the More Options tab
- In the System Restore and Shadow Backups select Clean up
- Select Delete on the pop up
- Select OK
- Select Delete
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php). Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)
Keep safe :wave: