Avast WEBforum
Consumer Products => Avast Free Antivirus / Premium Security (legacy Pro Antivirus, Internet Security, Premier) => Topic started by: Jaymie1989 on July 24, 2011, 04:19:17 PM
-
Hi,
Since yesterday after reinstalling Windows 7 my Avast keeps popping up with this threat that's blocked.
C:\Windows\sysWOW64\RunDLL32.exe I looked in my task manager and its being called 3 times. I know for a 64 bit PC which is what I'm using it should call it twice.
I have scanned with MBAM and Avast AV and SuperAnti Spyware and it found the sysWOW64 folder clean. I am not sure what to to.
I read this topic first but that didn't offer any solution to me.
http://www.sevenforums.com/system-security/60667-where-should-you-see-rundll32-exe-how-many-copies.html (http://www.sevenforums.com/system-security/60667-where-should-you-see-rundll32-exe-how-many-copies.html)
Here is my task manager:
(http://i195.photobucket.com/albums/z248/Jaymie1989/TaskManager.jpg)
and here is the Avast AV pop up:
(http://i195.photobucket.com/albums/z248/Jaymie1989/Avast.jpg)
What ever I am doing on my PC it will pop up every few minutes.
-
The RunDLL32.exe is effectively used by a hidden element on your system to try an connect to a malicious site.
Did you spend any time on-line without full protection after re-installing win7 ?
If you can run these tools and post/attach the logs that they generate.
You can check if you have an MBR rootkit using this tool:
Download aswMBR.exe (http://public.avast.com/~gmerek/aswMBR.exe) ( 1.8MB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
(http://public.avast.com/~gmerek/aswMBR1.png)
On completion of the scan click save log, save it to your desktop and post in your next reply
(http://public.avast.com/~gmerek/aswMBR2.png)
Also
Download OTS (http://oldtimer.geekstogo.com/OTS.exe) to your Desktop and double-click on it to run it
- Make sure you close all other programs and don't use the PC while the scan runs.
- Select All Users
- Under additional scans select the following
Reg - Disabled MS Config Items
Reg - Drivers32
Reg - NetSvcs
Reg - SafeBoot Minimal
Reg - Shell Spawning
Evnt - EventViewer Logs (Last 10 Errors)
File - Lop Check
- Under the Custom Scan box paste this in
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
volsnap.*
explorer.exe
winlogon.exe
Userinit.exe
svchost.exe
/md5stop
%systemroot%\*. /mp /s
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT
- Now click the Run Scan button on the toolbar. Make sure not to use the PC while the program is running or it will freeze.
- When the scan is complete Notepad will open with the report file loaded in it.
- Please attach the log in your next post.
Note: this says attach the file (to big for copy and paste, use the Additional Options in the Reply window to attach the file.
-
When the scan runs on aswMBR.exe is always stops responding after a while and forces me to close the program. I have also tried running it as admin and it still does the same.
I cannot paste or attach my OTS so I have added it to my pastebin here: http://pastebin.com/05rYshmC
-
When you run aswMBR.exe in the AV Scan drop down options choose None and not Quick scan, see if that allows it to complete.
I'm not familiar with the OTS log, so that will have to be picked up by someone with the experience on that.
-
Thanks, Ill try that now.
I am also having it where when I click a link on Google or type a URL in it will redirect to a random website where the URL shows the IP. I'm not sure if its all the same issue or not.
-
Here is the scan with none selected.
-
Hi I see you have Trend Micro\Browser Guard does that reroute through a proxy ?
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {9F3209E2-334B-41E9-B09C-703F398742E7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {9F3209E2-334B-41E9-B09C-703F398742E7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_USERS\S-1-5-19\] > -> HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YN -> "Sidebar" -> C:\Program Files (x86)\Windows Sidebar\Sidebar.exe [%ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun]
[Files - No Company Name]
NY -> xö@ -> C:\Windows\xö@
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
THEN
As a test
Please read carefully and follow these steps.
- Download TDSSKiller (http://support.kaspersky.com/downloads/utils/tdsskiller.zip) and save it to your Desktop.
- Extract its contents to your desktop.
- Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
(http://i466.photobucket.com/albums/rr21/JSntgRvr/TDSSKillermain.png)
- If an infected file is detected, the default action will be Cure, click on Continue.
(http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerMal-1.png)
- If a suspicious file is detected, the default action will be Skip, click on Continue.
(http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerSuspicious.png)
- It may ask you to reboot the computer to complete the process. Click on Reboot Now.
(http://i1224.photobucket.com/albums/ee362/Essexboy3/TDSSKillerCompleted.png)
- If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
- If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
-
Thanks, Ill try that now.
I am also having it where when I click a link on Google or type a URL in it will redirect to a random website where the URL shows the IP. I'm not sure if its all the same issue or not.
I believe it is related, however, now essexboy is on the case please follow his instructions.
-
Thanks David.
@EssexBoy about Trend Micro\Browser Guard I installed it because I thought it would add a bit more security to my browser. I have no idea how it works.
Here is the OTS Log
All Processes Killed
[Registry - Safe List]
64bit-Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F3209E2-334B-41E9-B09C-703F398742E7}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F3209E2-334B-41E9-B09C-703F398742E7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9F3209E2-334B-41E9-B09C-703F398742E7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F3209E2-334B-41E9-B09C-703F398742E7}\ not found.
Registry value HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Sidebar deleted successfully.
[Files - No Company Name]
C:\Windows\xö@ moved successfully.
[Empty Temp Folders]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Freestyle Dust
->Temp folder emptied: 2568572 bytes
->Temporary Internet Files folder emptied: 18931168 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 75665402 bytes
->Apple Safari cache emptied: 6765568 bytes
->Flash cache emptied: 58478 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4066330 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50333 bytes
RecycleBin emptied: 5657210218 bytes
Total Files Cleaned = 5,498.00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Freestyle Dust
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
Error creating restore point.
< End of fix log >
OTS by OldTimer - Version 3.1.44.0 fix logfile created on 07242011_172519
Files\Folders moved on Reboot...
C:\Users\Freestyle Dust\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
Registry entries deleted on Reboot...
TDSSKiller came back clean but here is the log
-
Nor do I know how it works ;D But the main driving part is a dll that requires rundll to work
I can see no visible malware so lets take a peek at your drivers
Download ComboFix from one of these locations:
Link 1 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 2 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
* IMPORTANT !!! Save ComboFix.exe to your Desktop
- Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
- Double click on ComboFix.exe & follow the prompts.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
-
Here is my ComboFix log
-
Drivers are good and no visible malware - could you uninstall the trend micro thing and see if that resolves the problem please
-
Nothing at the moment seems to be popping up about it.
I did block the URL in Avast, I have just unblocked it to see if it does pop up or not. Ill leave it about 20 mins for my next reply as it does pop up, well did every few minutes
Thanks ;D
-
Nothing has popped up so I'm guessing the problem has cleared.
Any ideas what is was?
-
It was either this C:\Windows\xö@ or it was within the temporary files
Let me know tomorrow if all is OK and I will remove my tools
-
Hi again
:-[ I'm afraid I have got the Avast pop up again for the same process and URL
-
OK lets have a different look this time. With the generated zip file could you upload to Mediafire (http://www.mediafire.com/) and post the sharing link please
Download AVPTool from Here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) to your desktop
Run the programme you have just downloaded to your desktop (it will be randomly named )
First we will run a virus scan
On the first tab select all elements down to Computer and then select start scan
Once it has finished select report and post that.
(http://i1224.photobucket.com/albums/ee362/Essexboy3/avpfront-1.jpg)
Do not close AVPTool or it will self uninstall, if it does uninstall - then just rerun the setup file on your desktop
Now an analysis scan
Select the Manual Disinfection tab
Press the Gather System Information button
Once done Open the last report saved folder then upload the zip file
The file is located at C:\Users\your name\Desktop\Virus Removal Tool\setup_9.0.0.722_05.01.2011_20-34\LOG\avptool_sysinfo.zip
(http://i1224.photobucket.com/albums/ee362/Essexboy3/avpmanual.jpg)
-
The scan goes so far then just closes.
I've ran it 4 times now.
-
Could you just run the analysis portion then please
-
I managed to get both and they are here:
Zip file here: http://www.mediafire.com/?qpppvu85atq6r9r
Text scan file here: http://www.mediafire.com/?8dbn8mkvjrdd7u2
-
OK based on one I was working with the other day could you do the following please and let me know if the alerts stop. On completion of the run there will be a zip file in the following location C:\_OTS\moved files
Could you upload that to mediafire and post the sharing link
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Registry - Safe List]
< 64bit-BHO's [HKEY_LOCAL_MACHINE] > -> 64bit-HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {9F3209E2-334B-41E9-B09C-703F398742E7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< BHO's [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
YN -> {9F3209E2-334B-41E9-B09C-703F398742E7} [HKLM] -> Reg Error: Key error. [Reg Error: Key error.]
< Run [HKEY_USERS\S-1-5-21-2605978935-3684104221-935809672-1001\] > -> HKEY_USERS\S-1-5-21-2605978935-3684104221-935809672-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
YY -> "oleCommslib" -> C:\Users\Freestyle Dust\AppData\Local\oleNetppm\oleCommslib.dll ["rundll32.exe" "C:\Users\Freestyle Dust\AppData\Local\oleNetppm\oleCommslib.dll",QuickCommonServices BthNetUI]
[Custom Items]
:Files
ipconfig /flushdns /c
C:\Users\Freestyle Dust\AppData\Local\oleNetppm
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ZipFiles]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
-
Hi again,
When I run OTS it gets to this fix and just stops responding. I have left if for hours and its still not responded. I have restarted my PC again and it still stops on the same part.
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
[ZipFiles]
When I restart my PC it produces a text log but I cannot save it as that stops responding as well.
The Avast popups dont show anymore but I always have a CMD window open when window starts and the title is _uninst_39020753 and a Windows error message saying Windows cannot find '8233203.exe'. Make sure you typed the name correctly, and then try again.
Both of these are the same everytime my pc starts up. When I click ok on the error both the error and CMD go away and doesnt show again.
-
OK then that means we killed the right one - could you run a fresh OTS log and I will see if I can now locate that run command and kill it, when you run OTS could you ensure all users is selected please. There is no need to paste in the script this time
-
and here you are: http://pastebin.com/xfJA9E2q
-
Hmm not showing as a run key so lets look at the hidden entries
Please RIGHT-CLICK HERE (http://www.silentrunners.org/Silent%20Runners.vbs) and Save As (in IE it's "Save Target As", in FF it's "Save Link As") to download Silent Runners.
- Save it to the desktop.
- Run Silent Runner's by doubleclicking the "Silent Runners" icon on your desktop.
- You will receive a prompt:
Do you want to skip supplementary searches? click NO
- If you receive an error just click OK and double-click it to run it again - sometimes it won't run as it's supposed to the first time but will in subsequent runs.
- You will see a text file appear on the desktop - it's not done, let it run (it won't appear to be doing anything!)
- Once you receive the prompt All Done!, open the text file on the desktop, copy that entire log, and paste it here.
*NOTE* If you receive any warning message about scripts, please choose to allow the script to run.
-
As its to long to post here, Here is the link again: http://pastebin.com/9F45MYP4
-
@essexboy
Thanks for the link to the Kaspersky AV Removal Tool :)
Downloaded, installed and running it.
-
OK I will need to review the entire thread to see if I can locate that - or have missed it
Back anon
-
Anything?
-
I have had some other people looking at this topic and so far none of us can find the run entry for it, one suggestion was to run GMER which will do now. Also could you run msconfig and let me know what entries are in there
Download the GMER Rootkit Scanner (http://www.gmer.net/gmer.zip). Unzip it to your Desktop.
Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.
Double-click gmer.exe. The program will begin to run.
**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!
If possible rootkit activity is found, you will be asked if you would like to perform a full scan.- Click NO
- In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
- Now click the Scan button.
Once the scan is complete, you may receive another notice about rootkit activity.
- Click OK.
- GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
- Save it where you can easily find it, such as your desktop.
Post the contents of GMER.txt in your next reply.
-
GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-01 22:15:25
Windows 6.1.7601 Service Pack 1
Running: gmer.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f8100011c
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f8100011c (not active ControlSet)
---- EOF - GMER 1.0.15 ----
-
Another expert thought is to search the entire registry - this may take up to 10 minutes
1. Launch Notepad, and copy/paste the contents of the quote box below into a new Notepad file. Save it with file name options.txt and save as file type: all files to your desktop.
RegSearch Options File
[Search]
_uninst_39020753
8233203.exe
[Options]
Filter=KVDLUI
2. Download Registry Search (http://www.xs4all.nl/~fstaal01/downloads/regsearch.zip) to your desktop. - Right click on the compressed RegSearch folder, and choose "Extract All". In the box that pops open, click "Next", then "Next" again, and then "Finish". You now have another RegSearch folder on your desktop.
- Open the new folder, and double click on regsearch.exe
- Click "Import" in the lower left corner and browse to the options.txt file that you just saved on your desktop. Do not choose the one in the RegSearch folder itself.
- Click OK and Registry Search will scan your registry for the file(s), and a Notepad box will open with a report.
- Please reply here with the entire contents of the Notepad file from RegSearch.
-
Windows Registry Editor Version 5.00
; Registry Search 2.0 by Bobbi Flekman © 2005
; Version: 2.0.6.0
; Results at 02/08/2011 17:06:22 for strings:
; '_uninst_39020753'
; '8233203.exe'
; Strings excluded from search:
; (None)
; Search in:
; Registry Keys Registry Values Registry Data
; HKEY_LOCAL_MACHINE HKEY_USERS
[HKEY_USERS\S-1-5-21-2605978935-3684104221-935809672-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Freestyle Dust\\AppData\\Local\\Temp\\RarSFX0\\8233203.exe"="8233203"
[HKEY_USERS\S-1-5-21-2605978935-3684104221-935809672-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\\Users\\Freestyle Dust\\AppData\\Local\\Temp\\RarSFX0\\8233203.exe"="8233203"
; End Of The Log...
thats the exe that keeps popping up.
-
Sneaky never seen one run from there before
Start OTS. Copy/Paste the information in the quotebox below into the panel where it says "Paste fix here" and then click the Run Fix button.
[Unregister Dlls]
[Custom Items]
:Files
ipconfig /flushdns /c
C:\Users\Freestyle Dust\AppData\Local\Temp\RarSFX0
:Reg
[HKEY_USERS\S-1-5-21-2605978935-3684104221-935809672-1001\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Freestyle Dust\AppData\Local\Temp\RarSFX0\8233203.exe"=-
[HKEY_USERS\S-1-5-21-2605978935-3684104221-935809672-1001_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache]
"C:\Users\Freestyle Dust\AppData\Local\Temp\RarSFX0\8233203.exe"=-
:end
[Empty Temp Folders]
[EmptyFlash]
[CreateRestorePoint]
The fix should only take a very short time. When the fix is completed a message box will popup telling you that it is finished. Click the Ok button and Notepad will open with a log of actions taken during the fix. Post that information back here
I will review the information when it comes back in.
Depending on what the fix contains, this process may take some time and your desktop icons might disappear or other uncommon behavior may occur.
This is no sign of malfunction, do not panic!
-
Files\Folders moved on Reboot...
C:\Users\Freestyle Dust\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Freestyle Dust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{12CB48E9-DA42-42B1-BA11-10C3F11974FE}.tmp moved successfully.
C:\Users\Freestyle Dust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{94B52F68-BF83-41C6-A1C3-D26342276A78}.tmp moved successfully.
C:\Users\Freestyle Dust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{99D0E511-5330-4D07-9EE9-A1775F0699E7}.tmp moved successfully.
C:\Users\Freestyle Dust\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS{EDA87615-D080-4811-AB28-B9FF28473036}.tmp moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2512.log moved successfully.
Registry entries deleted on Reboot...
I am not getting that pop up anymore about the 8233203.exe
-
Grand - and I now have somwhere new to look
If all is OK by tomorrow let me know and I will remove my tools
-
Nothing has popped up anymore.
-
Unfortunately I do not have access to my full clean spiel so
Subject to no further problems :)
I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems
Now the best part of the day ----- Your log now appears clean :thumbsup:
A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:
Run OTS and hit the cleanup button. It will remove all the programmes we have used plus itself.
We will now confirm that your hidden files are set to that, as some of the tools I use will change that
- Click Start.
- Open My Computer.
- Select the Tools menu and click Folder Options.
- Select the View Tab.
- Under the Hidden files and folders heading select Do not show hidden files and folders.
- Click Yes to confirm.
- Click OK.
(http://users.telenet.be/bluepatchy/miekiemoes/images/javaicon.gif) Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.
Upgrading Java:
- Go to this site (http://java.com/en/) and click Do I have Java
- It will check your current version and then offer to update to the latest version
SPRING CLEAN
Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:
(http://img233.imageshack.us/img233/7729/mbamicontw5.gif) Malwarebytes (http://www.malwarebytes.org/mbam-download.php). Update and run weekly to keep your system clean
Download and install FileHippo update checker (http://www.filehippo.com/updatechecker/) and run it monthly it will show you which programmes on your system need updating and give a download link
It is critical to have both a firewall and anti virus to protect your system and to keep them updated.
To keep your operating system up to date visit - Microsoft Windows Update (http://windowsupdate.microsoft.com)
To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ? (http://www.geekstogo.com/forum/topic/225044-preventing-malware-and-safe-computing/)
Keep safe :wave: