Jump to content

Recommended Posts

Hello.

I just had the Live Security Platinum hijacker show up on my computer today and after following the guide, I'm still unable to get rid of it with Malware Bytes. I have the current version of the program.

I'm attaching my ddss and attach logs.

Thanks in advance for your help.

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Kim at 17:54:06 on 2012-08-02

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1279 [GMT -4:00]

.

AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}

FW: ZoneAlarm Free Firewall *Enabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe

C:\WINDOWS\system32\rundll32.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Kim\Desktop\iExplore.exe

C:\WINDOWS\system32\wbem\wmiprvse.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\imapi.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\WINDOWS\system32\SearchFilterHost.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = www.google.com

uInternet Settings,ProxyOverride = *.local

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: CrossRider: {a876e312-7d08-401a-b7a6-fafc5dc2f292} - c:\program files\crossriderwebapps\Crossrider.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

BHO: {fa1f57f9-b03d-4c8d-8949-0441b5ac8b25} - No File

TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll

uRun: [spybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [CrossRiderPlugin] c:\program files\crossriderwebapps\Crossrider.exe

uRun: [skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun

uRunOnce: [036E1BA60000FAA100001A577B07D287] c:\documents and settings\all users\application data\036e1ba60000faa100001a577b07d287\036E1BA60000FAA100001A577B07D287.exe

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [iSW] c:\program files\checkpoint\zaforcefield\ForceField.exe /icon="hidden"

mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [macsri] "c:\windows\system32\rundll32.exe" "c:\documents and settings\kim\application data\macsri.dll",ReadObjectFromFile

dRunOnce: [KeyScrambler] c:\program files\keyscrambler\getting_started.html

StartupFolder: c:\docume~1\kim\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\kim\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\kim\application data\dropbox\bin\Dropbox.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {38E51477-DDB4-4aed-9D61-D0C193E10749} - {38E51477-DDB4-4aed-9D61-D0C193E10749} - c:\program files\soundtaxi\YouTubeRipper.dll

IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

Trusted Zone: cbs.com\www

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247494154828

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{C67231EC-60A4-42AB-BD5C-AED771BB1F94} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\kim\application data\mozilla\firefox\profiles\3unxlj3q.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\kim\application data\move networks\plugins\npqmp071701000002.dll

FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin.dll

FF - plugin: c:\program files\canon\zoombrowser ex\program\NPCIG.dll

FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll

FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: c:\program files\emusic download manager\plugin\npemusic.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npicaN.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll

FF - plugin: c:\program files\nos\bin\np_gp.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll

.

============= SERVICES / DRIVERS ===============

.

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [2008-4-28 120832]

R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-11-12 36000]

R1 Vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2011-11-9 525840]

R2 AntiVirSchedulerService;Avira Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-11-12 86224]

R2 AntiVirService;Avira Realtime Protection;c:\program files\avira\antivir desktop\avguard.exe [2011-11-12 110032]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-11-12 83392]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]

R2 vsmon;TrueVector Internet Monitor;c:\program files\checkpoint\zonealarm\vsmon.exe -service --> c:\program files\checkpoint\zonealarm\vsmon.exe -service [?]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2010-5-12 225856]

R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [2011-9-8 23608]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2011-11-3 497280]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-6-10 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-6-10 166384]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-7-5 3048136]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-3 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-7 250056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-12-30 1684736]

S3 GSService;GSService;c:\windows\system32\GSService.exe [2011-9-1 450048]

S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-25 14336]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-6-10 1124848]

S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [2011-9-8 244736]

.

=============== Created Last 30 ================

.

2012-08-02 21:38:53 54016 ----a-w- c:\windows\system32\drivers\yugouo.sys

2012-08-02 19:32:27 9827016 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe

2012-08-02 17:28:08 -------- d-----w- c:\documents and settings\kim\local settings\application data\{67F2B0BF-DCC7-11E1-8270-B8AC6F996F26}

2012-08-02 17:28:06 427520 ----a-w- c:\documents and settings\kim\application data\macsri.dll

2012-08-02 17:27:43 -------- d-----w- c:\documents and settings\all users\application data\036E1BA60000FAA100001A577B07D287

2012-07-30 23:12:03 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL

2012-07-30 23:11:24 -------- d-----w- c:\program files\Realtek

2012-07-30 23:11:03 831488 ----a-w- c:\windows\RtlExUpd.dll

2012-07-30 20:25:55 -------- d-----w- c:\program files\iPod

2012-07-30 20:25:31 -------- d-----w- c:\program files\iTunes

2012-07-15 04:37:58 -------- d-----r- c:\program files\Skype

2012-07-14 06:27:52 -------- d-----w- c:\windows\system32\Adobe

2012-07-05 22:45:34 5030088 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll

.

==================== Find3M ====================

.

2012-07-27 04:33:40 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-27 04:33:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 17:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19:59 1866112 ------w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:18:58 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18:58 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 19:18:58 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42:33 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42:33 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38:02 385024 ------w- c:\windows\system32\html.iec

2012-05-09 03:39:41 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys

.

============= FINISH: 17:55:17.64 ===============

dds.txt

attach.txt

Link to post
Share on other sites

:welcome:

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\windows\system32\drivers\yugouo.sys

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virustotal is too busy you can try these.

http://virusscan.jotti.org

http://www.kaspersky...anforvirus.html

Link to post
Share on other sites

Thanks for the prompt help. Here are the results:

SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516 File name: tini.sys Detection ratio: 1 / 40 Analysis date: 2012-07-31 23:28:54 UTC ( 1 day, 23 hours ago )

0

6

More details Antivirus Result Update AhnLab-V3 - 20120731 AntiVir - 20120731 Antiy-AVL - 20120727 Avast - 20120731 AVG - 20120731 BitDefender - 20120731 ByteHero - 20120723 CAT-QuickHeal - 20120731 ClamAV - 20120801 Commtouch - 20120731 Comodo - 20120731 DrWeb - 20120801 Emsisoft - 20120731 eSafe Win32.TrojanHorse 20120731 ESET-NOD32 - 20120731 F-Prot - 20120731 Fortinet - 20120731 GData - 20120731 Ikarus - 20120731 Jiangmin - 20120731 K7AntiVirus - 20120731 Kaspersky - 20120731 McAfee - 20120801 McAfee-GW-Edition - 20120731 Microsoft - 20120731 Norman - 20120731 nProtect - 20120731 Panda - 20120731 Rising - 20120731 Sophos - 20120801 SUPERAntiSpyware - 20120731 Symantec - 20120801 TheHacker - 20120730 TotalDefense - 20120731 TrendMicro - 20120801 TrendMicro-HouseCall - 20120801 VBA32 - 20120731 VIPRE - 20120731 ViRobot - 20120731 VirusBuster - 20120731

Link to post
Share on other sites

Please do not attach the scan results from Combofx. Use copy/paste.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Download ComboFix from this link

Link 1

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have XP SP3, use the XP SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Here's the ComboFix log. I couldn't disable Avira so I had to uninstall it. My computer seems to be working normally at the moment.

ComboFix 12-07-31.03 - Kim 08/02/2012 19:15:07.2.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1791.1067 [GMT -4:00]

Running from: c:\documents and settings\Kim\Desktop\ComboFix.exe

FW: ZoneAlarm Free Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\036E1BA60000FAA100001A577B07D287

c:\documents and settings\All Users\Application Data\036E1BA60000FAA100001A577B07D287\036E1BA60000FAA100001A577B07D287

c:\documents and settings\All Users\Application Data\036E1BA60000FAA100001A577B07D287\036E1BA60000FAA100001A577B07D287.exe

c:\documents and settings\All Users\Application Data\036E1BA60000FAA100001A577B07D287\036E1BA60000FAA100001A577B07D287.ico

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk

c:\documents and settings\Kim\Application Data\macsri.dll

c:\documents and settings\Kim\WINDOWS

c:\windows\EventSystem.log

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\fusion.dll

c:\windows\system32\URTTemp\mscoree.dll

c:\windows\system32\URTTemp\mscoree.dll.local

c:\windows\system32\URTTemp\mscorsn.dll

c:\windows\system32\URTTemp\mscorwks.dll

c:\windows\system32\URTTemp\msvcr71.dll

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-02 to 2012-08-02 )))))))))))))))))))))))))))))))

.

.

2012-08-02 21:38 . 2012-08-02 21:38 54016 ----a-w- c:\windows\system32\drivers\yugouo.sys

2012-08-02 19:34 . 2012-08-02 19:34 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2012-08-02 17:28 . 2012-08-02 17:28 -------- d-----w- c:\documents and settings\Kim\Local Settings\Application Data\{67F2B0BF-DCC7-11E1-8270-B8AC6F996F26}

2012-07-30 23:12 . 2009-04-30 22:23 880640 ----a-w- c:\windows\system32\RTSndMgr.CPL

2012-07-30 23:11 . 2012-07-30 23:11 -------- d-----w- c:\program files\Realtek

2012-07-30 23:11 . 2009-06-24 14:43 831488 ----a-w- c:\windows\RtlExUpd.dll

2012-07-30 20:25 . 2012-07-30 20:25 -------- d-----w- c:\program files\iPod

2012-07-30 20:25 . 2012-07-30 20:27 -------- d-----w- c:\program files\iTunes

2012-07-30 20:10 . 2012-07-30 20:11 -------- d-----w- c:\program files\QuickTime

2012-07-15 04:38 . 2012-08-02 17:10 -------- d-----w- c:\documents and settings\Kim\Application Data\Skype

2012-07-15 04:37 . 2012-07-15 04:38 -------- d-----r- c:\program files\Skype

2012-07-15 04:37 . 2012-07-15 04:37 -------- d-----w- c:\program files\Common Files\Skype

2012-07-15 04:37 . 2012-07-15 04:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype

2012-07-14 06:27 . 2012-07-14 06:27 -------- d-----w- c:\windows\system32\Adobe

2012-07-05 22:45 . 2012-07-05 22:45 5030088 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-02 22:32 . 2012-04-07 11:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-02 22:32 . 2011-05-17 15:05 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-03 17:46 . 2010-05-03 20:29 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-06-13 13:19 . 2008-04-26 00:05 1866112 ------w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2008-04-26 00:05 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-04-26 00:05 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2008-04-26 00:05 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19 . 2008-04-26 01:48 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2008-04-26 01:48 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2008-04-26 00:15 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2008-04-26 00:15 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2008-04-26 00:15 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 19:19 . 2009-11-18 15:33 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2008-04-26 01:48 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2008-04-26 00:15 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2008-04-26 00:15 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2008-04-26 00:05 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2008-04-26 01:48 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2008-04-26 00:15 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2008-04-26 00:15 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-02 19:18 . 2010-02-13 17:14 275696 ----a-w- c:\windows\system32\mucltui.dll

2012-06-02 19:18 . 2010-02-13 17:14 214256 ----a-w- c:\windows\system32\muweb.dll

2012-06-02 19:18 . 2010-02-13 17:14 17136 ----a-w- c:\windows\system32\mucltui.dll.mui

2012-05-31 13:22 . 2008-04-26 00:05 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2008-04-26 00:05 916992 ----a-w- c:\windows\system32\wininet.dll

2012-05-11 14:42 . 2008-04-26 00:05 43520 ------w- c:\windows\system32\licmgr10.dll

2012-05-11 14:42 . 2008-04-26 00:05 1469440 ------w- c:\windows\system32\inetcpl.cpl

2012-05-11 11:38 . 2008-04-26 00:05 385024 ------w- c:\windows\system32\html.iec

2008-02-08 01:46 . 2008-02-08 01:46 13624 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2008-02-08 01:46 . 2008-02-08 01:46 87360 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2008-02-08 01:46 . 2008-02-08 01:46 91448 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2008-02-08 01:46 . 2008-02-08 01:46 21824 ----a-w- c:\program files\mozilla firefox\plugins\ctxlogging.dll

2008-02-08 01:46 . 2008-02-08 01:46 206136 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2008-02-08 01:46 . 2008-02-08 01:46 31544 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2008-02-08 01:46 . 2008-02-08 01:46 40248 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-03-16 21:27 . 2007-03-16 21:27 479232 ----a-w- c:\program files\mozilla firefox\plugins\msvcm80.dll

2007-03-16 21:27 . 2007-03-16 21:27 548864 ----a-w- c:\program files\mozilla firefox\plugins\msvcp80.dll

2007-03-16 21:27 . 2007-03-16 21:27 626688 ----a-w- c:\program files\mozilla firefox\plugins\msvcr80.dll

2007-07-20 16:47 . 2007-07-20 16:47 981170 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2008-02-08 01:46 . 2008-02-08 01:46 24384 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

2012-07-18 11:26 . 2011-04-30 17:33 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kim\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kim\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kim\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Kim\Application Data\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"CrossRiderPlugin"="c:\program files\CrossriderWebApps\Crossrider.exe" [2011-05-15 478720]

"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-03 17417392]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-14 12669544]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-14 110184]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-31 59280]

"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-11-03 738944]

"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]

"RTHDCPL"="RTHDCPL.EXE" [2009-07-20 18670592]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"KeyScrambler"="c:\program files\KeyScrambler\getting_started.html" [X]

.

c:\documents and settings\Kim\Start Menu\Programs\Startup\

Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

Dropbox.lnk - c:\documents and settings\Kim\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antvirus]

@=""

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

.

R0 ahcix86;ahcix86;c:\windows\system32\drivers\ahcix86.sys [4/28/2008 2:05 PM 120832]

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [5/11/2010 2:37 AM 691696]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [11/3/2011 10:44 AM 27016]

R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [5/12/2010 12:12 PM 225856]

R3 SndTAudio;SndTAudio;c:\windows\system32\drivers\SndTAudio.sys [9/8/2011 8:14 PM 23608]

R4 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys --> c:\windows\system32\DRIVERS\avkmgr.sys [?]

S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [11/3/2011 10:44 AM 497280]

S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [6/10/2009 5:41 AM 309744]

S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe [6/10/2009 5:41 AM 166384]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [7/5/2012 6:41 PM 3048136]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/3/2012 1:19 PM 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [4/7/2012 7:24 AM 250056]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/30/2009 9:55 AM 1684736]

S3 GSService;GSService;c:\windows\system32\GSService.exe [9/1/2011 10:12 AM 450048]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 12:42 PM 113120]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [4/25/2008 8:05 PM 14336]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [6/10/2009 5:40 AM 1124848]

S3 SMServer;SMServer;c:\windows\system32\snmvtsvc.exe [9/8/2011 8:14 PM 244736]

.

--- Other Services/Drivers In Memory ---

.

*Deregistered* - avipbb

*Deregistered* - ssmdrv

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 22:32]

.

2012-07-30 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 21:57]

.

.

------- Supplementary Scan -------

.

uStart Page = www.google.com

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: cbs.com\www

TCP: DhcpNameServer = 192.168.1.1

DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

FF - ProfilePath - c:\documents and settings\Kim\Application Data\Mozilla\Firefox\Profiles\3unxlj3q.default\

FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk

FF - prefs.js: network.proxy.type - 0

.

- - - - ORPHANS REMOVED - - - -

.

BHO-{fa1f57f9-b03d-4c8d-8949-0441b5ac8b25} - (no file)

HKLM-Run-macsri - c:\documents and settings\Kim\Application Data\macsri.dll

SafeBoot-klmdb.sys

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-02 19:22

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(728)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

- - - - - - - > 'lsass.exe'(784)

c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

.

Completion time: 2012-08-02 19:24:32

ComboFix-quarantined-files.txt 2012-08-02 23:24

ComboFix2.txt 2010-05-11 01:38

.

Pre-Run: 2,214,731,776 bytes free

Post-Run: 7,013,781,504 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 7259F00158C34E3C5582DA191B13704F

Link to post
Share on other sites

I really don't like this file and I can't find any information on it. c:\windows\system32\drivers\yugouo.sys

When I had you upload it, it shows a different name.

SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516 File name: tini.sys Detection ratio: 1 / 40 Analysis date: 2012-07-31 23:28:54 UTC ( 1 day, 23 hours ago )

Can we try that again?

You can also reinstall Avira

Please go to http://www.virustotal.com/, click on Browse, and upload the following file for analysis:

c:\windows\system32\drivers\yugouo.sys

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

Link to post
Share on other sites

Here it is again. I did upload the file you asked for. No idea why it has a different name there. In case it's hard to read, the one result there is for a Win32.TrojanHorse under eSafe. I am not gettting the Live Security Platinum popups any more, though.

SHA256: 3da4f51682e7d42c5569f1fb1adc6295182962e36f748219e1d0c8f2389ba516 File name: tini.sys Detection ratio: 1 / 40 Analysis date: 2012-07-31 23:28:54 UTC ( 2 days, 1 hour ago )

0

6

More details Antivirus Result Update AhnLab-V3 - 20120731 AntiVir - 20120731 Antiy-AVL - 20120727 Avast - 20120731 AVG - 20120731 BitDefender - 20120731 ByteHero - 20120723 CAT-QuickHeal - 20120731 ClamAV - 20120801 Commtouch - 20120731 Comodo - 20120731 DrWeb - 20120801 Emsisoft - 20120731 eSafe Win32.TrojanHorse 20120731 ESET-NOD32 - 20120731 F-Prot - 20120731 Fortinet - 20120731 GData - 20120731 Ikarus - 20120731 Jiangmin - 20120731 K7AntiVirus - 20120731 Kaspersky - 20120731 McAfee - 20120801 McAfee-GW-Edition - 20120731 Microsoft - 20120731 Norman - 20120731 nProtect - 20120731 Panda - 20120731 Rising - 20120731 Sophos - 20120801 SUPERAntiSpyware - 20120731 Symantec - 20120801 TheHacker - 20120730 TotalDefense - 20120731 TrendMicro - 20120801 TrendMicro-HouseCall - 20120801 VBA32 - 20120731 VIPRE - 20120731 ViRobot - 20120731 VirusBuster - 20120731

Link to post
Share on other sites

That was installed the same time you installed c:\documents and settings\NetworkService\Application Data\Apple Computer

so lets leave it alone.

Good job thumbup.gif

The following will implement some cleanup procedures as well as reset System Restore points:

For XP:

  • Click START run
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

For Vista / Windows 7

  • Click START Search
  • Now type ComboFix /Uninstall in the runbox and click OK. Note the space between the X and the /, it needs to be there.

Here's my usual final post

To be on the safe side, I would also change all my passwords.

This infection appears to have been cleaned, but as the malware could be configured to run any program a remote attacker requires, it's impossible to be 100% sure that any machine is clean.

Log looks good :D

  • Update your AntiVirus Software - It is imperative that you update your Antivirus software at least once a week
    (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer.
    Without a firewall your computer is succeptible to being hacked and taken over.
    I am very serious about this and see it happen almost every day with my clients.
    Simply using a Firewall in its default configuration can lower your risk greatly.

  • Securing Your Web Browser
    This paper will help you configure your web browser for safer internet surfing.
  • Using a secure browser plugin M86 SecureBrowsing makes it safe to search, surf and socialize online. This free browser plug-in displays security icons next to links on search engines and social networking sites like Facebook, Twitter and LinkedIn, so you'll know which pages are safe and which ones to avoid.
    •Free browser plug-in for Internet Explorer and Firefox
    •Real-time safety ratings
    •Ideal for Facebook, Twitter and LinkedIn
  • JAVA Click this link and click on the Free JAVA Download
  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly.
    This will ensure your computer has always the latest security updates available installed on your computer.
    If there are new updates to install, install them immediately, reboot your computer, and revisit the site
    until there are no more critical updates.

Only run one Anti-Virus and Firewall program.

I would suggest you read:

PC Safety and Security--What Do I Need?.

How to Prevent Malware:

The full version of Malwarebytes' Anti-Malware could have helped protect your computer against this threat.

We use different ways of protecting your computer(s):

  • Dynamically Blocks Malware Sites & Servers
  • Malware Execution Prevention

Save yourself the hassle and get protected.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.