Continuous Malicious Website Blocked Message dllhost.exe *32

[trat73]

Getting the continuous Malicious Website Blocked message. Multiple dllhost.exe *32's running in task manager.

 

Windows 7 64 bit

[B-boy/StyLe/]

Hello! Welcome to Malwarebytes Forums!
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click to run it. When the tool opens click Yes to disclaimer.
• Press Scan button.
• It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
• The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

Regards,

Georgi

[trat73]

Thanks for your quick response!

Here are the attachments.

FRST.txt

Addition.txt

[B-boy/StyLe/]

Hi,

 

 

I am sorry about the delay but we have different timezone.

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

Regards,

Georgi

[trat73]

Here you go

Fixlog.txt

[B-boy/StyLe/]

Hello,

 

The log is cut-off. Can you please post the full log?

Also let me know if the problem still persists.

 

 

Regards,

Georgi

[trat73]

The log I attached matches the one on my desktop. can I run the fix again from FRST or do I need to restart the process?

[B-boy/StyLe/]

Hi,

 

Ok then...please re-run FRST and make sure that Addition.txt is checked before you press the Scan button.

Next please post both logs in your next reply...also please let me know if the problem is solved.

 

 

Regards,

Georgi

[trat73]

Georgi,

 Thanks again for your help. The continuous Malware popup has stopped but it seams to come and go so I'm not sure it is gone. The computer is running slower than normal. I have attached the files. 

 

Thank you!

FRST.txt

Addition.txt

[B-boy/StyLe/]

Hello,

 

 

The log is clean so the infection seems to be removed.

The slowness is not always malware related.

 

 

Note 1:

 

 

I do not recommend that you have more than one anti virus product installed and running on your computer at a time.  The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms".  It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
1) False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
2) System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Microsoft Security Essentials or avast! Antivirus.

 

 

Note 2:

 

 

Run CHKDSK to check for disk errors
 

• Click Start => go to RUN and type in cmd and then hit Enter.
• At the command prompt, copy and paste the following command chkdsk c: /x /f /r and then press Enter.
• If you are prompted to schedule CHKDSK to run the next time the computer restarts (because CHKDSK may be unable to gain exclusive access to the drive under Windows), type the following text y, and then press Enter.
• At the command prompt, type exit and then press Enter.
• Restart your computer. While Windows is loading, CHKDSK should automatically run and check the drive that you specified earlier.
  This process can take up to an hour!
• When all is one and you are back into normal mode click Start => Run and type in eventvwr.msc and then hit Enter.
• Once Event Viewer is open, select Windows logs => Application  => The 3th column of information in the right-hand pane is titled Source, click on the word Source at the top of the column to sort by that column.
• Scroll through the Source column to find the most recent entry titled WinInit and id of 1001.
• Double-click WinInit to open the CHKDSK results.
• Click on the Copy button and post the result in your next reply.

 

 

Run SFC to check for damaged system files

 

 

Please click Start Menu > All Programs > Accessories, right click on Command Prompt and select "run as administrator".
Copy/paste the following text at the command prompt and press enter after each line:

sfc /scannow

findstr /c:"[sR]" %windir%\Logs\CBS\CBS.log >"%userprofile%\Desktop\sfcdetails.txt"

Reboot the computer in order the changes to take effect

 

A txt file named sfcdetails.txt should appear on the desktop.

 

Post the log in your next reply.
 

 

 

Run Farbar Service Scanner and Rkill to check for missing services and other problems:

 

 

Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure that all options are checked.
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

• Please download Rkill by Grinler and save it to your desktop.
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
• Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
• If nothing happens or if the tool does not run, please let me know in your next reply.
• A log pops up at the end of the run. This log file is located at C:\rkill.log.
• Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

Use Disk Cleanup to delete files you no longer need and reclaim storage space on your computer.


Open Disk Cleanup by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.

If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.

Click the Disk Cleanup tab, and then select the check boxes for the files you want to delete.

When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.



You can do a defragmentation to rearrange files and unused space on your hard disk so that programs run faster


Please download MyDefrag.

Double-click the file to install the program, then double-click the "MyDefrag.exe" to run the program

.
Click on "System Disk Monthly" and check the box for your C: drive. Next, click the Run button at the bottom.

 

This process can take up to an hour or even more!

When it is done, it will display finished on the screen.

 

Close the program by clicking on the red cross.

 

 

Please remember to reboot when the scan completes.



Use MSConfig to disable any processes that you do not want running in the background of the computer.



Please type msconfig in the start => Run box, then hit enter.

Go to the startup tab and then uncheck any programs that you don't need to load with Windows.

Click the "Apply" button and click "OK" to close the MSCONFIG window.

Restart your computer to save the changes you made to the Startup.

You might have a popup window when you log on. This is typical. Just click ok. You can also make the popup window not come up anymore by checking the box there.

The programs you removed will no longer automatically launch once Windows starts up.
 

 

 

Check this article for more information on how to speed Up Windows 7

 

 

When done please reboot the computer and see if there any differences and let me know!

 

 

 

Regards,

Georgi

[trat73]

Georgi,

 

Things seem to be working as intended. I have attached all results. I can't thank you enough for all your help! Enjoy your beers!

sfcdetails.txt

FSS.txt

Rkill.txt

Check Disk Results.txt

[B-boy/StyLe/]

Hello,

 

Thanks for the beers!

 

Are you sure that you ran chkdsk with the parameters chkdsk c: /x /f /r (there is a free space between chkdsk /x /f and /r and the command is case sensitive) because I noticed only 3 stages passed in the log above. With the parameters above they should be 5 so Chkdsk was run without checking for bad sectors and verifying of the free space of the partition. Ok...run it this way and let me know about the results.

 

Open My Computer and right-click on the C:\ Drive and select Properties. Click on the Tools Tab and select Check Now under the Error-checking header. Place a check mark next to Automatically fix file system errors and Scan for and attempt recovery of bad sectors and click Start. You will be prompt to "Schedule disk check". Click it and restart your system and when done post the log.

 

 

• Also please download AutoRuns and save it to your desktop.
• Right click on the downloaded file and choose Extract All Files.
• Once extracted, open the program named Autoruns.
• Click on Options and then Hide Microsoft and Windows Entries.
• Press F5 to refresh the startup list.
• Next go to File -> Save and choose the file type to Text File (.arn).
• Please zip the file and upload it here => http://zippyshare.com/ and then post the link to the archive in your next reply.

 

 

Regards,

Georgi

[trat73]

Georgi,

 

Attached Check Disk results and here is link to auto runs:

 

http://www18.zippyshare.com/v/85232462/file.html

 

Thanks again!

Check Disk Results.txt

[B-boy/StyLe/]

Hello,

 

Both logs looks good. You can uncheck the following entries in Autoruns in order to improve your computer boot time.

 

AdobeAAMUpdater-1.0
Adobe ARM
iTunesHelper
QuickTime Task
SunJavaUpdateSched
TkBellExe

Remember, we aren't removing the programs, just turning them off when your computer boots up.
These entries can also always be rechecked if you need them at a later stage.

 

Also check if your hard disk operates in DMA mode.

 

Turn Direct Memory Access (DMA) on or off

 

Let me know if there is any difference with the computer.

 

Although the malware was remove if you don't mind, I want to make sure there is nothing lurking on the system so just in case I want you to go through these steps:

 

The most of them should take no more than 5 minutes each (but the time they take to complete can vary depending on the size of your hard and the speed of your computer).

 

 

 

STEP 1

 

• Please download RKill by Grinler from the link below and save it to your desktop.
  
  Rkill
• Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
• Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
• A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
• If nothing happens or if the tool does not run, please let me know in your next reply.
• A log pops up at the end of the run. This log file is located at C:\rkill.log.
• Please post the log in your next reply.

 

 

STEP 2

 

 

• Please download RogueKillerx64.exe and save to the desktop.
• Close all windows and browsers
• Right-click the program and select 'Run as Administrator'
• Press the scan button.
• A report opens on the desktop named - RKreport.txt
• Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
• Click the Start Scan button.
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 4

 

 

Please download Malwarebytes Anti-Malware 2.0.3.1025 Final to your desktop.
 

• Double-click mbam-setup-2.0.3.1025.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may see this message box.
  • 'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

 

STEP 5

 

 

1.Please download HitmanPro.

• For 32-bit Operating System - .
• This is the mirror -
• For 64-bit Operating System -
• This is the mirror -

2.Launch the program by double clicking on the icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

 
8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.
 
Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

 

STEP 6

 

 

Download Security Check by screen317 from here.

• Save it to your Desktop.
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document

 

 

Regards,

Georgi

[trat73]

Georgi,

 

Just wanted to let you know I'm working on going through the steps you recommended. Hopefully I'll have some logs for you tomorrow.  

[B-boy/StyLe/]

Hi,

 

Thanks for letting me know! Are you still around?

 

 

Regards,

Georgi

[trat73]

Yes. I will hopefully have the reports posted by tomorrow morning your time. Thanks!

[trat73]

Georgi,

 

Looks like everything is running as it should. I will attach all logs. Can't thank you enough!!!

 

Sincerely,

Tom

Rkill.txt

RKreport_SCN_10252014_231139.log

checkup.txt

HitmanPro_20141026_0009.log

MWB Log.txt

TDSSKiller.3.0.0.40_25.10.2014_23.18.24_log.txt

TDSSKiller.3.0.0.40_25.10.2014_23.14.45_log.txt

[B-boy/StyLe/]

Hello,

 

 

Nicely done ! This is the end of our journey if you don't have any more questions.
Thank you for following my instructions perfectly.
I have some final words for you.
All Clean !
Your machine appears to be clean, please take the time to read below on how to secure the machine and take the necessary steps to keep it Clean.

 

 

 

STEP 1 - UPDATING TASKS

 

 

And here are a few updating tasks for you:

 

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application.

• Download the latest version of Java SE 7.
• Click the Java SE 7u72 "Download JRE" button to the right.
• Select your Platform, Register and check the box that says: "I agree to the Java SE Runtime Environment 7 License Agreement.".
• Click on Continue.
• Click on the link to download Windows Offline Installation (jre-7u72-windows-i586.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
• Close any programs you may have running - especially your web browser.
• Go to Start > Control Panel > Programs, click on Uninstall a program and remove all older versions of Java:
   Java™ 7 Update 71
• Check any item with Java Runtime Environment (JRE or J2SE) in the name.
• Click the Remove or Change/Remove button.
• Repeat as many times as necessary to remove each Java version.
• Reboot your computer once all Java components are removed.
• Then from your desktop double-click on the download to install the newest version. (Vista/Windows 7 users, right click on the jre-7u72-windows-i586.exe and select "Run as an Administrator.")

 

Next please run JavaRa.

 

• Please download JavaRa 2.6 and unzip it to your desktop.
• Double-click on JavaRa.exe to start the program.
• Choose Remove JRE and since you already uninstalled JAVA skip step 1 and click on the next button.
• Now click on Perform Removal Routine to remove the older versions of Java installed on your computer.
• When that's successfully done, please click OK to close the message.
• Click on Next and skip the downloading process. Click Next and now click on Close this wizard and click Finish.
• From the main menu please choose Additional tasks
• Place a checkmark beside Remove startup entry, Remove Outdated JRE Firefox Extentions and Clean JRE Temp Files and click Run. The browsers should be closed before running this task.
• When that's succesfully done you will see a message at the top saying: "Selected tasks completed successfully".
• A log file should be created in the same directory as JavaRa.
• Please attach the log to your next reply.
• Close JavaRa by clicking the red cross button.

 

You can choose between 2 variants:

 

1. If you have applications that require Java to be installed on the computer then uninstall the old version of Java and then run JavaRa to remove all remnants and then go ahead and download & install the latest version of Java (Java SE 8).

 

2. If you want to be on the safe side then go ahead and uninstall the old version of Java, then run JavaRa to remove all remnants and then remove all applications that require Java (time to learn to live without Java and find alternatives to the applications that require Java)... Check this article.

 

It's your call.

 

 

Your Adobe Flash Player is out of date!

Older versions may have vulnerabilities that malware can use to infect your system.

 

Please download and instal: Adobe Flash Player 15.0.0.189 Final for (Internet Explorer)

Please download and instal: Adobe Flash Player 15.0.0.189 Final for (Mozilla Firefox)

 

 

Your Mozilla Firefox is out of date!
Download and install the latest version Mozilla Firefox 33.0.1 Final for Windows
Do a backup of your existing profile using Mozbackup or FEBE before you proceed with the update (just in case).

 

 

• It is possible for other programs on your computer to have security vulnerability that can allow malware to infect you.
• Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities.
• You can check these by visiting Secunia Software Inspector or you can use the following application for this purpose PatchMyPC

 

 
Visit Microsoft's Windows Update Site Frequently

 

• It is important that you visit Windows Update regularly.
• This will ensure your computer has always the latest security updates available installed on your computer.
• If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

 

 

 

STEP 2 - CLEANUP
 

 
To remove all of the tools we used and the files and folders they created, please do the following:

 

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

• Next please download Delfix.exe by Xplode and save it to your desktop.
• Please start it and check the box next to "Remove disinfection tools" and click on the run button.
• The tool will delete itself once it finishes.

 

Note: If any tool, file, log file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.


 
STEP 3 - SECURITY ADVICES


Change all your passwords !


Since your computer was infected for peace of mind, I would however advise you that all your passwords be changed immediately including those for bank accounts, credit cards and home loans, PIN codes etc)!! (just in case).

 

If you're storing password in the browser to access websites than they are non encrypted well. Only if you use Firefox with master password protection activated provide better security...then you can add Secure Login to prevent Java and other exploits when log-in.

 

So I strongly recommend to change as much password as possible. Many of the modern malware samples have backdoor abilities and can steal confidential information from the compromised computer. Also you should check for any suspicious transactions if such occur. If you find out that you have been victim to fraud contact your bank or the appropriate institution for assistance.
Use different passwords for all your accounts. Also don't use easy passwords such as your favorite teams, bands or pets because this will allow people to guess your password.
You can use Password Generator - Norton Identity Safe to create random passwords and then install an application like KeePass Password Safe to store them for easy access.If you do Online Banikng please read this article: Online Banking Protection Against Identity Theft
 

 

 

Keep your antivirus software turned on and up-to-date

 

• Make sure that you keep it updated
• New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
• Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
• Note: You should scan your computer with an antimalware program like Malwarebytes' Anti-Malware on a regular basis just as you would an antivirus software.
• Be sure to check for and download any definition updates prior to performing a scan.
• Also keep in mind that MBAM is not a replacement for antivirus software, it is meant to complement the protection provided by a full antivirus product and is designed to detect the threats that are missed by most antivirus software.

 

 

Install HIPS based software if needed (or use Limited Account with UAC enabled)

 

 
I usually recommend to users to install HIPS based software but this type software is only effective in the right hands since it require from the users to take the right decisions.
 
HIPS based software controls what an application is allowed to do and not allowed to do.
It monitors what each application tries to do, how it use the internet and give you the ability to block any suspicious activity occurring on your computer.
In my opinion the best way to prevent an unknown malware from gaining access is to use some HIPS programs (like COMODO Firewall, PrivateFirewall, Online Armor etc.) to control the access rights of legitimate applications, although this would only be advisable for experienced users. (so if you don't feel comfortable using such software then you can skip this advice)
 
However, you should be aware though that (if you install Comodo Firewall and not the whole package Comodo Internet Security) this is not an replacement for a standard antivirus application. It's a great tool to add another layer of protection to your existent antivirus application. Also note that if you have an antivirus installed then you should install Comodo Firewall (and not Comodo Internet Security to avoid conflicts).

It takes some time and knowledge to configure it for individual purposes but once done, you should not have a problems with it.
There are so many reviews on YouTube and blogs about all these programs.
Keep in mind to choose carefully in order to avoid conflicts or instability caused by incompatible security programs.
Also having more than one "real-time" program can be a drain on your PC's efficiency so please refrain doing so.
More information about HIPS can be found here: What is Host Intrusion Prevention System (HIPS) and how does it work?

If you like Comodo you should choose for yourself which version of Comodo you will use 5 or 7. Personally I stick to version 5 at least for now.

 

Comodo Firewall and Microsoft Security Essentials play well together. Check YouTube.

If these kind of programs are difficult for you to use then you can use a standard user account with UAC enabled. If you need administrative privileges to perform some tasks, then you can use Run As or log on as the administrator account for that specific task.

 

 

 

Be prepared for CryptoLocker and similar threats:


CryptoLocker Ransomware Information Guide and FAQ
Cryptolocker Ransomware: What You Need To Know
New CryptoLocker Ransomware Variant Spread Through Yahoo Messenger
CryptoDefense and How_Decrypt Ransomware Information Guide and FAQ
CryptoWall - A new ransomware from the creators of CryptoDefense

Analysis of ‘TorrentLocker’ – A New Strain of Ransomware Using Components of CryptoLocker and CryptoWall

 

 

Since the prevention is better than cure you can use gpedit built-in Windows or CryptoPrevent (described in the first link) to secure the PC against these lockers.
Another way is to use Comodo Firewall and to add all local disks to Protected Files and Folders (if you decide to install it). Also Comodo Firewall offers a sandbox that will help you prevent being infected.

 

You may want to check Malwarebytes Anti-Exploit and add install it to be safe when surfing the net. It work with the most popular browsers and it is very effective. See the article here.

 

 

Practice Safe Internet


One of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.  Below are a list of simple precautions to take to keep your computer clean and running securely:

• If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that.  Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
• .exe, .com, .bat, .pif, .scr, .cmd or .vbs do not open the attachment unless you know for a fact that it is clean.  For the casual computer user, you will almost never receive a valid attachment of this type.
• If you receive an attachment from someone you know, and it looks suspicious, then it probably is.  The email could be from someone you know infected with a malware that is trying to infect everyone in their address book.
• If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of popups, or Foistware, you should read this article:
  Foistware, And how to avoid it. There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams.  For a list of these types of programs we recommend you visit this link: About Malwares, Rogues, Scarewares, SmitfraudFix
• Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message  or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you.  We suggest that you close these windows by clicking on the X instead of the OK button. Alternatively, you can check to see if it's a real alert by right-clicking on the window.  If there is a menu that comes up saying Add to Favorites... you know it's a fake.
• Do not go to adult sites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do.
• When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link, message back to the person asking if it is legit before you click on it.
• Stay away from Warez and Crack sites! In addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections. Avoid using cracks and unknown programs from sources you don't trust. There are MANY alternative open-source applications. Malware writers just love cracks and keygens, and will often attach malicious code into them. By using cracks and/or keygens, you are asking for problems. So my advice is - stay away from them!
• Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download a piece of software a from a site, and are not sure if they are legitimate, you can use McAfee Siteadvisor to look up info on the site. Note: skip this advice if your antivirus have a Web Guard.
• DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
• You may want to install unchecky to prevent adware bundled into many free programs to install.

 

 

Tweak your browsers
 

MOZILLA FIREFOX

 

To prevent further infections be sure to install the following add-ons NoScript and AdBlock Plus
 

Adblock Plus hides all those annoying (and potentially dangerous) advertisements on websites that try and tempt you to buy or download something. AdBlock not only speeds up your browsing and makes it easier on your eyes, but also makes it safer.

 

 

Adblock Plus can be found here.
 
Do not add to many filters subscriptions because it will slow down your browser startup time.
 

 

NoScript is only for advanced users as it blocks all the interactive parts of a webpage, such as login options. Obviously you wouldn’t want to block your ability to log on to your internet banking or your webmail, but thankfully you can tell NoScript to allow certain websites and block others. This is very useful to ensure that the website you’re visiting is not trying to tempt you to interact with another, more dangerous website.

 

 

NoScript can be found here
 
You can find the optimal settings here
A tutorial on how to use it can be found here

 

 

Google Chrome

 
If you like Google Chrome there are many similar extensions for this browser as well. Since I am not a Google Chrome user I can't tell you which of them are good and how they work. You should find out by yourself.

However Google Chrome can block a lot of unknown malware because of his sandbox.Beware of the fact that Google Chrome doesn't provide master password protection for your saved in the browser passwords. Check this out: Google Chrome security flaw offers unrestricted password access


 
For Internet Explorer 9/10/11 read the articles below:


Security and privacy features in Internet Explorer 9
Enhanced Protected Mode
Use Tracking Protection in Internet Explorer
Security in Internet Explorer 10

 

 
 
Immunize your browsers with SpywareBlaster 5 and Spybot Search and Destroy 1.6 and MVPS HOSTS.

Also you can change your DNS settings 8.26.56.26 and 8.20.247.20 to use Comodo Secure DNS for free (to prevent phishing attacks)

 

 

Make the extensions for known file types visible:
 
 
Be wary of files with a double extension such as jpg.exe. As a default setting, Windows often hides common file extensions, meaning that a program like image.jpg.exe will appear to you as simply image.jpg. Double extensions exploit this by hiding the second, dangerous extension and reassuring you with the first one.Check this out - Show or hide file name extensions.


 
Disable Autorun and Windows Scripting Host:
 
 
It's a good idea to disable the Autorun functionality using the following tool to prevent spreading of the infections from USB flash drives.

 

If you don't use any script files then you can go ahead and disable Windows Scripting Host using the tool provided by Symantec - NoScript.exe. Simple download and run it and click on the Disable button and reboot the computer. If you need to run any js. or vbs scripts at a later stage you should run NoScript again and select Enable, then reboot the computer.
 

 

 
Create an image of your system (you can use the built-in Windows software as well if you prefer)

• Now when your pc is malware free it is a good idea to do a backup of all important files just in case something happens it.
• Macrium Reflect is very good choice that enables you to create an image of your system drive which can be restored in case of problems.
• The download link is here.
• The tutorial on how to create an system image can be found here.
• The tutorial on how to restore an system image can be found here.
• Be sure to read the tutorial first.

 

 

Follow this list and your potential for being infected again will reduce dramatically.

 

Safe Surfing !

 

Regards,

Georgi

[AdvancedSetup]

Glad we could help.

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!