Jump to content

XP Security Center 2012


Recommended Posts

Hi--

I successfully removed XP Security Center 2011 a couple weeks ago with your kind help. Now I have XP Security Center 2012 (the boyfriend's internet access is about to be severly restricted, as he's picked up both of them......). I don't want to run Combofix, etc without supervision so I'm back for more help. MBAM, DDS are below and attached.

Thank you for the help.

MBAM.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6767

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

6/13/2011 8:55:41 PM

mbam-log-2011-06-13 (20-55-41).txt

Scan type: Full scan (C:\|)

Objects scanned: 266797

Time elapsed: 1 hour(s), 21 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 4

Folders Infected: 0

Files Infected: 7

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Backdoor.Cycbot.Gen) -> Value: conhost -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Backdoor.Cycbot.Gen) -> Bad: (C:\DOCUME~1\MEGAND~1\LOCALS~1\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

(No malicious items detected)

Files Infected:

c:\documents and settings\xxx\application data\microsoft\conhost.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\xxx\local settings\temp\csrss.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\xxx\local settings\application data\awx.exe (Trojan.ExeShell.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\xxx\local settings\temp\0.7625593882427936.exe (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.

c:\documents and settings\xxx\application data\dwm.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\documents and settings\xxx\application data\Sun\Java\deployment\cache\6.0\3\76107043-1ff8852c (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\documents and settings\xxx\application data\Sun\Java\deployment\cache\6.0\49\28e3c931-75807eeb (Backdoor.Cycbot.Gen) -> Quarantined and deleted successfully.

DDS.

.

DDS (Ver_11-03-05.01) - NTFSx86

Run by xxx at 21:03:37.50 on Mon 06/13/2011

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2038.1442 [GMT -4:00]

.

AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

svchost.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Clearwire\Connection Manager\clearwireDeviceDiagnosticsService.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\WINDOWS\system32\TpKmpSVC.exe

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\Program Files\Common Files\Lenovo\Logger\logmon.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\rundll32.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe

C:\WINDOWS\system32\TpShocks.exe

C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\vsnp2std.exe

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\WINDOWS\System32\DLA\DLACTRLW.EXE

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Documents and Settings\xxx\Desktop\initial dds, mbam etc logs\dds.scr

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.lenovo.com/welcome/thinkpad

uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [TpShocks] TpShocks.exe

mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe

mRun: [TP4EX] tp4ex.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [snp2std] c:\windows\vsnp2std.exe

mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe

mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [statusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto

mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min

mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\slingo quest hawaii\images\stg_drm.ocx

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1305774151312

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\slingo quest hawaii\images\armhelper.ocx

Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll

Notify: igfxcui - igfxdev.dll

Notify: psfus - psqlpwd.dll

Notify: tpfnf2 - notifyf2.dll

Notify: tphotkey - tphklock.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\docume~1\megand~1\applic~1\mozilla\firefox\profiles\0c505zzf.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/

FF - prefs.js: network.proxy.http - 127.0.0.1

FF - prefs.js: network.proxy.http_port - 63152

FF - prefs.js: network.proxy.type - 1

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npmnqmp07030901.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

.

============= SERVICES / DRIVERS ===============

.

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-5-26 11608]

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-5-26 136360]

R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-5-26 269480]

R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-5-26 61960]

R2 clearwireDeviceDiagnosticsService;Clearwire Device Diagnostics Service;c:\program files\clearwire\connection manager\clearwireDeviceDiagnosticsService.exe [2010-6-17 398848]

R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]

R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]

R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]

R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2011-5-11 107856]

S3 6cb51e03-f2fd-48c8-bc2b-2f1881a68228;6cb51e03-f2fd-48c8-bc2b-2f1881a68228;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-10-1 340480]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-10-1 48768]

S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2011-5-11 120144]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-5-18 39984]

S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2008-1-21 58240]

S4 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshim.sys --> c:\windows\system32\drivers\AVGIDSShim.Sys [?]

.

=============== Created Last 30 ================

.

2011-06-11 22:18:05 -------- d-----w- c:\docume~1\megand~1\locals~1\applic~1\Astar Games

2011-06-11 01:38:14 -------- d-----w- c:\docume~1\alluse~1\applic~1\T1 Games

2011-06-09 11:03:22 -------- d-----w- c:\program files\common files\PctelEapPeer Authentication

2011-06-05 22:35:39 -------- d-----w- c:\docume~1\megand~1\applic~1\Crown

2011-06-05 22:35:39 -------- d-----w- c:\docume~1\alluse~1\applic~1\Crown

2011-06-05 21:05:57 -------- d-----w- c:\docume~1\megand~1\applic~1\Funswitch

2011-06-05 00:28:48 -------- d-----w- c:\docume~1\megand~1\applic~1\TheKingOfFire

2011-05-29 20:11:28 -------- d-----w- c:\program files\bfgclient

2011-05-28 16:06:42 -------- d-----w- c:\windows\system32\NtmsData

2011-05-27 12:15:50 -------- d-----w- c:\windows\ie8updates

2011-05-27 12:06:55 602112 ------w- c:\windows\system32\dllcache\msfeeds.dll

2011-05-27 12:06:55 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll

2011-05-27 12:06:54 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll

2011-05-27 12:06:54 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll

2011-05-27 12:06:54 12800 ------w- c:\windows\system32\dllcache\xpshims.dll

2011-05-27 12:06:53 1991680 ------w- c:\windows\system32\dllcache\iertutil.dll

2011-05-27 12:06:50 11080704 ------w- c:\windows\system32\dllcache\ieframe.dll

2011-05-27 12:05:09 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2011-05-27 12:05:01 45568 ------w- c:\windows\system32\dllcache\wab.exe

2011-05-27 12:04:18 978944 ------w- c:\windows\system32\dllcache\mfc42.dll

2011-05-27 12:04:18 954368 ------w- c:\windows\system32\dllcache\mfc40.dll

2011-05-27 12:04:18 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll

2011-05-27 12:03:55 617472 ------w- c:\windows\system32\dllcache\comctl32.dll

2011-05-27 11:59:13 -------- d-sh--w- c:\documents and settings\xxx\PrivacIE

2011-05-27 11:57:55 -------- d-sh--w- c:\documents and settings\megan dennis\IETldCache

2011-05-27 11:50:23 -------- dc-h--w- c:\windows\ie8

2011-05-27 11:33:10 -------- d-----w- c:\windows\system32\scripting

2011-05-27 11:33:09 -------- d-----w- c:\windows\l2schemas

2011-05-27 11:33:08 -------- d-----w- c:\windows\system32\en

2011-05-27 11:33:08 -------- d-----w- c:\windows\system32\bits

2011-05-27 11:29:44 -------- d-----w- c:\windows\network diagnostic

2011-05-27 01:54:39 -------- d-----w- c:\docume~1\megand~1\applic~1\Avira

2011-05-27 01:53:34 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys

2011-05-27 01:53:33 -------- d-----w- c:\program files\Avira

2011-05-27 01:53:33 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira

2011-05-26 00:42:00 -------- d-sha-r- C:\cmdcons

2011-05-19 03:00:52 -------- d-sh--w- c:\documents and settings\xxx\UserData

2011-05-19 02:54:41 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll

2011-05-19 02:54:41 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll

2011-05-19 02:54:36 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll

2011-05-19 02:54:36 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll

2011-05-19 02:54:36 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll

2011-05-19 02:54:34 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll

2011-05-19 02:54:33 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll

2011-05-19 02:54:33 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

2011-05-19 00:50:20 -------- d-----w- c:\docume~1\megand~1\applic~1\Malwarebytes

2011-05-19 00:48:38 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-05-19 00:48:38 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2011-05-19 00:48:35 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-05-19 00:48:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

.

==================== Find3M ====================

.

2011-05-11 17:09:08 136528 ----a-w- c:\windows\system32\PCTIN50.dll

2007-02-01 05:49:06 774144 ------w- c:\program files\RngInterstitial.dll

.

============= FINISH: 21:04:26.23 ===============

Attach.zip

ark.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

I'm afraid I have bad news.

Your logs reveal a backdoor trojan. A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

Link to post
Share on other sites

Well that sucks. I need to see if I can find os disks, etc before I make a final decision but will probably wipe it. It's been offline except for posting the logs since it showed up, so I guess that's a (small) positive.....

A couple questions:

1. My backup drive was connected, is it compromised as well? Also, if I back anything else up, do I need to be concerned about the Trojan tagging along--specifically pdfs, doc, xls and mp3 files

2. Can I backup programs which I no longer have access to install disks? Acrobat pro, Photoshop and a couple others

3. Is there a cheatsheet for os reinstall somewhere? I have done it, but it was windows 95 and I don't remember specifics...I'm decently comfortable with command lines/dos

Thanks.

Link to post
Share on other sites

It was from an academic site license at a university I'm no longer affiliated with, and the new university is all Mac software, so I guess I'm SOL on that.

You may not have an answer on this, but I didn't get the CD for XP with this laptop....is it worth contacting IBM/lenovo for a copy? If not I may head towards Linux since I won't have to worry about software conflicts with programs I'll no longer have...

Link to post
Share on other sites

Ok one more question (sorry, I'm just starting to assess options for recovery after formatting, etc)

My comp has rescue and recovery software from IBM that allows me to burn recovery CDs for specific backup points--if I back up to a system image pre-virus (reformatting the hd before I restore), might that work? I know you're probably not familiar with the specific restore utility, just asking for an opinion--thanks.

Link to post
Share on other sites

Hi Chris--

I've reformatted and reinstalled XP from scratch (home-made Lenovo recovery cds), then restored the system to the oldest backup I have (12/2008). Can you give the logs a quick scan to make sure I'm clean.....if not I'll reformat again and start from XP without any of my programs installed. There are a couple entries in the DDS that are confusing/concerning, I highlighted them in red--two are files I can't find from an uninstalled game and the third seems to be on the D: drive, which is my cd and that doesn't really make sense??? Thanks!

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6705

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

6/25/2011 10:31:55 PM

mbam-log-2011-06-25 (22-31-55).txt

Scan type: Full scan (C:\|)

Objects scanned: 235317

Time elapsed: 23 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 6.0.2900.2180

Run by Megan Dennis at 23:48:33 on 2011-06-25

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1440 [GMT -4:00]

.

AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Online Armor Firewall *Disabled*

.

============== Running Processes ===============

.

C:\WINDOWS\system32\ibmpmsvc.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Online Armor\OAcat.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\IPSSVC.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe

C:\Program Files\Clearwire\Connection Manager\DeviceLaunchSvc.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\WINDOWS\System32\TPHDEXLG.EXE

C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe

C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe

C:\WINDOWS\system32\acs.exe

C:\Program Files\Lenovo\Client Security Solution\cssauth.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\WINDOWS\system32\TpShocks.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\ThinkPad\UltraNav Wizard\UNavTray.EXE

C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe

C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

C:\Program Files\ThinkVantage\AMSG\Amsg.exe

C:\Program Files\Lenovo\AwayTask\AwaySch.EXE

C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe

C:\Program Files\Picasa2\PicasaMediaDetector.exe

C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe

C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe

C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AVAST Software\Avast\avastUI.exe

C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe

C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe

C:\WINDOWS\explorer.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.lenovo.com/welcome/thinkpad

uInternet Connection Wizard,ShellNext = hxxp://www.lenovo.com/welcome/thinkpad

uInternet Settings,ProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll

mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor

mRun: [bLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog

mRun: [synTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe

mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper

mRun: [TpShocks] TpShocks.exe

mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe

mRun: [TP4EX] tp4ex.exe

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [snp2std] c:\windows\vsnp2std.exe

mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe

mRun: [sunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe

mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe

mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE

mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe

mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"

mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe

mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe

mRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"

mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent

mRun: [Acrobat Assistant 7.0] "c:\program files\adobe\acrobat 7.0\distillr\Acrotray.exe"

mRun: [statusClient] c:\program files\hewlett-packard\toolbox2.0\apache tomcat 4.0\webapps\toolbox\statusclient\StatusClient.exe /auto

mRun: [TomcatStartup] c:\program files\hewlett-packard\toolbox2.0\hpbpsttp.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Clearwire Connection Manager] "c:\program files\clearwire\connection manager\ClearwireCM.exe" -a

mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobea~1.lnk - c:\windows\installer\{ac76ba86-1033-0000-7760-100000000002}\SC_Acrobat.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert to existing PDF - c:\program files\adobe\acrobat 7.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm

IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_06\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL

DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file://c:\program files\slingo quest hawaii\images\stg_drm.ocx

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file://c:\program files\slingo quest hawaii\images\armhelper.ocx

Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll

Notify: igfxcui - igfxdev.dll

Notify: psfus - psqlpwd.dll

Notify: tpfnf2 - notifyf2.dll

Notify: tphotkey - tphklock.dll

SEH: OA Shell Helper: {4f07da45-8170-4859-9b5f-037ef2970034} - c:\progra~1\online~2\oaevent.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\megan dennis\application data\mozilla\firefox\profiles\0c505zzf.default\

FF - prefs.js: browser.startup.homepage - hxxp://news.bbc.co.uk/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\avast software\avast\webrep\FF

.

============= SERVICES / DRIVERS ===============

.

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-6-25 441176]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-6-25 307928]

R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2011-6-25 205864]

R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2011-6-25 25192]

R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2011-6-25 29464]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-6-25 19544]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-6-25 42184]

R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2011-6-25 381512]

R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]

R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]

R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]

R2 SMSI Device Launch Service;Clearwire Device Launch Service;c:\program files\clearwire\connection manager\DeviceLaunchSvc.exe [2009-10-20 107856]

S1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2011-6-25 39048]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-6-25 136176]

S2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2011-6-25 4326472]

S3 6cb51e03-f2fd-48c8-bc2b-2f1881a68228;6cb51e03-f2fd-48c8-bc2b-2f1881a68228;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]

S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2009-10-1 281088]

S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2009-10-1 51456]

S3 CLEARWIRERcAppSvc;Clearwire RcAppSvc;c:\program files\clearwire\connection manager\RcAppSvc.exe [2009-10-20 120144]

S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;c:\windows\system32\drivers\PTDCWWAN.sys [2008-1-21 58240]

.

=============== Created Last 30 ================

.

2011-06-25 23:13:36 -------- d-----w- c:\documents and settings\megan dennis\application data\Malwarebytes

2011-06-25 23:13:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-06-25 23:13:10 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2011-06-25 23:13:05 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-06-25 23:13:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-06-25 22:40:51 -------- d-----w- c:\documents and settings\megan dennis\application data\OnlineArmor

2011-06-25 22:40:51 -------- d-----w- c:\documents and settings\all users\application data\OnlineArmor

2011-06-25 22:40:32 39048 ----a-w- c:\windows\system32\drivers\oahlp32.sys

2011-06-25 22:40:32 29464 ----a-w- c:\windows\system32\drivers\OAnet.sys

2011-06-25 22:40:32 25192 ----a-w- c:\windows\system32\drivers\OAmon.sys

2011-06-25 22:40:32 205864 ----a-w- c:\windows\system32\drivers\OADriver.sys

2011-06-25 22:40:23 -------- d-----w- c:\program files\Online Armor

2011-06-25 22:20:41 -------- d-----w- c:\documents and settings\megan dennis\application data\Clearwire

2011-06-25 22:20:39 -------- d-----w- c:\program files\Skyhook Wireless

2011-06-25 22:20:15 -------- d-----w- c:\program files\Clearwire

2011-06-25 22:20:15 -------- d-----w- c:\documents and settings\all users\application data\Clearwire

2011-06-25 22:16:05 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2011-06-25 22:15:53 40112 ----a-w- c:\windows\avastSS.scr

2011-06-25 22:15:41 -------- d-----w- c:\program files\AVAST Software

2011-06-25 22:15:41 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software

2011-06-25 21:53:03 -------- d-sh--r- C:\RRbackups

.

==================== Find3M ====================

.

2007-02-01 05:49:06 774144 ------w- c:\program files\RngInterstitial.dll

.

============= FINISH: 23:49:27.34 ===============

ark.txt

attach.txt

Link to post
Share on other sites

  • Staff

Hi,

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 5 weeks later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.