reoccurring infection alerts - please assist.

[smacko]

howdy!

no update.

no real noticeable / distinguishable problems (although my computer does 'seem' a bit sluggish?)

no warnings from comcast

how'bout you, how's your day going?

;-)

[screen317]

Hi,

I'm doing very well, thank you.

Let's see if we can find the root of the slowness.

Next, please run the PCPitstop Full Tests here (NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test). When the tests are complete, a results page will pop up. Copy and paste the URL of the Results screen and post it here for me.

[smacko]

I signed up, and downloaded 'PC Matic' app and ran that - but when it finished I could not find 'the url to the Results Page [which was a pop-up page]

Did I run the wrong app?

[smacko]

Oh, I see, you said NOT the PC Scan! Sorry, I must have missed that for some weird / unknown reason!?

I really don't know why I 'overlooked' that ... most likely because I was tired?

Nevertheless, I tried to avoid that, quite emphatically, as I am prone to do regarding such offerings / seeming promo apps ...

regarding:

(NOT the PCMatic scan or any other scan; simply register with the box on the left and you will be taken to the Full Tests/Overdrive Test).

as I recall, I was Not taken to the 'Full Tests/Overdrive Test' ... but did finally find such 'Overdrive Test' button, and clicked on it, which returned me to PCMatic scan.

Sorry for the confusion and inconvenience, I will uninstall PCMatic, and return to the scene of the crime and try to find the proper 'Overdrive Test' button.

Thanks

[smacko]

ok, I tried again.

It appears they have two 'OVERDRIVE' app/buttons:

one at this page

http://www.pcpitstop.com/default.asp

found and clicked on the 'PC Pitstop OVERDRIVE'

----

and one at this page:

http://www.pcpitstop.com/betapit/

at top left corner of that page appears to be the 'PC Pitstop OVERDRIVE' button you want me to click on ? I hope ;-)

===

it appears they have it set-up to to be confusing for the 'unaware'/tired / idiots like myself, to possibly get lost frustrated and then click on PCMatic out of frustration? ;-)

anyways, exploring the other one now!

sorry for confusion!

[smacko]

> at top left corner of that page appears to be the 'PC Pitstop OVERDRIVE' button you want me to click on ? I hope ;-) <

here's where That 'PC Pitstop OVERDRIVE' button takes me to:

http://www.pcpitstop.com/neptune_about.asp

is this where you want me to be?

your friend, still a bit confused ;-)

[smacko]

OK! found this:

PC Pitstop Full Tests

WELCOME to PC Pitstop's Full Tests!

http://www.pcpitstop.com/pcpitstop/default.asp

(where when I click on the

--

New Members

Click the key to

run the full tests

on your PC now!

--

it takes me back to the Neptune info page:

http://www.pcpitstop.com/neptune_about.asp

it appears I might need to run/use 'Explorer'?

also btw, still cannot find the 'OVERDRIVE' option/app, although they do say this:

"OverDrive Transition Alert. We are in the process of transitioning our users to OverDrive. OverDrive has many more features, and in the near future, we will halt new development for the old tests formally known as Full Tests. All the links have been changed to point toward OverDrive."

yet still have not been able to find access to OverDrive!

going to try Explorer now, perhaps that will help?

[smacko]

Ok, I think it worked?

Explorer appears to be The Ticket?

is this the link you want?

http://www.pcpitstop.com/betapit/sec.asp?conid=24596614

thanks for your kind patient assistance

;-)

[smacko]

From: "Comcast Customer Central" <online.communications@alerts.comcast.net>

To: smacko9@comcast.net

Sent: Tuesday, October 11, 2011 8:17:08 PM

Subject: Comcast Security Notice

Xfinity

Constant Guard™ Alert

Dear XFINITY Customer,

Your immediate attention is required.

Constant Guard from XFINITY identified that one or more of your computers may be infected with a bot. A bot is a malicious form of software that is used to send spam, host a phishing site, or steal your identity by monitoring your keystrokes without your knowledge. It may be possible you are unaware that your computer is infected with a bot.

We strongly recommend you visit XFINITY.com/BotAssistance for important information on how to remove malicious software from your computer(s).

http://xfinity.comcast.net/constantguard/botassistance/?CMP=EMC-Email1&utm_source=Notification&utm_medium=Email&utm_campaign=Email1

We appreciate your prompt attention to this important security notice.

Sincerely,

Constant Guard from XFINITY

This is a service-related email. Comcast will occasionally send you service-related emails to inform you of service upgrades or new benefits to your Comcast High-Speed Internet service.

Copyright 2011. Comcast. All other trademarks are properties of their respective owners.

Comcast respects your privacy. For a complete description of our privacy policy, click here.

Comcast

One Comcast Center, 10th Floor

1701 JFK Boulevard

Philadelphia, PA 19103-2838

[smacko]

Hello,

I just got a 'Phone Message' from Comcast regarding that bot!

Please assist

Thank you

[smacko]

although comcast has not provided specific information regarding what is the actual incident problem they are referring to;

they do offer the follow remedic steps:

Step 1 of 4: Check for Operating System (OS) Updates

Making sure your computer has the latest version of the Windows Operating System (OS) is an important first step to be fully protected. If you haven't updated your computer in awhile, you may want to do this now.

Check the Microsoft Update Server to view the latest updates for my version of Windows OS.

===

Step 2 of 4: Check Your Security Software

Not only is it important to have the latest version of your Operating System installed, you also need software to help protect your computer and your personal information while online.

Get protected with the Constant Guard™ Protection Suite - it helps protect your passwords, secures your credit card information, and includes top-rated Norton™ Security Suite - at no additional charge to you!

How can I tell if I have up-to-date anti-virus software on a Windows computer?

===

Step 3 of 4: Extra Protection For Windows

You may also want to consider some additional pieces of software to make you more secure. These software tools are simple to install and provide extra protection. Both tools are free and are supported by the respective companies that make them:

Immunet Protect offers extra protection from malware. This free lightweight software can compliment your existing Norton Security or other antivirus software to give you an added layer of protection from millions of malware and spyware threats.

Secunia is a simple, free tool which checks all the common applications on your PC to make sure you have the most up to date version of each. If you need updates, it guides you through the process of updating them. This is important as many types of malware will attack your computer via a wide range of desktop software applications that happen to be out of date.

Comcast does not endorse or support these products. As with any third-party software or service, if you use them, the companies that provide them will be fully responsible for any issues that arise in accordance with their terms of service.

====

Step 4 of 4: Specialized Malware Removal Tools For Windows

Microsoft has a useful tool for removing some of the most common and prevalent malware. This tool is the Malicious Software Removal Tool and can be found here:

http://www.microsoft.com/security/malwareremove/default.aspx

Need More Help? A live Tech Expert from Xfinity Signature Support can provide fast, affordable virus/malware removal 24/7 click here to learn more.

[smacko]

Hello, I just completed a malwarebytes full scan, and here is the log:

(can you tell me anything about the trojans found?)

Thanks

---

Malwarebytes' Anti-Malware 1.51.2.1300

www.malwarebytes.org

Database version: 7940

Windows 5.1.2600 Service Pack 3

Internet Explorer 7.0.5730.13

10/13/2011 2:05:52 PM

mbam-log-2011-10-13 (14-05-52).txt

Scan type: Full scan (C:\|E:\|)

Objects scanned: 371799

Time elapsed: 1 hour(s), 16 minute(s), 43 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\system volume information\_restore{7e9e1c35-68c7-4f4f-b87e-1377ef9d6a24}\RP990\A0171539.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

c:\system volume information\_restore{7e9e1c35-68c7-4f4f-b87e-1377ef9d6a24}\RP990\A0171546.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

c:\system volume information\_restore{7e9e1c35-68c7-4f4f-b87e-1377ef9d6a24}\RP990\A0171575.exe (Trojan.Agent.CK) -> Quarantined and deleted successfully.

[smacko]

found this:

http://forums.malwarebytes.org/index.php?showtopic=48956

?

[screen317]

Hi,

Okay that was a lot of posts to go through, but do you have your Windows CD?

This is what I regularly say about bots/backdoors:

A backdoor severely compromises system integrity.

A compromised system may allow illicit network connections, disabling of security software, modifying critical system files and collection and transmiission of personal identifiable information without your consent.

I recommend that you disconnect this PC from the Internet immediately, and only reconnect to download any tools that are required. If you do any banking or other financial transactions on the PC or it if it contains any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. If it were on my PC I would not hesitate for a moment to do so. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall

Should you decide not to follow that advice, we will of course do our best to clean the computer of any infections that we can see but, as I already stated, we can in no way guarantee it to be trustworthy.

Should you have any questions, please feel free to ask.

Let me know what you decide.

[smacko]

i like the idea of reinstall

even though it will be tedious, for various reason

plus I have windows 7 sitting here ready to install / upgrade to that

btw, I don't do online banking, and my most important password sensitive internet activity I do no another computer, which is rarely turned on

let me do some pondering, and let you know what I intend to do

btw, what is the best protection I should use on my new computer install? Microsoft Security Essentials? and Malwarbytes Pro? ?

and do you have any suggestions regarding my new install, and windows 7?

Thanks

[smacko]

Hello,

When I transfer data file / videos / etc from old system over to new system, how do we make sure the infection, doesn't get transferred over to fresh new computer also?

Also, what is your opinion on SolideState HardDrives?

Thanks

[smacko]

Hello,

Please disregard SolidState Drive question.

The more important question is,

When I transfer data file / videos / etc from old system over to new system, how do we make sure the infection, doesn't get transferred over to fresh new computer also?

especially considering what you said:

"Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS."

Thank You

[screen317]

Hi,

Pictures and documents are safe to backup. That's about it. Just copy them to a flash drive or burn them to a CD.

[smacko]

regarding:

"The more important question is;

When I transfer data file / videos / etc from old system over to new system,

how do we make sure the infection, doesn't get transferred over to fresh new computer also?"

Screen317 responded:

"Pictures and documents are safe to backup. That's about it. Just copy them to a flash drive or burn them to a CD."

---

just pics and documents?

what about videos, &/or uninstalled software, etc ?

--

What CAN'T I transfer safely to New OS installed HD?

Thank You

[screen317]

Hi,

Do not transfer applications or programs. Nothing with a .exe, .scr, or .com extension.

I'd say only transfer pictures, documents, and videos.

Let me know if you have a particular example you're still unsure about.

[smacko]

Ok, Roger That!

Will ponder subject info shared toward better understanding what to do next regarding existential reconstitution

please standbye ;-)

thanks much

[smacko]

regarding:

"What CAN'T I transfer safely to New OS installed HD?"

should I consider transfer of anything [with a .exe, .scr, or .com extension]

to ANY HD connected to said computer/primary HD holding OS would present same infection problem as if transferred directly to new primary HD holding new OS installation?

Thanks

[smacko]

Hello,

recently received the following notices, but after signing in here to read them, I can not find responses notified of:

--------------------------------------------------------------------------------

From: "Malwarebytes Forum" <no-reply@malwarebytes.org>

To: smacko9@comcast.net

Sent: Monday, October 24, 2011 2:42:29 AM

Subject: KevinCCC replied to reoccurring infection alerts - please assist.

smacko,

KevinCCC has just posted a reply to a topic that you have subscribed to titled "reoccurring infection alerts - please assist.".

The topic can be found here:

http://forums.malwarebytes.org/index.php?showtopic=90826&view=getnewpost

#####

From: "Malwarebytes Forum" <no-reply@malwarebytes.org>

To: smacko9@comcast.net

Sent: Monday, October 24, 2011 2:40:09 AM

Subject: KevinCCC replied to reoccurring infection alerts - please assist.

smacko,

KevinCCC has just posted a reply to a topic that you have subscribed to titled "reoccurring infection alerts - please assist.".

The topic can be found here:

http://forums.malwarebytes.org/index.php?showtopic=90826&view=getnewpost

[screen317]

Hi,

Those replies were not from staff and were promptly deleted.

I would not trust executable files from any source that had contact with the infected Windows OS.

[smacko]

Thanks for helping me nail this down! Besides wanting to Not re-infect just

cleaned HardDrive & OS, I am interested in learning how to better create &

operate my computer/info-apparatus thingk System... what to expect,

understanding limitations, what I might must be ready to say goodbye to, and

what I can count on to remain solid cogs in said apparatus / thingk system

going forward ;-) thank you

> I would not trust executable files from any source that had contact with

> the infected Windows OS. <

so, 'executable files' are any file that can be activated by clicking on

them, OR any file 'that can be activated' period?

===

"Do not transfer applications or programs. Nothing with a .exe, .scr, or

.com extension.

I'd say only transfer pictures, documents, and videos."

so do these completely cover extent of what I should avoid from infected HD?

.exe, .scr, or .com extension.

thanks ;-)