Ian.T

Help permanently removing Trojan.BHO.H please?

25 posts in this topic

Any help you guys can provide to permanently remove Trojan.BHO.H would be gratefully appreciated!

I've pasted the MBAM Log, the GMER log and the 'Attach' log as described in the sticky....

MBAM Log

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4007

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

4/19/2010 1:47:32 PM

mbam-log-2010-04-19 (13-47-32).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 333975

Time elapsed: 4 hour(s), 23 minute(s), 13 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Users\Dad\AppData\Local\Temp\low\COUPON~1.DLL (Trojan.BHO.H) -> Quarantined and deleted successfully.

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

GMER Log as follows:

GMER 1.0.15.15281 - http://www.gmer.net

Rootkit scan 2010-04-19 14:19:23

Windows 6.0.6002 Service Pack 2

Running: j8uwfvqt.exe; Driver: C:\Users\Dad\AppData\Local\Temp\kxldipoc.sys

---- System - GMER 1.0.15 ----

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateFile [0x8CA9D79E]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcess [0x8CA9D738]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateProcessEx [0x8CA9D74C]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwMapViewOfSection [0x8CA9D7DC]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwNotifyChangeKey [0x8CA9D81F]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenProcess [0x8CA9D710]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwOpenThread [0x8CA9D724]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwProtectVirtualMemory [0x8CA9D7B2]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwReplaceKey [0x8CA9D847]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwRestoreKey [0x8CA9D833]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetContextThread [0x8CA9D78A]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwSetInformationProcess [0x8CA9D776]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwTerminateProcess [0x8CA9D80B]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwUnmapViewOfSection [0x8CA9D7F2]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwYieldExecution [0x8CA9D7C8]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) ZwCreateUserProcess [0x8CA9D762]

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtCreateFile

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtMapViewOfSection

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenProcess

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtOpenThread

Code \SystemRoot\system32\drivers\mfehidk.sys (Host Intrusion Detection Link Driver/McAfee, Inc.) NtSetInformationProcess

---- EOF - GMER 1.0.15 ----

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Attach Log

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft

ark.txt

Attach.zip

Share this post


Link to post
Share on other sites

Hello and :)

  • My name is xixo_12 and I will guide you.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • You may wish to print them off or copy the instruction into Notepad.
  • If you have any question please don't hesitate to ask.
  • The instructions that I will give to you are specific to your current problem and shouldn't be used on other systems.
  • If you are receiving help or have received help on this problem elsewhere, please let us know.
  • Keep interact with me until your computer is clean.

Please! If you need more time to do all the instructions, let me know before 72hours is done. Otherwise, your thread will be closed

***Note : Windows Vista require user to right click > Run as Administrator to use the tools.

First,

Remove programs.

Please Click Start > Control Panel > Programs and Features

Remove the listed program(s) by clicking Uninstall/Change.

Ask Toolbar

CouponBar

If some program(s) listed above are not in present, please do not panic and proceed to the next step.

Next,

ATF by Atribune

Please download HERE and save to the desktop. Right click on ATF Cleaner.exe > Run as Administrator to open it.

Under Main choose:

  • choose: Select All
    Click the Empty Selected button.

if you use Firefox:

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

if you use Opera:

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

Next,

Kaspersky Online AV Scan

Note: Internet Explorer should be used. Right click on the icon > Run as Administrator.

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases

    [*]Click on My Computer under Scan and then put the kettle on!

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.

    [*]Copy and paste the report into your next.

Next,

Checklist.

Please post.

  • Content of kaspersky scan log
  • Please tell me if you have any visible problem

Share this post


Link to post
Share on other sites

Thank you xixo_12!

When I try to remove the Ask Toolbar I get the following:

---------------------------

RunDLL

---------------------------

Error loading C:\PROGRA~1\AskPBar\bar\1.bin\AskPBar.dll

The specified module could not be found.

---------------------------

OK

---------------------------

When I then tried to remove CouponBar, I hit the 'Uninstall/install' option and then nothing happens...

Share this post


Link to post
Share on other sites

Ok,

Please proceed with kaspersky... I will thinks some steps after get the scan log from you.

Share this post


Link to post
Share on other sites

Sorry, I should have said nothing happens after I hit 'continue' when Windows asks for my permission to continue...

Share this post


Link to post
Share on other sites

Hi,

Ok try this

We will try different approach

First,

RSIT by random/random.

Please download from HERE and save to the desktop.

  • Right click on RSIT.exe > Run as Administrator to run the tool.
  • Click Continue at the disclaimer screen.
  • Once it finishes, two logs will open.
    • log.txt will be opened maximized
    • info.txt will be opened minimized

    [*]Please post the contents of both logs in your next post.

***You can find manually the log at C:\rsit

Next,

GMER.

Please download from HERE and save to the desktop.

  • Unzip/extract the file to its own folder.
  • Disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Right click on Gmer.exe > Run as Administrator to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan,click NO.
  • Click on >>> symbol and choose on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the Scan and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"

Important! Please do not select the "Show all" checkbox during the scan..

Next,

Checklist.

Please post.

  • Content of log.txt and info.txt (Find both in c:\rsit)
  • Content of GMER.txt

Share this post


Link to post
Share on other sites

Sorry again Xixo_12, I'd added my reply about hitting 'continue' before I saw your request to proceed with Kaspersky, I'm downloading that now, should I proceed with Kaspersky or try your latest posting?

Sorry again!

Share this post


Link to post
Share on other sites

I'm sorry too... :) reply too fast to you..

ignore about the kaspersky.. and please proceed with RSIT and GMER.

Thanks!

Share this post


Link to post
Share on other sites

Contents of Log.txt:

Logfile of random's system information tool 1.06 (written by random/random)

Run by Dad at 2010-04-20 07:46:42

Microsoft

Share this post


Link to post
Share on other sites

Contents of Info:

info.txt logfile of random's system information tool 1.06 2010-04-20 07:47:16

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

32 Bit HP CIO Components Installer-->MsiExec.exe /I{47ECCB1F-2811-49C0-B6A7-26778639ABA0}

Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"

Activation Assistant for the 2007 Microsoft Office suites-->"C:\ProgramData\{623D32E9-0C62-4453-AD44-98B31F52A5E1}\Microsoft Office Activation Assistant.exe" REMOVE=TRUE MODIFY=FALSE

Adobe Flash Player 10 ActiveX-->C:\Windows\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player Plugin-->C:\Windows\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 7.0.8-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70800000002}

Adobe Shockwave Player 11.5-->"C:\Windows\system32\Adobe\Shockwave 11\uninstaller.exe"

Adobe

Share this post


Link to post
Share on other sites

Hi xixo_12, when I ran GMER, I got a message saying the aplication had stopped running... I tried again in safe mode and the same happened :)

Share this post


Link to post
Share on other sites

Hi,

Let's proceed.

Ignore about gmer.

First,

Remove programs.

Please Click Start > Control Panel > Programs and Features

Remove the listed program(s) by clicking Uninstall/Change.

AdventureQuest Worlds Toolbar

If some program(s) listed above are not in present, please do not panic and proceed to the next step.

Next,

Fix entries.

  • Run the HiJack This by right click on the tool > Run as Administrator.
  • Click on Do a system scan only button.
  • Search the entries as below and tick at the small box.
    R3 - URLSearchHook: FCToolbarURLSearchHook Class - {61420c5c-7f3e-4f29-9987-e7e31687ab75} - C:\Program Files\AdventureQuest Worlds Toolbar\Helper.dll
    R3 - URLSearchHook: (no name) - - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: TTB000000 - {62960D20-6D0D-1AB4-4BF1-95B0B5B8783A} - C:\Users\Dad\AppData\Local\Temp\low\COUPON~1.DLL (file missing)
    O2 - BHO: FCTBPos00Pos - {745A6D3B-4DB0-4246-B596-9189787D4ED5} - C:\Program Files\AdventureQuest Worlds Toolbar\Toolbar.dll
    O3 - Toolbar: CouponBar - {5BED3930-2E9E-76D8-BACC-80DF2188D455} - C:\Users\Dad\AppData\Local\Temp\low\CouponBarIE.dll (file missing)
    O3 - Toolbar: (no name) - {F4D76F09-7896-458a-890F-E1F05C46069F} - (no file)
    O3 - Toolbar: AdventureQuest Worlds Toolbar - {3385E2D6-567B-4FC6-8F0F-D7A8C6E6118C} - C:\Program Files\AdventureQuest Worlds Toolbar\Toolbar.dll
  • Close any other program and leave HiJackThis program alone.
  • Click Fix checked.

Next,

OTM by Old Timer.

Please download from HERE and save to the desktop.

  • Right click on OTM.exe > Run as an Administrator.
  • Copy the lines in the codebox below.
    :processes
    :reg
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{745A6D3B-4DB0-4246-B596-9189787D4ED5}]
    [-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{5BED3930-2E9E-76D8-BACC-80DF2188D455}"=-
    "{F4D76F09-7896-458a-890F-E1F05C46069F}"=-
    "{3385E2D6-567B-4FC6-8F0F-D7A8C6E6118C}"=-
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    ""=-
    :files
    C:\Program Files\AdventureQuest Worlds Toolbar
    :commands
    [emptytemp]
    [start explorer]
    [reboot]
  • Return to OTM, right click in the Paste Instructions for Items to be Moved window (under the yellow bar, Code box into OTMoveIt3 (1).) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.
  • Close OTM.

Note:

  • If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
  • If you are asked to reboot the machine choose Yes.
  • In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Next,

Malwarebytes' Anti-Malware - Run

  • Right click on Malwarebytes' Anti-Malware icon > Run as Administrator to run the program.
  • Click on Update tab > Check for Updates.
  • Once done, click on Scanner tab, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
    mbam1.png
  • Refer to above image and then click Remove Selected to proceed.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply

Note:

  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.

Click OK to either and let MBAM proceed with the disinfection process.

If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware.

Next,

Checklist.

Please post.

  • Content of OTM log
  • Content of MBAM log

Share this post


Link to post
Share on other sites

Hey xixo_12, Have I already downloaded the HiJackThis app?

'

Share this post


Link to post
Share on other sites

Is HiJackThis is the 'RSIT' tool?

Sorry for my ignorance :(

Share this post


Link to post
Share on other sites

I got HiJackThis loaded, ran as instructed and 'fixed' all the entries except the following that were not on the list. I'll carry on with OTM now :(

R3 - URLSearchHook: FCToolbarURLSearchHook Class - {61420c5c-7f3e-4f29-9987-e7e31687ab75} - C:\Program Files\AdventureQuest Worlds Toolbar\Helper.dll

O2 - BHO: FCTBPos00Pos - {745A6D3B-4DB0-4246-B596-9189787D4ED5} - C:\Program Files\AdventureQuest Worlds Toolbar\Toolbar.dll

Share this post


Link to post
Share on other sites

OTM log and confession time :(

I left a window open when OTM first ran, thinking OTM had finished I went to cut and paste the contents of the results window, OTM then went into 'Not Responding' mode, I ended up rebooting and ran again.... log as follows:

All processes killed

========== PROCESSES ==========

========== REGISTRY ==========

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{62960D20-6D0D-1AB4-4BF1-95B0B5B8783A}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{745A6D3B-4DB0-4246-B596-9189787D4ED5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{745A6D3B-4DB0-4246-B596-9189787D4ED5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ not found.

========== FILES ==========

File/Folder C:\Program Files\AdventureQuest Worlds Toolbar not found.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Dad

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 529626359 bytes

->Java cache emptied: 6448600 bytes

->Apple Safari cache emptied: 172574012 bytes

->Flash cache emptied: 2289662 bytes

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 41 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 137474819 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 14964999 bytes

RecycleBin emptied: 2081453578 bytes

Total Files Cleaned = 2,808.00 mb

OTM by OldTimer - Version 3.1.10.2 log created on 04202010_101245

Files moved on Reboot...

C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\K46ZXBS3\iframe[1].html moved successfully.

C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\0UL9PABZ\index[2].htm moved successfully.

C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2.dat moved successfully.

C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully.

C:\Users\Dad\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\SuggestedSites.dat moved successfully.

File C:\Windows\temp\mcafee_PO5YDBkfeMYHIz7 not found!

File C:\Windows\temp\mcafee_uJVG9unhYQzU7rN not found!

File C:\Windows\temp\mcmsc_ABa7WUHJu5mYvzR not found!

File C:\Windows\temp\mcmsc_AqjZ23DrsjfVffE not found!

File C:\Windows\temp\mcmsc_NjzH4fU6Dh2J9uT not found!

File C:\Windows\temp\sqlite_6TP700hrObUCf08 not found!

File C:\Windows\temp\sqlite_FYv0Q0Wmu88ccwe not found!

File C:\Windows\temp\sqlite_PA7ZDOtFD4zUFNg not found!

File C:\Windows\temp\sqlite_T2ZhvI5xDeTXHDr not found!

Registry entries deleted on Reboot...

Share this post


Link to post
Share on other sites

MBAM Log as follows.

Looks good, is there any cleanup you could recommend?

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 4012

Windows 6.0.6002 Service Pack 2

Internet Explorer 8.0.6001.18904

4/20/2010 1:41:19 PM

mbam-log-2010-04-20 (13-41-19).txt

Scan type: Full scan (C:\|D:\|)

Objects scanned: 309856

Time elapsed: 3 hour(s), 13 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Share this post


Link to post
Share on other sites

Hi,

Looking good :(

Let's have this scan.

First,

ATF by Atribune

Please download HERE and save to the desktop. Right click on ATF Cleaner.exe > Run as Administrator to open it.

Under Main choose:

  • choose: Select All
    Click the Empty Selected button.

if you use Firefox:

  • Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

if you use Opera:

  • Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program

Next,

Kaspersky Online AV Scan

Note: Internet Explorer should be used. Right click on the icon > Run as Administrator.

Please go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
    • Mail databases

    [*]Click on My Computer under Scan and then put the kettle on!

    [*]Once the scan is complete, it will display the results. Click on View Scan Report.

    [*]You will see a list of infected items there. Click on Save Report As....

    [*]Save this report to a convenient place like your Desktop. Change the Files of type to Text file (.txt) before clicking on the Save button.

    [*]Copy and paste the report into your next.

Next,

Checklist.

Please post.

  • Content of kaspersky scan log

Share this post


Link to post
Share on other sites

Thanks xixo_12,the Kasperky scan is running, I'll post the log when completed.

Share this post


Link to post
Share on other sites

You're welcome.. Provide the log and I will guide you for next instructions

Share this post


Link to post
Share on other sites

Kaspersky log as follows:

--------------------------------------------------------------------------------

KASPERSKY ONLINE SCANNER 7.0: scan report

Wednesday, April 21, 2010

Operating system: Microsoft Windows Vista Ultimate Edition, 32-bit Service Pack 2 (build 6002)

Kaspersky Online Scanner version: 7.0.26.13

Last database update: Wednesday, April 21, 2010 14:39:37

Records in database: 3957819

--------------------------------------------------------------------------------

Scan settings:

scan using the following database: extended

Scan archives: yes

Scan e-mail databases: yes

Scan area - My Computer:

C:\

D:\

E:\

H:\

I:\

J:\

K:\

Scan statistics:

Objects scanned: 219252

Threats found: 0

Infected objects found: 0

Suspicious objects found: 0

Scan duration: 06:30:54

No threats found. Scanned area is clean.

Selected area has been scanned.

Share this post


Link to post
Share on other sites

Good! :(

Your system now is clean.

Let's do some cleaning and management.

First,

OTM - Cleaning

  • Double Click on OTM.exe.
  • Click on CleanUp!.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.

Next,

Remove programs.

Please Click on Start > Control Panel > Add/Remove Programs

Remove the listed program(s) by clicking Remove

Adobe Reader 7.0.8

If some programs listed above are not in present, please do not panic and proceed to the next step.

Next

Update Adobe Reader.

You should Download and Install the newest version of Adobe Reader for reading pdf files, due to the vulnerabilities in earlier versions.

All versions numbered lower than 9.3 are vulnerable.

  • Go HERE , UNCHECK any Free Add-Ons, and click Download to install the latest version of Adobe Acrobat Reader.
  • After it completes the Installation, close the Download Manager.

Next,

Java is out of date.

It can be updated by the Java control panel

  • Click on Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
  • An update should begin.
  • Follow the prompts.

Additional Information :

SpywareBlaster.

  • SpywareBlaster help your Internet Explorer more strong as it will help to block known malicious ActiveX
  • A tutorial on installing & using this product can be found HERE

Antivirus.

  • Antivirus help you to give the maximum protection for the system.
  • You are advice to have only ONE antivirus running on the system.
  • Please keep it update regurlarly.

WinPatrol.

  • Unwanted things always occur behind your knowledge. Let's this software take the snapshot of it.
  • For more information and installation can be found HERE

Windows/Program Update.

Please make sure to have your Windows Automatic Update turn ON or you can do it manually.

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.

To update Windows

  • Go to Start > All Programs > Windows Update

To update Office

  • Open up any Office program.
  • Go to Help > Check for Updates

You always can refer at both website to check either any updates are needed for your system.

Safe surfing! :(

Share this post


Link to post
Share on other sites

Thank you xixo_12!!!

I really appreciate all the help!

Share this post


Link to post
Share on other sites

You're welcome.

I will ask this topic to be close soon. :(

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.

  • Recently Browsing   0 members

    No registered users viewing this page.