• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

my hjt log

1

123456789123456789

Member
can sumone check and see if this hjt log is clean and what needs fixing thank you


Logfile of HijackThis v1.99.1
Scan saved at 7:22:41 PM, on 7/22/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
c:\windows\system32\vezrsa.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe
C:\WINDOWS\System32\ns173j43.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\GOOGLEMAPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\Gurdip\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bestbuy.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R3 - Default URLSearchHook is missing
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O2 - BHO: (no name) - {770060A0-0059-000C-691E-1224900C5B28} - C:\WINDOWS\inscdm\ugyespnlso.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"
O4 - HKLM\..\Run: [ns173j43] C:\WINDOWS\System32\ns173j43.exe
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Google Earth Viewer] GOOGLEMAPS.EXE
O4 - HKLM\..\Run: [qpdlvz] c:\windows\system32\vezrsa.exe r
O4 - HKLM\..\Run: [Win Server Updt] C:\WINDOWS\wupdt.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Google Earth Viewer] GOOGLEMAPS.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe
 
hi, spyware removal manually is harder.. but the processes, etc. tend to be random letters/#s.. below is what i believe is spyware. the rest all should be legit stuff.

c:\windows\system32\vezrsa.exe

C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe <-spyware i saw today actually..
C:\WINDOWS\System32\ns173j43.exe

O4 - HKLM\..\Run: [ns173j43] C:\WINDOWS\System32\ns173j43.exe

O4 - HKLM\..\Run: [WeirdOnTheWeb] "C:\Program Files\WeirdOnTheWeb\WeirdOnTheWeb.exe"

try running ad aware 1.06, spybot 1.4 (while you have a window of internet explorer open) in addition to the webroot (i dont like though and would delete it..) hijack this is a good app it seems you were using when you did that log.. also clear out "temp" since most spyware run from there.

BTW, you have anti virus up to date and ran a full scan right? let us know if you have pop ups, or errors, search bars already from the spyware installing when this happened. etc.. and progress of the situation. good luck..
 
Aurora is on this system... you'll need more support than I can give you. At work when we see this we back up, format, reinstall. Have fun.

The info from the above guy is decent. If you don't know what Weirdontheweb is remove it. Unless you love getting the video clips in your AIM remove Viewpoint Media too (this one can just be uninstalled from add/remove programs).

Checkmark R3, O2 (Band Class, unless yu know what it is), O2 AurorahandlerObj Class and the one below it. Also remove the no name toolbar.

Some of the O4 class I'll tell you to remove is more optional but IMO it's better to remove them as they aren't necessary and just slow your system down.
zBrowser Launcher*
EM_EXEC*
GWMDMMSG
GWMDMpi
nwiz*
TkBellExe*
ViewMgr*
WeirdOnTheWeb
ns173j43
qpdlvz
(items marked with * are known to be legit remove at your discretion)

Sorry for the kinda random instructions here but I'd recommend removing the listed items, getting Spybot, Ad-aware and Microsoft Anti-spyware updated and ran again after removing these items. Don't restart afterwards. Also get About:Blank, I've found it to be rather handy. Once you've run it all run hijackthis again and clean out anything that has been added back in. Make sure to leave your browser closed when you do all this. After that restart into safemode and repeat the process.


 
Given time to research run scans and all the apropriate tools, Aurora can be removed from a system in about 12 hours of straight work. You can probably do it faster if you really know your system and can spot the changes to your registry and system32 files. Aurora is adaptive. It changes it's name and install locations. I haven't read, seen or heard of it doing any more than slowing a computer down and causing lots of popups (like that isn't bad enough). My advice would be to find a forum more dedicated to these kind of issues. Castlecops has had some good stuff on this in the past as have some other sites I can't recall offhand (majorgeeks or something). Sorry I can't be more helpful.

If you're unable to reformat and reinstall cause you can't back up or something, call around for local repair shops, just let them know you want your hard drive backed up (the more specific you can be the better) and you want your hard drive wiped clean and Windows reinstalled. When I say wiped clean I don't mean just a reformat back into NTFS, data is still there (I've pulled that kinda data before). Ask them to format into FAT32 and run a physical scan of your entire drive, this will right and read to every cluster on the drive. Then have them go through normal Windows install. Aurora isn't known to survive a reformat but seriously, it's a pain, and it's better to do it right than to do it quick and wrong.
 
Here's the best way to get rid of that:

1) Go into safe mode (with networking support) when booting windows xp

2) Turn off system restore

3) Run Hijack This and remove everything

4) Run a full updated scan with Adaware

5) Delete all temp files on your pc

6) Run the New Aurora Removal Program, it's the only thing i've found that works against
that nasty spyware. Here's a link to it:


Aurora/Nail spyware remover

Good Luck! 🙂
 
Originally posted by: daveybrat
Here's the best way to get rid of that:

1) Go into safe mode (with networking support) when booting windows xp

2) Turn off system restore

3) Run Hijack This and remove everything

4) Run a full updated scan with Adaware

5) Delete all temp files on your pc

6) Run the New Aurora Removal Program, it's the only thing i've found that works against
that nasty spyware. Here's a link to it:


Aurora/Nail spyware remover

Good Luck! 🙂
Click to expand...



what do u mean by run hijack this and remove evrything? wont this mess up my internet i heard
 
You have serious vulnerabilities.

1) Your WinXP doesn't have SP2, or even SP1

2) It doesn't look like you have any antivirus software at all

3) You're undoubtedly running your browser and IM program under an Admin-class account 😉


I would cut to the chase. Back up, reinstall Windows, patch it to SP2 BEFORE you plug in the network cable (I hope you have a router, though?), install a current-generation antivirus software, and make a Limited-class account to run your IM and web browsing under, for safety.
 
If by "everything" you mean all the stuff you posted in your logfile, then NO it is NOT SAFE. Not if you want your Windows installation to keep working, at any rate.
 
can u tell me everything that is suspicuos and i mite have to fix






Logfile of HijackThis v1.99.1
Scan saved at 12:36:29 PM, on 7/23/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\GWMDMMSG.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\GOOGLEMAPS.EXE
c:\windows\system32\mjnlis.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Universal Shield 4.0\US30Service.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Java\jre1.5.0_02\bin\javaw.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Gurdip\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp_adbe/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bestbuy.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bestbuy.msn.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {E0BB7A50-A41E-AF54-A187-D66318997E3C} - C:\WINDOWS\inscdm\ugyespnlso.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [GWMDMMSG] GWMDMMSG.exe
O4 - HKLM\..\Run: [GWMDMpi] C:\WINDOWS\GWMDMpi.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\Updreg.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKLM\..\Run: [Google Earth Viewer] GOOGLEMAPS.EXE
O4 - HKLM\..\Run: [muutpk] c:\windows\system32\mjnlis.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [Google Earth Viewer] GOOGLEMAPS.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O14 - IERESET.INF: START_PAGE_URL=http://www.bestbuy.msn.com
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: US30Service - Unknown owner - C:\Program Files\Universal Shield 4.0\US30Service.exe

 
You need more than HJT here, guy.

1) Get a free 30-day trial of Kaspersky Antivirus Personal 5 from here and install it.

2) Go to the Threats and Exclusions as shown in this picture and set it to use Extended Databases.

3) Now update Kaspersky's antivirus definitions.

4) Restart your computer in Safe Mode and run a full Kaspersky antivirus scan in Safe Mode, then your Spysweeper antispyware also while in Safe Mode.


After the scans are complete, start in normal mode and report exactly what viruses/spyware were detected by the scans, so we know everything we're up against here. Also plan on installing Service Pack 2 for WinXP, and about 25 post-SP2 security patches, once everything's clean.
 
Adware & Spyware Removal

Disable the System Restore temporarily (WinXP & WinME only) if you are infected; any trojans, spyware, etc. you may have picked up could have been saved in the System Restore and can reinfect you. Since the System Restore is a protected directory your tools can not access it to delete files that can trap viruses and other applications inside.

Note: Go to add/remove programs and look down the list for New.Net Domains. If you see it please double-click to remove or else the LSP chain will break and you'll have to run the Winsock tool.

1st Download the Windows 98, ME, 2K, XP Winsock Fix in case you cannot access the internet after removing the malicious content from your system.
http://www.dcwclan.com/files/WinsockFix.exe

2nd Run Crap Cleaner
http://www.dcwclan.com/files/ccsetup121.exe

Important: I highly recommend downloading, installing, and updating all of the programs listed below and immediately restarting your system into safe mode. Booting in safe mode is important because it disables most drivers and running applications. To boot into safe mode, restart your computer and tap the f8 key (after first black and white screen, but before the Windows splash screen) until you get to a black and white screen asking you what to do.

* If your system is hosed and you are unable to boot to normal mode, you may install and run all of the utilities listed below in safe mode.

3rd Run Spy Sweeper
http://www.dcwclan.com/files/ssfsetup1_0.exe

4th Run Spyware Doctor
http://www.dcwclan.com/files/sdinstall.exe

5th Run Ad Aware
http://www.dcwclan.com/files/aawsepersonal.exe

6th Run Spybot
http://www.dcwclan.com/files/spybotsd14.exe

7th Run Nail/Bolder/Aurora Remover 0.3.1 Beta
http://www.dcwclan.com/files/ABIremover.exe

8th Run Hijack This
http://www.dcwclan.com/files/HijackThis.exe

Virus Removal

Do a full system scan with your up-to-date antivirus. If do not have a resident antivirus installed on your computer, please do so immediately! AntiVir ( http://www.dcwclan.com/files/avwinsfx.exe ) & AVG ( http://www.dcwclan.com/files/avg70free_323a539.exe ) offer a free antivirus solution. If you want to do it right the first time, spend $35 on Kaspersky Anti-Virus Personal v5 ( http://www.kaspersky.com/personal-usa ) which comes with a 1yr update subscription.

I also recommend using the online virus scanners for a "second opinion" since a lot of Trojans and other malicious files seem to slip past most scanners (McAfee, Norton, etc.).

Panda Online Virus Scanner
http://www.pandasoftware.com/activescan

Trend Micro Online Virus Scan
http://housecall.trendmicro.com/housecall/start_corp.asp

Note: After you have finished performing all of the steps listed above you may safely reboot your system back to normal mode. I would also recommend opening internet explorer, clicking on tools > internet options > click on the Security tab and reset all 4 security settings back to default. You may also safely set your homepage to your default in case it was inadvertently changed.

*Sometimes it is necessary to repair your windows installation after you've rid your system of malicious content.

Prevention

If you want to purchase one or more of the tools above, I would recommend either Spy Sweeper or Spyware Doctor. They offer the best detection and removal, plus their real-time protection and scheduling is a very nice feature. Remember to keep all of these programs updated and run them at least once a week if you are paranoid or simply want to maintain a clean system. If you do not have (Windows) automatic updates enabled be sure to check Windows Update at least once per month to download all of the critical updates that wil ensure a secure operating system.

Please use common sense when you receive a popup, install P2P software, freeware, and other misc. applications. Almost all spyware is unknowingly installed by a computer user. In most cases, the installation of spyware is not illegal because you agreed to it when accepted the license agreement or clicked 'yes' on the popup window. The license agreement usually includes several paragraphs about the installation of spyware and collection of data. By accepting the license agreement, you agreed to let the spyware transmit your personal information.

If you run Windows XP you may want to set up a limited account.
http://www.microsoft.com/resources/docu...proddocs/en-us/ua_c_account_types.mspx

Spyware Blaster can help keep your system spyware-free and secure, without interfering with the "good side" of the web. And unlike other programs, Spyware Blaster does not have to remain running in the background. It adds sites to your web browsers restricted sites area.
http://www.dcwclan.com/files/spywareblastersetup34.exe

All broadband users should have a firewall protecting their system(s). A Cable/DSL router (NAT box) is a very inexpensive solution that most people are familiar with. Hardware firewalls are important because they provide a strong degree of protection from most forms of attack coming from the outside world. Additionally, in most cases, they can be effective with little or no configuration, and they can protect every machine on a local network. One obvious downside to software firewalls is that they can only protect the machine they're installed on, so if you have multiple computers (which many homes and small offices do), you need to install and configure a software firewall separately on each machine. This can be difficult to manage if you have a lot of computers.

But the fact of the matter is that software firewalls generally offer the best measure of protection against Trojans or e-mail worms. Speaking of which, a firewall isn't the only protection method available to you. Whether you end up using a software firewall or a hardware firewall, you should always supplement it with a quality antivirus package.

Windows XP includes a software firewall, and there are other solutions that protect you from inbound & outbound traffic. Check out Kerio Personal Firewall.
http://www.dcwclan.com/files/kerio-kpf-4.2.0-785-win.exe

The bottom line is that with any home-office broadband connection, a hardware firewall should be considered a bare minimum, and supplementing it with a software firewall on one or more computers (and don't forget antivirus software) is always a good idea.

Microsoft no longer updates Java VM, therefore it's full of security holes. The solution is to install Sun Java.
http://java.com/en/download/windows_automatic.jsp

You may also want to consider switching web browsers and giving Firefox a trial run. It's fast, free, and definitely less prone to spyware. Tabbed browsing is also another nice feature.
http://www.mozilla.org/products/firefox
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top