and deleted the files that were infected
You did it? If so, make sure, you empty Recycle Bin.
Let me know.
========================================================================
Verify your
Java version here:
http://www.java.com/en/download/installed.jsp
Update, if necessary.
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista).
========================================================================
Disable Windows Defender, as it'll interfere with cleaning process:
- Open
Windows Defender by clicking the
Start, clicking
All Programs, and then clicking
Windows Defender.
- Click
Tools
then...
++
Windows XP:
- Click
General Settings
- Scroll down to
Real Time Protection Options
- Uncheck
Turn on Real Time Protection
- After you uncheck this, click on the
Save button
- Close
Windows Defender
++
Windows Vista:
- Click
Options
- Under
Administrator options, clear the
Use Windows Defender check box, and then click
Save.
Enable Windows Defender, when all cleaning is done.
=======================================================================
Print this post out, since you won't have an access to it, at some point.
1. Open HijackThis.
2. Close all windows, except for HijackThis.
3. Put checkmarks next to the following HijackThis entries:
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
4. You should also checkmark following entries (these are unnecessary startups; no actual programs will be removed):
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [lxcgmon.exe] "C:\Program Files\Lexmark 2300 Series\lxcgmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2300 Series\ezprint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LXCGCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\LXCGtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [unless you have paid version]
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll [unless you have paid version]
5. Click on
Fix checked button.
6. Restart computer.
When done...
Your computer is clean
1. Turn off System Restore:
-
Windows XP:
1. Click Start.
2. Right-click the My Computer icon, and then click Properties.
3. Click the System Restore tab.
4. Check "Turn off System Restore".
5. Click Apply.
6. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this.
7. Click OK.
-
Windows Vista:
1. Click Start.
2. Right-click the Computer icon, and then click Properties.
3. Click on System Protection under the Tasks column on the left side
4. Click on Continue on the "User Account Control" window that pops up
5. Under the System Protection tab, find Available Disks
6. Uncheck the box for any drive you wish to disable system restore on (in most cases, drive "C:")
7. When turning off System Restore, the existing restore points will be deleted. Click "Turn System Restore Off" on the popup window to do this.
8. Click OK
2. Restart computer.
3. Turn System Restore on.
4. Make sure,
Windows Updates are current.
5.
If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!
6. Download, and install
WOT (Web OF Trust):
http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.
7. Run defrag at your convenience.
8. Read
How did I get infected?, With steps so it does not happen again!:
http://www.bleepingcomputer.com/forums/topic2520.html
9. Please, let me know, how is your computer doing.