Avg has trojan sheriff in vault

[shetawk]

I must have clicked the wrong button. I did respond.

I did respond but probably hit the wrong button. Was waiting for an answer from you.

According to my computer, windows has a firewall in place and working.

Is this sufficient protection or should I add another program?

Now have avast antivirus, adaware and spybot, all on automatic updates and scans.

Downloaded Java through link and uninstalled other versions.

Made new restore point and deleted oldies.

Have problem with videos now, especially from utube. Downloads 2 seconds at a time.

Must have done something wrong when I was clearing stuff out or altered a setting I wasn't aware of.

Should I reinstall java and see if the problem is there?

Thank you. ST

 

[Blind Dragon]

You aren't running Firewall Software. Please download and install one of these first!

Use a Firewall - It is very important that you use a Firewall on your computer. If you use the Windows Firewall you might think that's enough but it only controls inbound traffic. Simply using a Firewall in its default configuration can lower your risk greatly. Here are some firewalls which are free for personal use and most commonly used:
Comodo
Kerio
Online Armor
Zonealarm

Let me see one more Hijackthis file and I will see if anything sticks out that would be effecting the videos

 

[shetawk]

I happened again...my post was lost.

Another memo was lost.

This time I'm sure I sent the memo with hijack attached.


Comodo found "New Private Network Detected!" Via Compatable fast ethernet adapter - Packet Scheduler Miniport

What does this mean? Is it my dsl modem?

Also, comodo said hijackthis.exe is trying to modify the contents of C:\windows\win.ini and that I must make sure hijack is a safe application before allowing request. I though hijack just scanned at first.

Thank you. ST

 

[Blind Dragon]

Good you have Defense+ enabled.

"New Private Network Detected!"

This is Normal, check remember this decision and allow

Don't worry about Hijackthis. Basically if you recognize the program it is normally fine.

You will get a lot of warnings at first until Comodo learns your computer and your habits. It is worth it though. It is a great firewall. Over time you wont even realize it is there, except for on occasion.

Hijackthis looks clean but I would remove these ActiveX controls for good measure. You can always resintall them if needed. Since you no longer have these programs.

Remove bad HijackThis entries

• Run HijackThis
• Click on the System Scan Only button
• Put a check beside all of the items listed below (if present):
  
  O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
  O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
  O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
  O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
  O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Plug-in 1.6.0_02) -
  O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -

• Close all open windows and browsers/email, etc...
• Click on the "Fix Checked" button
• When completed, close the application.

 

[shetawk]

Took off trend housecall, too...

especially since it didn't work anyway. ST

 

[shetawk]

Had to push it a little further with removalT...

See beginning of report for quarantine info.

Thank you. ST

 

[Blind Dragon]

It could be for 100s of different programs I am not sure what yours goes to, if none of your programs have issues with it in quarantine you can remove it

Not sure why the file has been removed, but you might as well remove the entry using Hijackthis:

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll (file missing)

 

[shetawk]

Thank you, thank you, thank you.

Computer isn't slow anymore.

Java notified me for update and that download took care of it.

You're great. ST

 

[Blind Dragon]

Good.

Go to start -> Run -> type in combofix /u
*note the space between
*This will uninstall combofix
*removes vundofix backups
*removes quarentine files
*creates a fresh clean restore point

Remove Hijackthis from Start-> control panel -> add/remove programs
Remove the 3 tools from step 10 (smitfraud, vundofix,virtumondobegone) by dragging to the recycle bin

I recommend you keep
1 anti virus program (AVG not anti spyware)
1 firewall
Spybot S&D, Adaware 2007, AVG Anti Spyware if you want but the version we downloaded is a 30 day trial

keep them updated.

You can also turn on tea timer in Spybot:

• Click on Mode at the top and make sure that Advanced is checked
• Expand the Tools tab in the left pane
• Single click on the Resident Icon also in the left pane
• check Resident "TeaTimer" (Protection of over-all system settings) Active
• Close spybot

Also under Tools you can double-click System Startup in the right pane and disable programs from running at

startup. This will free up system resources. For example if you don't use MSN Messenger everytime you run your computer

you can disable it, then when you want to use it you can launch it through Start -> all programs, or make a shortcut on

the desktop for it. That way it doesn't use resources when you aren't using it. Don't disable any entries in green

though.

 

[shetawk]

Thank you again. ST

Thank you again. ST